RFID安全协议

RFID安全协议 1. RFID系统组成、工作原理及应用 2. 安全需求 3. RFID安全协议分类 3.1 重量级RFID安全协议

1.1 RFID系统组成 无线射频识别Radio Frequency IDentification 非接触 唯一识别 自动识别 读写器 标签 后端数据库

8-12 digits (product identity) UPC Bar Code EPC Gen 2 RFID Identities 8-12 digits (product identity) 64-128 bits (item identity) Reading Optical Scanner Wireless Reader Tag Cost Ink, Paper ($0.00001?) Circuit, Antenna ($0.05)

RFID vs. Traditional smart cards Similar: data on an electronic data-carrying device Different: power supply and data exchange without galvanic contacts Different: very limited power on the transponder side (if any) Data goes two ways, clock and energy typically from the reader to the transponder 6

RFID tags in use at Extra “Future Store” in Rheinberg, Germany 标签 标签具有存储与计算功能，可附着或植入手机、护照、身份证、人体、动物、物品、票据中。 存储在标签中的数据用于唯一标识被识别对象。 Antenna Chip Hitachi’s 0.3 mm mu chip RFID tags in use at Extra “Future Store” in Rheinberg, Germany

Tags Nails Key holder Clock Plastic card Small box Label Plastic pin Smart label – you can also put an identifying information on it (e.g., barcode) Small box Label Plastic pin Roll of smart labels Images borrowed from http://www.barcode-fonts.de/, Wikipedia and ABIresearch 8

标签没有微处理器，仅由数千个逻辑门电路组成。因此，很难在RFID标签上使用公钥密码 根据标签的能量来源，可以将其分为：被动式标签、半被动式标签和主动式标签 被动式标签 半被动式标签 主动式标签 能量来源 发送器 最大距离 被动式 被动 10m 内部电池 100m 主动 1000m

Active tags Passive tags Power Battery Supplied by the reader Availability of power Continuous Only in field of reader Range ~100m up to 3-5m, usually less Price 10-100 euro less than 10 eurocents Memory 1-2Mb 0.5-2Kb Size > 2cm*2cm > 0.05mm*0.05mm (without an antenna) Better for “aggressive environments”

标签按照功能的分类 种类 能量来源 别名 存储 特点 Class 0 Class 1 Class 2 Class 3 Class 4 被动式 任意 内部电池 防盗窃Tag EPC 传感器Tag 智能颗粒 None 只读 读写 EAS功能 仅用于识别 数据日志记录 环境传感器 自组网络 EAS用于电子检测的标签

低频RFID技术一直用于近距离的门禁管理，多标签同时识读慢。 根据标签的工作频率，又可将其分为：低频（Low Frequency, LF）（30-300kHz）、高频（High Frequency, HF）（3-30MHz）、超高频（Ultra High Frequency, UHF）（300-968MHz）和微波（Micro Wave, MW）（2.45-5.8GHz）。 低频RFID技术一直用于近距离的门禁管理，多标签同时识读慢。 13.56MHz高频RFID 速度较快，可以实现多标签同时识读，形式多样，价格合理。但是13.56MHz高频RFID 产品对可导媒介（如液体、高湿、碳介质等）穿透性不如低频产品，由于其频率特性，识读距离较短。 860～960 MHz 超高频RFID产品常常被推荐应用在供应链管理（Supply Chain Supply, SCM）上，超高频产品识读距离长，能够实现高速识读和多标签同时识读。但是，超高频电磁波对于如水等可导媒介完全不能穿透，金属的绕射性也很差 EAS用于电子检测的标签

根据射频标签内部使用的存储器类型的不同可分成三种： 可读写标签(RW) 一次写入多次读出标签 (WORM) 只读标签(RO) RW标签一般比WORM标签和RO标签贵得多，如信用卡等。WORM标签是用户可以一次性写入的标签，写入后数据不能改变，WORM标签比RW标签要便宜。RO标签存有一个唯一的号码ID，不能修改，但最便宜 EAS用于电子检测的标签

