Security and Privacy in Radio-Frequency Identification Devices

Radio Frequency Identification (RFID) systems are a common and useful tool in manufacturing, supply chain management and retail inventory control. Optical barcodes, another common automatic identification system, have been a familiar packaging feature on consumer items for years. Due to advances in silicon manufacturing technology, RFID costs have dropped significantly. In the near future, low-cost RFID “electronic product codes” or “smart-labels” may be a practical replacement for optical barcodes on consumer items. Unfortunately, the universal deployment of RFID devices in consumer items may expose new security and privacy risks not present in closed manufacturing environments. This thesis presents an introduction to RFID technology, identifies several potential threats to security and privacy, and offers several practical proposals for efficient security mechanisms. We offer several policy suggestions and discuss various open questions and areas of research. Thesis Supervisor: Ronald L. Rivest Title: Viterbi Professor of Electrical Engineering and Computer Science

[1]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[2]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[3]  Burton S. Kaliski,et al.  The MD2 Message-Digest Algorithm , 1992, RFC.

[4]  Randy H. Katz,et al.  Next century challenges: mobile networking for “Smart Dust” , 1999, MobiCom.

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[7]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[8]  Eli Biham,et al.  Differential Cryptanalysis of Feal and N-Hash , 1991, EUROCRYPT.

[9]  Sean W. Smith,et al.  Smart cards in hostile environments , 1996 .

[10]  Louis Henkin,et al.  The International Bill of Rights: The Covenant on Civil and Political Rights , 1981 .

[11]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[12]  Xuejia Lai,et al.  A Fast Cryptographic Checksum Algorithm Based on Stream Ciphers , 1992, AUSCRYPT.

[13]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[14]  S. Wolfram Random sequence generation by cellular automata , 1986 .

[15]  Sami Harari,et al.  Non-Linear Non-Commutative Functions for Data Integrity , 1985, EUROCRYPT.

[16]  Hu Chuan-Gan,et al.  On The Shift Register Sequences , 2004 .

[17]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[18]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[19]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[20]  Winn Schwartau Information Warfare , 1996, Encyclopedia of Public Administration and Public Policy, Third Edition.

[21]  Jacques Patarin,et al.  The Knapsack Hash Function proposed at Crypto'89 can be broken , 1991, EUROCRYPT.

[22]  F. Delano United Nations Universal Declaration of Human Rights , 1952, Nature.

[23]  Ralph Howard,et al.  Data encryption standard , 1987 .

[24]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[25]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[26]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[27]  Tom Ahlkvist Scharfeld An analysis of the fundamental constraints on low cost passive radio-frequency identification system design , 2001 .

[28]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[29]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[30]  J. Rubenfeld The Right of Privacy , 1989 .

[31]  R. Fletcher,et al.  Reconfigurable Agile Tag Reader Technologies for Combined EAS and RFID Capability , 2000 .

[32]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[33]  Robert Metcalfe,et al.  Ethernet: distributed packet switching for local computer networks , 1988, CACM.

[34]  Records, Computers and the Rights of Citizens , 1973 .

[35]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[36]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[37]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[38]  Pieter Retief Kasselman,et al.  Analysis and design of cryptographic hash functions , 1999 .

[39]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[40]  Paul C. Kocher Cryptanalysis of Di e-Hellman, RSA, DSS, and Other Systems Using Timing Attacks , 1999 .

[41]  J. D. Tygar,et al.  Cryptography: It''s Not Just For Electronic Mail Anymore , 1993 .

[42]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[43]  Joos Vandewalle,et al.  Fast Hashing on the Pentium , 1996, CRYPTO.

[44]  Suresh Chari,et al.  A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards , 1999 .

[45]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[46]  Martín Abadi,et al.  Authentication and Delegation with Smart-cards , 1991, TACS.

[47]  Stephen Wolfram,et al.  A New Kind of Science , 2003, Artificial Life.

[48]  Claude Crépeau,et al.  Quantum Oblivious Transfer , 1994 .

[49]  R. Gavison Privacy and the Limits of Law , 1980 .

[50]  Gilles Zémor,et al.  Hash Functions And Graphs With Large Girths , 1991, EUROCRYPT.

[51]  Ran Canetti,et al.  Perfectly One-Way Probabilistic Hash Functions , 1998, Symposium on the Theory of Computing.

[52]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[53]  R. E. Bobbett,et al.  Short range passive telemetry by modulated backscatter of incident cw rf carrier beam. [Remote temperature measurements in cattle] , 1976 .

[54]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[55]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[56]  Joos Vandewalle,et al.  A Hardware Design Model for Cryptographic Algorithms , 1992, ESORICS.

[57]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[58]  Stefan Lucks,et al.  On the Minimal Hardware Complexity of Pseudorandom Function Generators , 2001, STACS.

[59]  Jennifer Seberry,et al.  HAVAL - A One-Way Hashing Algorithm with Variable Length of Output , 1992, AUSCRYPT.

[60]  Joos Vandewalle,et al.  Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[61]  J. W. Gardner,et al.  Health, Education, and Welfare. , 1965, Science.

[62]  Steve H. Weingart Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences , 2000, CHES.

[63]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[64]  J. Morsink,et al.  The Universal Declaration of Human Rights: Origins, Drafting, and Intent , 1999 .

[65]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[66]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[67]  Benny Bing Broadband Wireless Access , 2000 .