RFID Technical Tutorial and Threat Modeling. Presented by: Neeraj Chaudhry University of Arkansas

Similar documents
Lightweight Cryptography for RFID Systems

RFID Technologies. By Francisco J. Carabez

Plan, outline / Wireless Networks and Applications Lecture 23: RFID and NFC. How Does It Work? What is RFID? Page 1

Wireless# Guide to Wireless Communications. Objectives

RFID OVERVIEW. by ADC Technologies Group. Introduction to Radio Frequency Identification (RFID) Certified RFID Provider

EPC Standards: EPC Tag Classes: EPC Class Type Features Tag Type

RFID (Radio Frequency IDentification)

RFID Based Event/Activity Management System

RFID Basics. Three primary frequency bands have been allocated for RFID use.

About The FILE Group of Companies

RFID TECHNOLOGY FOR IDENTIFICATION, SECURITY AND DOCUMENT HANDLING IN LIBRARY

Radio Frequency Identification (RFID) on Cisco Catalyst 9000 Family Switches

abhisam RFID Discover the power of e-learning!

SL3 ICS General description UCODE EPC G2

Ref:

IEEE RFID 2012 Tutorials and Workshops

Design of the RFID for storage of biological information

Manufacturing Insights: RFID: Tool Tracking Solutions

Real World Applications of RFID. Mr. Mike Rogers Bryan Senior High School Omaha, NE

Sridhar Iyer. IIT Bombay

Managing the EPC Generation Gap An overview of EPC standard migration from Generation 1 To Generation 2 RFID tags. APPLICATION WHITE PAPER

RFID Overview. Outline. Definition. Barcode Replacement. Reading Tags

White Paper. A B C s o f R F I D : U N D E R S T A N D I N G

Information Security in Electronic Toll Fare System

RAIN Radio Protocol. December 2015

Letter Report: An RFID-enabled Warehouse at DRDC Valcartier

INNOV-6: "RFID Vapor, Fiction and Truths"

RFID FAQs, not Fiction

RFID: What s it all about? Presented by Leonard E. Miller

Comparative Analysis of Tag Estimation Algorithms on RFID EPC Gen-2 Performance

Dimitar Popov Zeina Muallem

FRAUNHOFER INSTITUTE FOR PHOTONIC MICROSYSTEMS IPMS. Into the Cloud with Wireless RFID Sensors

Company LOGO RFID and Track & Trace System

AN APPLICATION OF RFID IN MONITORING AGRICULTURAL MATERIAL PRODUCTS

KEYWORDS: RFID, RFID tags, RFID receiver, Lecturer, Students, Attendance. INTRODUCTION:

Seminars of Software and Services for the Information Society. Introduction to RFId Radio Frequency Identification

Library Automation using RFID Technology

WEBINAR SERIES #4 EPC/RFID STANDARDS AND RFID STUFF YOU NEED TO KNOW

ISO/IEC SC31 & GS1/EPCglobal. ETSI, 3 December 2007 Henri Barthel, GS1 Global Office

Module 7 Evaluation and Selection

Imagine the Power of Knowing. An introduction to our Company

Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development

Introduction to RFID Applications

RFID: Technology and Applications

White paper. ABCs of RFID: Understanding and using radio frequency identification

DESIGN, OPERATION AND ANTI-COLLISION PROCEDURE OF DATA TRANSFER OF INTELLIGENT LOAD UNITS

Modified Epc Global Network Architecture of Internet of Things for High Load Rfid Systems

Identification & Traceability Solutions for the Industry

SATO RFID White Paper

Avonwood Developments Ltd. Tel: +44 (0) Fax: +44 (0) Web:

RFID Basic Terms and Frequently Asked Questions

Secure EPCglobal Class-1 Gen-2 RFID System Against Security and Privacy Problems

RFIDs at Work: Tracking Assets, Managing People, and Controlling Costs. Jack Cook, Ph.D., CFPIM, CSQE, CSCP

RADIO FREQUENCY IDENTIFICATION (RFID) Anush Kumar,Chandan Kumar Department of ECE Dhronacharya Engineering College,Gurgaon,India

10/14/09. What is RFID? RFID. Radio Frequency IdenCficaCon (RFID) Radio Frequency IdenCficaCon

EPCglobal Overview Delivering value through global standards

The Full Range for RFID

RFID & EPC Essentials. Version 01

EPC Advanced Technical

Introduction to RFID

ALN-9768 Wonder Dog Inlay

Not only identification. UHF-RFID in the Food Chain - From Identification to Smart Labels

IMPLEMENTATION OF RFID TECHNOLOGY IN LIBRARY

Applications of Fast-Moving RFID Tags in High-speed Railway Systems

Whitepaper: Do Passive RFID Tags need Hazardous Area certification?

