Parameter Setting - Security protocols for EPC class-1 Gen-2 RFID multi-tag systems

Typically, low-cost EPC C1G2 passive RFID tags have non-volatile (EEPROM) memory of 1000bits to 1kilobyte (KB) [59]. However, recent RFID application proposals such as plans by Airbus to track ﬂyable aircraft parts and components, as well as store data, such as information regarding a part’s initial construction and maintenance demands have introduced passive RFID tags with even higher memory capabilities (4KB to 8KB) [162].

Also, Atmel Corporation has introduced passive RFID tags that can support memory of between 1KB and 64KB [41].

The main requirements of the proposed approach is the storage of{Gid, T Gs, T_id, Ts, V Ts, V T_s} and 128bit PRNG, once per tag. The tag also stores {Rid, RT_s, R_r⁻¹} for each reader that is authorized to access the tag. Depending on the memory capabilities of the tag, An appropriate key length is chosen to achieve a desired level of security. Let the storage requirement for each ID be 96bits (e.g., T_id = 96bits), secret be 256 bits (e.g., T_s = 256bits) and 128 bits for each pseudo-random number. Thus the storage requirements are (96 + 256 + 96 + 256 + 128 + 128 + 128) = 1088/8 = 136bytes once per tag; and 96 + 128 + 128 = 352/8 = 44bytes per reader. This is not excessive for applications using low cost tags that require security. Hence a tag with 8KB storage capability can store up to a maximum of 167 readers (8192− 136)/44 = 183.

Given the length L of 256bits for T_s, the probability of an attacker correctly guessing Ts is 2²⁵⁶. Another consideration is the length of the key required to support a certain number of tags. The design of the scheme requires that the value of T_sis unique for each tag in the system. This means that with a key length of L = 256bits, the number of tags that can be supported in the system is limited to 2²⁵⁶. This is more than suﬃcient for a majority of applications. Finally, it is noted that the use of the XOR operator raises the expectation that its operands have equal bit lengths in order to prevent information leakage. As all the parameters are not of equal length, a simple modiﬁcation to the standard XOR operation is suggested to meet the requirements. As an example, in the computation V 1 = T_s⊕ Tid⊕ P RNG(V Ts⊕ Vr), the operand lengths are unequal.

Here, it is recommended that the largest operand is XOR-ed with a concatenation of the XOR of the other operands. In this instance, the implementation would be V 1 = T_s⊕(Tid⊕P RNG(V Ts⊕Vr)||Tid⊕P RNG(V Ts⊕Vr)|| ... Tid⊕P RNG(V Ts⊕Vr)).

4.7 Summary

In this chapter, a robust grouping proof protocol for EPC C1G2 tags was proposed, based on simple XOR and 128bit PRNG functions. The protocol does not use hash functions which makes it viable for large scale implementations using low-cost passive tags. Formal security analysis shows that the protocol meets the necessary security requirements of RFID systems. Forward security, which is an open research issue has been addressed in the proposed protocol. Also, unlike any other protocol, the integrity of the incoming messages are veriﬁed, hence avoiding generation of invalid proofs. By taking a holistic approach to grouping proofs, the protocol meets the unique design requirements that has been identiﬁed thus far by the research community. Simulation study of the scheme showed the performance of the protocol to be within acceptable limits making it practical.

Chapter 5

Grouping Proof - Protocol II

In this chapter, a Grouping Proof protocol is proposed that uses probabilistic encryption based on quadratic residuosity. The signiﬁcance of this protocol is that it provides zero knowledge to the attackers since it does not transmit the tag secret during the protocol run. After summarizing the contributions, the workings of the protocol is presented, followed by the detailed security analysis using the formal analysis models described in Chapter 3. Then, the work is compared with the contributions made by others in terms of both security and performance. A simulation study shows the performance of the proposed protocol in a simulated environment and the simulation results are compared with other methods. Finally, the chapter is concluded with the recommended parameter settings for the proposed scheme.

5.1 Introduction

As this chapter is an extension to the previous chapter, please refer to Section 4.1.1 where the design requirements for grouping proof are discussed and Section 4.1.2 where the application of the protocol is discussed. For a complete understanding on grouping proofs and the related work in this area, please refer to Chapter 2. Here, one additional motivation to this work is presented. For more details, please refer to Section 1.6.

