Foundations of Privacy 2010

cribabsurdElectronics - Devices

Nov 27, 2013 (3 years and 8 months ago)

58 views

Foundations of Privacy 2010


Guy Katz


Introduction to RFID


How does it work


Threats to user privacy


Possible solutions


“Wireless” Identification System


Consists of


Tag


Small transponder


Attached to a physical object


Transceiver


Reads (writes) data from tags


Connected to some database


RFID has been around for 60 years


“Friend or Foe” systems in WW II:


German pilots would roll their planes when coming
back to base


The British put basic transmitters on theirs


Theft prevention (1970’s)


Trucks in Los Alamos laboratory had transponders


Toll payments


Agriculture



A large increase in deployment since year
2000


Reasons:


Tags and readers much smaller and cheaper


World wide standardization (ISO)


Supply Chain Management


From production to customer; replaces bar codes


Payment systems


Toll roads, cafeterias, Rav
-
Kav


Access Control


Weizmann Institute of Science


Theft Prevention


Anti
-
Counterfeiting


Passports, Money Bills


Implanted Tags

Electronic Product Codes
(RFID)

Barcodes

Read Rate

High throughput.
Multiple (>100) tags can
be read
simultaneously

Very low throughput. Tags
can only be read manually,
one at a
time

Line of Sight

Not
required

Definitely
required

Durability

Can
even be internally
attached

Easily damaged,

swapped or
removed
; cannot
be read
if
dirty or
greasy

Human
Capital

Virtually none. Once up
and running, the system
is completely
automated

Large requirements.
Laborers must scan each
tag

Event
Triggering

Capable. Can be used to
trigger certain events
(like door openings,
alarms,
etc)

Not capable. Cannot be
used to trigger
events


Contain an antenna and a small circuit


Purpose in life: broadcast an ID


Usually 128 bits


Very small
-

a few millimeters


“Cost Barrier”


5 cent per tag


Two subgroups:


Active Tags


Passive Tags

Integrated Circuit

4 x 4 mm


Can initiate communication on their own


Transmit, looking for a reader


Range can be over 100 meters


Require a power source


Consequently, expensive

Active RFIF Tag

Part of a monitoring system

6.5 x 4 x 2 cm


No power source


Consequently, very cheap


Energy extracted from RF signal


Can’t initiate communication on their own


Need to receive energy before they can answer


Range up to 10 meters



Power tags through RF signals


Usually connected to

some database


Singulation (Anti
-
Collision)


Communicate with many tags at once


Still a bit expensive


Cheapest ones around 500$




A method used by readers


Goal: discover all present tags


Difficulty: If many tags answer together,
answers get mixed up


The reader can’t separate their answers


Does know that more than one tag responded


Need a way to solve collisions…


The standard singulation protocol


Each round, readers looks for a n
-
bit prefix


Asks: “Who starts with 1010…?”


Tags answer with their next digit


If multiple tags answer, recurse on both (n+1)
bits prefixes



For n tags and k identity bits, O(n*k)


In practice, a few seconds for a shopping cart

0

1

0

1

1

0

0

1

010

011

101

Who has “ “?

0
10

0
11

1
01

Who has “1“?

1
0
1

Who has “10“?

10
1

Who has “0“?

0
1
1

0
1
0

Who has “00“?

Who has “01“?

01
1

01
0


Various ranges


From 120 KHz to 10.6 GHz


Dictate passive read range


From 10cm to 10 meters, accordingly.


Can be used to ignore more distant tags


Sniffing/Eavesdropping


Spoofing/Cloning


Tracking


Replay


Denial Of Service




Not all attacks related to privacy!



Tags contain an identification code


EPC usually consists of 64
-
128 bits


Some bits indicate vendor and product ID


Others form a unique product ID


Tags becomes associated with a person!


Don’t even need to know item type


Reading is done silently and remotely


Personal information can be gathered


Information about individuals’ habits: where you
go, what you buy…


Physical tracking of people


Military and Corporate Espionage


Track down parts and components


Implanted Tags


Big Brother?




Need to keep the tags cheap


A wide range of systems and uses


No single solution suits everyone


Need to only block malicious readings



Defining the typical adversary


What sort of equipment? Readers, tags, scanners,
etc…


What sort of abilities?


Can impersonate a reader? Connect to the DB?


Always present?



We focus on EPC (Electronic Product Code)
RFID tags


Goal: prevent the adversary from associating
a tag with a person


Physically prevent RFID tags from
transmitting


Aluminum foil lined wallets


Special cases for smart passports


Take off covers when transmission needed


Problem: only suitable for specific RFID tags


Led lined supermarket bags?


