Secure UHF Tags with Strong Cryptography Development of ISO/IEC Compatible Secure RFID Tags and Presentation of First Results

Transcription

1 Development of ISO/IEC Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th, 2013

2 Agenda Motivation for Secure UHF Tags The Rabin-Montgomery Cryptosystem Message Flow Protocol Extension with Mutual Authentication Proof-Of-Concept Implementation February 19th, 2013 Slide 2

3 Agenda Motivation for Secure UHF Tags The Rabin-Montgomery Cryptosystem Message Flow Protocol Extension with Mutual Authentication Proof-Of-Concept Implementation February 19th, 2013 Slide 3

4 Inductive and radiative RFID Systems February 19th, 2013 Slide 4

5 Secure UHF RFID Cryptographic protection of UHF RFID systems facilitates novel applications thanks to its long operating range Today: RF 13,56 MHz: Smart Card OS / 10 cm UHF 868 MHz: Non-secure memory / 10 m Secure UHF RFID: Cryptographic security with same operating range technological leap µcontroller with SCOS full flexibility in the choice of authentication protocols AES efficiently implemented in hardware Security HF SCOS Power consumption X 50 Secure UHF Technology UHF memory Reading range February 19th, 2013 Slide 5

6 Agenda Motivation for Secure UHF Tags The Rabin-Montgomery Cryptosystem Message Flow Protocol Extension with Mutual Authentication Proof-Of-Concept Implementation February 19th, 2013 Slide 6

7 The Rabin-Montgomery Crypto Suite Based on the asymmetric cryptosystem by Michael O. Rabin (1979) Augmented by a method from Peter Montgomery (1985) to avoid the division of long numbers in modular arithmetic Allows cost and energy efficient implementation by combining the Rabin and Montgomery algorithms Allows non-traceable and confidential identification and authentication Does not require a private (secret) key to be stored in a tag the tag performs only efficient public key operations Time consuming private key operations need only be performed by the interrogator Can be combined with symmetric mutual authentication, based on AES February 19th, 2013 Slide 7

8 How the RAMON Tag Authentication Works RAMON is a public key protocol, using four different keys: A A An public key K E, used for encryption. This is the only key stored on the tag private key(-set) K D, used for decryption This key is only stored in a secure memory in the interrogator optional key set K s, K V,used to validate a signed UID As the data length might exceed the buffer capacity of tag or interrogator, response messages are chained First response chunk is delivered while ongoing encryption produces more data consecutively Optimised transaction time February 19th, 2013 Slide 8

9 Information Flow with RAMON Tag Authentication 6 store 1 System Integrator Generate {K D, K E } Tag IDs, K E 5 2 (Signed) Tag IDs, (K V ) 3 Tag Issuer Generate {K S, K V } Sign Tag IDs with K S 4 store Secure Storage List of (signed) Tag IDs Signature verification key (public) K V Secure Storage RAMON decryption key (private) K D RAMON Encryption key (public) K E 7 (Signed) Tag ID, K E List of (signed) Tag IDs RAMON encryption key (public) K E Signature verification key (public) K V Signature generation key (private) K S verify User Memory 10 Interrogator RAMON Optional steps and components are indicated with a dashed line. 8 Tag 7 store / retrieve 9 (Signed) Tag ID RAMON Encryption key (public) K E n Step n of the information flow February 19th, 2013 Slide 9

10 Basics: Rabin Cryptosystem The Rabin cryptosystem is an asymmetric cryptographic technique, whose security, like that of RSA, is related to the factorization problem. Message M Encryption: C = M modn Cipher text C: Reader Tag 2 Public key n n = p * q equal size, Secret key p, q p, q: primes, almost p q 3 (mod 4) Decryption: m m p q = = p+1 4 C mod p = C q+1 4 C mod q = C mod p mod q One root r, s is our Message M y p p + y q q =1 + r = ( y p p mq + yq q m p ) mod n r = n r + s = ( y p p mq yq q m p ) mod n s = n s February 19th, 2013 Slide 10

11 Basics: Montgomery Modular Multiplication The Montgomery approach allows a much more efficient calculation of the cipher text C in the tag. C Encryption: = Message M Cipher text C*: Reader Tag C C R mod n Conversion: = ( M ) R mod n Rabin Decryption (previous slide) R * = M R mod n n = p * q p, q: primes, almost * Public key n equal size, Secret key p, q p q 3 (mod 4) Residue R is a power of 2 and R 2 k > n. In other words, R is at least the next power of 2 which is larger than n. bl nd n = 1 mod 2 ;1 nd < d; nd d 2 February 19th, 2013 Slide 11

12 Agenda Motivation for Secure UHF Tags The Rabin-Montgomery Cryptosystem Message Flow Protocol Extension with Mutual Authentication Proof-Of-Concept Implementation February 19th, 2013 Slide 12

13 RAMON Protocol Steps Tag Identification Only Interrogator Tag Generate RND challenge CH Decrypt [Validate Signature of UID] * CH R Generate RND number RN Generate Response R (1) Tag Identification Tag identified or even authenticated Stop here, if only tag identification is required *: signature validation is an optional step February 19th, 2013 Slide 13

14 Detailed data flow for tag only authentication Interrogator {Database, K D, K V } {(signed)uid, K E } Tag Generate RND challenge CH Decrypt P = DEC (KD,R) CH, RN, UID Validate Signature of UID CH R Generate RND number RN Generate Response R R = ENC (K E,MIX(CH,RN,UID)) February 19th, 2013 Slide 14