5.1.1 Motivation

Transmitting the secret keys during the protocol run using some encryption technique is a common practice. Hence, there is a heavy reliance on the strength of the encryption technique for the protocol to be secure. While this may not be an issue with higher-end tags, it is challenging to achieve the same level of security with low-cost passive tags where the computational resources are low. Therefore, it is imperative to have methods that would: i) use less computational resources on the tag; ii) achieve the required level security without using hash functions or other complex encryption schemes; iii) and ideally not have to transmit the secret key during the protocol run. The proposed scheme in the previous chapter achieves the ﬁrst two goals and this scheme achieves all three goals.

5.1.2 Contributions

The main contributions of this work can be summarized as:

• A secure zero knowledge grouping proof protocol that uses probabilistic encryp-tion based on quadratic residuosity. The protocol provides zero knowledge to the attackers by not transmitting the tag secret during the protocol run while still proving the authenticity of the tags involved in the grouping proof. The security correctness and privacy properties are proved using formal analysis models and shown to achieve the highest level of security.

• A secure zero knowledge grouping proof protocol that meets the unique design requirements that has been identiﬁed thus far by the research community. To my knowledge, none of the existing protocols verify the integrity of the messages, making them vulnerable to active-attacks or invalid proof generation. Also, the proposed protocol is resistent to active-attacks; provides forward security solving the open research issue [105, 123]; and is resilient to m-DoP attacks (where m represents multiple illegitimate tags) as opposed to 1-DoP [102].

• A secure zero knowledge grouping proof protocol that does not use hash functions or other complex encryption schemes. Operations of the tags are limited to modulo (MOD), exclusive-or (XOR) and 128bit PRNG functions. Thus, the proposed protocol achieves compliance with EPC C1G2 standard and also makes it a viable option for large-scale implementations on passive tags.

5.2 The Proposed Protocol

In this section, an abstract version of the proposed protocol is presented first, followed by the definition of the zero knowledge property. A detailed description of the three phases of the protocol (initialization phase, grouping proof collection phase and proof-verification phase) is then presented. The grouping proof collection phase is broken down into two parts: 1) collect partial proofs from each tag and 2) compile the whole proof and send it to the verifier. To enhance readability, clarity and easier understanding, the first part is further broken down into four steps giving a thorough explanation for each step. Table 5.1 provides a brief description for the notations that are used in the proposed protocol. The following assumptions are made: a) All entities of the RFID system have polynomially bounded resources b) The setup phase is carried out in a secure environment and c) A Trusted Timestamp Server (T T S) is used which is secure.

To understand the probabilistic encryption scheme, refer to Section 3.1.2 and for a synopsis of the protocol, refer to Section 4.2.1. Let us now look at the initialization phase of the protocol.

5.2.1 Initialization Phase

Let T (T_id₁, T_id₂, ...T_id_m) be the tag-group where m is the number of tags in the group.

Let u be the number of protocol runs pre-authorized for a reader. During the initializa-tion phase, the veriﬁer pre-computes informainitializa-tion for u protocol runs and stores them in the reader. Initialization is shown below for one tag-group and one run.

5.2. THE PROPOSED PROTOCOL 81

Table 5.1: Notations used in the Protocol Notation Description

h(.) Represents one-way keyed hash function; used only for pre-computation purposes

GID, Gid Tag Group ID and pre-computed value of h(GID, hs₁) T ID, T_id Unique Tag ID and pre-computed value of h(T ID, hs₂) RID, R_id Unique Reader ID and pre-computed value of h(RID, h_s₃)

h_s₁, h_s₂, h_s₃ Unique secrets used in h(.) to compute G_id, T_id, R_idrespectively; known only to the veriﬁer

G_s Shared secret between the tags in a tag group

T_s Secret key unique to each tag in the system. Let T_s be of the form Ts₁||Ts₂||Ts₃||...Ts_k where k represents k-bits in Ts.

