idnits 2.17.1 draft-irtf-hiprg-rfid-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 452 has weird spacing: '...MAY be a fi...' == Line 493 has weird spacing: '...ID has recei...' == Line 605 has weird spacing: '...-Length paddi...' == Line 646 has weird spacing: '...-Length paddi...' == Line 665 has weird spacing: '...-Length paddi...' == (3 more instances...) -- The document date (October 2011) is 4577 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Missing Reference: 'HEP' is mentioned on line 228, but not defined == Missing Reference: 'RFC 5201' is mentioned on line 464, but not defined ** Obsolete undefined reference: RFC 5201 (Obsoleted by RFC 7401) -- Looks like a reference, but probably isn't: '6' on line 1273 -- Looks like a reference, but probably isn't: '1' on line 1342 == Unused Reference: 'NIST-800-108' is defined on line 1040, but no explicit reference was found in the text == Unused Reference: 'HIP-TAG-EXP' is defined on line 1050, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5201 (ref. 'HIP') (Obsoleted by RFC 7401) == Outdated reference: A later version (-04) exists of draft-zhang-hip-privacy-protection-00 Summary: 2 errors (**), 0 flaws (~~), 12 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 HIP Research Group Pascal Urien 3 Internet Draft Telecom ParisTech 4 Intended status: Experimental Gyu Myoung Lee 5 Telecom SudParis 6 Expires: April 2012 Guy Pujolle 7 LIP6 8 October 2011 10 HIP support for RFIDs 11 draft-irtf-hiprg-rfid-04 13 Abstract 15 This document describes an architecture based on the Host Identity 16 Protocol (HIP), for active RFIDs, i.e. Radio Frequency Identifiers 17 including tamper resistant computing resources, as specified for 18 example in the ISO 14443 or 15693 standards. HIP-RFIDs never expose 19 their identity in clear text, but hide this value (typically an EPC- 20 Code) by a particular equation that can be only solved by a dedicated 21 entity, referred as the portal. HIP exchanges occur between HIP-RFIDs 22 and portals; they are transported by IP packets, through the Internet 23 cloud. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in RFC 2119 [RFC2119]. 31 Status of this Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute working 38 documents as Internet-Drafts. The list of current Internet-Drafts is 39 at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on April 2012. 48 HIP support for RFIDs October 2011 50 Copyright Notice 52 Copyright (c) 2011 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. 62 All IETF Documents and the information contained therein are provided 63 on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 64 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE 65 IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL 66 WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 67 WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE 68 ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS 69 FOR A PARTICULAR PURPOSE. 71 HIP support for RFIDs October 2011 73 Table of Contents 75 Abstract........................................................... 1 76 Requirements Language.............................................. 1 77 Status of this Memo................................................ 1 78 Copyright Notice................................................... 2 79 Table of Contents.................................................. 3 80 1 Overview......................................................... 5 81 1.1 Motivation.................................................. 5 82 1.2 Passive and active RFIDs.................................... 5 83 1.3 About the Internet of Things (IoT).......................... 6 84 1.4 HIP-RFIDs................................................... 6 85 1.5 Main differences between HIP-RFID and HIP................... 7 86 2. Basic Exchange.................................................. 8 87 2.1 I1-T........................................................ 9 88 2.2 R1-T........................................................ 9 89 2.3 I2-T........................................................ 9 90 2.4 R2-T....................................................... 10 91 2.5 HIT format................................................. 10 92 2.6 State Machine.............................................. 11 93 2.6.1 Unassociated. ....................................... 11 94 2.6.2 I1-Sent ............................................. 