Ebook: Radio Frequency Identification System Security

This volume contains the papers presented at the 2013 Workshop on Radio Frequency Identification/Internet of Things Security (RFIDsec'13 Asia) held in Guangzhou, China on November 27, 2013. The workshop was co-hosted by South China Normal University and Jinan University. The General Chairs were Yingjiu Li, from Singapore Management University, and Yong Tang from South China Normal University.

RFIDsec'13 Asia is aligned with the RFID security workshop (RFIDsec) which addresses security and privacy issues in Radio Frequency Identification (RFID). Since its inception in 2005, RFIDsec has been organized as a series of workshops held in Graz (2005/06), Malaga (2007), Budapest (2008), Leuven (2009), Istanbul (2010), Amherst (2011), Nijmegen (2012) and Graz (2013). RFIDsec'13 Asia is the fifth edition of this series of workshops to be held in Asia, following RFIDsec'09 Asia in Taipei (2009), RFIDsec'10 Asia in Singapore (2010), RFIDsec'11 Asia in Wuxi (2011) and RFIDsec'12 Asia in Taipei (2012).

RFIDsec'13 Asia provides an international forum to address the fundamental issues in theory and practice related RFID/IoT technologies and applications. This year's excellent program consists of 10 high-quality papers, selected after a rigorous review process by both members of the Program Committee and external reviewers. Many interesting topics are covered, including RFID authentication, mutual authentication and ownership transfer, security of RFID applications, NFC and the Internet of Things, and side channel attacks. All RFIDsec'13 Asia papers are published by IOS Press in the Cryptology and Information Security Series.

RFIDsec'13 Asia was made possible thanks to the contributions of many individuals and organizations. First, we would like to thank all those authors who submitted their scientific papers. We would also like to thank the Program Committee members and external reviewers for reviewing and commenting on the submitted papers. Furthermore, we thank the Organization Committee for organizing this workshop. Last but not least, we are grateful to South China Normal University and Jinan University for hosting the workshop.

Changshe Ma and Jian Weng

November 2013

Radio frequency identification (RFID) tag privacy is an important issue to RFID security. To date, there have been several attempts to achieve the wide-strong privacy by using zero-knowledge protocols. In this paper, we launch an attack on the recent zero-knowledge based identification protocol for RFID, which was claimed to capture wide-strong privacy, and show that this protocol is flawed. Subsequently, we propose two zero-knowledge based tag authentication protocols and prove that they offer wide-strong privacy.

We propose a method for prevention of tracking RFID tags. We consider the model in which the adversary may eavesdrop a large fraction of interactions, but not all of them.

We propose a scheme that we call Chameleon RFID. It is based on dynamic changes of identity during each interaction – flipping half of bits at random positions. The scheme is not based on any secrets shared by the systems and the tags but on their continuous interaction.

We prove privacy properties of the scheme with means of rapid mixing of Markov chains and provide concrete estimations and experimental evaluation of the rate of convergence to the uniform distribution. We also present some specific applications of the method proposed. The most important one is leaving traces of unauthorized tag activation.

In practical applications, the owner of an RFID-tagged item canchange. In this paper, we propose a new RFID ownership transfer protocol using elliptic-curve cryptography. The paper first considers security and privacy requirements in the ownership transfer process. Then the paper provides a detailed description of our ownership transfer scheme outlining various protocol phases. Key features of the proposed scheme are that it allows controlled delegation and authorisation recovery, and the ownership transfer is achieved without a trusted third party. We describe a security analysis of the proposed scheme and demonstrate that it meets the desired security and privacy requirements. We also illustrate the performance results and show that our scheme is feasible for lightweight RFID tags.

One of the concerns that comes with the use of RFID tags is that these respond to any query. This can be overcome by having mutual authentication between reader and tag. However, the ordering between the two authentication steps is crucial. In this paper, we formalise mutual RFID authentication: capturing the necessary coupling between tag authentication and reader authentication as well as the ordering between these authentication steps. We show that the reader needs to authenticate first to the yet unknown tag to 1) preserve the tag's privacy, 2) make it more resistant to side-channel analysis and 3) ensure that the end-user can observe the protocol's output. We propose a generic construction to transform existing private RFID authentication protocols into proper private RFID mutual authentication protocols. Finally, we design a very efficient wide-strong private RFID mutual authentication protocol that requires the tag to compute only three scalar-elliptic curve point multiplications. We also show how this new protocol can be implemented efficiently in hardware.