R_s Secret key unique to each reader in the system

G_j Represents the j^thtag group; (j = 1, 2...p); p indicates the number of tag groups that a reader R is authorized to run the grouping proof protocol for.

r_n Represents the protocol run number

Tr, T_r Tr is the current secret for the protocol run shared between the veriﬁer and a tag and changes after each run. T_r is the previous value of T_r. R_r, Rⁿ_r R_r is the current secret for the protocol run shared between the reader

and a tag and changes after each run. R_rⁿis the next value of R_r. Vr Pseudo-random number generated by the veriﬁer for each run of the

protocol

B_r_{1..m} Pseudo-random numbers generated by the reader during a protocol run,

for tags 1..m in a tag group.

T_r^index Pseudo-random number generated by a tag during a protocol run, where index represents the random bit positions x, y, z sent by the veriﬁer to the tag.

Δ_{T S} Time window before which grouping proof should end

E_k_tv(CT S) Encrypted current timestamp CT S using secret key k_tv shared between veriﬁer and T T S

T S_{1..m} Stores the result of E_k_tv(CT S) (encrypted current timestamp) for tags 1..m in a tag group

T Sf, T Se Future timestamp when the protocol has to run and the end timestamp that marks the end of the protocol run.

E_k_rv(P ) Encrypt proof P using secret key k_rv shared between veriﬁer and the reader

T, R, V Indicates tag, reader and veriﬁer respectively

1. Initialize each tag in the tag-group with a pseudo random number Tr as Tr ← P RN G().

2. Let r_n= 1 for the ﬁrst run.

3. Generate future timestamp T S_f, when the protocol is to be run.

4. Generate a pseudo random number V_r for the run, as V_r← P RNG() 5. Compute G₁= G_id⊕ P RNG(Gs⊕ Vr)

6. For each tag j, (where j = 1 to m) in the tag-group

• Select 3 distinct integers x, y, z randomly, s.t (1 ≤ x, y, z ≤ k)

• Using Tid and Tr of the j^th tag:

– Compute Hj = T_id⊕ P RNG(Tr⊕ Vr)

– Compute μ_j = P RN G(T_id⊕ Tr)⊕ (x||y||z||Vr) – Update Tr as Tr← P RNG(Tr) for that tag.

• This ensures that Tid, x, y, z and Vr are stored in the reader in an encrypted form.

7. Next tag j

8. The veriﬁer repeats the Steps 3− 7 for u runs, during which time, it increments r_n by 1 for each run. The veriﬁer also ensures that T S_f for a given run is greater that its previous run.

Data storage in each entity is described below:

• The Veriﬁer stores all the information that is generated and computed during the initialization process, apart from storing the IDs and secrets of all the entities and the two prime numbers e, f .

• Each tag stores the tuple {Gid, Gs, T_id, Ts, Tr, T_r, R_id, Rr, B_r⁻¹, rn, h, w}. Initially, T_r = T_r and r_n= 1 which increments by 1 after each successful run.

• The readers stores {Rid, R_s}, and the tuple {Gid, r_n, T S_f, G₁, H_{1..m}, μ_{1..m}, Rr_{1..m}, R_rⁿ

{1..m}}. A sample access list AL is shown in Table 5.2.

• Note that the reader does not store any sensitive information such as IDs and secrets. As seen above, G₁, H_{1..m}, and μ_{1..m} are encrypted and without the knowledge of the IDs/secrets/pseudo random numbers, the reader (or an attacker) cannot decipher any information. It is important to note that G_id, T_id, and R_idare already in a pre-computed encrypted form using h_s₁, h_s₂, h_s₃ respectively, which are known only to the veriﬁer. The unencrypted timestamp T S_f stored in the reader acts as a scheduler so the reader can start the protocol run at appropriate times. It is not transmitted during the protocol run. Hence, all the information stored in the reader are well protected.

5.2.2 Grouping Proof Collection Phase

Once the setup phase is complete, the connection to the veriﬁer is not needed anymore.

The reader can function independently since it is equipped with all the necessary in-formation to gather grouping proofs whenever required. This makes the veriﬁer totally oﬄine. As noted earlier, the collection phase has two parts. The details are presented below.