1. 1 RFID系统组成 读写器 实际上是一个带有天线的无线发射与接收设备，处理能力、存储空间都比较大。 分为手持和固定两种。

1.1 RFID系统组成 后端数据库 可以是运行于任意硬件平台的数据库系统。 通常假设其计算和存储能力强大，并包含所有标签的信息。 通常假设标签和读写器之间的通信信道是不安全的，而读写器和后端数据库之间的通信信道则是安全的。

1.2 RFID系统工作原理 Tags (transponders) Reader (transceiver) Database 02.3DFEX4.78AF51 EasyToll card #816 Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency Reader (transceiver) Reads data off the tags without direct contact Database Matches tag IDs to physical objects

RFID系统的通信模型 物理层主要关心的是电气信号问题，例如频道分配、物理载波等，其中最重要的一个问题就是要载波“切割”(singulation)问题。通信层定义了Tag读写器与Tag之间双向交换数据和指令的方式，其中最重要的一个问题就是解决多个Tag同时访问一个Tag读写器时的冲突问题；应用层用于解决和最上层应用直接相关的内容，包括认证、识别以及应用层数据的表示、处理逻辑等。

1.3 RFID系统应用

“我不是John” Prada's RFID Closet

药物 移动手持设备 上映时间: 16.00, 19.00

GuangShen Railway Ticket RFID Cattle Ear Tags Beijing Olympic Games Tickets The 2nd Generation ID Card

Shanghai public transportation card Stock identification Shanghai public transportation card New British passport Animal identification Dutch library reader’s pass 23

供应链管理SCM

货物定位跟踪管理

移动RFID

Mobile RFID Network Architecture OIS Server 6. Request information of a tag to URL Internet 7. Transmit information of the tag Wireless Base Station 1. Request EPC Mobile RFID Reader 3. EPC RFID Tag 2. Reply EPC 8. Information of EPC 5. Reply URL 4. Request information of URL for EPC ONS Server Mobile RFID Network Architecture [Kim et. al. 2007]

2. 基本的安全问题 数据安全：由于任何实体都可读取标签，因此敌手可将自己伪装成合法标签，或者通过进行拒绝服务攻击，从而对标签的数据安全造成威胁。 隐私：将标签ID和用户身份相关联，从而侵犯个人隐私。未经授权访问标签信息，得到用户在消费习惯、个人行踪等方面的隐私。和隐私相关的安全问题主要包括信息泄漏和追踪。 复制：约翰斯霍普金斯大学和RSA实验室的研究人员指出RFID标签中存在的一个严重安全缺陷是标签可被复制。

安全需求 具体应用安全需求 认证性 匿名性 前向安全性和后向安全性 可用性 强匿名性:在读写器与标签的2次交互中，敌手不能区分这2次交互对象是否为同一个标签 弱匿名性:读写器不能够分辨是哪个标签与其交互 前向安全性和后向安全性 可用性

RFID系统的威胁： 普通安全威胁:机密性,可用性等 隐私相关的威胁 信息泄漏 追踪 攻击者 他们拥有什么? 消费者 攻击者

2015年的琼斯先生 假发 钱包中有1500000欧元 30个婴儿 尿片 人造手指 《法轮功》 类型 #4456 (便宜的聚酯) 序列号: 医学部位 #459382 美国本来计划在2005年8月在入境护照装备电子标签的计划因为考虑到信息泄漏的安全问题已经被推迟 钱包中有1500000欧元 序列号: 597387,389473… 30个婴儿 尿片

欧洲消费者提出需要隐私保护 Rheinberg, Germany February 28, 2004

Protest at Texas Wal-Mart Photo by Bill Bryant Protest at Texas Wal-Mart

“More-Efficient Mugging” “Just in case you want to know, she’s got 700 Euro and 8 World Cup tickets…” mug 抢劫 From Ari Juels USENIX Security 2004 talk http://www.usenix.org/events/sec04/tech/slides/juels.htm

Realistic Threats Espionage 间谍 Profiling/Tracking Corporate Espionage

Implanting RFID in humans? Advantageous for cancer patients undergoing chemotherapy; people with pacemakers or other medical implants; cognitive impairment due to epilepsy, diabetes, or Alzheimer’s disease; emergency (allergy)… Your favourite drink at the bar?! 37

