RFID security

From CryptoWiki
Jump to: navigation, search

Glazyrina N.,

Yuzbashev A.

RFID (Radio Frequency IDentification) – is a method of auto identification of objects, in which, by means of radio signals data is read or recorded which is stored in RFID-marks. One of the most perspective ways in the field of small computing devices are RFID systems. RFID – is a method of auto identification of objects, in which, by means of radio signals data is read or recorded which is stored in RFID-marks. Any RFID system could be divided in a two parts:

  • Reading device.
  • RFID mark.

RFID mark – consists of two parts:

  • The receiving and translating signal antenna.
  • Integral microchip for storing and processing information.

RFID mark could be divided on the types of the power supply(source):

  • Passive.
  • Active.
  • Half-passive.

Built-in power source is not used in passive RFID marks. Electromagnetic signal inducts from the reader electric power providing enough power for the functioning of silicon chip, located in the mark and for transmission of the responding signal. Active RFID marks use its own power source, which doesn’t depend of the energy of reader. That is why they have a larger size, but they can be read on a further distance and could be featured with additional electronics. The disadvantages of these marks are: high cost price and limited lifetime of battery. Half-passive RFID marks use the same reading technique as passive, but they have its own battery to supply power for the chip.

Contents

The usage of RFID in Access Manage Control System (AMCS)

Access systems – is one of the spheres in which RFID technology gained immense popularity. This could be explained by two factors:

  • Simple realization of technology applying to AMCS (it will be enough to use R/0 identifiers for reading a small length code – three or four bytes).
  • It is very ease if we compare it to any other types of identifiers such as: contact, magnetic stripe, Wiegand.

Proximity card can be read by receiver through wallet and at the same time it could be a badge with photo. Also comparing to a magnetic cards, proximity cards have a higher level of safety and copying or falsification. So, the magnetic cards “survived” only there, were they provide the advantage, for example access to the cash machines at the night time. By the way, the most conservative country is USA. The largest number of old magnetic systems which use magnetic cards is in USA.

Safety problems

The main problem of safety of RFID marks is saving the confidential info that is written in the marks. This problem is caused by the distance in several meters which allow reading the info from RFID technology. Because of this the protectors of civilian rights express their complaint about spreading RFID marks, linking this technology with possibility invasion in privacy. The possibility of unauthorized usage of RFID marks causes the concern. Malefactor by using reading device can read identifiers of a victim and use the information against victim. (crack database and get the info about movements or made purchases). In other words, RFID technology has many advantages but also it has a set of disadvantages which don’t allows spread the use of RFID marks. Encryption in passive radio marks is a special occasion even among devices with extremely limited computing resources. As so as passive radio marks do not have their own power source, they are activated by induced signal of a reader. Therefore, the encryption in the chips should be the least resource-intensive - RFID mark should be induced signal decay time to encrypt data and send your response back to the reader. Because of the serious limitations on the inner computational resources of RFID-tags is possible to use existing cryptographic algorithms.

Lightweight cryptography

Algorithms of a lightweight cryptography have been developed for devices with limited computing resources. The criteria by which we can say that this algorithm can be classified as lightweight cryptography are too vague and can be chosen in a particular case depending of the used hardware. It is considered that the algorithm relates to lightweight cryptography if it is possible actualize to GE 1000 or less. Among the main requirements for lightweight cryptographic algorithms include a number of requirements:

  • Crystal area, on which the algorithm can be implemented in hardware (RFID should be as cheap as chip area has a direct effect on their value).
  • The computing power of the microprocessor or microcontroller, on which calculations are performed.
  • RAM of the device. (a memory of the device)
  • A nonvolatile memory device, etc.

The foundation of any lightweight crypto-system used in RFID-chips is symmetric algorithms. Because their use is due to lower costs for hardware resources, which is critical to the RFID technology, as well as high speed operation compared with asymmetric algorithms. Developing algorithms in the sphere of the lightweight cryptography is a search of balance between price and performance. For example, for symmetric crypt algorithm the ratio of reliability / cost is determined by the size key, reliability / performance – by the number of rounds of encryption, features of hardware structure - price / performance. Any two of three targets are easy to reach, but it is hard to reach all three demands. For example, if we want to provide acceptable level of reliability and performance - it will often be related with increasing in the area, which will affect the cost of the chip at implementation of the lightweight cryptosystem. But from the other side, when creating a chip and reliable system you can meet the problems of a limited capacity. We can identify three possible solutions:

  • Usage of verified, standard algorithms.
  • Modification of known algorithms to improve performance and reduce the logical complexity.
  • Developing new algorithms.