PART 1: Here, the reader gathers partial-proof from each tag, for all m tags and is composed of 4 steps. Steps 1 and 2 are shown in Figure 5.1, and Steps 3 and 4 are shown in Figure 5.2.

Step 1: The reader starts the protocol run when the timestamp T S_f stored in it becomes true. It computes its challenge, gets the current timestamp from T T S and sends them along with the pre-computed server challenge, to tag 1. This step is described below.

5.2. THE PROPOSED PROTOCOL 83

Table 5.2: Sample Access List Stored in a Reader G_id r_n T S_f_i G₁_i H_i_{1..m} μ_i_{1..m} R_r_{1..m} R_rⁿ sends T S₁ to the reader. As soon as T T S sends the ﬁrst timestamp, it marks the beginning of the protocol run.

• The reader computes I₁ = R_id⊕ P RNG(T S₁⊕ Br₁) which is used by the tag to authenticate the reader.

• Finally, it sends G₁, H₁, μ₁, I₁, δa, δb, T S₁ to Tag 1.

Step 2: Tag 1 validates the incoming messages, authenticates the reader, computes its partial-proof and sends it back to the reader. This step is described below.

• Using stored {Rid, Rr}, tag extracts Br₁ from δa as P RN G(Rid⊕ Rr)⊕ δa→ Br₁

• Then, using Br₁, I₁, T S₁, the tag veriﬁes if R_id = I₁ ⊕ P RNG(T S₁ ⊕ Br₁). If successful, it authenticates the reader and also conﬁrms the message integrity of δ_a, I₁, T S₁. If the R_id check fails, these tasks are repeated using δ_b. If either one results in a successful match for R_id, the protocol proceeds, otherwise it aborts.

• The tag then checks if Br = B_r⁻¹. If yes, it does not respond and the protocol aborts. This is to make sure that an attacker is not replaying the message from the previous run. This attack cannot be attempted using the messages from the runs before that, since the R_id is matched only using Rror Rⁿ_r and everything else will fail. Messages from a genuine reader will always be fresh since B_r is freshly generated every time. If it is not a replayed message, the tag updates B_r⁻¹ as B_r⁻¹ ← Br.

Reader Step 1 Br₁ ← P RNG()

G₁ ← G1⊕ B^r1; H₁ ← H1⊕ B^r1; μ₁ ← μ1⊕ B^r1

δa= P RN G(Rid ⊕ Rr)⊕ Br₁; δb = P RN G(Rid⊕ Rrⁿ)⊕ Br₁

Get T S₁ from T T S

I₁ = R_id⊕ P RNG(T S1⊕ B^r₁)

Send G₁, H₁, μ₁, I₁, δa, δb, T S₁ to Tag 1

Tag 1 Step 2

Extract: P RN G(R_id⊕ Rr)⊕ δa → Br₁

If (R_id = I₁⊕ P RNG(T S1⊕ Br₁)) Reader Authenticated;

Message Integrity of δa, I1, T S₁ Veriﬁed Else

Use δ_b to extract B_r₁ and try again. If unsuccessful, abort.

If Br = B_r⁻¹ then abort; else B_r⁻¹ ← B^r

Extract: G₁⊕ B^r1 → G1; H₁⊕ B^r1 → H1; μ₁⊕ B^r1 → μ1

Extract: P RN G(T_id ⊕ Tr)⊕ μ1 → x||y||z||Vr

If (G_id = G₁⊕ P RNG(Gs⊕ Vr) and T_id = H₁⊕ P RNG(T^r ⊕ V^r)) then

Group ID & Tag ID Veriﬁed;

Message Integrity of G₁, H₁ and μ₁ Veriﬁed Else

Use T_r to extract x, y, z, V_r and try again.