11 95 2.6.3 R1-Sent ............................................. 11 96 2.6.4 I2-Sent ............................................. 11 97 2.6.5 R2-Sent ............................................. 11 98 2.6.6 Established ......................................... 11 99 3. Formats........................................................ 12 100 3.1 Payload.................................................... 12 101 3.2 Packet types............................................... 13 102 3.3 Summary of HIP parameters.................................. 14 103 3.4 R-T........................................................ 14 104 3.5 HIP-T-Transform............................................ 15 105 3.6 F-T........................................................ 15 106 3.7 MAC-T...................................................... 16 107 3.8 ESP-Transform.............................................. 16 108 3.9 ESP-Info................................................... 16 109 4. BEX Example.................................................... 17 110 4.1 Generic example............................................ 17 111 4.1.1 I1-T ................................................ 17 112 4.1.2 R1-T ................................................ 17 113 4.1.3 I2-T ................................................ 18 114 4.1.4 R2-T ................................................ 19 115 4.2 HIP-T Transform 0x0001, HMAC............................... 19 116 4.2.1 I1-T ................................................ 19 117 4.2.2 R1-T ................................................ 19 118 4.2.3 I2-T ................................................ 20 119 5. HIP-T-Transforms Definition.................................... 20 120 5.1 Type 0x0001, HMAC.......................................... 20 121 5.1.1 Suite-ID ............................................ 20 122 5.1.2 F-T computing (f function) .......................... 20 123 5.1.3 K-Auth-Key computing (g function) ................... 21 124 HIP support for RFIDs October 2011 126 5.1.4 MAC-T computing ..................................... 21 127 5.2 Type 0x0002, Keys-Tree..................................... 21 128 5.2.1 Suite-ID ............................................ 21 129 5.2.2 F-T computing (f function) .......................... 21 130 5.2.3 K-Auth-Key computing (g function) ................... 22 131 5.2.4 MAC-T computing ..................................... 22 132 6. Security Considerations........................................ 22 133 7. IANA Considerations............................................ 23 134 8 References...................................................... 23 135 8.1 Normative references....................................... 23 136 8.2 Informative references..................................... 24 137 9 Annex I......................................................... 24 138 9.1 Binary Interface with HIP RFIDs............................ 24 139 9.3 Exchanged data............................................. 25 140 9.3 Javacard code sample....................................... 26 141 Author's Addresses................................................ 31 142 HIP support for RFIDs October 2011 144 1 Overview 146 1.1 Motivation 148 RFIDs are electronic devices, associated to things or computers, 149 which transmit their identifier (usually a serial number) via radio 150 links. The Host Identity Protocol [HIP] is a security protocol based 151 on the use of cryptographic identifiers, and specified for IP-based 152 networks [HIP]. 154 The first motivation for designing HIP support for RFIDs is to 155 enforce a strong privacy for the Internet of Things, e.g. identity is 156 protected by cryptographic procedures compatible with RFID computing 157 resources. As an illustration, EPC codes or IP addresses are today 158 transmitted in the clear. 160 The second motivation is to define an identity layer for RFIDs 161 logically independent from the transport facilities, which may 162 optionally support IP stacks. 164 In other words, we believe that the Internet of Things will be 165 Identity oriented; RFIDs will act as electronic ID for objects to 166 which they are linked. In this context, privacy is a major challenge. 168 1.2 Passive and active RFIDs 170 An RFID is a slice of silicon whose area is about 1 mm2 for 171 components used as cheap electronic RFIDs, and around 25 mm2 for 172 chips like contact-less smart cards inserted in passports and mobile 173 phones. 