Transcript RFID Systems and Security and Privacy Implications

RFID Systems and Security
and Privacy Implications
Auto-ID Center
Massachusetts Institute of Technology
www.autoidcenter.org
Sanjay E. Sarma
Stephen A. Weis
Daniel W. Engels
Auto-ID Center
• International industry-sponsored
research center
• MIT, Cambridge University, and
University of Adelaide
• Design, develop, and deploy large-scale
field trials including RFID projects
Overview
•
•
•
•
Radio Frequency Identification (RFID)
EPC System
Security Benefits and Threats
Future
Uses of Automatic-ID Systems
• Access control and security
• Tracking of products in Supply Chain
• Id of products at Point of Sale
Most widely used is the Bar Code System
Potential Application of RFID
• Consider supply chain and EAN-UCC
bar codes
• 5 billion bar codes scanned daily
• Each scanned once only at checkout
• Use RFID to combine supply chain
management applications
Benefits of Supply Chain
Management
• Automated real-time inventory
monitoring
• Automated Quality Control
• Automated Check-out
Picture your refrigerator telling you that
you’re out of milk! 
Why not yet implemented
• Cost too high. Needs to be <$0.10
• Lack of standards and protocols
• Security concerns – similar in smart
cards and wireless
• Privacy issues – Big Brother
RFID System Components
• RFID Tag
– Transponder
– Located on the object
• RFID Reader
– Transceiver
– Can read and write data to Tag
• Data Processing Subsystem
Transponder
• Consist of microchip that stores data
and antenna
• Active transponders have on-tag battery
• Passive transponders obtain all power
from the interrogation signal of reader
• Active and passive only communicate
when interrogate by transceiver
Transceiver
• Consist of a RF module, a control unit,
and a coupling element to interrogate
tags via RF communication
• Also have secondary interface to
communicate with backend systems
• Reads tags located in hostile
environment and are obscured from
view
Data Processing Subsystem
•
•
•
•
Backend System
Connected via high-speed network
Computers for business logic
Database storage
Also as simple as a reader attached to a
cash register
RFID
• Basic components of RFID system
combine in the same manner
• All objects are physically tagged with
transponders
• Type of tag used varies from application
to application
• Passive tags are most promising
RFID
• Transceivers are strategically placed for
given application
• Access Control has readers near
entrance
• Sporting events have readers at the
start and finish lines
Transceiver-Transponder Coupling
and Communication
• Passive tags obtain power from energy
in EM field generated by reader
• Limited resource require it to both get
energy and communicate within narrow
frequency band – regulatory agencies
Inductive Coupling
• Uses magnetic field to induce current in
coupling element
• Current charges the on-tag capacitor
that provides operating voltage
• This works only in the near-field of
signal – up to c/(2πf) meters
Inductive Coupling
• Operating voltage at distance d is
proportional to flux density at d
• Magnetic field decreases in power
proportional to 1/d3 in near field
• Flux density is max when R ≈ d√2,
where R is radius of reader’s antenna
coil
Far Field energy harvesting
• Uses reader’s far field signal to power
tag
• Far field begins where near field ends
• Signal incident upon the tag induces
voltage at input terminals of the tag,
which is detected by RF front-end
circuitry and is used to charge capacitor
Passive tag power
• Reader uses same signal to
communicate with and power tag
• Any modulation of signal causes power
reduction
• Modulating information spreads the
signal – referred to as “side band.”
• Side band and max power is regulated
Transponder Communication
• RFID systems generally use the
Industrial-Scientific-Medical bands
• In near field, communication is achieved
via load modulation
• In far field, backscatter is used.
Backscatter is achieved by modulating
the radar-cross section of tag antenna
Limitations of Passive Tag
communication
• Very little power available to digital
portion of the IC, limited functionality
• Length of transactions is limited
– Length of power on
– Duration within communication range
• US regulations for 915 MHz limit
transaction time to 400 ms
• Limit of state information
Data Coding and Modulation
• Determines bandwidth, integrity, and tag
power consumption
• Limited by the power modulation /
demodulation capabilities of the tag
• Readers are generally low bandwidth,
due to government regulations
• Passive tags can use high bandwidth
Coding
• Level Codes
– Non-Return-to-Zero
– Return-to-Zero
• Transition Codes
– Manchester
– Miller
Coding Considerations
• Code must maintain power to tag as
much as possible
• Code must not consume too much
bandwidth
• Code must permit the detection of
collisions
Coding for Readers and Tags
• Reader to Tag uses PPM or PWM
(lower bandwidth)
• Tag to Reader uses Manchester or NRZ
(higher bandwidth)
Modulation
• RF communications typically modulate high
frequency carrier signal to transmit baseband
code
• Three classes of digital modulation are ASK,
FSK, and PSK.
