Ebook: Radio Frequency Identification System Security
This book, which forms part of the Cryptology and Information Security Series (CISS), presents the collected papers from the 2011 Workshop – ‘RFIDsec’11 Asia’ – on RFID security, co-hosted by Peking University and Penn State University in Wuxi, China, in April 2011. RFIDsec Asia is the Asian counterpart of the earlier RFID security workshop, RFIDsec, which was set up in 2005. It provides an Asia-based forum to address fundamental issues in theory and practice related to security and privacy issues, designs, standards and case studies in the development of radio frequency identification (RFID) systems, EPC global networks and the Internet of Things (IoT). The program of the 2011 workshop consists of one invited paper and a further nine papers, which were selected following a rigorous reviewing process by the Program Committee members and external reviewers. The papers cover many interesting topics in the realm of RFID security, including distance bounding and mutual authentication protocols, public key cryptography implementation and the Internet of Things.
This volume contains the papers presented at the 2011 Workshop on RFID Security (RFIDse'11 Asia) held in Wuxi, China on April 6–8, 2011.
The workshop was hosted by Peking University, and co-hosted by Penn state University. The Honorary Chairs were Fuqing Yang from Peking University and Weize Yang from Wuxi Government. The General Chairs were Xueming Tan from Wuxi Government, Zhong Chen from Peking University, Qi Zhang from RFID China Alliance, and Dave Hall from Penn State University.
RFIDsec Asia is the Asia version of the earliest RFID security workshop (RFIDsec) that has been devoted to address the security and privacy issues in Radio Frequency Identification (RFID). Starting in 2005, RFIDsec has been organized as a series of workshops held in Graz (2005/06), Malaga (2007), Budapest (2008), Leuven (2009) and Istanbul (2010).
RFIDsec'11 Asia is the third edition of the Asia series of workshops followed by RFIDsec'10 Asia in Singapore (2010) and RFIDsec'09 Asia in Taipei (2009).
RFIDsec'11 Asia provides a forum to address the fundamental issues in theory and practice related to security and privacy issues, designs, standards, and case studies in the development of RFID systems, EPCglobal network, and Internet of Things (IoT). This year we had an excellent program that consists of one invited paper, and nine regular papers, which were selected after a rigorous reviewing process by the Program Committee members and external reviewers. The papers cover many interesting topics in the realm of RFID security, including distance bounding and mutual authentication protocols, public key cryptography implementation and Internet of Things. All RFIDsec'11 Asia papers are published formally by IOS Press in the Cryptology and Information Security Series (CISS). A number of selected papers in the RFIDsec'11 Asia proceedings may be invited for submission to a special issue of an international journal.
The success of RFIDsec'11 Asia was made through the contributions from many individuals and organizations. We thank all authors who submitted their scientific papers. We are grateful to all Program Committee members and external reviewers for the time and effort they put into reviewing and commenting. Further on, we thank the Organization Committee, especially, Guangyi Shi for managing the workshop website. Last but not least, we are grateful to the Peking university Wuxi campus for sponsoring the workshop.
RFIDsec'11 Asia Program Chairs
Tieyan Li, Chao-Hsien Chu, and Ping Wang
April 2011
We present a black-box attack that is able to fully recover the secret values shared between entities involved in an authentication protocol. First, we explain how this black-box technique can be successfully applied against the class of protocols commonly known as ultralightweight protocols. Then, the effectiveness of this attack is shown by successfully cryptanalyzing the David-Prasad ultralightweight protocol [1], which is one of the most recent proposals in this research area. We show how we can recover the secret static identifier ID – the most valuable information which the protocol is designed to conceal – after eavesdropping only one protocol session. Our attack compares favorably to previous attacks against this protocol, and constitutes an interesting alternative for the very realistic scenario of attackers having access only to messages exchanged during a single authentication session. We also show how this disclosure attack can be used to mount a very powerful traceability attack that also improves on previous results.
Radio Frequency Identification (RFID) technology has been studied for several years. Supply chain management is one of the most significant fields that employ this novel technology. RFID-based EPCglobal network is a distributed inter-domain system, which enables every partner within the supply chain to share information with each other. However, no detailed security specification has been developed in EPCglobal standard, therefore a security mechanism is needed to solve the inter-domain information sharing issues between entities that have business relationship. In this paper, we examine the security threats, requirements and solutions for EPCglobal network from the information security perspective, with a focus on the authentication mechanism. We propose a security platform and a X.509 public key infrastructure (PKI) based EPCglobal certificate hierarchical model. The model enables a fine-grained authentication framework to secure the inter-domain EPCglobal supply network.
Universally Composable (UC) framework is the strongest security notion for designing fully trusted cryptographic protocols, and it is very challenging on applying UC security in the design of RFID mutual authentication protocols. In this paper, we formulate the necessary conditions for achieving UC secure RFID mutual authentication protocols in a fully trusted environment, and indicate the flaws of some existing schemes under UC framework. We define the ideal functionality for RFID mutual authentication and propose the first UC secure RFID mutual authentication protocol based on public key encryption and some trusted third parties which can be modeled as functionalities. We prove the security of our protocol under the strongest adversary model assuming both the tags' and readers' corruptions. Furthermore, we present two (public) key update protocols for the cases of multiple readers: one uses Message Authentication Code (MAC); the other uses trusted certificates in Public Key Infrastructure (PKI).