Politics? 2004: The attorney general of Mexico and 18 of his staff had chips implanted to allow them to gain access to certain high-security areas. 2006: President of Colombia : agree to require Colombian citizens to be implanted with RFID chips before they could gain entry into the US for seasonal work. 2008: UK jails considering RFID implants for prisoners. Ethical issues: freedom of choice patrons in the night clubs what happens if the company goes bankrupt? who is the owner of the chip and of the information stored on it? can the human-implanted tags be deactivated? are we going to the big brother situation? 38

Big Brother is watching you? 39

Things that can go wrong (1) personal privacy, state or military security. Issues: illegal reader; legal reader and legal tag but illegal combination; eavesdropping for replaying the data Image borrowed from http://www.rfidguardian.org/ Illicit tracking of RFID tags 40

Things that can go wrong (2) The envelope contains a hermetically sealed RFID-enabled credit card. Malicious reader can extract the information as the envelope is not necessarily RF-hermetic. Can be a problem if mailboxes can be easily accessed. Johnny Carson a.k.a. Carnac the Magnificent. Image borrowed from http://www.answers.com/ Skimming 41

Things that can go wrong (3) Image borrowed from the CNN Texas instruments made a special car key called DST… http://www.rfidjournal.com/article/articleview/1415/1/39/ Having reverse-engineered the cipher, we demonstrated that the 40-bit length of its cryptographic keys is inadequate--not just vulnerable to brute-force attack, as the cryptographic community knows, but inadequate in the face of practical attacks against the DST system. We implemented a system of attack that operates in three phases against a target DST: 1. “Skimming”: We use an RFID reader in our possession to establish brief radio contact with the DST. The reader interrogates the DST twice over the course of a fraction of second. 2. Key cracking: Employing the “skimmed” data, we use a specially programmed hardware “key cracker” to recover the unique cryptographic key of the DST. With a few hundred dollars worth of equipment, this takes about 10 hours on average. We are working on a software system that uses standard cryptographic techniques to crack a key in minutes. 3. Simulation: We program a hardware device with the cryptographic key recovered from the DST. This device can then impersonate the original DST; while our device is dissimilar in shape and size to a DST, it is digitally indistinguishable. Loosely speaking, we demonstrated the digital cloning of DSTs. We believe that an attacker with the right expertise could manufacture a self-contained apparatus about the size of Apple iPod that implements all three phases of the attack. Such a device might cost as little as several hundred dollars. Anyone capable of the attack we have demonstrated can effectively roll back automobile security by 10 years, contravening a mechanism that has been responsible, by some accounts, for a 90 percent reduction in automobile theft. Alternatively, such an attacker could charge gasoline purchases to a victim’s Speedpass account. We have not created a weakness in the DST: We have uncovered one with serious implications. Example 1 (Auto theft via eavesdropping) Eve runs an automobile theft ring. She owns a van with eavesdropping equipment. She parks this near a target automobile so as to eavesdrop on ignition-key-to-reader transmissions. 1 After observing two turns of the ignition key, she is able to extract the cryptographic key of the DST at her leisure using an FPGA. She returns subsequently to steal the target automobile. To enter the vehicle, she picks or jimmies the door lock. She then hot-wires the ignition and deactivates the immobilizer by simulating the DST of the real key. Tag cloning 42

Things that can go wrong (4) Image borrowed from the city council of Christchurch, New Zealand Using information obtained in the RF-context in some different context, to create a magstripe card, re-encode the stripe on an existing card, or use these data in a card-not-present transaction such as a telephone or online mail-order purchase. Cross contamination 43

Things that can go wrong (5) we are interested in disabling the tags (e.g. after the purchase) but this should be done only by those allowed! There are attacks that force RFID tags to a state where the tag can no longer properly authenticate itself (timestamps, falling out of synchronisation). moreover, even if the particular ID has been removed and the type of the id remains, one can use a “constellation technique”: a unique penchant for RFID-tagged Gucci shoes, Rolex watches and Cohiba cigars may betray your anonymity. Can you resurrect the tags? Image by Jim Smith Tag killing 44