175 RFIDs are divided into two classes, the first includes devices that 176 embed CPU and memory (RAM, ROM, E2PROM) such as contact-less smart 177 cards, and the second comprises electronic chips based on cabled 178 logic circuits. 180 There are multiple standards relative to RFIDs. The ISO 14443 181 standard introduces components dealing with the 13.56 MHz frequency 182 that embed a CPU and consume about 10mW; data throughput is about 100 183 Kbits/s and the maximum working distance (from the reader) is around 184 10cm. 186 The ISO 15693 standard also uses the same 13.56 MHz frequency, but 187 enables working distances as high as one meter, with a data 188 throughput of a few Kbits/s. 190 The ISO 18000 standard defines parameters for air interface 191 communications associated with frequency such as 135 KHz, 13.56 MHz, 192 2.45 GHz, 5.8 GHz, 860 to 960 MHz and 433 MHz. The ISO 18000-6 193 standard uses the 860-960 MHz range and is the basis for the Class-1 194 HIP support for RFIDs October 2011 196 Generation-2 UHF RFID, introduced by the EPCglobal [EPCGLOBAL] 197 consortium. 199 1.3 About the Internet of Things (IoT) 201 The term "Internet of Thing (IoT)" was invented by the MIT Auto-ID 202 Center, in 2001, and refers to an architecture that comprises four 203 levels, 205 - Passive RFIDs, such as Class-1 Generation-2 UHF RFIDs, introduced 206 by the EPC Global consortium and operating in the 860-960 MHz range. 208 - Readers plugged to a local (computing) system, which read the 209 Electronic Product Code [EPC]. 211 - A local system, offering IP connectivity, which collects 212 information pointed by the EPC thanks to a protocol called Object 213 Naming Service (ONS) 215 - EPCIS (EPC Information Services) servers, which process incoming 216 ONS requests and returns PML (Physical Markup Language) files [PML], 217 e.g. XML documents that carry meaningful information linked to RFIDs. 219 1.4 HIP-RFIDs 221 PORTAL READER RFID 223 +-----------------------+ 224 ! ! +-----------+ 225 ! +-----+ ! ! +-------+ ! 226 ! +---------+ + HIP + !<=========================>! + HIP + ! 227 ! + IDENTITY+ +-----+ ! +-------------------+ ! +-------+ ! 228 ! + SOLVER + [HEP] !<=>! [HEP] ! ! | ! 229 ! +---------+ +-----+ ! ! +------+-------+ ! ! +-------+ ! 230 ! + + ! ! + + RFID + ! ! + RFID + ! 231 ! EPC-Code + IP + !<=>! + IP + Radio + !<=>! + Radio + ! 232 ! + + ! ! + + Ptcol + ! ! + Ptcol + ! 233 ! +-----+ ! ! +------+-------+ ! ! +-------+ ! 234 ! ! ! ! ! ! 235 +----------+------------+ +-------------------+ +-----------+ 236 ! 237 V 238 TO EPC GLOBAL 239 SERVICES 241 Figure 1. HIP-RFID Architecture 243 This document suggests embedding a modified version of a HIP-enabled 244 stack in active RFIDs, named HIP-RFIDs. It assumes that such devices 245 would not support an IP stack, but should be rather identity 246 oriented, i.e. will use readers' IP resources in order to unveil 247 HIP support for RFIDs October 2011 249 their EPC-Code only to trusted entities (called portals in the 250 architecture shown by Figure 1). Privacy, e.g. identity protection 251 seems a key prerequisite [SEC] before the effective massive 252 deployment of these devices. 254 The HIP-RFID architecture includes three functional entities: HIP 255 RFIDs, RFID readers, and portals, and defines a new HIP encapsulation 256 protocol (HEP): 258 - HIP RFIDs. HIP, as defined in [HIP], is transported by IP packets. 259 HIP-RFIDs support a modified version of this protocol but do not 260 require end-to-end IP transport. 262 - RFID readers. These provide IP connectivity and communicate with 263 RFIDs through radio links either defined by EPC Global or ISO 264 standards. The IP layer transports HIP messages between RFIDs and 265 other HIP entities. According to HIP, an SPI (Security Parameter 266 Index) associated to an IPsec tunnel MAY be used by the IP host (e.g. 267 a reader) in order to route HIP packets to/from the right software 268 identity. 270 - HEP, HIP Encapsulation Protocol. HIP messages MAY be encapsulated 271 by protocols such as UDP or TCP in order to facilitate HIP transport 272 in existing software and networking architectures. The HEP does not 273 modify the content of an HIP packet. This class of protocol is not 274 specified by this document. 