CCCP: Secure Remote Storage for Computational RFIDs

Passive RFID tags harvest their operating energy from an interrogating reader, but constant energy shortfalls severely limit their computational and storage capabilities. We propose Cryptographic Computational Continuation Passing (CCCP), a mechanism that amplifies programmable passive RFID tags' capabilities by exploiting an often overlooked, plentiful resource: low-power radio communication. While radio communication is more energy intensive than flash memory writes in many embedded devices, we show that the reverse is true for passive RFID tags. A tag can use CCCP to checkpoint its computational state to an untrusted reader using less energy than an equivalent flash write, thereby allowing it to devote a greater share of its energy to computation. Security is the major challenge in such remote checkpointing. Using scant and fleeting energy, a tag must enforce confidentiality, authenticity, integrity, and data freshness while communicating with potentially untrustworthy infrastructure. Our contribution synthesizeswellknown cryptographic and low-power techniques with a novel flash memory storage strategy, resulting in a secure remote storage facility for an emerging class of devices. Our evaluation of CCCP consists of energy measurements of a prototype implementation on the batteryless, MSP430-based WISP platform. Our experiments show that--despite cryptographic overhead--remote checkpointing consumes less energy than checkpointing to flash for data sizes above roughly 64 bytes. CCCP enables secure and flexible remote storage that would otherwise outstrip batteryless RFID tags' resources.

[1]  Benny Pinkas,et al.  Analysis of the Linux random number generator , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[3]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[4]  Philip Levis,et al.  Usenix Association 8th Usenix Symposium on Operating Systems Design and Implementation 323 Quanto: Tracking Energy in Networked Embedded Systems , 2022 .

[5]  David Wetherall,et al.  Revisiting Smart Dust with RFID Sensor Networks , 2008, HotNets.

[6]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[7]  Kevin Fu,et al.  Getting Things Done on Computational RFIDs with Energy-Aware Checkpointing and Voltage-Aware Scheduling , 2008, HotPower.

[8]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[9]  Sarvar Patel,et al.  SQUARE HASH: Fast Message Authenication via Optimized Universal Hash Functions , 1999, CRYPTO.

[10]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[11]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[13]  R. N. Uma,et al.  Battery power-aware encryption , 2006, TSEC.

[14]  Qian Wang,et al.  USENIX Association Proceedings of FAST ’ 03 : 2 nd USENIX Conference on File and Storage Technologies , 2003 .

[15]  Alanson P. Sample,et al.  Design of an RFID-Based Battery-Free Programmable Sensing Platform , 2008, IEEE Transactions on Instrumentation and Measurement.

[16]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[17]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[18]  Prashant J. Shenoy,et al.  Rethinking Data Management for Storage-centric Sensor Networks , 2007, CIDR.

[19]  David A. Cooper,et al.  Secure Biometric Match-on-Card Feasibility Report , 2007 .

[20]  J. Lien,et al.  Degradations due to hole trapping in flash memory cells , 1989, IEEE Electron Device Letters.

[21]  Mohammad Ilyas,et al.  VoIP Handbook: Applications, Technologies, Reliability, and Security , 2008 .

[22]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[23]  Gilles Brassard,et al.  On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys , 1982, CRYPTO.

[24]  David E. Culler,et al.  SPINS: security protocols for sensor networks , 2001, MobiCom '01.

[25]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[26]  M. Ilyas,et al.  RFID Handbook: Applications, Technology, Security, and Privacy , 2008 .

[27]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[28]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[29]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[30]  D.J. Yeager,et al.  Wirelessly-Charged UHF Tags for Sensor Data Collection , 2008, 2008 IEEE International Conference on RFID.

[31]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[32]  Peter Desnoyers,et al.  Capsule: an energy-optimized object storage system for memory-constrained sensor devices , 2006, SenSys '06.