- •Abstract
- •Resumé
- •Contents
- •Remerciements
- •Personal Bibliography
- •Introduction
- •The Need for Dedicated Cryptographic Primitives for RFID Tags
- •Privacy Issues in RFID Systems
- •Our Privacy Model
- •Preliminaries
- •Notations
- •Probabilities and Negligible Functions
- •Classical Cryptography
- •Message Authentication Codes
- •Cryptographic Hash Functions
- •Universal Hash Functions
- •Pseudo-Random Functions
- •The Random Oracle Model
- •Proof Techniques
- •Hard Problems
- •The LPN Problem and the HB Family
- •The LPN Problem
- •Extensions of the LPN Problem
- •Security Models for the HB Family
- •The HB Protocol
- •The GRS Attack
- •Attempts to Thwart the GRS Attack
- •Description
- •Proposed Parameter Sets
- •Asymptotic Complexity Analysis
- •Optimizing the Attack
- •Thwarting the Attack: the Case of Vectors without False Rejections
- •Perspectives
- •SQUASH
- •Description
- •Handling Window Truncation
- •Handling the Truncation of the Combinaison of Many Integers
- •Generalization
- •Conclusion
- •Privacy Failures in RFID Protocols
- •ProbIP and the SAT Problem
- •Violation of Anonymous Privacy
- •Future Development
- •MARP
- •Description
- •Auth2
- •Description
- •YA-TRAP+
- •O-TRAP
- •A Backward and Forward Untraceable Protocol
- •Tracing O-FRAP
- •Violating the Forward Privacy of O-FRAP
- •Conclusion
- •Privacy Models for RFID
- •The ADO Model
- •Description
- •RFID System
- •Correctness
- •Privacy
- •From Narrow Privacy to Privacy
- •Narrow-Strong and Forward Privacy Using Public-Key Encryption
- •Achieving Strong Privacy
- •Our Proposal: Incorporate the Blinder into the Adversary
- •Sampling Algorithms and the ISH Hypothesis
- •Plaintext-Awareness
- •Instances of Plaintext-Aware Encryption Schemes
- •From PA+ to PA++ Plaintext-Awareness
- •Privacy
- •Security Proof
- •Correctness
- •Security
- •The Case of Mutual Authentication
- •RFID System with Mutual Authentication
- •Correctness
- •Privacy
- •Correctness and Security for the Reader
- •Security for the Tags
- •Strong Privacy with Mutual Authentication
- •Strong Privacy
- •Conclusion
- •The Security of RFID Primitives
- •Our Contributions
- •Further Work
- •Our Contributions
- •Further Work
- •Final Notes
- •List of Figures
- •List of Tables
- •List of Definitions
- •Bibliography
- •Curriculum Vitæ
|
|
In a similar way to YA-TRAP, it is possible to trace an RFID tag implementing the RIPP-FS protocol in the following way.
. Learning:
a)uery Send to the reader to initiate two protocol sessions, obtaining (Kj; tj) and (Kj+1; tj+1), where tj+1 > tj, and Kj = H(Kj+1).
b)Make a Send query to a tag T0 with the value (Kj+1; tj+1). Since this is a valid
message generated from the reader, a response hj = HMACKID0 (ti+1) is expected. More importantly, the tag will update its time interval counter as tID0 = ti+1, as
well as the other secrets Ki = Ki+1 and KID0 = Hti tID (KID0 ).
. Challenge: Some time later, when an adversary decides to trace a tag, she issues a Send query with (Ki; ti) to the challenge tag Tb, and passes the response to the reader. If Tb = T0, then the target tag’s response will have been hj+1 = PRNGID(i) and will not successfully pass the validation check by the reader. However, when Tb = T1, the response hj+1 = HMACKIDb (ti) will successfully pass the validation check. us by passively observing the reader-tag interaction via Execute queries, an adversary can distinguish between T0 and T1 and win the privacy game.
6.7A Backward and Forward Untraceable Protocol
At ICICS ’ , Lim and Kwon [LK ] proposed an RFID protocol that o ers untraceable privacy(UPriv)bothbeforeanda ercorruptionofatag. isisindeedamajorfeat,sinceother RFID schemes in literature are only able to treat backward untraceability, i.e. a corrupted tag cannot be linked to any past completed sessions.
