Tag Matching

We break down the tag matching protocol into three operations that describe, first the interaction between tags Ti, Tj and reader Rk, second the interaction between reader Rk

and backend server S, and third the computation of the output of the Check function by readerRk. the protocol. Otherwise, it updates the states of tagsTi and Tj and continues the execution of the protocol.

Now to update the state of tag Ti participating in the protocol, reader Rk proceeds as follows.

• If σ^k_Tⁱ

i = MAC_K(c^k_Tⁱ

i), then reader Rk picks a random numbersr^′_i and re-encrypts the ciphertextsc^k_Tⁱ Without loss of generality, we assume that c^k_Tⁱ

i = EncG(ψ(aTi)) = ψ(aTi)˜g₁^ri and c^k_T^j

j =

146

6.4 Protocol

This directly follows from the homomorphic property of BGN as illustrated in Section 6.4.1.1.

Reader Rk ↔ Backend server S. Reader Rk then sends ciphertext C_(i,j) to backend server S.

Without loss of generality, we assume that Ref = {ref₁,ref₂, ...,ref_ν}, and that for all refp ∈Ref, there exist ai and aj in A, such that refp=e(ψ(ai), ψ(aj)).

Upon receiving ciphertextC_(i,j) from reader Rk, backend serverS proceeds as follows:

• It picks ν random numbersrp ∈Z^∗_N, and computes ν ciphertextsCp =

We note that by shuffling messages M_p^′, T-Match prevents semi-honest readers R_k from telling whether two pairs of matching tags satisfy the same matching reference or not.

• Finally, backend serverS sends M_p^′ to readerR_k.

6. RFID-BASED ITEM MATCHING IN SUPPLY CHAINS

The output of the Check function. When receiving M_p^′ from backend server S, reader Rk uses its secret shareα₁ and computes:

Mp = M_(1,p)^α1M_(2,p) =C_p^α1C_p^α2 =C_p^α1+α2 =C_p^q1 =

Note that if Ti and Tj match then there exists a matching reference ref_p ∈ Ref such that:

e(ψ(a_Ti), ψ(a_Tj)) =ref_p. That is:

In the following section, we state the security theorems of T-Match.

We recall that backend server S and readers Rk are semi-honest, and that issuer I is honest.

To prove the soundness of T-Match, we use the following lemma:

Lemma 6.1. If rp ∈Z^∗_N then: Mp = 1⇔e(ψ(aTi), ψ(aTj)) =refp.

Proof. Note that for all ai∈A,ψ(ai)∈G₂, and that ˜g2 =g^q1 is a generator of G₂. 148

6.5 Security Analysis As a result, for all a_i ∈A,∃x_i∈Z_q

2 such that ψ(a_i) = ˜g₂^xi =g^q1xi. Consequently, there exist xi, xj, xp ∈Z_q2 such that:

e(ψ(aTi), ψ(aTj)) = e(g, g)^q12xixj ref_p = e(g, g)^q12xp Thus,Mp =

e(ψ(a_Ti), ψ(a_Tj)) ref_p

q1rp

=e(g, g)^q31xrp, wherex=xixj−xp modq₂.

If M_p = e(g, g)^q31xrp = 1, then this implies that q₁³xr_p = 0 mod N. Since r_p ∈ Z^∗_N, it follows thatq³₁x= 0 mod N and x=x_ix_j−x_p= 0 mod q₂.

We conclude that xixj =xp mod q₂ and q₁²xixj =q₁²xp mod N, and e(ψ(aTi), ψ(aTj)) = ref_p.

Theorem 6.2. T-Match is sound under the security of MAC and the security of the hash functionH.

Proof sketch. If there is an adversary A who breaks the soundness property of T-Match, then this implies that adversaryAis able to provide readerRkwith a pair of tags T₀ andT₁ such that:

i.) Tag T₀ (respectively T₁) stores a state S_T0 = (c_T0,MAC_K(c_T0)) (respectively S_T1 = (cT₁,MAC_K(cT₁)));

ii.) Check(T₀,T₁) = 1, i.e., there exists a matching reference ref_(p,q)=e(ψ(a_p), ψ(a_q)) that matches the pair of tags T₀ and T₁;

iii.) and finally, {DecG(c_T0),DecG(c_T1)} 6={ψ(a_p), ψ(a_q)}.

