Seven reasons for application of standardized crypto functionality on low cost tags Manfred Aigner, Graz University of Technology, Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A-8010 Graz Tel: +43 316 873 5516 [email protected]

Abstract In this article we want to provide some arguments for application of standardized cryptographic primitives and protocols in RFID systems, from network layers down to the protection of tags and reader-to-tag communication. Since the tag is the system’s part with the most restrictions concerning power consumption and computational capabilities, we focus in this paper on the security measures applied on passive tags. After a short introduction we state seven reasons why we think that application of standardized cryptographic primitives is the most reasonable approach to secure future RFID systems.

Introduction Currently more and more RFID systems are getting installed, the trend from closed loop systems to open loop applications is in evidence. Pilot systems in closed loops of supply chains proof big benefits of RFID over traditional barcode systems. The major challenges of the early adopters are mainly solved and products for high volume applications are already available. Security has been discussed but did so far not play a major role in most applications. For some applications tags were equipped with security features, but due to the application in closed loop systems, mainly proprietary and undisclosed solutions were applied for protection of the tags. The step towards open-loop systems will prevent application of proprietary solutions in case that compatibility and standardization is a common goal. Not long ago it was assumed that computation of strong cryptographic algorithms is impossible on passive tags. Due to this assumption several parties assumed that weak protection of the data on passive tags might be enough to

protect RFID systems successfully against fraud. In this paper we want to discuss seven reasons for application of standardized crypto primitives. We think that protection with state-of-the-art security measures in necessary for a successful launch of next generation RFID applications, especially in open loop systems.

I. Unknown final application of tags Tags are developed for a variety of applications. Currently it is impossible to predict all possible applications of those tags. No IT-system built so far is protected against all technically possible attacks; it is therefore the goal of IT security measures to make an attack infeasible in such a way, that a possible successful attack results more expensive, than the value that can be generated by breaking the system. Tags are planned to be attached to objects, by now we cannot estimate the value of those goods that future tags are attached to. If the tags with cryptographic measures are used in an anticloning application to proof the origin of the goods, the overall damage in case of a successful attack cannot be estimated by now. Due to the fact that the application of tags with security measures should not be limited to low vale products or very limited number of tags allowed in one application we therefore strongly suggest focusing on the highest possible security level for RFID tags if they contain security measures.

II. Product life cycle of tags Currently the integration of security measures into passive tags is discussed to enable open-loop RFID applications for

supply chains. The characteristic of a supply chains is party adapted to the limited functionality of the tags, this involves design of conveyor belts or part of buildings (e.g. the width of portals). We want to point out that we are not discussing a short term product that will be replaced after a few years by a newer technology, but we are currently developing a system that will stay in operation for the next decade or even more. Tags attached to short dated consumer products will not have a very long life-time, but those tags which are attached to luxury goods do require that they operate for several years or even decades. In case that protection of goods (warranty, proof of origin) is based on cryptographic measures of the tags, it is necessary that those tags withstand attacks throughout their whole lifetime. It makes therefore no sense to scale the security against key-search attacks to the performance of computing systems nowadays available for attackers, but we must take the evolvement of computation performance of computers in the next 1015 years into account. During standardization process of cryptographic algorithms, those considerations are included.

III. Weakest part of the system will be preferred point of attack To break into an IT system, attackers typically focus on the weakest point of the system. The best points for successful attacks are those with minor protection and where an attacker can get easy access to perform attacks without being recognized. Tags are easy to get and they can be operated together with modified readers. The attacker can bring tags home to his lab, and has then full control over the communication with the tag. There is no risk for an attacker to leaf traces, so the illicit activity can hardly be detected. Tags are therefore a logical point of attack of a protected RFID system. If we additionally protect the data on the tags with weak algorithms it is very probable that successful attacks will be performed on tags and exploited for fraud. The security level of the tag protection therefore defines the lower level of security of the overall system. It does not make sense to protect readers or network layers of the

overall RFID system with state-of-the-art countermeasures, if we apply lower protection levels to protect tags and the communication between tags and readers against attacks.