Commercial products

already available


Passport Case
Available for 18$


Tags contain a “kill” command


A supermarket might disable tags on checkout


Zombie tags don’t answer readers


Prevents association of people with their tags


Covers most privacy concerns


Problems:


Some applications need the tag alive


Alice’s milk carton


Return products to stores


Toll payment tags, implanted tags


An approach proposed by Juels and Brainard
(2004)


Tags broadcast a privacy bit


“its ok/not ok
to read me”


Problem: readers may choose to obey policy


Corrupt readers risk being caught


How does the owner configure the tags?


Naïve solution…


Cryptographic solutions inherently expensive


Require computational power


Require more memory


Sometimes require source of randomness


Three approaches have been proposed:


Hash
-
Lock


Re
-
Encryption


Silent Tree Walking


So far, all too expensive to be practical


But we’ll have a look anyway…


Similar to a password


A tag can be locked by a reader


Locked tags don’t transmit until unlocked


Locked tags have an ID
y


Can only be unlocked by
x

s.t.
h(x) = y


h
: standard one
-
way hash function


The consumer knows
x
, can unlock at home


When locked, cannot be associated with the
owner





Problems:


Tags still need to calculate
h(x)


Expensive…


Many tags, hard to manage


Consumer might not be aware of all the tags he’s
carrying





Mechanism to prevent counterfeiting of
money bills


The idea:


Put an RFID tag inside the bill


Every bill has a unique ID


Encrypt the ID with a police public key


Periodically re
-
encrypt it


Can’t link different appearances of a given
tag






Re
-
encryption done by external agents (in big
stores, banks, etc)


Problems:


Costly infrastructure


Burdensome process


Often need to re
-
encrypt


People naturally lazy


Unclear just how effective the process is






Readers use singulation protocols


Most common: Tree Walking


It is sufficient to eavesdrop the reader to
identify the tag (up to last bit)


A reader transmits much louder


Can be “heard” from further away


The idea: encrypt the reader’s requests


Makes eavesdropping harder



Problem: How to encrypt?


Tags have limited resources and no randomness


Need a shared reader
-
tag key beforehand


Makes the system impractical


Still, might be useful combined with other
solutions…




Using an exterior device to block tag readers


Enables a user to block the adversary


One blocker suffices for all tags


Cheap


Same price as a tag


Don’t have to change existing RFID tags


Can turn off at home…






The idea: disrupt the singulation protocol


Trick the reader
-

make it think all tags are present


Makes reading useless


For instance, a tag that disrupts the tree
walking algorithm


Always answers both 0 and 1


Might require two antennas


The reader doesn’t know which tags exist






The blocker will disrupt any reading around it


Can be configured to only disrupt “private
branches”


Specific ID’s defined as private


Readers have no right to read them…


Can change the tree walking algorithm to
avoid unneeded queries




1

0

0

1

010

011

101

Who has “ “?

0
10

0
11

1
01

Who has “1“?

1
0
1

Who has “10“?

10
1

Who has “0“?

0
1
1

0
1
0

Blocker

Blocks 0*

Blocker

Blocks 0*

0

Who has “00“?

1

Who has “01“?

1
0
1

1
0
0

0

1

0

1

10
1

10
0

01
1

01
0


Can the blocker itself pose a privacy breech?


Can track a unique “private zone”


Allow only a few privacy policies?


Bob’s blocker may disrupt Alice’s readings


Can use a random “private zone” to avoid conflicts


Tradeoff with the previous bullet


Tailored for the tree walking algorithm


However, should be adjustable to any other
algorithm as well


Can be used in Denial of Service attacks







RFID is becoming cheap and widespread


It can easily disclose private information


Partial solutions:


Physical blocks


Zombie tags


Privacy Bits


Encryption schemes are effective, but require
expensive tags and infrastructure


Only suitable for specific cases


Blocker tags are a cheap, effective solution
for EPC RFID tags



Squealing Euros: Privacy
-
Protection in RFID
-
Enabled Banknotes” by
Juels

and
Pappu
, 2003


“Security and Privacy Aspects of Low
-
Cost Radio
Frequency Identification Systems” by Weis et al,
2003


“Selective Blocking of RFID Tags for Consumer
Privacy” by
Juels
,
Rivest

&
Szydlo
, 2003


“RFID Privacy: An Overview of Problems and
Proposed Solutions” by
Garfinkel
,
Juels

&
Pappu
,
2005


“RFID”, presentation by
Alon

Rosen