There are two cases to consider, depending on whetherT₀ and T₁ encode valid attributes or not.

Case 1. T₀andT₁encode valid attributes, i.e., there existai, aj ∈Asuch thatDecG(cT₀) = ψ(a_i) and DecG(c_T1) = ψ(a_j). Breaking the soundness property of T-Match implies that there exist{ai, aj} 6={ap, aq} ⊂Asuch thatref_(p,q)=e(ψ(ap), ψ(aq)) =e(ψ(ai), ψ(aj)) using Lemma 1.

• LetE denote the event that for all {ai, aj} 6={ap, aq} ⊂A,e(ψ(ai), ψ(aj))6=e(ψ(ap), ψ(aq)).

• Let ¯Edenote the event that there exists{a_i, a_j} 6={a_p, a_q} ⊂A, such thate(ψ(a_i), ψ(a_j))

=e(ψ(ap), ψ(aq)).

Assuming that H :{0,1}^∗ → Gis a cryptographic hash function implies that for all a_i ∈A, H(ai) is uniformly distributed in G. Therefore, ψ(ai) = H(ai)^xI = H(ai)^q1x′I is randomly

6. RFID-BASED ITEM MATCHING IN SUPPLY CHAINS

distributed in G₂, i.e., for all a_i ∈ A there exists x_i uniformly distributed in Z_q

2 such that ψ(ai) = ˜g₂^xi, where ˜g₂ is a random generator of G₂.

Accordingly, for any pair of attributes (ai, aj) ∈ A, e(ψ(ai), ψ(aj)) = e(˜g2,g˜2)^xixj is distributed uniformly in the subgroupG_T

2 of orderq₂ inG_T.

• LetPAdenote the set of all possible pairs inAandLdenote the number of these pairs, i.e., L = |PA| = l(l−1)

2 , where l is the number of attributes in T-Match. Without loss of generality, we denotePA={p₁,p₂, ...,p_L}.

• LetE_i denote the event that pair p_i inPA does not have the same matching reference as pairs{p₁,p₂, ...,p_i−1}.

Since typically|l| ≤10, it follows that the probability that event ¯E occurs is negligible.

We conclude that given the security of the hash function H, the probability that an adversary A breaks the soundness property when tags T₀ and T₁ encode valid attributes is negligible. A. As a result, adversary A is able to compute the MAC of cT₀ without the secret key K.

This leads to a contradiction under the security of MAC.

We conclude that given the security of MAC, an adversaryAcannot break the soundness of T-Matchwhen tagT₀ or tagT₁ does not encode valid attributes.

6.6 Privacy Analysis

In the this section, we present T-Match’s privacy theorems.

150

6.6 Privacy Analysis 6.6.1 Privacy against Readers and the Backend Server

Theorem 6.3. T-Matchensures the privacy of tags against readers R_k and backend server S in the semi-honest model under the subgroup decision assumption.

Proof sketch. We need to show how to transform any admissible pair (A1,A2) of adversaries against T-Match in the real model, into an admissible pair (B1,B2) of adversaries in the ideal model.

Backend server S is honest. First, we start with the case of an honest backend serverS.

In this case, we transform the adversaryA1(semi-honest readerR_k) against backend serverS in the real model into an adversaryB1 (semi-honest readerRk) against S in the ideal model.

AdversaryB1will executeA1locally, obtaining therefore the messages thatA1would have sent in a real execution of T-Match, and providing A1 with the messages that he expects to receive from backend serverS.

• A1 reads the states S_T^ki

i and S_T^kj

j stored into tagsTi and Tj respectively, and computes the bilinear pairingC_(i,j)of the ciphertexts stored intoT_iandT_j. Then,A1sendsC_(i,j) to B1 who simulates backend server S.

• B1 sends the ciphertexts stored into tagsT_i andT_j and the secret shareα₁ of adversary A1 to the trusted third party.