RFID technology has gained tremendous popularity in the recent years. The tiny, inexpensive RFID tags can be easily attached to objects for seamless identification. However, one glaring weakness of RFID tags, especially passive RFID tags is its lack of capability for implementing strong crypto primitives for security purposes. When no or a weak crypto primitive is implemented, the adversary could easily eavesdrop to the communication session between the reader and the tag, he can potentially gain all the secrets about the tag. In doing so, the secrecy of the messages and the privacy of the tag is violated. In this paper, we introduce a new framework that would protect the messages transmitted from the tag to the reader. This framework makes use of the physical properties of RFID systems by sending a random time-varying waveform from the tag to the reader for power harvesting rather than a fixed amplitude waveform. We show theoretically this framework is secure against one eavesdropper by showing the eavesdropper's decoding error probability is very close to 50%. Furthermore, we have implemented our framework, the experimental results also confirm with our theoretical results. Finally, we will discuss two more stronger forms of attack.

The uses for the Internet of Things are growing and cloud platforms have become available to manage deployed devices. The security of the Internet of Things is an important consideration and a challenge. There are potentially a large number of devices of limited capability that need to be managed and are required to perform tasks that depend on data flow to the back-end platform. Most platforms use the current industry standard for secure online communication – SSL (HTTPS). However, SSL allows for many different configurations, some of which are not secure. This paper offers an initial study of SSL communications security between devices and platforms by investigating the SSL implementations offered for prominent Internet of Things platforms. It is found that amongst these platforms the strength of the SSL configuration supported vary greatly.

RFID tags are extensively used in many applications, even though RFID systems suffer from security and privacy risks, such as data forgery and tracking. RFID authentication protocols and lightweight cryptographic algorithms have been developed to overcome these risks. Saarinen et al. have studied some design requirements for the lightweight cryptographic algorithms from the viewpoint of implementation [33]. They have proposed lightweight stream ciphers to generate Tag-IDs. However, the Tag-ID length they evaluated is too short to realize secure RFID authentications and compact implementations of the lightweight hash functions are inappropriate for generating the Tag-IDs because they take a large number of clock cycles. In this paper, we evaluate hardware performance of certain lightweight stream ciphers for generating long Tag-IDs defined in RFID standards, such as the EPC Data Standard and ISO/IEC 15963. We evaluate hardware performance of certain lightweight hash functions with parallel implementation to meet a low area requirement and to achieve high speed performance. We show that as the Tag-IDs become longer, the hash functions take a large number of clock cycles while the stream ciphers take smaller number of clock cycles. Our results reveal that the light weight stream ciphers are suitable for generating the Tag-IDs for RFID applications which require quick responses.

Near Field Communication (NFC) is an emerging short-range wireless communication technology that is at the heart of an expanding spectrum of easy-to-use, intuitive, and contactless applications. Unfortunately, the multiple operating modes and numerous application scenarios have made it particularly challenging for securing NFC based systems. In this paper, we review the potential security threats for NFC and summarize the efforts of standardization bodies and industry using elliptic curve cryptography (ECC) to protect NFC based systems in great detail. We also improve a key agreement and confirmation protocol in the ECMA-386 standard to an authenticated version and propose an entity authentication protocol based on the elliptic curve Diffie-Hellman (ECDH) primitive and the elliptic curve Qu-Vanstone (ECQV) implicit certificate scheme. Efficient and secure implemen tations of the ECDH scheme on NFC-enabled devices are discussed and reported.

Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices – especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire – depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance.

MPKC is one of the most promising public-key cryptosystems against cryptanalysis on quantum computer. Its effecient implementation is also suitable for low-resource portable devices such as smart cards and RFID tags. In this paper, we investigate the existing side channel attacks against MPKCs, give a survey of power analysis attacks and fault attacks, including DPA against SFLASH, and fault attacks against HFE.