Warehouse Automation using RFID Technology

OBID RFID by FEIG ELECTRONIC. RFID Reader Technologies: OBID i-scan HF / UHF

International Journal of Advance Engineering and Research Development. School Bus Attendance And Monitoring System Using RFID

RFID: SOLUTIONS WITHOUT A BARRIER

TITLE: SCHOOL BUS ATTENDANCE AND MONITORING SYSTEM USING RFID

Discover the power of e-learning! RFID COURSE

ISO/IEC INTERNATIONAL STANDARD

RFID Tags and Readers

Privacy Preservation and Mutual Authentication in RFID Systems

Technical Review Paper Evaluation Form (attach this form as the cover page for your report)

RFID Technology : Introduction and Application

Don t Make the Mistake of Using RFID Technology With an Application Built for Barcodes

Ubiquitous Computing in Business Processes Part II

Sensor-Based Services

ZMC, LLC Distribution. & Technical Services. Library RFID Management System

Identity Management. ID management for people and objects

Executive Conference. Case Study: Tire Tagging and RFID Within the Auto Industry

MICROCHIP TECHNOLOGY, MITSUBISHI MATERIALS AND CHECKPOINT SYSTEMS RAISE THE BAR IN MHz RFID TAGGING IC PERFORMANCE

Welcome! NDIA RFID Seminar November 4, Overview of RFID. Productivity by RFID Pete Cipriani. Copyright 2005 Productivity By RFID

Monitoring and Centering a Remote Discrete Using Rfid through Sim Module

RFID: Technology and Applications. Qian Zhang

EPC Primer. JAG. Nov Texas Instruments proprietary information 1

PORT & SHIPPINGTECH. Intermec: Leadership and Experience. Globally: Active in over 65 Countries

RFID supply chain standards. Brussels, 24 October 2007 Henri Barthel, GS1 Global Office

The Role of RFID in the IDENTIFICATION of Things

Security challenges for RFID key applications

Root Beer Game in Progress

SIMATIC RF630L Smartlabel 1. SIMATIC Sensors. RFID systems SIMATIC RF630L Smartlabel. Operating Instructions 06/2009 J31069-D0186-U001-A4-7618

A Secured Mutual Authentication Protocol For RFID System

Merchandise Auto Identification Application

RFID Based Intelligent Warehouse Management Solution

Bridging the gap for new applications in electronics with interactive Gen2 RFID

Chapter 17 Radio Frequency Identification (RFID)

Available online Journal of Scientific and Engineering Research, 2018, 5(4): Research Article

Transcription:

RFID Technical Tutorial and Threat Modeling Presented by: Neeraj Chaudhry University of Arkansas 1

RFID Tutorial Outline Introduction RFID System Tags Readers Data link layer Modulation Encoding Anti-Collision Protocol Frequencies Standardization EPCglobal Network EPC vs UPC EPC Tag Classes Class-0 Tag Class-1 Gen-1 Tag Class-1 Gen-2 Tag RFID Threats Categorized with STRIDE 2

What is RFID? Stands for Radio Frequency Identification Uses radio waves for identification New frontier in the field of information technology One form of Automatic Identification Provides unique identification or serial number of an object 3

Applications Mobil Speedpass systems Automobile Immobilizer systems Fast-lane and E-Zpass road toll system Animal Identification Secure Entry cards Humans Supply chain management 4

RFID System Tags consists of antenna and a microchip Readers consists of a transmitter, receiver, and one or more antennas Management system Communication protocol Computer Networks 5

RFID System 6

RFID Tag Tag is a device used to transmit information such as a serial number to the reader in a contact less manner Classified as : Passive Active Semi-passive 7