• B1 receives a bitbfrom the TTP which is the output of the Check function.

• To simulate backend serverS to adversaryA1,B1 computesν messagesM_p^′ such that:

1. If b = 1: B1 picksν −1 pairs of random numbers (xp, rp) in Z^∗_N, and computes:

M_p^′ = (M_(1,p), M_(2,p)) = (e(g, g)^rp, e(g, g)^xpe(g, g)^−α1rp), where α₁ is the secret share of A1. Note that Mp = M_(1,p)^α1 M_(2,p) =e(g, g)^xp is randomly distributed in G_T.

Next,B1selects a random numberrν ∈Z_Nand computes: M_ν^′ = (M_(1,ν), M_(2,ν)) = (e(g, g)^rν, e(g, g)^−α1rν).

2. If b = 0: B1 picks ν pairs of random numbers (x_p, r_p) in Z^∗_N, and computes:

M_p^′ = (M_(1,p), M_(2,p)) = (e(g, g)^rp, e(g, g)^xpe(g, g)^−α1rp).

• Finally, B1 shufflesM_p^′ and sends them to adversaryA1.

We show that the distribution of messagesM_p^′ sent toA1 whenB1 is simulating backend server S is computationally indistinguishable from the distribution of messages M_p^′ that A1

actually receives from backend server S in a real execution ofT-Match.

When adversary A1 runs T-Match in the real model, he expects to receiveν messages M_p^′ distributed as described below:

6. RFID-BASED ITEM MATCHING IN SUPPLY CHAINS sent by adversaryB1 during his simulation of backend serverS is distributed in G_T and not inG_T

2. However, this cannot be detected by A1. Otherwise, this implies that A1 is able to tell whether an element ofG_T is an element of the subgroupG_T

2 or not, and this leads to a contradiction under the subgroup decision assumption, see Definition6.5.

Thus, B1 successfully simulates backend server S to adversary A1, and the distribution RealA¯ is computationally indistinguishable from the distribution IdealB¯when backend server S is honest.

Reader R_k is honest. We transform next an adversary A2 (semi-honest backend server S) against readerRk in the real model into an adversaryB2 (semi-honest backend serverS) against readerR_k in the ideal model as follows.

• B2 first eavesdrops on reader Rk to get the states of tags Ti and Tj participating in the matching protocol. Notice that such an attack cannot be prevented as the channel between tags and reader Rk is not secure.

• B2 simulates reader R_k for adversary A2 in the real model by computing the bilinear pairingC_(i,j)of ciphertexts stored into tagsTi andTj, and by sendingC_(i,j)to adversary A2.

• B2 sends the set of matching references Ref and the secret shareα2 of adversaryA2 to the TTP.

• The TTP returns a bitb to readerRk in the ideal model.

Although adversaryB2 does not have access directly to the value ofb, he can still infer its value by observing the behavior of reader R_k in the ideal model. In fact, ifb = 1, then readerR_kraises an alarm, and so doesB2in the real model when simulating reader Rk. Otherwise, B2 does nothing.

To conclude, adversary B2 successfully simulates reader R_k to adversary A2 in the real model, and the distributionsRealA¯andIdealB¯are indistinguishable when readerR_kis honest.

Consequently, T-Match ensures the privacy of tags against readers R_k and backend serverS in the semi-honest model.

152

6.6 Privacy Analysis 6.6.2 Privacy against Outsiders

To prove thatT-Matchensures tag unlinkability, we first show that BGN is IND-CPA under re-encryption.

LetOREnc be the oracle that when queried with two BGN ciphertextsc₀ andc₁ encrypted using public key pk, flips a random coin b∈ {0,1}, re-encryptsc_b using pk, and returns the resulting ciphertextc^′_b.

LetAbe an adversary that selects two BGN ciphertextsc₀ andc₁ and queries the oracle OREnc with c₀ and c₁. OREnc randomly chooses b∈ {0,1}, re-encrypts cb to c^′_b, and returns c^′_b to adversaryA, who then outputs his guessb^′ for bitb.