Many reader/tag authentication protocols are proposed to effectively authenticate tags and readers. However, we demonstrate with YA-TRAP as an example how false authentications that a legitimate tag could be wrongly rejected by a reader may arise from these protocols when they are applied to C1G2 (class 1 generation 2) passive RFID tags. In this paper, we identify a protocol pattern of which the implementation on C1G2 passive tags leads to false authentications, and further identify three types of the existing protocols that can bring with false authentications due to containing this pattern. Moreover, we give a necessary and sufficient condition for false authentications prevention, and propose a semaphore-based solution which revises the pattern by adding semaphore operations so as to avoid false authentications. Our experiments demonstrate the arising of false authentications and verify the effectiveness of our solution.
The application of RFID technology has gently incorporated into our daily life, e.g. supply chain management, credit cards, barcodes and ticketing. Hence privacy and security in RFID have a particular emphasis inasmuch as RFID tags suffer from some inherent weaknesses. Authentication as a crucial element for all security mechanisms has been an interesting subject in recent years. In this work, we analyze a recently proposed RFID authentication protocol by Kulseng et al. [1] and highlight its security and privacy vulnerabilities. We show that Kulseng protocol (KWYG protocol) being vulnerable to several significant attacks like desynchronization, tag and reader impersonation and traceability attacks. Finally, we propose our protocol to eliminate the vulnerabilities with reasonable storage and computational requirements.
The paper presents a new approach for systems with electronic identification documents equipped with simple RFID tags. We assume that document verification is performed offline, but the number of document verifiers as well as the number of documents is controlled by the document issuer. The primary application in mind are visas on a paper sticker with an inbuilt RFID circuit. We also aim to provide simple solutions based on paper stickers with simple RFID for club cards, customer ID cards, public transportation multi-usage tickets, soccer game tickets, etc.
With this application in mind, we consider a model in which document verifier may leak all verification information to a third party. This must not lead to possibility of forging RFID identification documents. Moreover, verification process should support privacy and provide no transferable proof of presence of a given person at a given place and time.
Designing a system with such properties is possible with asymmetric cryptography implemented in identity documents. In contrast, we present a lightweight solution, such that the document is hard to clone without physical access, verification can be performed by entitled agents only and without online contact to a central database. Despite this high functionality, the hardware requirements for RFID circuit remain relatively low.
Implementing public-key cryptography on passive RFID tags is very challenging due to the limited die size and power available. Typical public-key algorithms require complex logical components such as modular exponentiation in RSA. We demonstrate the feasibility of implementing public-key encryption on low-power, low cost passive RFID tags to large-scale private identification. We use Oded Regev's Learning-With-Error (LWE) cryptosystem, which is provably secure under the hardness assumption of classic lattice problems. The advantage of using the LWE cryptosystem is its intrinsic computational simplicity (the main operation is modular additions). We leverage the low speed of RFID application by using circuit design with supply voltage close to transistor threshold (Vt) to lower power. This paper presents protocols for using the LWE cipher to provide private identification and evaluates a design for implementing those protocols on passive RFID tags, and reports on simulation experiments that demonstrate the feasibility of this approach.
RFID tags can no longer be treated as pure bar-code substitute as their functional capabilities increase rapidly. Many of them are able to store and compute data, or hold sensors. The data flow in the EPCglobal network, which was created for “traditional” low-cost tags, does only work one-way: from tags to a couple of servers where data for the tags is stored and can be accessed by other readers or servers. To draw advantage from the increased functionality of the tags it will become important to have a two-way end-to-end communication between servers and tags, e.g. to remotely change data on the tags.
In this paper we show how to modify RFID readers and low-cost tags to make them suitable for a two-way communication via Internet. We consider the required capabilities of readers and tags and show how communication can be done via mobile IPv6. Afterwards we describe our implementation of a simulation environment based on the described concepts and discuss some applications. Security considerations round the description before we can conclude, that also passive low-cost RFID tags are able to become part of the Internet of Things.
Radio Frequency Identification (RFID) systems suffer from different security and privacy problems, among which relay attacks are a hot topic recently. A relay attack is a form of man-in-the-middle (MITM) attack where the adversary manipulates the communication by only relaying the verbatim messages between two parties. The main countermeasure against relay attacks is the use of distance bounding protocols measuring the round-trip time between the reader and the tag, more precisely, it uses bit exchanges for a series of rapid challenge-response rounds in RFID systems. In 2005, Hancke and Kuhn first introduced distance bounding protocol into RFID systems, after that, many schemes have been proposed based on this protocol. However, most schemes tend to a more complex design to decrease adversary's success probability. In this paper, we propose a novel distance bounding protocol named MEED, using only 2n bits of memory, which, to our best knowledge, is equal to Hancke and Kuhn's protocol and less than any existing protocols. In addition, by using our protocol, the tag is able to detect adversary's malicious queries. We also make a comparison with typical previous distance bounding protocols in both memory and mafia fraud success probability.
The authentication of existing EPC Information Service (EPCIS) platforms depends on individual authentication implementations of each EPCIS administration- this approach is not scalable and cannot fully meet the requirements of supply chain management. This paper extends OpenID authentication mechanism by sharing user attributes between identity providers and Relying Party (EPCIS in this application), and integrates the extended OpenID with EPCISs. This integrated platform allows a user with only one single OpenID account to access EPCISs of different domains around the globe, and each EPCIS can authorize applicable access rights to the users, based on the local policy and the user's attributes delivered from Identity Provider. This solution provides a scalable, effective and integrated authentication mechanism for EPCIS supplies chain management.