IV. Proprietary self-“tailored” algorithms tend to be insecure The first real-world applications of cryptographically protected passive tags were car immobilizers. The tag’s semiconductor technology available at that time of the first car immobilizers on basis of passive RFID tags did not allow complex operations on the tags. Keeping the algorithms secret was not treated a problem, since the application is a typical closed-loop scenario. Security measures for tag protection were scaled down to a limit that was possible to implement. It was definitely not possible to apply a standardized crypto algorithm with the available power and area resources at that time. Therefore proprietary algorithms were designed to allow cryptographic operation with the available area and power budget. Proprietary algorithms typically lack of detailed analysis of their cryptographic characteristic. They are analyzed by a very limited number of experts; it is therefore rather probable that some flaws are not detected during development. In contrast, during the standardization process, encryption algorithms are publicly analyzed to keep the risk of undetected security holes at a minimum (e.g. AES selection procedure [1]). In the past proprietary encryption algorithms or protocols were used to protect e.g. pay-TV systems. Many of the systems were broken after a short time on the market [3]. The protection of the car immobilizer tag mentioned above also was broken by a group of students of Johns Hopkins University in Berkeley in 2005 [4]. Motivation for the attack was application of the immobilizer tags in a contact-less payment system (Mobil Speedpass System, this could also serve as a good example for section I “Unknown final application of tags”). There is a curious fact about the incident that demonstrates how difficult it is to keep proprietary algorithms secret. The details about the undisclosed algorithms that were necessary for a successful attack were not leaking by illicit

channels, but were published by one of the inventors of the algorithm on a public workshop [5]. The presenter assumed that it is still impossible to break the system with this little knowledge about the algorithm; in fact he presented the details a group of students was waiting for to mount a successful attack. Application of standardized algorithms prevents such problems.

V. Necessary area on tags comes for free Technology for silicon integration of electronic circuits is steadily improving, which leads to smaller silicon area for circuits with the same functionality. The price of a passive tag is due to the high number of produced tags depending on this silicon area. To keep the costs of a tag at the minimum, the tag developer tries to reduce the area consumption of the circuits. Additional functionality requires additional area and raises therefore the costs of a tag. This is true until a certain point, due to the fact that handling smaller chips during packaging and assembling of chips and antennas to tags is more expensive. The loss of material during the cutting process of small chips from the silicon wafer is another factor why the cost of tag is not linearly decreasing with the used silicon area. It is expected that the minimal costs can be achieved with a chip area of about 0.3-0.5mm². Currently available low cost RFID tags are produced on silicon processes with a minimal structure size of about 350nm. Newer tags are developed on a 180nm process, next generation will be 130nm. Reducing the minimal structure size by factor 2 improves the area per logic gate approximately by factor 4. The basic functionality of tags fit now on an area of approximately 1mm², porting those circuits to modern silicon processes will result in an area consumption that is below the 0.3-0.5mm² barriers, for cheapest tag production. This means that with every technology step to a newer silicon process, more area is available for additional functionality without increasing the costs of the overall tag. Logically some of the area will be used to increase the memory of the tags, but some can be used for computation of standardized crypto algorithms. The argument to use proprietary algorithms to

keep the overall costs of a tag as low is as possible is therefore disappearing.

VI. No reduction of reading distance and long computation time The overall power consumption of a tag is a critical design constraint for the tag designer. Many RFID applications require a high reading distance, but the field strength of the reader RF-field very limited at the maximum reading distance. If the circuit on the tag consumes too much power, the tag is reset during operation and does not answer requests from the reader in a correct way. Long time it was assumed that it is not possible to compute complex crypto algorithms without reducing the maximum reading distance (by exceeding the power limit available at that distance), but implementation of standardized crypto algorithms which fulfil those requirements are published already [6]. Another argument against application of standardized crypto primitives is the rather long computation time, compared with algorithms with lower security. This issue can be solved on the protocol level. The tag’s answer to a request that requires cryptographic operation is meaningful only after the anti-collision procedure. This means that the tag is typically already a long time in the field waiting for requests. During that idle time the tag can perform pre-computations to react then fast when the answer to a cryptographic operation is required. Proper protocol definition and application of the crypto algorithms in an appropriate mode of operation, e. g. counter mode would allow such precomputation of cryptographic operations. High number of necessary clock-cycles for the execution of the crypto algorithm would then not reduce the average overall performance of the tag.

