RFID Guardian Security Protocols
From RFID Guardian
RFID Guardian and RFID readers talk to each other over broadcast radio waves which can be heard by any nearby receivers. Therefore, it is important they use cryptographic services that prevent others from reading their messages. Another benefit of cryptography is that it can provide authentication between each participants. Generally speaking, cryptographic techniques are divided into two categories: Asymmetric Key Protocols and Symmetric Key Protocols. These techniques are reviewed below.here and here
The page disussing Conceptual User Interface of RFID Guardian could be found Here
Asymmetric vs Symmetric Key Protocols
Asymmetric Key Protocols
The advantage of using certificate based authentication protocols is
that the public keys and certificates can be sent over insecure
medium, even if adversaries may be listening. The reason is that
certificates are affixed with Digital Signature by the CA. Therefore,
it is generally impossible for an attacker to create bogus
certificates.
Another advantage of using asymmetric key is that the two participants
do not have to share any secret before they communicate. This feature
is especially useful when the Guardian user is concerning
about privacy problems. Consider this scenario. A supermarket
places an RFID reader at its check out desk. Since the market cannot predict
who its customers will be, asymmetric key protocols naturally
becomes an option for them. What the shop should do is to
publish their public key (possibly on its website), and ask
its customers to install that key.
The disadvantage of using asymmetric key protocols, however, is that
you have to know other's public keys in advance. Of course, with the
current implementation based on SSL, the two communication
participants can exchange their public keys at the beginning of
communication (handshake phase). But this introduces another problem
--- what if one party does not trust this public key or the certificate
that signs that key? Otherwise, the two parties have to use either
plain text or one-time symmetric key.
Symmetric Key Protocols
The advantage of strong symmetric key authentication is that all the
nounces are fresh and it is difficult for eavesdroppers to perform
dictionary attacks.
The disadvantage is that there are always extra requirements: if the
protocol is N-S, there has to be an active on-line server for
authentication and key generation; if the protocol is EKE, there has
to be a shared secret beforehand.
Another disadvantage is that there is a potential threat against the
Guardian holder that the reader holder could deliberately lend
this shared symmetric key to hostiles. Even though Guardian's context
feature could help its user to a certain extent, it could not
solve all problems. For example, when the Guardian user enters a
supermarket, her Guardian could already be switched to a context that
is ready to exchange messages with the reader; Then, a hostile with
the symmetric key from the supermarket can now make a conversation to
the Guardian. Therefore, for security reasons, I recommend
that RFID Guardian could give user a warning, i.e. a beep, so that
the user knows that the Guardian is going to change information with
some readers. It is better that the user can see and recognize that
RFID reader with her own eyes, so that she knows for sure which
company is querying her tags. After that, RFID Guardian may ask the
user for permission for communication, i.e. click a ``OK button or
enter a password on the pin pad. Of course, if the reader holder and
Guardian holder knows each other and trusts each other, they can
change symmetric keys even ahead of time.
Some people may argue that by using symmetric key protocols, there is
also a threat that the reader holder will record Guardian user's
habit. For example, there is already some reports saying that some
inns are eavesdropping their customers on their favourite wines by
RFID technology. But this also holds true for asymmetric key
protocols --- by sending the certificate to the Guardian,
asymmetric-key-readers could also authenticate themselves to the
Guardian. And that is the reason why researchers introduce context
feature into RFID Guardian.
User Case Discussion
Contactless Smart Card
Most contactless smart cards are produced by big banks, and such banks
usually have many branches therefore many card readers distributed in
different areas. This means asymmetric key protocols are their first
choice because the Guardian holder can easily download the public key
from its webpages. Of course the Guardian and the card reader can
still use their public key to exchange a short-term symmetric key, and
use that symmetric key for further communication.
If they indeed agree on asymmetric key protocols, then the
authentication process will be based on certificates. As explained
earlier, in order to simply things, it is best for the bank to choose
a commercial CA. After all, such a successful and well-known bank
should not care about some charges for certificate signing!
Of course, if the reader-holding organization instead chooses to use
a symmetric key, or the certificate verification fails (i.e. the
certificate expires), then the Guardian and the reader have to use
short-term secret keys.
Supermarket
As discussed before, the cryptographic protocols for shop readers
could be either asymmetric or symmetric. In case of asymmetric key
protocols, a two or three layered certificate chain signed by a
well-known CA would be convenient for the Guardian holder. But if the
shop instead decides to set up a local CA then if its customers are
Guardian holders, they will have to perform extra step of installing
that certificate themselves. If the customers can be sure that the
supermarket will not leak symmetric key information to others, then
they could also choose to use EKE symmetric key protocols.
Library
People usually prefer to go to the nearby libraries, so the customers
of a library is almost fixed. Nobody will fly across the Pacific Ocean
if he could find exactly the same book in a library down the street
--- this is a matter of convenience. Therefore, the libraries
could possibly start with a local CA, and asks its customer to
accept its root certificate when the customer registers at the
library.
E-passport
Passports are held by the total population, and the country will have
many airports and police stations. So perhaps symmetric key protocols
are not fit for this scenario, and instead asymmetric key protocols
and certificate should be used for authentication. It is obvious that
a centralized CA could help in this scenario. But some citizens or
governments may not like their identification document information to
be accessed by a business, so they may prefer for the national security
department (or whatever government department) to set up a local CA.
Car Keyless Entry System
Although the RFID Reader in this scenario is owned by the user
(actually the car, not the reader), it is impossible for the user to
operate the reader directly, because the reader is usually firmly
attached inside the car. So a symmetric key protocol is probably more
appropriate in this user case. The reason is that the reader is not
publicly reachable, and there is no need for the automobile company to
publish a public key for a particular reader, then asks all Guardians
to communicate with that reader. So it may be more convenient for the
automobile company to generate a secrete key for each car, and pass
that key to the Guardian holder when the Guardian holder becomes the
owner of the car.
Home Appliance
By placing RFID readers at home, one can
1) Use intelligent household appliance inside the house
2)Have separate readers to do triggering. For example, by placing
an RFID reader at the front door, one's Guardian could be triggered to
switch to another context when the user leaves home.
Since the Guardian holder controls both the Guardian and the reader,
there is no need to implement a PKI and use a certificate for
authentication. But a symmetric key could be used with long-term
keys for both encryption and authentication.
Animal Identification
Most animal identification systems have their shelters distributed
across the country, or even across the continent. So it is easy for
them to implement asymmetric key protocols and use certificate for
authentication. Perhaps they can construct a certificate hierarchy
by geographic locations. For example, the top layer represents the
whole country, while the second layer represents provinces or
states, then the third layer represents cities or towns. This means
a centralized CA is best suited for this scenario.
Military and Commercial Supply Chains
The size of a commercial supply chain varies, so it cannot simply say
whether asymmetric key or symmetric key would fit all cases. For a
small chain (for example only three suppliers), a symmetric key could
be used. They could exchange the secret key as soon as the managers
sign the contract. On the other hand if the chain is large, they could
perhaps better choose a asymmetric key protocol. For the
certificate-based authentication process, it may be better for the
customer (i.e. Wal Mart) to set up a local CA. The reason is that all
the suppliers are stake holders within this chain and their profits
are restricted by the business contract.
The military supply chains always require a higher security level,
so convenience could be sacrificed. For example, a new symmetric key
could be generated for each stop, which could then be securely stored
in all Guardians and readers through the internal military network. In
this way, any other readers that do not know the correct symmetric key
can be detected.