Classification of Passive and Active tag Characteristics Passive RFID tag Active RFID tag Power Source Provided by a reader Inbuilt Availability of power Within the field of reader Continuous Signal Strength (Reader to Tag) Signal Strength (Tag to Reader) High Low Low High Communication range < 3meters >100 meters Tag reads < 20 moving tags @ 3mph in few seconds >1000 moving tags @ 100mph in 1 sec Memory 128 bytes 128 Kbytes Applicability in supply chain Applicable where tagged items movement is constrained Applicable where tagged items movement is variable and unconstrained 8

RFID Reader Also known an interrogator Reader powers the tag by sending it RF energy Can be handheld or stationary Consists of: Transmitter Receiver Antenna Microprocessor Memory Controller or Firmware Communication channels Power 9

Communication Link Inductive Coupling Backscatter Coupling 10

Modulation Process of changing the characteristics of radio waves to encode data and to transmit it to the other end Techniques used depends on the power consumption, reliability and available bandwidth. Amplitude Shift Keying (ASK) Frequency Shift keying (FSK) Phase Shift Keying (PSK) 11

Encoding BINARY DIGITS 0 1 0 0 1 1 0 1 0 0 1 0 NRZ RZ MANCHESTER PWM PPM MILLER FM0 12

Anti-Collision Protocol Tag Anti-Collision protocol Aloha/Slotted Aloha Deterministic binary tree walking Query tree walking Reader Anti-Collision protocol TDM/FDM 13

RFID Frequency range Frequency Band < 135 KHz 6.765 6.795 MHz 7.4 8.8 MHz 13.553 13.567 MHz 26.957 27. 283 MHz 433 MHz 868 870 MHz 902 928 MHz 2.4 2.483 GHz 5.725 5.875 GHz Description Low frequency HF HF HF HF UHF UHF UHF SHF SHF 14

Standarization ISO 18000 1: Generic air interfaces for globally accepted frequencies 18000 2: Air interface for 135 KHz 18000 3: Air interface for 13.56 MHz 18000 4: Air interface for 2.45 GHz 18000 5: Air interface for 5.8 GHz 18000 6: Air interface for 860 MHz to 930 MHz 18000 7: Air interface at 433.92 MHz EPCglobal UHF Class-0 UHF Class-1 Generation-1 (Class-1 Gen-1) UHF Class-1 Generation-2 (Class-1 Gen-2) 15

Electronic Product Code Global (EPCglobal) Network EPCglobal Network consists of five component Electronic Product Code (EPC) number ID system (tags and readers) EPC middleware Discovery Service (ONS) Information service 16

Electronic Product Code (EPC) 17

EPC vs. UPC (Barcodes) Both are forms of Automatic identification technologies Universal Product Code (UPC) require line of sight and manual scanning whereas EPC do not UPC require optical reader to read whereas EPC reader reads via radio waves EPC tags possess a memory and can be written while UPC do not 18

EPC Tag Classes Class 0 Class 1 Class 2 Class 3 Class 4 Class 5 Passive Passive Passive Semi-passive Active Active Read only Read only write once 65 KB read-write 65 KB read-write with built-in battery Built-in battery Communicates with other class 5 tags and devices 19

EPCglobal UHF Class-0 Tag Describes physical layer reader-to-tag link, tag-to-reader link and data link anticollision protocol Reader to tag link use 100% or 20% modulation amplitude modulated (AM) carrier signal Use binary tree anti-collision protocol 20

Class-0 Reader-to-Tag Symbols BINARY 0 BINARY 1 NULL 21

Binary tree anti-collision protocol for Class-0 22

EPCglobal UHF Class-1 Gen-1 Employs same modulation and encoding techniques as UHF Class-0 Use query tree walking anti-collision protocol Reader queries by using group of bits, matching tags responds with an 8-bit response during one of eight time slots. SLOT 000 SLOT 001 SLOT 010 SLOT 011 SLOT 100 SLOT 101 SLOT 110 SLOT 111 Eight time slot for tags response 23

Query Tree Protocol for Class-1 Gen-1 and first step of Gen-2 24

EPCglobal UHF Class-1 Gen-2 Use one of ASK, FSK or PSK modulation with PWM encoding referred as pulseinterval encoding (PIE) format. Reader chooses the encoding format for tag-to-reader link. FM0 Miller Use Aloha-based random anti-collision protocol called Q protocol 25

