Slides - COSIC

inspectorwormsΗλεκτρονική - Συσκευές

27 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

72 εμφανίσεις

Modelling Privacy for Off
-
line
RFID Systems

Flavio

Garcia

Radboud

University Nijmegen

together with Peter van
Rossum

RFIDSec

2009

Outline


Current RFID privacy models


A new model for off
-
line RFID systems that
considers reader corruption


Forward and self
-
stabilizing backwards privacy


Protocols


Conclusions


RFID Systems

Current RFID Models

Permanent
secure
connexion



Juels

and Weis (2006)



Vaudenay

(2007)


Avoine

(2005)

Fwd
-
Privacy

Fwd
-
Privacy

Safe

Un
-
Safe

Time

Narrow
-
FWD Private protocol [OSK03]

Many real systems are more complex

Periodic

connexion

What kind of
security can still be
guaranteed?

More
information
on the
readers

Consider off
-
line systems where
readers can be compromised


An adversary is a PPTA with access to the set of
oracles O:


CreateReader
(R)


CreateTag
(T)


Launch(R)


Send(
m,A
)


Result()


CorruptTag
(T)


Sync()

O+ = O


{
DestroyReader
(R)}

Fwd and
Bwd
-
Privacy

Safe

Un
-
Safe

Unachievable!

(Unless extra assumptions are made)

Safe

Forward privacy

Self
-
stabilizing

backwards privacy

Forward and Self
-
stabilizing Backwards
Private Protocol (idea)

new
day!

BO

K ← h(k’+1)

K’ ← h(k’)

K ← h(k)

K ← h(k)

MAC using k’

K to `talk’ with the reader

K’ to `talk’ with the BO

Forward and Self
-
stabilizing Backwards
Private Protocol

Forward and Self
-
stabilizing Backwards
Private Protocol

Verify key
update

Improvement

Improving synchronization

But still
de
-
syncs if a
reader is
compromised

Almost
there

Improving synchronization

What to do

Take special measures when a reader is
compromised.

Only update
k’’s

in BO if no reader
corruption

Con: this extends the privacy lost by one
time slot

Conclusions


model for (off
-
line) RFID systems in the
presence of reader corruption


forward and self
-
stabilizing backwards private
protocols that uses only hash functions.


De
-
sync resilience