Things that can go wrong (6) This highly probable as RFID tags are so cheap and most probably will be disposed in large quantities. Therefore, RFIDs are vulnerable for side channel attacks. Forward-security is important to guarantee the privacy of past transactions if the long-term key or current session key are compromised. Image from http://clerkkids.house.gov/ Tags captured and secret info detected (physical invasion or side channel attacks) 45

Things that can go wrong (7) Jamming Can also be selective jamming attack, where an adversary blocks all RF channels between reader and tags 46

The Pandora box of RFID Ethical issues Illicit tracking of the tags Skimming Tag cloning Cross-contamination Tag killing Tags captured and secret info detected Jamming Image by J.W. Waterhouse 47

So far… 1) data 2) Object to be identified Antenna Data carrier (transponder) RFID reader Application RFID Tag 2) Object to be identified

3. RFID安全协议的分类 RFID安全机制 物理方法 密码机制 上述二者的结合

Kill标签 kill命令最初由Auto-ID中心提出。每一个标签都有一个口令。当阅读器使用口令对标签发送kill命令时，标签将永久地停止工作。 例子：结帐时禁用附着于商品上的标签 缺点:标签用于识别商品，如果商品不合格需要返回，那么需要重复使用标签中提供的信息。RFID标签标识图书馆中的书籍,当书籍离开图书馆后这些标签是不能被禁用的,这是因为当书籍归还后需要使用相应的标签再次标识书籍。

Sleeping标签 解决禁用标签killing tag缺陷的办法是：让标签处于睡眠状态，而不是禁用，以后可使用唤醒口令将其唤醒。 困难:一个唤醒口令和一个标签相关联。于是这就需要一个口令管理系统。但是，当标签处于睡眠状态时，没有可能直接使用air interface将特定的标签和特定的唤醒口令相关联。因此，需要另一个识别技术，例如条形码，以标识用于唤醒的标签

Blocking 标签 隐私bit“0”表示标签接受非限制的公共扫描；隐私bit“1”表示标签是私有的。以bit“1”开头的标识符空间指定为隐私地带(privacy zone)。 当标签生产出来，并且在购买之前，即在仓库、运输汽车、储存货价的时候，标签的隐私bit置为“0”。换句话，任何阅读器都可扫描它们。当消费者购买了使用RFID标签的商品时，销售终端设备将隐私bit置为“1”，让标签处于隐私地带。

法拉第网罩 由于无线电波可被传导材料做成的容器屏蔽，法拉第网罩将贴有RFID标签的商品放入由金属网罩或金属箔片组成的容器中，从而阻止标签和读写器通信。由于每件商品都需使用一个网罩，该方法难以大规模实施。

RFID Shield ($9.99) 患偏执狂的 锡 箔 Tin Foil

主动干扰 标签用户通过一个设备主动广播无线电信号用于阻止或破坏附近的RFID读写器操作。但该方法可能干扰附近其他合法RFID系统，甚至阻断附近其他使用无线电信号的系统。

使用密码技术 分类名称 支持的操作 代表性协议 重量级协议 对称密钥、非对称密钥、单向函数 简单的协议 随机数生成器和单向函数 Hash锁系列 轻量级协议 随机数生成器和一些简单的函数 例如CRC 但不支持单向Hash函数 HB系列 超轻量级协议 只支持比特操作 例如XOR、AND、OR LMAP和M2AP

RFID认证基本思路 基本的ID协议 攻击:任一把钥匙(标签)都可开门(Reader)

ID列表 合法钥匙可开门

ID加密 可区分标签,可重放假冒标签

Nonce

新鲜性

3.1 重量级协议 支持对称密钥加密、单向函数，甚至公钥。 主要应用于护照中。 能提供较高的安全性。 增加制造成本，阻碍了RFID系统的广泛使用。

3.2 简单的协议 Hash Lock 敌手可追踪标签、伪装成合法标签 Stores metaID=hash(key) 1. Tag读写器向Tag发送Query认证请求； 2. Tag将metaID发送给Tag读写器； 3. Tag读写器将metaID转发给后端数据库； 4. 后端数据库查询自己的数据库，如果找到与metaID匹配的项，则将该项的( key , ID)发送给Tag读写器，其中ID 为待认证Tag的标识，metaID = H ( key)；否则，返回给Tag读写器认证失败信息； 5. Tag读写器将从后端数据库接收的部分信息key发送给Tag ； 6. Tag验证metaID = H( key)是否成立，如果成立，则将其ID 发送给Tag读写器； 7. Tag读写器比较自Tag接收到的ID是否与后端数据库发送过来的ID 一致，若一致，则认证通过；否则，认证失败。 Stores metaID=hash(key)

