RFID: Securing Privacy
Wednesday, February 03, 2010 - RFID Connections

      

Daniel W. Engels, Ph.D

Chief Technology Officer

Revere Security

 

RFID Connections spoke with Daniel W. Engels, Ph.D, Chief Technology Officer for Revere Security. Dan is here today to talk about RFID security, privacy and a new cryptographic algorithm.

 

His views can be heard by clicking on the “podcast” in the article. So if you don’t have time to read the interview now, download it onto your iPod/MP3 player and listen in on your way home.

 

Note: Cryptography is an extremely complex topic and this podcast is not intended as a tutorial on the topic. The transcript includes some images to help explain "rotor" encryption and provides links to additional resources.

 

Note: transcript may have been edited for grammar and contextual flow.

 

 

RFID Connections: There are clearly a lot of concerns about RFID privacy these days. How do you ensure privacy?

 

Dan Engels: When you think about privacy, the primary concerns revolve around the illicit and unauthorized reading of promiscuous tags -- which most RFID tags are today -- and the eavesdropping on communications between those tags and the readers. These are the "snooping" and "skimming" attacks that are cited over and over again in discussions on RFID and privacy.

 

RFID Connections: What exactly is a "promiscuous tag"?

 

Dan Engels: A promiscuous tag is a tag that talks to any reader that knows the language. If you think about a Gen2 passive UHF tag, that's a promiscuous tag. It talks to any reader that wants to talk to it. An ISO 14443 HF tag is a promiscuous tag. It will talk to any reader that wants to talk to it. It may not talk very much but it will still talk.

 

The real issue here is that we have promiscuous tags providing in-the-clear, unencrypted information and believe me, an identifier -- whether it's a tag identifier or an object identifier -- is information.

 

RFID Connections: In essence, what you're saying is that to ensure privacy we need to increase security -- in effect, we "secure privacy".

 

Dan Engels: Absolutely. The best way to increase privacy is to improve the cryptographic mechanisms on the RFID tags themselves. Whether we're cloaking the tags, whether we're encrypting the identifiers and the data on the tags, whether we're putting physical mechanisms on the tag so you have to press a button before they'll talk -- all of these are mechanisms that can be used to improve the security on the tags themselves and therefore protect the privacy of individuals.

 

RFID Connections: There are various security systems and encryption schemes available and in use today. Admittedly, some of these encryptions have been broken by researchers. What are the concerns with the types of security systems that are in use in applications today?

 

Dan Engels: The Gen2 protocol, for example, has various security mechanisms in the passwords but these are all designed to secure the tags for the retail supply chain. When I then take it and put it into a Washington state driver's license, it's insecure because it continually sends out a static identifier, in the clear, to any reader that wants to talk to it. A clear requirement of the privacy advocates is that it not do these types of things.

 

For other RFID technologies that already implement security mechanisms -- specifically cryptographic mechanisms such as the Philips ICODE or the TI tags that are within the immobilization systems in vehicles -- these are all systems that were developed 10 or more years ago, back when 40 bits of security was in fact very, very strong. Today you need significantly stronger levels of security.

 

For the traditional mechanisms, you want at least 112 bits or 128 bits of security and the more bits of security you can achieve the less likely it will be that, in the near future, we'll be able to crack these algorithms in any reasonable form.

 

RFID Connections: That's an interesting point. If 10 years ago 40 bits of security was adequate but now we need 112 or 128 bits, what will we need to implement today for documents such as passports that are valid for 10 year to be relatively certain that these documents remain secure in the future?

 

Dan Engels: Where you need to have security over the life of those devices, you need to look at the roadmap of where security is going. NIST (National Institute of Standards and Technology) and NSA (National Security Agency) both put out roadmaps for proposed levels of security 5 years, 10 years, 20 years down the road.

 

128 bits of security should be good for the next 5 to 10 years, potentially longer, depending on innovations. In the far future, we will clearly see 256 bit keys or levels of security and those types of levels of security are not expected to be breakable for at least the next several decades if not significantly longer.

 

RFID Connections: Revere Security has developed a new security approach that is reportedly significantly different from systems that are currently available. Can you briefly describe it and what's different about it?

 

Dan Engels: We've developed a Hummingbird-based secure identification and mutual authentication protocol that enables the tag to communicate to the reader a secure string of cryptographic data instead of an in-the-clear identifier. The reader is able to say "Do I know you?" based on this and, if I do, then I can take the next step which is to authenticate the tag with a challenge-response.

 

RFID Connections: From what I understand, the system included a new algorithm for encrypting data. Can you describe that?

 

Dan Engels: Revere's algorithm, or Hummingbird cipher, is a rotor-based cipher that utilizes a novel feedback and feed-forward mechanism to create a very secure cipher. Being rotor-based, it does not rely upon the computationally-intensive algorithms such as AES or DES. It also has other interesting properties that allow it to have a small block size. We use a 16-bit block size yet we have a 256-bit key and we're able to be 256 bit secure.

 

It's the novelty of being able to do that in a very small package. We are very fast, very small, very low power compared with most other cryptographic algorithms that are available today.