If unsuccessful, abort;

S₁ = Ts_x ⊕ P RNG(Tid⊕ Ts_y)⊕ P RNG(T S1⊕ Ts_z ⊕ Vr) J₁ = G_id⊕ P RNG(Gs⊕ Vr)⊕ Br₁

K₁ = null

For index in x, y, z T_r^index ← P RNG() If S₁[index] = 0 then

K₁ = K₁ || (Tr^index)² mod h else if S₁[index] = 1 then

K₁ = K₁ || w . (Tr^index)² mod h Endif

Next index

Compute L₁ = R_id⊕ P RNG((J1||K1)⊕ B^r₁ ⊕ R^r) Send J₁, K₁, L₁ to Reader

Figure 5.1: Proposed Zero Knowledge Grouping Proof Protocol - Step 1 & 2

5.2. THE PROPOSED PROTOCOL 85

• The original pre-computed G₁, H₁, μ₁ are then extracted as G₁⊕ Br₁ → G₁; H₁⊕ B_r₁ → H₁ and μ₁⊕ Br₁ → μ₁.

• The tag then extracts x||y||z||Vr from μ₁ as P RN G(T_id⊕ Tr)⊕ μ1 → x||y||z||Vr. It then veriﬁes if (G_id= G₁⊕ P RNG(Gs⊕ Vr) and T_id= H₁⊕ P RNG(Tr⊕ Vr)).

If the check fails, the tag uses T_r and repeats the operation. If either one results in a G_id, T_id match, it conﬁrms that the messages are for this tag. Otherwise the protocol aborts.

• Using x, y, z as index, tag selects the subset of the secret Ts as T_s_x, T_s_y, T_s_z. It then computes S₁= T_s_x⊕ P RNG(Tid⊕ Ts_y) ⊕P RNG(T S1⊕ Ts_z⊕ Vr) and J₁ = G_id⊕ P RNG(Gs⊕ Vr)⊕ Br₁ and initializes K₁ = null.

• The tag then generates 3 pseudo-random numbers Tr^indexwhere index {x, y, z}.

Then, if the bit value of S₁[index] = 0 the tag computes K₁ = K₁||(Trîndex)² mod h. If the bit value of S₁[index] = 1 the tag computes K₁ = K₁|| w . (Trîndex)² mod h. This computation of random squares or random pseudosquares enables the tag to prove to the verifier that it has the right secret T_s, without having to reveal it, thereby providing zero knowledge to the attackers.

• Finally, the tag computes L₁ = R_id⊕ P RNG((J₁||K₁)⊕ Br₁⊕ Rr) and then sends J₁, K₁, L₁ to the reader. This is used for verifying message integrity.

Step 3: Here, the reader validates the response from tag 1, computes the reader challenge, gets the current timestamp from T T S and sends them to tag 2 along with the pre-computed server challenge and the partial-proof from the ﬁrst tag.

• Using the stored Rid, Rr and the received values J₁, K₁, L₁, the reader veriﬁes if R_id = L₁⊕ P RNG((J₁||K₁)⊕ Br₁ ⊕ Rr). If successful, it authenticates the tag and also conﬁrms the integrity of the messages J₁, K₁, L₁. Otherwise, the above step is repeated using Rⁿ_r. If either one results in a successful match for R_id, the protocol proceeds, otherwise it aborts.

• The reader then extracts J1 as J₁ ⊕ Br₁ → J1. It then updates R_r ← Rⁿr and Rⁿ_r ← P RNG(Rⁿr).

• For the next tag, the reader generates a fresh Br₂ and computes J₁ ← J₁⊕ Br₂; H₂ ← H2 ⊕ Br₂ and μ₂ ← μ2 ⊕ Br₂; δ_a = P RN G(R_id ⊕ Rr) ⊕ Br₂ and δ_b = P RN G(R_id⊕ Rⁿr)⊕ Br₂.

• It then gets the next timestamp T S₂from T T S and computes I₂ = R_id⊕P RNG(K₁

⊕T S2⊕ Br₂) and sends J₁, K₁, H₂, μ₂, I₂, δ_a, δ_b and T S₂ to tag 2.

Step 4: Here, Tag 2 computes its partial-proof using the partial-proof from the tag 1 and sends it back to the reader. As the operations are similar to Tag 1, only the minor variations are pointed out below.

• The tag authenticates the reader and verifies the integrity of the messages δa, K₁, I₂, T S₂. It then verifies if the messages are not replayed. If not, it extracts J₁, H₂, μ₂ and verifies Tag ID and Group ID using them. To ensure that the other participant belongs to the same group as itself, Tag 2 uses the received J₁.