276 - PORTAL entity. This device manages a set of readers; it is a HIP 277 entity that includes a full IP stack. Communications between portal 278 and RFIDs logically work as peer to peer HIP exchanges. RFID 279 identifier (HIT) is hidden and appears as a pseudo random value; 280 within the portal a software block called the IDENTITY SOLVER 281 resolves an equation f, whose solution is an EPC Code. The portal 282 accesses EPCIS services; when required privacy may be enforced by 283 legacy protocol such as SSL or IPsec. 285 - The portal maintains a table linking HIT and EPC-Code. It acts as a 286 router for that purpose it MUST provide an identity resolution 287 mechanism, i.e. a relation between HIT and EPC-Code. 289 1.5 Main differences between HIP-RFID and HIP 291 In HIP [HIP], the HIT (Host Identifier Tag) is a fixed value obtained 292 from the hash of an RSA public key. This parameter is therefore 293 linked to a unique identity, and can be used for traceability 294 purposes; in other words HIP does not natively include privacy 295 features. 297 In [BLIND], it is proposed to hide the HIT with a random number 298 thanks to a hash function, i.e. 300 HIP support for RFIDs October 2011 302 B-HIT = sha1(HIT || N), with N a random value and || the 303 concatenation operation. 305 The case in which only one HIT (either initiator or responder) is 306 blinded looks similar to the HIP-RFID protocol described in this 307 draft working with a particular transform (HMAC Transform, 0x0001). 309 2. Basic Exchange 311 The HIP-RFID base exchange (T-BEX) is derived from the "classical" 312 base exchange (BEX), introduced in [HIP]. It is a four way handshake 313 illustrated by Figure 2. 315 RFID READER PORTAL 316 --+-- --+-- ---+--- 317 ! START ! ! 318 !<---------------! ! 319 ! ! ! 320 ! I1-T ! 321 ! HIT-I HIT-R ! 322 ! ----------------------------------------------------> ! 323 ! ! 324 ! ! 325 ! R1-T ! 326 ! HIT-I HIT-R R-T(r1) HIP-T-Transforms ! 327 ! [*ESP-Transforms] ! 328 ! <---------------------------------------------------- ! 329 ! ! 330 ! ! 331 ! I2-T ! 332 ! HIT-I HIT-R HIP-T-Transform [*ESP-Transform] R-T(r2) ! 333 ! F-T=f(r1, r2, EPC-Code) [*ESP-Info] MAC-T ! 334 ! ----------------------------------------------------> ! 335 ! ! 336 ! ! 337 ! R2-T ! 338 ! HIT-I HIT-R [*ESP-Info] MAC-T ! 339 ! <---------------------------------------------------- ! 340 ! ! 341 ! ! 342 ! Optional ESP Dialog ! 343 ! <---------------------------------------------------> ! 344 ! ! 345 ! ! 347 Figure 2. HIP-RFIDs Base Exchange (T-BEX), *means optional attributes 349 A HEP layer MAY be used to transport HIP messages in a non-IP 350 context, but this optional facility is out of scope for this 351 document. 353 HIP support for RFIDs October 2011 355 2.1 I1-T 357 When a reader detects an RFID, it realizes all low level operations 358 in order to set up a radio communication link. Finally the reader 359 delivers a START message that triggers the RFID. 361 The HIP-RFID sends the I1-T packet (I suffix meaning initiator), in 362 which HIT-I is a pseudorandom value internally generated by the HIP- 363 RFID. 365 If the RFID doesn't known the portal HIT it sets the HIT-R value to 366 zero; in that case the reader MAY modify this field in order to 367 identify the appropriate entity. 369 The I1-T message is not MACed. 371 2.2 R1-T 373 The portal produces the R1-T (R suffix meaning responder) packet, 374 which includes a nonce r1 and optional parameters. These fields 375 indicate a list of supported authentication schemes (HIP-T- 376 TRANSFORMs) and a list of ESP-TRANSFORMs, i.e. secure channels that 377 could be opened between portal and RFIDs. 379 This message includes the following fields: 380 - HIT-I, a random number which identifies a RFID 381 - HIT-R, the portal HIP, either a null or fixed value. 382 - HIT-T-TRANSFORMs, a list of authentication schemes 383 - ESP-T-TRANSFORMs, an optional list of ESP secure channels 385 The R1-T message is not MACed. 387 2.3 I2-T 389 The HIP-RFID builds the I2-T message, which contains 391 - The selected HIP-T-TRANSFORM (the current authentication scheme). 392 - An optional ESP-TRANSFORM (a class of secure channel between RFID 393 and portal). 394 - A nonce r2, included in the R-T attribute. 395 - An equation f(r1, r2, EPC-Code), whose solution, according to the 396 selected HIP-T-TRANSFORM, unveils the EPC-Code value. 397 - An optional ESP-Info attribute that gives information about the 398 secure (ESP) channel, and which includes the SPI-I value. 