 

RFID Connections: Is this the same concept as the so-called "Enigma" cipher machines used in World War II and also used commercially both before and after the war that had a series of physical wheels, or rotors, in them? If so, could you describe the Enigma machine and how it compares to Hummingbird?

 

4-rotor Enigma machine

Dan Engels:The Enigma machine that was used during World War II had a 26 character alphabet on those rotors. Characters are set up in a random fashion such that knowing what one rotor setting is does not give you as to what the neighboring rotor setting might be. When you put multiple rotors together what you end up with is multiple substitution permutation capabilities and then you add feed-forward and feedback mechanisms. The Enigma machine for its time was very secure and in fact rotor-based machines and rotor-based ciphers were used up until the mid-1980s by governments around the world. So, it's a very strong cryptographic algorithm and cryptographic method.

 

Enigma machine rotors

However, it has traditionally not translated very well into the electronic realm because if you are going to take a physical rotor and turn it into a virtual rotor what you would typically do is turn that rotor into a table look-up. This is very size inefficient, very power inefficient, and can often be very slow.

 

With Hummingbird, we actually use a virtual rotor that is calculated on-the-fly. We're able to implement the entire Hummingbird algorithm in a very small number of gates.

 

RFID Connections: I realize that this is very difficult to describe in simple terms so could you give us a sense of how the Hummingbird virtual rotor system compares with the original Enigma machine?

 

Dan Engels: The original Enigma machine had three rotors. Each of these rotors had 26 characters on them so roughly five bits of information. The Hummingbird utilizes four rotors and have 16 bits of information on them so each rotor setting is 16 bits as opposed to five bits in length. The equivalent rotor sizing would be that an Enigma rotor would be roughly three inches (7.62 cm) in diameter; the Hummingbird rotor is roughly 520 feet (158.5 meters) in diameter.

 

RFID Connections: How does this help ensure privacy?

 

Dan Engels: Having encryption capabilities on the tag enables both the encryption of the data as it's communicated, the encryption of data while it's at rest, as well as the authentication that the reader itself has privileges, to verify that the reader knows the correct keys and secrets that are shared by the tag and therefore is able to and allowed to communicate with the tag.

 

For privacy concerns, one way to hide a tag "in plain sight" is to have a tag that does not respond until the shared secret is communicated to it.

 

RFID Connections:For more information on Revere Security's "Hummingbird" product, please visit www.reveresecurity.com.

 

Links:

·          Enigma Machine description on Wikipedia: http://en.wikipedia.org/wiki/Enigma_machine

·          Cryptography overview on Wikipedia: http://en.wikipedia.org/wiki/Cryptography

·          "An Overview of Cryptography", Gary S. Kessler, Associate Professor and program director of the  M.S. in Digital Investigation Management program at Champlain College in Burlington, Vermont: http://www.garykessler.net/library/crypto.html

·          More detailed information about Hummingbird (PowerPoint) including current status: http://www.reveresecurity.com/pdfs/RevereIntroduction.pdf

 

NOTE: As always, accuracy of Wikipedia entries is not guaranteed but the Wikipedia references above seem to be fairly good. -Bert Moore

 

---

 

About Daniel W. Engels, Ph.D

Chief Technology Officer

Revere Security

 

Dr. Daniel W. Engels is a world renowned researcher and expert in radio frequency identification (RFID) technologies. He actively researches all aspects of RFID technologies, including security, performance characterization and modeling, and protocols. Dr. Engels was the Research Director of the Auto-ID Labs of the Massachusetts Institute of Technology. Prior to his appointment as Research Director of the MIT Auto-ID Labs, Dr. Engels was the Director of Protocols for its predecessor, the Auto-ID Center.

 

In addition to his work as a member of AIDC 100 and a senior member of IEEE, Dr. Engels has authored more than 50 articles published in peer-reviewed conferences and journals. His work includes seminal publications on the Reader Collision Problem, security in passive UHF systems, as well as articles on antenna design, the EPC System, VLSI computer aided design, theoretical complexity of scheduling problems and programming languages.

 

Dr. Engels received his Doctor of Philosophy degree in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology, his Master’s of Science degree in Electrical Engineering and Computer Science from the University of California, Berkeley and his Bachelor’s of Science degree in Electrical Engineering and Computer Science, Summa Cum Laude, from the University at Buffalo.

 

About Revere Security

 

Founded in 2008 and headquartered in Dallas, Texas, Revere Security specializes in cryptographic data security solutions for small, power-constrained chips and devices. The heart and soul of Revere Security’s technology is a remarkably simple, efficient and powerful cryptographic algorithm.

 

The Revere Security algorithm has been analyzed with rigorous study by a team of cryptanalysts from ISSI, an association of scientists, engineers and mathematicians recruited primarily from the National Security Agency. In addition to the testing performed by ISSI, Revere Security’s algorithm has undergone extensive cryptanalysis by the University of Waterloo’s Center for Applied Cryptographic Research.

 

 

Share this Story
Digg   del.icio.us   Yahoo   Reddit   Facebook   Google

Related Articles :
No Related Content Found

Search Articles :