We say that BGN is IND-CPA under re-encryption, if adversaryA has only a negligible advantage in guessing the correct value of b.

Lemma 6.2. Boneh-Goh-Nissim is IND-CPA under re-encryption under the subgroup deci-sion assumption in G.

Proof sketch. Let adversary B be an adversary against the IND-CPA property of BGN, see Section2.17.

We show now that if there is an adversary A who breaks the IND-CPA property under re-encryption of BGN with a non-negligible advantage ǫ, then B can use A as a subroutine to break the IND-CPA property of BGN with a non-negligible advantage ǫ^′.

Let OEnc be the oracle that when queried with two messages m0 and m1 in G, flips a random coinb∈ {0,1}, encryptsm_b using BGN and public keypk, and returns the resulting ciphertext c_b.

When adversaryAsubmits the ciphertextsc₀ andc₁ toB, the latter simulates the oracle OREnc as follows.

• He first queries the oracleOEnc with messages m₀ =c₀ and m₁ =c₁.

• The oracle OEnc flips a random coin b ∈ {0,1}, and encrypts mb to obtain ciphertext c^′_b =m_b˜g₁^r =c_bg˜^r₁. Note that c^′_b is a re-encryption ofc_b.

• The oracle OEnc returns the ciphertextc^′_b to adversaryB, who gives it to adversaryA. AdversaryAoutputs his guessb^′ for the bitb. To break the IND-CPA property of BGN, adversaryB outputs the same bit b^′.

Since ciphertext c^′_b is a re-encryption of c_b and A has a non-negligible advantage ǫ in breaking the IND-CPA of BGN under re-encryption, it follows that b^′ = b and that B is able to break the IND-CPA of BGN with a non-negligible advantage ǫ^′ = ǫ, leading to a contradiction under the subgroup decision assumption.

Theorem 6.4. T-Match ensures tag unlinkability against outsiders under the subgroup decision assumption in G.

6. RFID-BASED ITEM MATCHING IN SUPPLY CHAINS

Proof. Assume there is an adversary A who breaks the tag unlinkability of T-Matchwith a non-negligible advantage ǫ. We show that we can build an adversary B who uses A as a subroutine and breaks the IND-CPA property of the BGN cryptosystem under re-encryption with a non-negligible advantage ǫ^′.

To break the IND-CPA property of BGN, B proceeds as follows:

• Adversary B simulates challenger C and creates a complete T-Match system with l attributesA={a₁, a₂, ..., a_l}, an issuerI,η readersR_k and a backend serverS.

B selects a random MAC keyK, a random secret key x_I, random shares α₁ and −α₁, and a hash function H :{0,1}^∗ → G. Next, he computes the matching references Ref that he is going to use to compute the output of theCheck function.

Then, he provides issuerI with secret keysK,xI and the hash functionH, readersRk

with secret keyK and secret shareα₁, and backend serverSwith secret share−α₁ and the set of matching references Ref.

Finally, he simulates issuerI and initializes ntags using as inputA, public keypkfrom the re-encryption oracle O^REnc, hash function H, MAC keyK and secret key xI. At the end of tag initialization phase, each tag Ti stores a state S_T⁰_i = (c⁰_Ti, σ_T⁰_i) = (EncG(ψ(a_Ti)),MAC_K(c⁰_Ti)) such that a_Ti ∈A.

• B initializes a database DB where he keeps an entry ETi for each tag Ti such that:

E_Ti = (a_Ti, c⁰_Ti, c¹_Ti, ..., c^j_T

i, ...), wherec⁰_Ti is the ciphertext stored intoT_i at initialization, andc^j_Ti is the ciphertext stored into tagTiafter thej^thinteraction of tagTiwith readers R_k in the supply chain.

Learning phase. In the following, we show how adversaryBsimulates challenger Cin the learning phase.

• B simulates oracleOTag and providesA with a set of r tags of his choice.

• Bsimulates the output of theCheckfunction to adversaryA. Without loss of generality, we assume that adversaryAsubmits two tagsT_iandT_j to some readerR_kin the supply chain.

