AMPLFSRbasedPseudorandom NumberGeneratorforEPCGen2Systems - - PowerPoint PPT Presentation

a mp lfsr based pseudorandom number generator for epc
SMART_READER_LITE
LIVE PREVIEW

AMPLFSRbasedPseudorandom NumberGeneratorforEPCGen2Systems - - PowerPoint PPT Presentation

Jan 19, 2024 388 likes •723 views

AMPLFSRbasedPseudorandom NumberGeneratorforEPCGen2Systems Mitacs Workshop on Network Security & Cryptography Joaquin Garcia-Alfaro Institut TELECOM & UOC/IN3 Joint work with J.

slide-1
SLIDE 1

A
MP‐LFSR
based
Pseudorandom

 Number
Generator
for
EPC
Gen2
Systems


Mitacs Workshop on Network Security & Cryptography


Joaquin Garcia-Alfaro Institut TELECOM & UOC/IN3


Joint work with

  • J. Herrera-Joancomarti and J. Melia-Segui
slide-2
SLIDE 2
  • Family of coding schemes to uniquely identify physical objects

35 · 006A13A · 012B5F · 000034DA0

ELECTRONIC PRODUCT CODE

Manager number Object class Serial number Header

ELECTRONIC PRODUCT CODE

Manager number Object class Serial number

  • Using RFID technology, it communicates a binary code

EPC: Electronic Product Code

slide-3
SLIDE 3
  • Passive tags (no battery onboard)

35 · 006A13A · 012B5F · 000034DA0

ELECTRONIC PRODUCT CODE

Manager number Object class Serial number Header

ELECTRONIC PRODUCT CODE

Manager number Object class Serial number

  • Memory and Power:
  • Very limited (less than 1024 bits of memory and 4µW)

EPC Tags

  • Logic Circuitry:
  • Execution of queries, generation of pseudorandom sequences, and

integrity checks (CRC).

slide-4
SLIDE 4

Gen2 vs. HF-based RFID Standards

Research focused on low-cost RFID technologies:

slide-5
SLIDE 5

Motivation

  • Evaluation of PRNG designs for EPC Gen2 (Industry & Research)
  • Weaknesses of the Gen2 protocol if the PRNG output is predictable

[WPC, 2010] A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags. Wireless Personal Communications, Springer, December 2010.

slide-6
SLIDE 6

Outline

  • Introduction
  • EPC Gen2 Protocol
  • LFSR-based PRNG proposals
  • Conclusion
slide-7
SLIDE 7

The EPC Gen2 Protocol

[EPCGlobal, 2010]

slide-8
SLIDE 8

Select/Inventory Operation

slide-9
SLIDE 9

Access/Open Operation

  • After the selection process, the

tag is individually identified

  • The tag generates several 16 bit

nonce series (RN16), used for anti-collision & authentication

  • Handle (first RN16) is used to link

the command session

WRITE Command

slide-10
SLIDE 10

Outline

  • Introduction
  • EPC Gen2 Protocol
  • LFSR-based PRNG proposals
  • Conclusion
slide-11
SLIDE 11

LFSR-based PRNGs

  • Lightweight hardware implementation
  • LFSR already used for Gen2 CRC
  • Period of 2n − 1 when the feedback polynomial is primitive
slide-12
SLIDE 12

LFSR linearity problem

The feedback polynomial can be determined by simply eavesdropping 2n values

slide-13
SLIDE 13

Linearity Avoidance (1/2)

slide-14
SLIDE 14

Linearity Avoidance (1/2)

slide-15
SLIDE 15

Linearity Avoidance (2/2)

[Che et al., 2008] Networked RFID Systems and Lightweight Cryptography, Chapter 16, A Random Number Generator for Application in RFID Tags, pp. 279– 287. Springer, 2008.

slide-16
SLIDE 16

Evaluation of Each Proposal

  • Shrinking Generator: ~ 1435 GE, 517 clock cycles at 100KHz
  • EPC requires, at 100KHz, a RN16 in at most 220 cycles
  • Che et al. Scheme: ~ 500 GE, 50 clock cycles at 100KHz
  • However, predictable with Prob. ~ 1/2 for 160 bits [WLC, 2010]

[WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

slide-17
SLIDE 17

NIST Statistical analysis

[WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

slide-18
SLIDE 18

Expected Probability of Success

[WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

slide-19
SLIDE 19

Expected Probability of Success

[WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

slide-20
SLIDE 20

Probability of Success

[WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

(1) Given a sequence s, s.t. |s| = 2n, prob. that s has been affected by exactly two trn Sequences divided as 2n + (n-1) (2) Probability that the two trn used in that sequence are exactly zeros (3) Probability that the three trn used in that sequence are exactly zeros (4) Prob. that the remainder bits have been affected by exactly three trn

slide-21
SLIDE 21

Testing the Attack (1/2)

slide-22
SLIDE 22

43


Testing the Attack (1/2)

slide-23
SLIDE 23

Testing the Attack (2/2)

128 bits

slide-24
SLIDE 24

Success Rate

[WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

Analytical rate Empirical rate

slide-25
SLIDE 25

Success Rate

[WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

slide-26
SLIDE 26

Outline

  • Introduction
  • EPC Gen2 Protocol
  • LFSR-based PRNG proposals
  • Work-in-Progress
  • Conclusion
slide-27
SLIDE 27

49


Work-in-Progress

slide-28
SLIDE 28

50


Work-in-Progress Status

slide-29
SLIDE 29

Outline

  • Introduction
  • EPC Gen2 Protocol
  • LFSR-based PRNG proposals
  • Conclusion
slide-30
SLIDE 30

Conclusion

slide-31
SLIDE 31

Work-in-Progress Status

slide-32
SLIDE 32

A
MP‐LFSR
based
Pseudorandom

 Number
Generator
for
EPC
Gen2
Systems


Mitacs Workshop on Network Security & Cryptography