The main problem of first solution is that the majority of cryptographic algorithms originally developed for use in systems without any restrictions on the hardware resources for use in the software. This approach is good, because most of the algorithms used in PC systems, as well as the development of systems with high performance and it is not expansive for a daily task. Creating RFID-chip data assumptions are impossible; therefore it is impossible to apply systems these assumptions don’t work, which means that usage in standard cryptographic algorithms is impossible. The second approach is to amend the cipher for which there were many studies on its reliability, ciphers designed for hardware implementation are especially interesting in this case. Among the advantages of this approach is the fact that there are a lot of researches of the cryptographic strength of the modified algorithm, making it easier to defy cryptographic strength of the algorithm. However, we shouldn’t forget that the exclusion of certain blocks of an algorithm or simplifying them can seriously affect its durability. The majority of the decisions in the field of LW-cryptography are based on the third approach. It is clear that the creation of a new cipher without some drawbacks in durability is a rather difficult task. However, the existing algorithms show good results, and possibly in the future find their application in cryptosystems providing safety for RFID devices. One of the methods for quantifying the implementation of the algorithm systems limit the number of resources is the method of calculating the amount GE of the studied elements in the algorithm.

Algorithm Key size Block size Cycles / Blocks Speed, kbps Crystal size, nm Number of, GE
KATAN32 80 32 256 12.5 0.13 812
KATAN64 80 64 255 25.1 0.13 1027
PRESENT-80 80 64 547 11.7 0.18 1075
PRESENT-128 128 64 559 11.45 0.18 1391
DES 56 64 144 44.4 0.18 2309
DESXL 184 64 144 44.4 0.18 2168
AES-128 128 128 160 44 0.13 3100
HIGHT 128 64 1 6400 0.35 3048
mCrypton 96 64 13 492.3 0.13 2681
SEA 96 96 93 103.23 0.13 3758

It is worth noting DES cipher. It is developed on the base of the DES (Data Encryption Standard) algorithm, described in the early 70's of the last century. The choice of this cipher as the basis for a new cryptosystem is not accidental. The advantage of DES over other known algorithms lies primarily in the fact that it was originally designed for hardware devices. Also, due to the fact that the data cipher has more than thirty years history of research, it is believed that its main vulnerabilities have been founded and fixed. The next block LW-algorithm which satisfies all the requirements of RFID-systems is the PRESENT. For this algorithm developers made a research of its vulnerabilities to algebraic attacks and some other kinds of attacks. The PRESENT algorithm has shown a great durability for a cipher created from scratch. For now, there is no registered successful attack on a full-version of the algorithm. Also among the LW-ciphers could be highlighted the algorithms and KATAN KTANTAN. Each algorithm consists of three ciphers, differing in the number of encryption rounds of 32, 48 or 64. All ciphers have 80-bit key. The difference from KTANTAN KATAN is that the former requires a minimal amount of resources due to the fact that the encryption key is written in the device and cannot be changed. In the description of ciphers, developers have shown the resistance to such attacks as linear and differential analysis, related-key attack and algebraic attack. However, despite all the advantages of block ciphers, there are some threats that do not allow them to use everywhere. As already mentioned, the algorithm uses DESL short key, because of that high level of safety is impossible in applications. PRESENT and KTANTAN algorithms despite all studies over the past few years, still, could carry the critical vulnerabilities that would negate all the current advantages. Also to LW-algorithms class could be classified Curupira, Hummingbird. According to the research Axel Poscmann, San Ling and Huaxiong Wang in the course of which was reduced the number of GE units required for the implementation of the algorithm GOST 28147-89, from 1100 to 650 GE, which will allow it to compete for the algorithm for the standard in lightweight cryptography. When creating a lightweight encryption the main question is the cost of realization algorithm in a device with average level of safety and proper performance, important to create balance between these three parameters depending on the specific requirements of the product. The task of the authors is to lightweight encryption algorithm – and find a compromise. How lightweight encryption algorithms differ from universal? Here are the main approaches to create cryptographers to resources and with relatively strong encryption algorithm:

  • Reducing the size of the main parameters of the algorithm - block of encrypted data, the encryption key and the internal state of the algorithm;
  • Attempts to compensate the loss of algorithm’s resistance based on well-researched and widely used operations performing basic linear / non-linear transformations. Such operations can be represented as part of a design, by which cryptographers write an algorithm with the qualities that are needed;
  • Reducing the size of data used for specific operations. For example, replacement tables are often used in the encryption algorithms; to store the table which replaces 8-bit pieces of data to 256 bytes, such a table can be constructed from a combination of two 4-bit tables, requiring only 32 bytes in total (this approach has been chosen by authors described above Curupira);
  • Usage of "cheap" in terms of resource consumption, but effective changes, such as bits control permutation (in which the specific option is selected for rearrangement, depending on the control bit, this bit can be, for example, a particular bit key), shift registers, etc.;
  • Applying changes for which implementations are possible depending on the particular encoder resources (e.g., reduced memory requirements, but at the expense of data encryption, or vice versa).

It should be noted that the lightweight cryptographic algorithms are created either for low or medium level of security or for the systems, which will consider the specifics of the algorithms and the solution will be found, that allows you to make the realization of the algorithm as safe as possible for its level of durability (resistance).

Glossary

Bibliography

Book List