Reader Step 3 If Rid= L₁⊕ P RNG((J₁||K₁)⊕ Br₁⊕ Rr)

Tag Authenticated;

Message Integrity of J₁, K₁, L₁ Veriﬁed else

Use Rⁿ_r above and try again. If unsuccessful, abort.

Extract J₁ as J₁⊕ Br₁ → J₁ Rr← Rⁿr; Rⁿ_r ← P RNG(Rⁿr);

Br₂ ← P RNG()

J₁← J1⊕ Br₂; H₂← H2⊕ Br₂; μ₂← μ2⊕ Br₂

δ_a= P RN G(R_id⊕ Rr)⊕ Br₂; δ_b= P RN G(R_id⊕ Rⁿr)⊕ Br₂

Get T S₂from T T S

I₂= Rid⊕ P RNG(K₁⊕ T S₂⊕ Br₂) Send J₁, K₁, H₂, μ₂, I₂, δa, δ_b, T S₂ to Tag 2

Tag 2 Step 4

Authenticate Reader & Verify Message Integrity of δa, K₁, I₂, T S₂. Verify if Br = B_r⁻¹. If not, extract J₁, H₂, μ₂and verify Group ID and Tag ID using them. These steps are similar to Tag 1.

S₂= T_s_x⊕ P RNG(Tid⊕ Ts_y)⊕ P RNG(K1⊕ T S2⊕ Ts_z⊕ Vr) J₂= Gid⊕ P RNG(Gs⊕ Vr)⊕ Br₂

K₂= null

For index in x, y, z T_r^index← P RNG() If S₂[index] = 0 then

K₂= K₂ || (Tr^index)²mod h else if S₂[index] = 1 then

K₂= K₂ || w . (Tr^index)² mod h Endif

Next index

Compute L₂= R_id⊕ P RNG((J2||K2)⊕ Br₂⊕ Rr) If Rid matched using δa then Rr← P RNG(Rr) If Tid matched using Tr

T_r ← Tr; Tr ← P RNG(Tr); rn+ + Send J₂, K₂, L₂ to Reader

Figure 5.2: Proposed Zero Knowledge Grouping Proof Protocol - Step 3 & 4

• It then computes S₂using the partial-proof K₁as in S₂ = T_s_x⊕ P RNG(Tid⊕ Ts_y)

⊕P RNG(K1 ⊕ T S2⊕ Ts_z ⊕ Vr). J₂, K₂, L₂ are computed similar to Tag 1. J₂ contains the same group information as J₁. But this computation is done by each tag so the next tag that is processed knows that its predecessor belongs to the same group as itself.

• Tag 2 updates Tr ← Tr, Tr ← P RNG(Tr) and increments rn by 1. This is done only if T_idwas matched using T_r. If T_r was used, this update is not performed. It also updates R_r as R_r ← P RNG(Rr) if R_id was matched using δ_a.

• Tag 2 then sends J₂, K₂, L₂ to the reader.

5.2. THE PROPOSED PROTOCOL 87

The same procedure is repeated for all the m tags, with the m^th tag taking inputs J_(m−1), K_(m−1), H_m, μ_m, I_m, δ_a_m, δ_b_m, T S_m. After receiving J_m, K_m, L_m from the last tag, the reader gets T S from T T S and computes I, δ_a, δ_b

. The last message com-puted/sent/received by the reader is represented with the index , when the reader processes tag 1 again. The reader sends J_m, K_m, H₁, μ₁, I, δ_a, δ_b, T S to the ﬁrst tag.

Tag 1 repeats its operations as in Step 2, computes J, K, L and sends it to the reader.

At this point, it updates Rr, Trand increments rnby 1. The reader veriﬁes the message integrity as before and if it is successful, it gets the end timestamp T S_efrom TTS which marks the end of the protocol run. This process is depicted in Figure 5.3.

Repeat the process from Tag 3 to Tag m

-and complete the proof with Tag 1 Tag3

In document Security protocols for EPC class-1 Gen-2 RFID multi-tag systems (Page 89-105)