399 - A keyed MAC (MAC-T), which works with a KI-Auth-key deduced from 400 r1, r2 and the hidden EPC-Code value. 402 KI-Auth-key = g(r1, r2, EPC-Code) 404 The keyed MAC is by default computed over the complete I2-T message, 405 the content of MAC-T resulting from this calculation is initially set 406 HIP support for RFIDs October 2011 408 to a null value. Particular HIP-T-TRANSFORMs MAY work with different 409 rules (see section 6). 411 The portal and the RFID shares secret keys. The meaning of these keys 412 are dependent upon the f equation. 414 In some cases the EPC-Code is the only shared key. The portal knows a 415 list of EPC-Code and tries all solutions for solving f, according to 416 brute force techniques. As an illustration a hash function may be 417 used for f: 419 f= sha1(r1 || r2 || EPC-Code), where || is the concatenation 420 operation. 422 In other cases a set of keys is shared between portal and RFIDs. For 423 example a binary tree of HMAC procedure MAY be used, each HMAC beeing 424 associated to a particular key. A binary tree of depth n may identify 425 2**n RFIDs, each of them stores n keys (ki:j). The f function is a 426 list of n values such as 428 HMAC(r1 || r2, ki:j) 430 Where ki:j is a secret key, and j the bit value (either 0 or 1) at 431 the rank i (ranging between 0 and n-1) for the EPC-Code (or the RFID 432 index). 434 2.4 R2-T 436 The fourth and last R2-T packet is optional. It includes 438 - A keyed MAC (MAC-T) computed with the KI-Auth-key deduced from r1, 439 r2 and the hidden EPC-Code value. 441 KI-Auth-key = g(r1, r2, EPC-Code) 443 - An optional ESP-Info attribute that gives information about the 444 secure (ESP) channel, and which includes the SPI-R value. 446 The R2-T packet is mandatory when an ESP channel has been previously 447 negotiated. ESP channel is required if the portal intends to perform 448 read or write operations with the RFIDs. 450 2.5 HIT format 452 HIT-R MAY be a fixed value embedded in the RFID during the 453 manufacturing process or a null value if no specific portal is 454 required. 456 HIT-I MAY comprise an optional header given coded according to 457 various hierarchical rules and MUST include a trailer, which is a 458 true random number. 460 HIP support for RFIDs October 2011 462 2.6 State Machine 464 The state machine is similar to the one described in [RFC 5201]. No 465 retry operations are performed, because the communication with the 466 RFID may be lost at any time. Furthermore RFIDs are generally not 467 equipped with timers. 469 2.6.1 Unassociated. 471 The state machine starts. 473 2.6.2 I1-Sent 475 The RFID has been reset by the reader, and has sent the I1-T message. 477 2.6.3 R1-Sent 479 The responder has received the I1-T message and has sent the R1-T 480 packet. 482 2.6.4 I2-Sent 484 The RFID has received the R1-T packet, and has sent the I2-T message. 486 2.6.5 R2-Sent 488 The responder has received the I2-T message and has sent the optional 489 R2-T packet. 491 2.6.6 Established 493 The RFID has received the R2-T message. A secure channel is 494 established. 496 HIP support for RFIDs October 2011 498 3. Formats 500 3.1 Payload 502 The payload format is imported from the [HIP] specification. 504 0 1 2 3 505 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 506 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 507 | Next Header | Header Length |0| Packet Type | VER. | RES.|1| 508 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 509 | Checksum | Controls | 510 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 511 | Sender's Host Identity RFID (HIT) | 512 | | 513 | | 514 | | 515 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 516 | Receiver's Host Identity RFID (HIT) | 517 | | 518 | | 519 | | 520 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 521 | | 522 / HIP Parameters / 523 / / 524 | | 525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 527 Next Header : normal value is decimal 59, IPPROTO_NONE. 529 Header Length: the length of the HIP Header and HIP parameters in 8 530 bytes units, excluding the first 8 bytes 532 Packet Type: Detailed in section 4.2 534 VER: 0001 536 RES: 000 538 Checksum: This checksum covers the source and destination addresses 539 in the IP header. 541 HIP-RFIDs always deliver HIP packets with the null value for the 542 checksum field. The reader MUST compute the checksum. 544 HIP-RFIDs do not check the checksum of received packets. 