– First, adversary Breads the states S_T^ki

i = (c^k_Tⁱ and Tj respectively, verifies the validity of the MACsσ^k_Tⁱ

i and σ^k_T^j

i in his database, retrieves their cor-responding attributes aTi and aTj, and updates the database entries. Finally, he

154

6.7 Evaluation checks whether a_Ti and a_Tj match or not. If so, B simulates reader R_k in the supply chain and outputs 1. Otherwise, he outputs 0.

It is important to note that the simulation presented above of the Check function works because only issuerI and readers R_k can compute a valid stateS^k_Tⁱ

i = (c^k_Tⁱ

i, σ_T^ki

i).

Challenge phase. Asubmits two challenge tags T₀ and T₁.

B reads and verifies the states stored into T₀ and T₁, and retrieves the corresponding ciphertextsc₀ and c₁ respectively.

• To simulateO^Flip,Bqueries the oracleO^REnc with ciphertextsc₀ and c₁. O^REnc returns a re-encryptionc^′_b of ciphertextc_b, b∈ {0,1}.

• Then,B computes σ_b^′ =MACK(c^′_b) and stores the state ST_b = (c^′_b, σ^′_b) into tagT_b.

• Finally, B returns tagT_b to A. Aoutputs his guess b^′ for the bit b.

Now, to break the IND-CPA property of BGN under re-encryption,B outputsb^′.

Notice that ifA outputsb^′= 1, then tag T_b corresponds to tag T₁, and therewithc^′_b is a re-encryption ofc₁. Otherwise, tag T_b corresponds to tag T₀ andc^′_b is a re-encryption ofc₀. Since adversaryA has a non-negligible advantage ǫ in breaking the tag unlinkability of T-Match, it follows thatBwill have a non-negligible advantageǫ^′=ǫin breaking the IND-CPA property of BGN under re-encryption. This leads to a contradiction under the subgroup decision assumption in G.

6.7 Evaluation

T-Matchtargets storage only tags that do no feature any computational capabilities. A tag inT-Matchis required to store a BGN ciphertext inG(|G|= 1024 bits) and a MAC of size 160 bits, totaling a storage of 1184 bits.

We believe thatT-Match can be deployed using current ISO 18000-3 HF tags, such as UPM RFID HF RaceTrack tags (156) that feature up to 8 Kbits of memory.

In each execution of T-Match, reader R_k reads two tags T_i and T_j and updates their states as follows: it re-encrypts the BGN ciphertextscTi andcTjof tagsTiandTjrespectively, then it computes the MAC of the re-encrypted ciphertexts. This amounts to computing two exponentiations in Gand two keyed hash functions.

To evaluate theCheckfunction, readerRkcomputes a bilinear pairingC_(i,j)=e(cTi, cTj)∈ G_T such that|G_T|= 2048 bits. Then, readerR_k initiates a two round protocol for plaintext equality test with backend server S by sending the ciphertextC_(i,j).

6. RFID-BASED ITEM MATCHING IN SUPPLY CHAINS

Upon receiving ciphertext C_(i,j), backend server S performs 2ν exponentiations in G_T, where ν is the number of matching references in Ref, and obtains ν messages M_p^′. Next, backend server S shuffles the messagesM_p^′ and sends them to readerR_k.

Finally, when reader R_k receives the messages M_p^′, it performsν exponentiations inG_T and outputs the outcome of theCheck function.

Table 6.1: Evaluation of memory and computation inT-Match Tag ReaderRk Backend serverS Memory 1184 bits pk, α₁, K pk, α₂, Ref

Exponentiation inG_T − ν 2ν

|G_T|= 2048 bits

Exponentiation inG − 2 −

|G|= 1024 bits

MAC − 2 −

Bilinear pairing − 1 −

Shuffle − − 1

6.8 Related Work

T-Matchshows similarities to secret handshake and secret matching protocols. Nevertheless, traditional solutions for secure and privacy preserving secret matching between two parties as proposed by Ateniese et al. (4), Balfanz et al. (9) cannot be implemented in cheap RFID tags. These solutions require the computation of bilinear pairings which cannot be performed by current RFID tags.