随机化Hash锁 敌手可追踪标签、伪装成合法标签 还可实现重放攻击 Stores all IDs: Stores its own IDk ID1, … ,IDn Stores its own IDk

增强的随机化Hash锁 DB计算量大 单向认证

Hash链协议 重放攻击 DB计算量大 1. Tag读写器向Tag发送Query认证请求； 2. Tag使用当前的秘密值st , j 计算at , j = G ( st , j )，并更新其秘密值为st , j + 1 = H ( st , j )，Tag 将at , j发送给Tag读写器； 3. Tag读写器将at , j转发给后端数据库； 4. 后端数据库系统针对所有的Tag数据项查找并计算是否存在某个IDt (1≤t≤n) 以及是否存在某个j (1≤j≤m)，其中m为系统预设置的最大链长度) 使得at , j =G( H j - 1( st , 1 ) ) 成立。如果有，则认证通过，并将IDt发送给Tag；否则，认证失败。

David的数字图书馆RFID协议 DB计算量大 双向认证 1 1. Tag读写器生成一秘密随机数RR ，向Tag发送Query认证请求，将RR发送给Tag； 2. Tag生成一个随机数RT ，使用自己的ID 和秘密值s计算σ= IDf s (0 , RR , RT ) ， Tag 将( RT ,σ) 发送给Tag 读写器； 3. Tag读写器将( RT ,σ) 转发给后端数据库； 4. 后端数据库检查是否有某个IDi (1≤i≤n)，使得IDi =σf s (0 , RR , RT ) 成立；如果有，则认证通过，并计算β= IDif s (1 , RR , RT )，然后将β发送给Tag读写器； 5. Tag读写器将β转发给Tag； 6. Tag验证ID =βf s (1 , RR , RT ) 是否成立，如成立，则认证通过 DB计算量大 双向认证

分布式RFID询问-应答认证协议 DB计算量大 双向认证

YA-TRAP协议 YA-TRAP协议后端数据库存储预计算的Hash查找表，认证时不再进行Hash计算，增强了实时性。缺点是存在拒绝服务攻击。

YA-TRAP协议 Hash查询表 YA-TRAP协议后端数据库存储预计算的Hash查找表，认证时不再进行Hash计算，增强了实时性。缺点是存在拒绝服务攻击。

3.3 轻量级的协议 HB系列概率协议

3.3 轻量级的协议 HB 可抵抗被动攻击 不可抵抗主动攻击 A simple active attack where an adversary pretending to be the reader transmits a fixed rA to the tag several times can retrieve the value of x.

3.3 轻量级的协议 HB+

3.3 轻量级的协议 对HB+协议的攻击:不能抵抗中间人攻击 The core of the attack consists of manipulating the challenge sent by the reader (i.e., rA) by sending the XOR of rA and a constant k-bit vector δ to the tag on all r rounds of the authentication process. If the authentication succeeds, δ · x=0 with a high probability. If the authentication fails, δ · x=1 with a high probability. Here, an adversary can manipulate δ to reveal each bit of the secret key x one by one.

3.4 超轻量级的协议 LMAP 标签识别： 双向认证： Reader  Tag: hello Tag  Reader: IDS Reader  Tag: A || B || C Tag  Reader: D A = IDS  K1  n1 //Tag求出n1 B = (IDS  K2) + n1 // Tag验证B C = IDS + K3 + n2 // Tag求出n2 D = (IDS + ID)  n1  n2 // Tag响应,双方使用n2更新

仅介绍对LMAP的同步失调攻击 LMAP双向认证： Reader  Tag: A || B || C’ Tag  Reader: D’ 其中 n2’ 依赖于 n2 C’ = C  [I]0 D = (IDS + ID)  n1  n2’ D’ = D  [I] 0

谢谢!