15 Detailed Protocol Step 1: Interrogator send challenge Step 1: The interrogator challenge is delivered to the tag. The tag immediately starts with the cryptographic calculation and answers with the length of the response data which will be calculated. Interrogator Tag Command RFU CSI Length Message RN-16 CRC ' xx EBV Interrogator Challenge step 1 xx xx Command Step 1 AuthMethod Step RFU Interrogator Challenge CH [127:0] Response Step 1 Header Length Response RN-16 CRC-16 0 EBV Response data length xx xx AuthMethod Step RFU Response data length (Total Nr. of Bytes) Start Calculaton February 19th, 2013 Slide 15

16 Detailed Protocol Step 2: Retrieve calculation results Interrogator Tag Step 2: The interrogator retrieves the remaining fragments by chaining. Once the interrogator has retrieved the entire record, it is able to authenticate the tag. Command RFU CSI Length Message RN-16 CRC ' xx EBV Retrieve Response xx xx Command Step 2 AuthMethod Step RFU Header Length Response RN -16 CRC EBV Response data length xx xx Response Step 2 AuthMethod Step RFU Response data fragment Remaining Part from result (Nr. of Bytes) Command RFU CSI Length Message RN-16 CRC ' xx EBV Retrieve Response xx xx Command Step 3 AuthMethod Step RFU Header Length Response RN -16 CRC EBV Response data length xx xx Response Step 3 AuthMethod Step RFU Response data fragment Remaining Last part from result 00 ' ResponseData Part1 ResponseData Part2 Calculation finished February 19th, 2013 Slide 16

17 Detailed Protocol steps for tag only authentication In Step 1, the interrogator challenge is delivered to the tag. This message is used to request the tag to perform authentication. In Step 2, the interrogator retrieves the remaining fragments by chaining further Authenticate commands and responses. Once the interrogator has fetched the entire authentication record it is able to authenticate the tag. Power - up & ~ killed Tag state transitions acc to ISO/IEC Authenticate ( Step 1 ) Finished Init Authenticate ( Step 1 ) TAM 1.1 Authenticate ( Step 2 ) TAM 1.2 Authenticate ( Step 2 ) TAM 1.3 Error Finished or Error Any other command Mutual authentication February 19th, 2013 Slide 17

18 Agenda Motivation for Secure UHF Tags The Rabin-Montgomery Cryptosystem Message Flow Protocol Extension with Mutual Authentication Proof-Of-Concept Implementation February 19th, 2013 Slide 18

19 RAMON protocol steps Algorithms Used Interrogator Tag Algorithm State Generate RND challenge CH Decrypt Validate Signature of UID CH I R T Generate RND number RN Generate Response R Rabin Montgomery (RAMON) (1) Tag Identification Generate challenge CH Generate cryptogram Verify tag cryptogram If successful: Generate Session Keys, Initialise SSC C I C T Decrypt and verify cryptogram Generate Session Keys, Initialise SSC If successful: Generate tag cryptogram AES (FIPS197) AES CBC-Mode (SP800-38A) CMAC (SP800-38B) KDF (SP ) (2) Mutual Authentication Secure Channel established Secure Channel established AES (FIPS197) CMAC (SP800-38B) (3) SC February 19th, 2013 Slide 19

20 Detailed Protocol Steps for Mutual Authentication Mutual authentication can be performed only after the tag has been successfully identified. Secure communication is possible only after successful mutual authentication that involves generation of the required session keys. While in the state SC, the tag is able to process Secure communication commands. SecureComm from Tag Authentication Error TAM1.3 Authenticate (AuthMethod 1, Step 1) MAM1.1 Authenticate (AuthMethod 1, Step 2) Authenticate (AuthMethod 1, Step 1) Init State non secure command SC Error Finished MAM1.2 Authenticate (AuthMethod 1, Step 2) February 19th, 2013 Slide 20

21 RAMON Keys Used Key Usage Length in bits Remark K ENC Shared secret encryption key 128 Optional K MAC S ENC Shared secret message authentication key Session encryption key Optional Dynamic Session Keys S MAC Session message authentication key 128 Dynamic K E K D K V Public key for encryption stored on tag Private decryption key stored on interrogator Public signature (ECDSA) verification key stored on interrogator 1024 n 1024 n 320 n Mandatory Mandatory Optional Tag Identification keys February 19th, 2013 Slide 21

22 Agenda Motivation for Secure UHF Tags The Rabin-Montgomery Cryptosystem Message Flow Protocol Extension with Mutual Authentication Proof-Of-Concept Implementation February 19th, 2013 Slide 22

23 FPGA Layout for a Proof-of-Concept Commercial RFID reader connected to PC Externally powered FPGA Evaluation Board Existing non-secure tag as (analogue-only) radio front end, AFE Re-implemented ISO state machine and tag memory Soft-core microcontroller, MSP430X-compatible Hardware multiplier and AES coprocessor February 19th, 2013 Slide 23

24 A Closer Look to the Actual Demonstrator The available UHF tag evaluation board facilitated the design of the demonstrator by providing digital baseband access to the modulator / demodulator: February 19th, 2013 Slide 24

25 Some Results MSP430 clock rate 1.25 MHz corresponds well to 1.28 MHz subcarrier RAMON calculation only: 134 ms RAMON including transmission: 330 ms Improve messaging concept ISO/IEC will define standard command set February 19th, 2013 Slide 25

26 Thank You for Your Attention Walter Hinz Giesecke & Devrient GmbH Prinzregentenstrasse 159 D München February 19th, 2013 Slide 26