• ASK most common in 13.56 MHz load
modulation
• PSK most common in 915 MHz backscatter
modulation
Tag Anti-Collision
• Limited power consumption
• State information may be unreliable
• Collisions may be difficult to detect due
to varying signal strengths
• Cannot be assumed to hear one
another
Algorithm Classification
• Probabilistic
– Tags respond in randomly generate times
– Slotted Aloha scheme
• Deterministic
– Reader sorts through tags based on tag-ID
– Binary tree-walking scheme
Algorithm Performance Trade-offs
•
•
•
•
Speed at which tags can be read
Outgoing bandwidth of reader signal
Bandwidth of return signal
Amount of state that can be reliable
stored on tag
• Tolerance of the algorithm to noise
Algorithm Performance Trade-offs
• Cost of tag
• Cost of reader
• Ability to tolerate tags with enter and
leave during interrogation period
• Desire to count tags exactly as opposed
to sampling
• Range at which tags can be read
Regulations Effect
• US regulations on 13.56 MHz
bandwidth offer significantly less
bandwidth, so Aloha is more common
• 915 MHz bandwidth allows higher
bandwidth, so deterministic algorithms
are generally used
13.56 MHz Advantages
• Frequency band available worldwide as
an ISM frequency
• Up to 1 meter reading distance in
proximity / vicinity read
• Robust reader-to-tag communication
• Excellent immunity to environmental
noise and electrical interference
13.56 MHz Benefits
• Well-defined transponder interrogation
zones
• Minimal shielding effects from adjacent
objects and the human body
• Damping effects of water relatively
small, field penetrates dense materials
915 MHz Benefits
• Long range (from a few to several
meters, depending on regulatory
jurisdiction)
• High data rates
• Fast anti-collision and tags per second
read rate capabilities
The EPC System
• System that enables all objects to be
connected to the Internet by adding an
RFID tag to the object
• EPC
• ONS
• SAVANT
• Transponders
The EPC
• Electronic Product Code
• ID scheme designed to enable unique id
of all physical objects
• Only data stored on tag, since
information about object is stored on
network
• EPC acts like a pointer
The ONS
•
•
•
•
Object Name Service
Directory service that maps EPS to IP
Based entirely on DNS
At the IP address, data is stored in XML
and can be accessed via HTTP and
SOAP
The ONS
• Reduces power and memory
requirements on tag
• Transfer data communication to
backend network, saving wireless
bandwidth
• Makes system more robust
• Reduces size of microchip on tag
Savant
• System based on hierarchical control
and data management
• Provides automated control functionality
• Manages large volumes of data
• Acts as a gateway for the reader
network to the next higher level
Savant
• Transfers computationally intensive
functionality from tag to powered
system
• Any single point of failure has only local
effect
• Enables entire system to be scalable
since reader sub-systems are added
seamlessly
RFID Transponder
• Most numerous parts of system
• Most cost-sensitive part
• Protocols designed for 13.56 MHz and
915 MHz frequencies
• Implement a password-protected Self
Destruct command
RFID Security Benefits and
Threats
• Airline passenger and baggage tracking
made practical and less intrusive
• Authentication systems already in use
(key-less car entry)
• Non-contact and non-line-of-sight
• Promiscuity of tags
Previous Work
• Contact-less and constrained
computational resource similar to smart
cards
• Analysis of smart card security
concerns similar to RFID
• RFID especially susceptible to fault
induction and power analysis attacks
Security Goals
• Tags cannot compromise privacy of
holders
• Information should not be leaked to
unauthorized readers
• Should not be possible to build longterm tracking associations
• Holders should be able to detect and
disable tags they carry
Security Goals
• Publicly available tag output should be
randomized
• Private tag contents should be
protected by access control and
encryption
• Spoofing tags or readers should be
difficult
Low-cost RFID Issues
• Inexpensive read-only tags are
promiscuous and allow automated
monitoring – privacy concern
• Neither tags nor readers are
authenticated – security concern
• Full implementation of privacy and
security is costly – cost concern
Possible solutions
• Erase unique serial numbers at point of
sale – tracking still possible by
associating “constellations” of tags
• Public key cryptography – too
expensive
• Shared key – if one tag is compromised,
entire batch is effected
Approach to RFID Protection
• Use one-way hash function on tag –
“meta-ID”
• When reader knows meta-ID, tag is
‘unlocked’ and readable
• After reader is finished, tag is locked
• Tag has self-destruct mechanism to use
if under attack
Future Research
• Development of low cost crypto
primitives – hash functions, random
number generators, etc.
• Low cost hardware implementation w/o
computational loss
• Adaptation of symmetric encryption and
public key algorithms from active tags
into passive tags
Future Research
• Developing protocols that make tags
resilient to power interruption and fault
induction.
• Power loss graceful recovery of tags
• Research on smart cards and other
embedded systems