e initialization phase is as follows: |
|
|
|
|
|
i, and evaluates m |
1 evolutions |
|||||
|
|
secret Ki for each tag |
T |
|||||||||
. |
e reader chooses ajrandom j |
1 |
) for 1 j |
j |
|
|
|
g |
|
|
||
|
0 |
K |
|
|
m |
|
|
|
||||
|
of Ki = Ki, i.e. Ki = g( ji |
|
|
|
|
1, where |
|
is a pseudorandom |
||||
|
function. It then computes ti |
= extl2 (Ki |
) for 0 j m |
|
1, where l2 is some |
|||||||
|
appropriate bit length, extl(x) is an extraction function returning l bits of x. |
|||||||||||
. |
e reader also chooses a random ui for each tag Ti and computes a key chain fwijgjn=01 |
|||||||||||
|
of length n, such that win |
= ui and wij = h(wij+1) for 0 j n |
1, where h is a |
|||||||||
|
pseudorandom function. |
|
|
|
|
|
|
|
|
|
|
|
. |
e tag stores wi;T ; Ki where wi;T = wi0 and initializes a failure counter ci = 0. |
|||||||||||
. |
e reader creates two tables jL1; L2 for Ti in its database, where L2 is empty and L1 |
|||||||||||
|
has entries of the form si; fti gjm=01; ui; ni; wi;T ; wi;S where ni = n and wi;S = wi1 |
|||||||||||
|
thus wi;T = h(wi;S). |
|
|
|
|
|
|
|
|
|
|
|
A |
er initialization, a normal protocol session is illustrated as in Figure . , where f is a |
pseudorandom function. For further discussions on this protocol, the interested reader is referred to [LK ].
.
|
|
|
|
|
|
Reader R |
Tag Ti |
|
Database: f: : : ; (Ki; tablesL1; L2); : : : g |
Secret: wi;T ; ci; Ki |
|
pick r1 ! r1 |
ti extl2 (Ki) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ti;r2; 1 |
|
check 9tij : (tij = ti) ^ (tij 2 ftikgkm=01)^ |
|
|
|||||||||||
Ki; ftikgkm=01; ui; ni; wi;T ; wi;S 2 (L1 [ L2) |
|
|
|||||||||||
calculate K′ |
= g(Ki)j; ′ |
= ext |
l2 |
(f(K′; r1 |
r2)) |
|
|
||||||
i |
|
1 |
|
|
|
i |
|
jj |
|
|
|
||
|
|
|
and check that 1′ |
= 1 |
|
2 |
|||||||
|
calculate 2 |
= f(K′; r2 |
|
r1) |
|
wi;S |
! |
||||||
|
|
|
|
i |
|
jj |
|
|
|
||||
for k = 0 : : : m |
|
|
|
^k |
|
j+k+1 |
; |
|
|
||||
j 1 calculate: ti |
= ti |
|
|
|
|
||||||||
|
for k = m |
j : : : m |
|
1 calculate: |
|
|
|||||||
K^i = g(Ki′); t^ik = extl2 (g(K^i)k |
|
m+j); |
|
|
|||||||||
|
|
|
^ |
k |
m |
1 |
in L2 |
|
|
||||
|
|
update Ki; fti gk=0 |
|
|
|||||||||
calculate Ki = g(Ki (wi;Sjjr1jjr2)); |
|
|
|||||||||||
tij |
= extl2 (g(Ki)j) for j = 0 : : : m |
1; |
|
|
|||||||||
ni = ni |
1; wi;T |
= wi;S; wi;S |
= h(ui)ni |
|
|
||||||||
update Ki; ftikgkm=01, ni, wi;T ; wi;S in L1 |
|
|
pick r2
1 extl1 (f(Ki; r1jjr2)).
wi;S = f(Ki; r2jjr1) 2. check h(wi;S) = wi;T .
If yes:
ci = 0; wi;T = wi;S;
Ki = g(Ki (wi;T jjr1jjr2)). else
ci = ci + 1; if ci < m
update Ki = g(Ki).
Figure 6.9: e backward and forward untraceable RFID protocol.
Tracing the Tag. For the purpose of understanding our attack, it su ces to review the gist of the Lim-Kwon protocol. e tag updates its stored secret Ki in two possible ways. If the reader is successfully authenticated, it would update as Ki = g(Ki (wi;T jjr1jjr2)). Else, the tag would update as Ki = g(Ki); up to m times of unsuccessful authentications, a er which the tag stops updating its Ki. is eventual non-updating allows the reader to catch up.
Our attack nevertheless works using the basic pattern of desynchronization that we applied in Section . . Recall that the idea of the attack is to intentionally desynchronize the tag from the reader by sending the tag into the future.
. Learning: An adversary sends m number of queries r1j for 1 j m to the tag T0, and records the tag’s response tj for 1 j m. Since the adversary is impersonating the reader, thus each time it will not pass the check by the tag, and so each time the tag would update its stored secret as Ki = g(Ki), from which ti will be derived in the next session.
. Challenge: uery r1m to the tag Tb 2 fT0; T1g, and obtain its response t .
. Guess: Check if t = tm. If so, then the adversary knows this was the tag it queried during the learning phase i.e. Tb = T0. Else, it knows that Tb = T1.