Q Protocol (Anti-Collision Protocol) Select phase Single out particular tag population with one or more bits like query tree protocol Inventory phase identify individual tag using Q protocol (slotted-aloha based) Reader sends Query with parameter Q and Session number (Q=4 is suggested default) Reader creates slotted time Tags pick random 16-bit number for handle Tags in requested session pick a random number in the range [0,2^Q-1] for slot_number If slot_number = 0, backscatter handle If slot_number!= 0, wait that number of slots to backscatter handle Reader ACKs individual tag with handle and goes to access phase. All other tags wait. If more that one tag answers, reader can send same Q again or send modified Q Access phase Reader interacts with tags requesting EPC number and any other information 26

RFID Threats Categorized with STRIDE Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege 27

Spoofing Threat A competitor or thief performs an unauthorized inventory of a store by scanning RFID EPC tags with an unauthorized reader to determine the types and quantities of items. An unauthorized reader can query the tag for the EPC number because most tags used in the supply chain respond to any reader. The EPC number is only a number. However, because of the standard way of creating an EPC number, an attacker can determine the manufacturer and possibly the product number. It is likely that the number assigned to all manufacturers will become public knowledge as well as the product number after some short period of time. 28

Tampering with Data Threats An attacker modifies a tag. An attacker modifies the tag in a passport to contain the serial number associated with a terrorist or criminal. An attacker modifies a high-priced item s EPC number to be the EPC number of a lower cost item. An attacker modifies the EPC number on tags in the supply chain, warehouse, or store disrupting business operations and causing a loss of revenue. An attacker adds a tag to an object. An attacker adds a tag in a passport that contains the serial number associated with a terrorist or criminal. An attacker adds additional tags in a shipment that makes the shipment appear to contain more items than it actually does. An attacker deletes data on a tag. An attacker kills tags in the supply chain, warehouse, or store disrupting business operations and causing a loss of revenue An attacker erases the tags setting all values including the EPC number to zero in the supply chain, warehouse, or store disrupting business operations and causing a loss of revenue. An attacker removes or physically destroys tags attached to objects. This is used by an attacker to avoid tracking. A thief destroys the tag to remove merchandise without detection. An attacker reorders data on a tag or reorders tags. An attacker exchanges a high-priced item s tag with a lower-priced item s tag. 29

Repudiation Threats A retailer denies receiving a certain pallet, case, or item. The owner of the EPC number denies having information about the item to which the tag is attached. 30

Information Disclosure Threats A bomb in a restaurant explodes when there are five or more Americans with RFID-enabled passports detected. An attacker blackmails an individual for having certain merchandise in their possession. A fixed reader at any retail counter could identify the tags of a person and show the similar products on the nearby screen to a person to provide individualized marketing. A competitor or thief performs an unauthorized inventory of a store by scanning tags with a reader to determine the types and quantities of items. A thief could create a duplicate tag with the same EPC number and return a forged item for an unauthorized refund. 31

Denial of Service Threats An attacker kills tags in the supply chain, warehouse, or store disrupting business operations and causing a loss of revenue. A shoplifter carries a blocker tag that disrupts reader communication to conceal the stolen item. The blocker tag is used against the Class-0 using the tree walking anti-collision protocols. An attacker can simulate many RFID tags simultaneously causing the anti-collision to perform singulation on a large number of tags making the system unavailable to authorized use. 32

Elevation of Privilege Threats A user logging on to the database to know the product s information can become an attacker by raising his/her status in the information system from a user to a root server administrator and write or add malicious data into the system. 33

Contact Information NEERAJ CHAUDHRY 705 West Putman Street, Apt # R-2, Fayetteville, AR-72701 Email: nchaudh@gmail.com Phone: (479) 599-9107 Dale R. Thompson, P.E., Ph.D. Department of Computer Science and Computer Engineering University of Arkansas 311 Engineering Hall Fayetteville, Arkansas 72701 Phone: +1 (479) 575-5090 FAX: +1 (479) 575-5339 E-mail: d.r.thompson@ieee.org WWW: http://csce.uark.edu/~drt/ 34

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback