1) The document presents a dynamic mutual RFID authentication model to prevent unauthorized third party access in the European pharmaceutical supply chain.
2) It describes security threats like product identification, illegal access, eavesdropping, tag spoofing, and replay attacks.
3) The authentication model uses a distributor middleware that separates companies and detects fake tags, and an enterprise middleware that stores encryption keys to authenticate tags.
Powerpoint exploring the locations used in television show Time Clash
Dynamic RFID Authentication Model for Supply Chains
1. A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access 4th Int’l Conference on Network and System Security 1-3 Sep, 2010 - Melbourne, Australia Matthieu-P. Schapranow Hasso Plattner Institute
2. Agenda Key Facts about the Hasso Plattner Institute European Pharmaceutical Supply Chain Security Threats Authentication Model Processing Steps Benchmark Setup Cost Evaluation Security Evaluation NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 2
3. Key Facts about the Hasso Plattner InstituteInternals Founded as a public-private partnershipin 1998 in Potsdam near Berlin, Germany Institute belongs to theUniversity of Potsdam Ranked 1st in CHE 2009 500 B.Sc. and M.Sc. students 10 professors, 92 PhD students Course of study: IT Systems Engineering NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 3
4. Key Facts about the Hasso Plattner Institute Research Group Hasso Plattner / Alexander Zeier Research focus: real customer data for enterprisesoftware and design of complex applications In-Memory Data Management for Enterprise Applications Human-Centered Software Design and Engineering Maintenance and Evolution of SOA Systems Integration of RFID Technology in Enterprise Platforms Cooperations Academic: Stanford, MIT, etc. Industry: SAP, Siemens, Audi, etc. NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 4
5. Key Facts about the Hasso Plattner InstituteWhat can we do for you? Network between industry andacademia,e.g. European section of the Curriculum RFID seminars for graduate / undergraduate students Trends & concepts lecture (Prof. Hasso Plattner) Enterprise Application Architecture Laboratory Enterprise software, e.g. SAP, Microsoft, etc. Equipped RFID Lab, e.g. deister electronic, noFilis, etc. Concrete sizing and simulation of customer supply chains NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 5
6. European Pharma Supply ChainManufacturing NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 6
7. European Pharma Supply ChainCounterfeits NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 7
8. European Pharma Supply ChainBusiness-level Security NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 8
9. European Pharma Supply ChainBusiness-level Security NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 9
10. European Pharma Supply ChainRoles Main Roles Manufacturers: ~2.2k Wholesalers: ~50k Retailers: ~140k Other Roles Logistics Providers End Consumers NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 10
11. European Pharma Supply ChainData Sizing Assumptions ~15 billion pharmaceuticals on prescription per year ~9 events per unique item 1 x manufacturer (create + ship) 2 x wholesaler (receive + ship) 1 x retailer (receive + sell) 1 x end consumer (check) Assuming 364 days production results in ~4,300 events/second within the European supply chain NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 11
12. Security Threats Product Identification: Trace of Pharmaceuticals or Customers, and vice versa Illegal Access: manipulate valid EPC, KILL, etc. Eavesdropping/Sniffing: Get EPC of similar products, Derive product class Tag Spoofing: behave like a tag of an authentic pharmaceutical Tag Impersonation: simulate responses of an existing tag Reader Impersonation: simulate responses of an existing reader Replay Attacks: re-use data from former communication, e.g. KILL NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 12
13. Authentication ModelProcessing Steps Distributor Middleware Separates current company and manufacturer Detects faked tags Enterprise Middleware Stores details about all issued EPCs Contains details about tag-specific PUF NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 13
17. Authentication ModelCost Evaluation (cont’d) Protocol overhead compared to existing RFID communication To Tag: Step 1: 30 bit PRN Step 9: 30 bit h(PW) + 20 bit PW* To Reader: 18 bit EP_ID + 24 bit T_ID + 30 bit h(PW) Sum: 152 bit Other Protocols, e.g. POP: 288 bit per authentication NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 16
19. Thank you for your interest!Keep in contact with us. Responsible: Deputy Prof. of Prof. Hasso PlattnerDr. Alexander Zeierzeier@hpi.uni-potsdam.de Matthieu-P. Schapranow, M.Sc. matthieu.schapranow@hpi.uni-potsdam.de Hasso Plattner InstituteEnterprise Platform & Integration ConceptsMatthieu-P. SchapranowAugust-Bebel-Str. 8814482 Potsdam, Germany NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 18
Notas do Editor
Focus on the first five
Physical Uncloneable Function (PUF)
Ratio 10:1
POP: product flow with ownership-transfer.
Product Identifying: responses change, no tracking of EPC possible, deriving of products/customersIllegal Access: EPC not replied to every request, need current pw to initiate Tag actionEavesdropping/Sniffing: Does obtain clear PW, but requires knowledge of PUF.Tag Spoofing: impossible to simulate responses for all PRNsTag Impersonation: need knowledge about internals of tag to impersonateReader Impersonation: OTP algorithm per reader known by enterprise middlewareReplay Attacks: mainly prevented, but precise shielding possible