Lim and Kwon remarked that once a tag is successfully authenticated by a reader, then the
.
|
|
tag’s stored secret Ki would be freshly randomized so that tracing of any kind is prevented. Yet, our adversary can repeat the above step of the Learning phase by sending m arbitrary queries r1j for 1 j m to the tag again to desynchronize it and the same tracing attack applies.
In order to solve the DoS problem, the authors included a feature into the design of the protocol that unfortunately allowed our attack causing the tag to be traceable even without corruption, although the goal for their protocol was much stronger i.e. backward and forward untraceability even with corruption.
Violating the Forward Untraceability. Another goal of the protocol is to achieve forward untraceability, i.e. even if a tag is corrupted thus leaking its stored secret Ki, it should be impossible for the adversary to trace the tag in future sessions. Nevertheless, we describe an attack in the context of the example application provided by Lim and Kwon of a tag embedded in a purchased item. Initially, the seller’s reader R1 has legitimate access to the tag. At the point of purchase, ownership of this access should transfer to the buyer’s reader R2. eattack canbemountedeitherbytheseller’sreaderorbyanoutsideradversaryhavingaccessto Corrupt queries.
. An outsider adversary issues a Corrupt query to the tag Tb, obtaining its stored secret Ki. Alternatively, the seller’s reader R1 knows the stored secret Ki and wi;T .
. At the point of purchase, the buyer’s reader R2 interacts with the tag in a protocol session, thus updating Ki. During this time, the adversary eavesdrops the values r1; r2 communicated in the session.
. Right a er the interaction between the tag and the buyer’s reader R2, the adversary initiates a protocol session with the tag. Since she knows the previous Ki, and also the latest values of r1; r2, the adversary can recompute the latest Ki = g(Ki (wi;T jjr1jjr2)) and thus produces a message the passes the tag’s veri cation procedure. is way, the adversary can trace the tag in all future sessions and block other readers, including the buyer’s,from authenticating the tag.
is result contradicts the protocol’s claim that its ownership transfer is perfect. While Lim andKwonarguedthattheprotocolachievesforwarduntraceabilityundertheassumptionthat the adversary cannot eavesdrop on all future legitimate interactions involving the tag and the reader; the above attack works without violating that assumption. Lim and Kwon also gave a provable security model for forward untraceability in its Appendix. However, their protocol was not formally proven in that model, and only a sketch of the proof was provided in [LK ].
6.8O-FRAP and O-FRAKE
At AsiaCCS ’ , Le et al. [LBdM ] presented a universally composable (UC) [Can ] privacy model for RFID protocols, and proposed O-FRAP and O-FRAKE. ese two protocols
.
|
|
Reader Rj |
Tag Ti |
Database: f: : : ; (ri; Ki); : : : g |
Secret: ri; Ki |
pick r ! r |
|
ri;v2
check 9(ri; ; Ki) in DB calculate v1′ jjv2′ jjv3′ jjv4′ = F (Ki; rjjri)
check v2′ = v2 output Accept(Ti)
v′
update (ri; Ki) = (v1′ ; v4′ ) in DB ! 3
v1jjv2jjv3jjv4jjv5 = F (Ki; rjjri)
Set ri |
v1. |
If (v3 = v3′ )
Output Accept(Rj).
|
|
Set Ki v4 |
|
|
|
Figure 6.10: e O-FRAP protocol. |
|
|
|
|
|
|
|
|
|
Reader |
|
Tag |
|
|
Database: f: : : ; (ri; Ki; SKi); : : : g |
Secret: |
ri; Ki; SKi |
|
pick r ! r
ri;v2
check 9(ri; ; Ki; SKi) in DB calculate v1′ jjv2′ jjv3′ jjv4′ jjv5′ = F (Ki; rjjri)
check v2′ = v2 output Accept(Ti; SKi)
v′
update (ri; Ki; SKi) = (v1′ ; v4′ ; v5′ ) in DB ! 3
v1jjv2jjv3jjv4jjv5 = F (Ki; rjjri)
Set ri |
v1. |
If (v3 = v3′ )
Output Accept(Rj; SKi).
Set Ki; SKi v4; v5 .
Figure 6.11: e O-FRAKE protocol.
are shown in Figures . and . , respectively, in which F denotes a pseudorandom function.
. . Tracing O-FRAP
O-FRAP is formally proven to be a secure untraceable RFID protocol in the LBdM model where corruption of tags is allowed, in the sense that the only information revealed to an adversary is if a party is a tag or a reader. Yet we show here how its untraceable privacy can be violated by presenting a tracing attack that is valid even in a weaker privacy model where corruption possibility is not granted to the adversary.
e attack works as follows:
. Learning: e adversary sends an arbitrary r value to the tag T0, but does not complete
. - -