RFIDs and secret handshakes

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications

Full text

Pdf (628 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 15th ACM conference on Computer and communications security table of contents

Alexandria, Virginia, USA

SESSION: Device security table of contents

Pages 479-490

Year of Publication: 2008

ISBN:978-1-59593-810-7

Authors

Alexei Czeskis	University of Washignton, Seattle, WA, USA
Karl Koscher	University of Washington, Seattle, WA, USA
Joshua R. Smith	Intel Research Seattle, Seattle, WA, USA
Tadayoshi Kohno	University of Washington, Seattle, WA, USA

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 31, Downloads (12 Months): 407, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1455770.1455831 What is a DOI?

ABSTRACT

We tackle the problem of defending against ghost-and-leech (a.k.a. proxying, relay, or man-in-the-middle) attacks against RFID tags and other contactless cards. The approach we take -- which we dub secret handshakes -- is to incorporate gesture recognition techniques directly on the RFID tags or contactless cards. These cards will only engage in wireless communications when they internally detect these secret handshakes. We demonstrate the effectiveness of this approach by implementing our secret handshake recognition system on a passive WISP RFID tag with a built-in accelerometer. Our secret handshakes approach is backward compatible with existing deployments of RFID tag and contactless card readers.

Our approach was also designed to minimize the changes to the existing usage model of certain classes of RFID and contactless cards, like access cards kept in billfold and purse wallets, allowing the execution of secret handshakes without removing the card from one's wallet. Our techniques could extend to improving the security and privacy properties of other uses of RFID tags, like contactless payment cards.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	L. Bao and S. S. Intille. Activity recognition from user-annotated acceleration data. In A. Ferscha and F. Mattern, editors, Proceedings of PERVASIVE, 2004.
	2	Stephen C. Bono , Matthew Green , Adam Stubblefield , Ari Juels , Aviel D. Rubin , Michael Szydlo, Security analysis of a cryptographically-enabled RFID device, Proceedings of the 14th conference on USENIX Security Symposium, p.1-1, July 31-August 05, 2005, Baltimore, MD
	3	H.-J. Chae, D. J. Yeager, J. R. Smith, and K. Fu. Maximalist cryptography and computation on the WISP UHF RFID tag. In Proceedings of the Conference on RFID Security, July 2007.
	4	Tanzeem Choudhury , Gaetano Borriello , Sunny Consolvo , Dirk Haehnel , Beverly Harrison , Bruce Hemingway , Jeffrey Hightower , Predrag Pedja Klasnja , Karl Koscher , Anthony LaMarca , James A. Landay , Louis LeGrand , Jonathan Lester , Ali Rahimi , Adam Rea , Danny Wyatt, The Mobile Sensing Platform: An Embedded Activity Recognition System, IEEE Pervasive Computing, v.7 n.2, p.32-41, April 2008 [doi>10.1109/MPRV.2008.39]
	5	J. Conway. On Numbers and Games. Academic Press, 1976.
	6	Nigel Davies , Daniel P. Siewiorek , Rahul Sukthankar, Activity-Based Computing, IEEE Pervasive Computing, v.7 n.2, p.20-21, April 2008 [doi>10.1109/MPRV.2008.26]
	7	Saar Drimer , Steven J. Murdoch, Keep your enemies close: distance bounding against smartcard relay attacks, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
	8	EPCGlobal. Class 1 Generation 2 UHF Air Interface Protocol Standard. http://www.epcglobalinc.org/standards/uhfc1g2.
	9	D. Gafurov, K. Helkala, and T. Sdrol. Biometric gait authentication using accelerometer sensor. Journal of Computers, 1(7):51--59, 2006.
	10	Daniel Halperin , Thomas S. Heydt-Benjamin , Benjamin Ransford , Shane S. Clark , Benessa Defend , Will Morgan , Kevin Fu , Tadayoshi Kohno , William H. Maisel, Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses, Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008), p.129-142, May 18-21, 2008 [doi>10.1109/SP.2008.31]
	11	G. Hancke. A practical relay attack on ISO 14443 proximity cards, 2005. http://www.cl.cam.ac.uk/?h275/relay.pdf .
	12	Gerhard P. Hancke , Markus G. Kuhn, An RFID Distance Bounding Protocol, Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, p.67-73, September 05-09, 2005 [doi>10.1109/SECURECOMM.2005.56]
	13	T. S. Heydt-Benjamin, D. V. Bailey, K. Fu, A. Juels, and T. O'Hare. Vulnerabilities in first-generation RFID-enabled credit cards. In Proceedings of Financial Cryptography and Data Security, 2007.
	14	A. Juels. RFID security and privacy: A research survey. In IEEE Journal on Selected Areas in Communications, 2006.
	15	Ari Juels , Ronald L. Rivest , Michael Szydlo, The blocker tag: selective blocking of RFID tags for consumer privacy, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948126]
	16	D. Kaminsky. Soylent badges: An attack surface analysis of RFID, 2007. http://www.law.washington.edu/LCT/Events/rfid/Dan_Kaminsky-RFID-Attack-%Surface.pdf.
	17	Z. Kfir and A. Wool. Picking virtual pockets using relay attacks on contactless smartcard systems, 2005. citeseer.ist.psu.edu/kfir05picking.html.
	18	B. Logan, J. Healey, M. Philipose, E. Munguia-Tapia, and S. Intille. A long-term evaluation of sensing modalities for activity recognition. In Proceedings of Ubicomp, 2007.
	19	R. Mayrhofer and H. Gellersen. Shake well before use: Authentication based on accelerometer data. In Proc. Pervasive 2007: 5th International Conference on Pervasive Computing. Springer-Verlag, May 2007. phto appear.
	20	MIT Auto-ID Center. 860MHz -- 930MHz Class I Radio Frequency Identification Tag Radio Frequency & Logical Communication Interface Specification Candidate Recommendation, 2002. http://tinyurl.com/2ebjx7.
	21	David Molnar , David Wagner, Privacy and security in library RFID: issues, practices, and architectures, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA [doi>10.1145/1030083.1030112]
	22	Shwetak N. Patel , Jeffrey S. Pierce , Gregory D. Abowd, A gesture-based authentication scheme for untrusted public terminals, Proceedings of the 17th annual ACM symposium on User interface software and technology, October 24-27, 2004, Santa Fe, NM, USA [doi>10.1145/1029632.1029658]
	23	A. P. Sample and J. R. Smith. A low-cost capacitive touch interface for passive RFID tags. Submitted for publication.
	24	J. R. Smith, A. P. Sample, P. S. Powledge, S. Roy, and A. Mamishev. A wirelessly-powered platform for sensing and computation. In P. Dourish and A. Friday, editors, Ubicomp, volume 4206 of Lecture Notes in Computer Science, pages 495--506. Springer, 2006.
	25	A. Varshavsky, A. Scannell, A. LaMarca, and E. de Lara. Amigo: Proximity-based authenticaiton of mobile devices. In Proceedings of Ubicomp, 2007.
	26	Identity Stronghold website. http://idstronghold.com/.
	27	Privaris plusID products. http://www.privaris.com/products/index.html.
	28	SMARTCODE solves the privacy issue relating to potential unauthorized reading of RFID enabled passports and ID cards. http://tinyurl.com/ypodsz.