Question

1 Approved Answer

Posted on Aug 29, 2024

Consider an RFID authentication system used in a clothing retail store, where readers send challenges to tags. Challenges are random strings, and tags are wireless

image text in transcribed

Consider an RFID authentication system used in a clothing retail store, where readers send challenges to tags. Challenges are random strings, and tags are wireless transponders that respond to the challenges. Each tag has a unique identifying string Id. The system can be used in two modes: scanning mode (used for taking inventory) and individual mode (used for determining prices during checkout). In a scanning mode a reader broadcasts a challenge, and all tags in a short range from the reader will receive the same challenge and respond. Under individual mode, a tag will receive an individual challenge and will respond with its Id, which will be used to determine the price that the customer must pay. There are two different communication protocols, and two different attacks to consider: Protocol1: Reader - Tags: r Tagid Reader: h(r | Id), Id - Reader sends a random challenge r - Tag replies with a hash of r concatenated with Id, and Id Protocol 2: Reader- Tags: r Tagd-Reader: h(Id | ku) r, Id where | denotes string concatenation, and kuis a unique secret key that a tag with Id shares with the - Reader sends a random challenge r. -Tag replies with h(Id | ka) r and id reader. Attack 1: An adversary tampers with tags' responses during a scanning round, with the goal of corrupting the shop's database. By "corruption", we mean "can an attacker make the information in the database misrepresent the real world. Not can the attacker corrupt the structure of the database"-the structure and implementation of the database are irrelevant Attack 2: An adversary tampers with the response during checkout, with the goal of paying less for the item Q4.1 Discuss Attack 1 on Protocol 1. Would the attack work? If so, outline the steps of the attack as well as Q4.2 Discuss Attack 2 on Protocol 1. Would the attack work? If so, outline the steps of the attack as well as Q4.3 Discuss Attack 1 on Protocol 2.Would the attack wor? If so, outline the steps of the attack as well as Q4.4 Discuss Attack 2 on Protocol 2.Would the attack work? If so, outline the steps of the attack as well as the minimum resources required to execute it. the minimum resources required to execute it the minimum resources required to execute it. the minimum resources required to execute it. Consider an RFID authentication system used in a clothing retail store, where readers send challenges to tags. Challenges are random strings, and tags are wireless transponders that respond to the challenges. Each tag has a unique identifying string Id. The system can be used in two modes: scanning mode (used for taking inventory) and individual mode (used for determining prices during checkout). In a scanning mode a reader broadcasts a challenge, and all tags in a short range from the reader will receive the same challenge and respond. Under individual mode, a tag will receive an individual challenge and will respond with its Id, which will be used to determine the price that the customer must pay. There are two different communication protocols, and two different attacks to consider: Protocol1: Reader - Tags: r Tagid Reader: h(r | Id), Id - Reader sends a random challenge r - Tag replies with a hash of r concatenated with Id, and Id Protocol 2: Reader- Tags: r Tagd-Reader: h(Id | ku) r, Id where | denotes string concatenation, and kuis a unique secret key that a tag with Id shares with the - Reader sends a random challenge r. -Tag replies with h(Id | ka) r and id reader. Attack 1: An adversary tampers with tags' responses during a scanning round, with the goal of corrupting the shop's database. By "corruption", we mean "can an attacker make the information in the database misrepresent the real world. Not can the attacker corrupt the structure of the database"-the structure and implementation of the database are irrelevant Attack 2: An adversary tampers with the response during checkout, with the goal of paying less for the item Q4.1 Discuss Attack 1 on Protocol 1. Would the attack work? If so, outline the steps of the attack as well as Q4.2 Discuss Attack 2 on Protocol 1. Would the attack work? If so, outline the steps of the attack as well as Q4.3 Discuss Attack 1 on Protocol 2.Would the attack wor? If so, outline the steps of the attack as well as Q4.4 Discuss Attack 2 on Protocol 2.Would the attack work? If so, outline the steps of the attack as well as the minimum resources required to execute it. the minimum resources required to execute it the minimum resources required to execute it. the minimum resources required to execute it