VII. Additional applications due to security functionality Although additional functionality on a tag will be available without raising the costs of a tag, application of security measures will raise the costs of RFID systems. Readers need to compute also security operations, keys need to be stored in a secure way in tags and readers (or computing centers).

Personalization effort will rise, since not only the unique ID, but also the secret key has to be stored on the tag. For low value applications those additional costs are not acceptable. We should keep in mind that security on tags will enable a variety of new applications. In the internet a similar effect was triggered by introduction of the security layer “SSL” for the unprotected “http” protocol, resulting in the “https:” protocol. It enabled a variety of new webapplications with higher security requirements, like electronic banking or eGovernment services. As soon as the protection of the tags is high enough, RFID enabled customs declaration, return for disposal, automatic handling of warranty cases and more after-POS applications will come up. The key to this new applications will be the possibility to control how an with whom a tag provides its information. When an object with a tag attached is handed over to a new owner (e.g. to the client after POS), this new owner also wants to control the information that is combined with this tag. By changing the encryption key of a security enabled tag, such a scenario will be possible. We can then solve the privacy issues coming up with item-level tagging without killing the tags when the objects are handed over to a new owner. After-POS applications with a benefit to client and merchant are then possible by using the same tags as within the merchant’s supply chain. Those additional applications will justify additional costs arising from security measures, maybe not for all products, but at least for higher value products, or for those where disposal and warranty are an important issue.

Conclusion The motivation for this article is to provide reasons why protection for passive RFID tags should be based on state-of-the-art security levels of current IT systems. We provided several arguments why we think that application of standardized crypto primitives is necessary to face upcoming security issues that are coming up with further development of RFID technologies. As IT security specialists we still see the chance to built up a secure system by considering security measures already before the first successful attacks proof the necessity. We strongly recommend using

standardized crypto algorithms and protocols, although their implementation might be more expensive as dedicated developed proprietary solutions at first glance. We see the risk that the security level of ad hoc solutions is not adequate for all possible future applications. We additionally expect many new applications and increased consumer trust, enabled by proper security functionality of RFID tags, and all other layers of an RFID system.

References [1] EPC Standard available from: http://www.epcglobalinc.org/standards/ specs/ [2] James Nechvatal, Elaine Barker, Lawrence Bassham, William Burr, Morris Dworkin, James Foti, Edward Roback, “Report on the Development of the Advanced Encryption Standard (AES)” available from: http://csrc.nist.gov/CryptoToolkit/aes/ [3] Benny Evangelista, San Francisco Chronicle article, “Pay-TV piracy Decrypting is costing the satellite and cable TV industry $6.5 billion a year” by, available from http://sfgate.com/cgibin/article.cgi?f=/c/a/2002/06/17/BU16935 7.DTL or http://www.multidec.de/ [4] Information about the successful attack on the Mobil Speedpass System, by see Steve Bono, Matthew Green, Adam Stubblefield, and Avi Rubin from Johns Hopkins University, Ari Juels and Michael Szydlo from RSA Laboratories; see http://passivemode.net/updates/2005/1/2 5/speedpass-rfid-analysis.html [5] Slides of Ulrich Kaiser, presented at the Fourth Conference on the Advanced Encryption Standard (AES) on May 10th, 2004, available from http: //www.hgi.rub. de/english/conferences/aes4/downloads/ AES_UICE_slides.pdf [6] Martin Feldhofer, Johannes Wolkerstorfer, Vincent Rijmen; "AES Implementation on a Grain of Sand", IEE Proceedings on Information Security, Volume 152, Issue 1, pp. 13–20, October 2005