Boneh et al. (26) propose a protocol that allows the public evaluation of 2-DNF formula on boolean variables by relying on the BGN encryption. The protocol proposed in (26) can be slightly modified to implement tag matching. However in this case, tags are required to store O(l) ciphertexts of size 1024 bits where l is the number of attributes in the system – rendering such an approach unrealistic.

Another approach to evaluate theCheck function is attribute based encryption see Goyal et al. (74), Pirretti et al. (132), Sahai and Waters (140). The idea is to associate each attribute a_i in the system with some secret component of some private keysk. When two tags T_i and Tj that match come together, the secret keysk can be reconstructed. The reconstruction of a correct secret key sk enables reader R_k to decrypt some ciphertext C for which it knows the underlying plaintextM. The matching is verified by checking whether Dec_sk(C) =M or not. Though, the use of attribute based encryption can allow readerRkto evaluate theCheck function by itself without a backend serverS, it requires either cryptographic operations on tags or their synchronization.

156

6.9 Summary

6.9 Summary

RFID tag based matching is required by many real-world supply-chain applications. Matching however, raises new security and privacy concerns. T-Match tackles these challenges and provides secure and privacy preserving item matching suited for resource restricted tags that are unable to perform any computation. T-Matchevaluates, in a privacy preserving manner, a function Check that on the input of two tags Ti and Tj outputs a bitb indicating whether Ti andTj match or not. T-Matchis provably secure and privacy preserving under standard assumptions: security of MAC and hash functions, and the subgroup decision assumption.

Finally, designed for storage only tags, T-Matchrequires tags to store only 150 bytes.

6. RFID-BASED ITEM MATCHING IN SUPPLY CHAINS

158

7

Conclusion and Future Work

7.1 Summary

Although the proliferation of RFID tags is admitted to be financially beneficial, the deploy-ment of RFID technologies still comes with a variety of privacy and security threats that range from denial of service to industrial espionage. While well established cryptographic solutions can always remedy most of these threats in theory, they remain too expensive in practice for the constrained devices that are RFID tags. The dilemma of ensuring tag security and privacy while keeping the computational requirements in tags minimal has given rise to a plethora of work on RFID authentication and the corresponding security and privacy definitions. How-ever, the task of designing secure and privacy preserving authentication protocols that meet the computational constraints of RFID technology was shown to be difficult if not impossible.

Actually, existing formalizations of RFID privacy assume a strong adversary against which privacy cannot be achieved without sacrificing RFID scalability and cost effectiveness. There-fore, in this thesis we first focused on bridging this gap between the theoretical formalization of RFID privacy and the practical aspects of RFID technology by assuming an adversary who cannot continuously monitor RFID tags: there is at least one interaction between tags and readers that is unobserved by the adversary. Then, we designed four multi-party protocols that provide secure and privacy preserving solutions for RFID-enabled supply chains. More precisely, we targeted the following applications:

7.1.1 Tag Ownership Transfer

In Chapter 4, we presented ROTIV to tackle the privacy and the security issues of tag ownership transfer in the supply chain. The core idea of ROTIV is to store in each tag in the supply chain a symmetric key and an Elgamal encryption of a short signature computed by some trusted issuer. The encrypted signature allows owners to identify tags in constant time and to verify the identity of their issuer, whereas the symmetric key is used to mutually authenticate tags and owners. In this manner,ROTIV assures:

7. CONCLUSION AND FUTURE WORK

• Constant-time mutual authentication between tags and readers, while tags are only required to compute a hash function.

• Issuer verification without trusted third party: Every supply chain partner can verify whether the tags he owns originate from a trusted party or not.

• Provable security: A successful ownership transfer of some tag T implies that T is a legitimate tag that was issued by a trusted party, and that the owner of tag T participated in the protocol execution.

• Provable privacy: A new owner of tag T cannot link T to its past interactions, and a previous owner cannot traceT’s future protocol executions.

While most of the privacy and the security properties of ROTIV were proven in the

While most of the privacy and the security properties of ROTIV were proven in the

Dans le document Security and privacy in RFID systems (Page 170-0)