546 Controls: this field is reserved for future use (RFU) 548 Sender's Host Identity RFID: 16 bytes HIT 549 HIP support for RFIDs October 2011 551 Receiver's Host Identity RFID: 16 bytes HIT 553 HIP Parameters: a list of attributes encoded in the TLV format 555 3.2 Packet types 557 +-----------------+--------------------------------------------+ 558 | Packet type | Packet name | 559 +-----------------+--------------------------------------------+ 560 | 0x40 | I1-T - The HIP-RFID Initiator Packet | 561 | | | 562 | 0x41 | R1-T - The HIP-RFID Responder Packet | 563 | | | 564 | 0x42 | I2-T - The Second HIP-RFID Initiator Packet| 565 | | | 566 | 0x43 | R2-T - The Second HIP-RFID Responder Packet| 567 | | | 568 +-----------------+--------------------------------------------+ 569 HIP support for RFIDs October 2011 571 3.3 Summary of HIP parameters 573 +----------------------+-------+----------+-----------------------+ 574 | TLV | Type | Length | Data | 575 +----------------------+-------+----------+-----------------------+ 576 | R-T | 0x400 | variable | Random value r1 or r2 | 577 | | | | | 578 | HIP-T-TRANSFORM | 0x402 | variable | HIP-RFID transform(s) | 579 | | | | | 580 | F-T | 0x404 | variable | f function value | 581 | | | | | 582 | MAC-T | 0x406 | variable | Keyed MAC | 583 | | | | | 584 | ESP-Transform | 0x408 | variable | ESP transform(s) | 585 | | | | | 586 | ESP-Info | 0x40A | variable | ESP parameter(s) | 587 | | | | | 588 +----------------------+-------+----------+-----------------------+ 590 3.4 R-T 592 0 1 2 3 593 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 594 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 595 | Type | Length | 596 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 597 | Padding-Length | value / 598 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 599 / value | Padding | 600 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 602 Type 0x400 603 Length total length in bytes 604 Value random value 605 Padding-Length padding length in bytes 606 Padding padding bytes 607 HIP support for RFIDs October 2011 609 3.5 HIP-T-Transform 611 0 1 2 3 612 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 613 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 614 | Type | Length | 615 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 616 | Padding-Length | Suite-ID#1 | 617 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 618 + Length-of-Suite-ID#1 | value + 619 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 620 / value | Suite-ID#2 | 621 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 622 | | Padding | 623 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 625 Type 0x402 626 Length Total length 627 Padding-Length Number of padding bytes 628 Suite-ID Defines the HIP Cipher Suite to be used 629 Length-of-Suite-ID Defines the length of optional data 630 Padding Padding bytes 632 3.6 F-T 634 0 1 2 3 635 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 636 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 637 | Type | Length | 638 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 639 | Padding-Length | value | 640 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 641 | | Padding | 642 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 644 Type 0x404 645 Length total length, in bytes 646 Padding-Length padding length in bytes 647 Value the f value with a variable length 648 Padding padding bytes 649 HIP support for RFIDs October 2011 651 3.7 MAC-T 653 0 1 2 3 654 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 655 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 656 | Type | Length | 657 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 658 | Padding-Length | MAC / 659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 660 / | Padding | 661 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 663 Type 0x406 664 Length total length, in bytes 665 Padding-Length padding length, in bytes 666 Value Keyed MAC value 667 Padding padding bytes 669 A MAC procedure works with the K-Auth-Key and is computed over the 670 whole HIP message according to the following rules 672 - The checksum field of the HIP header is set to a null value. 674 - The MAC field of the MAC-T attribute is set to a null value 676 3.8 ESP-Transform 678 Details of the attribute will be specified by another document. 680 3.9 ESP-Info 682 Details of the attribute will be specified by another document. 684 HIP support for RFIDs October 2011 686 4. BEX Example 688 4.1 Generic example 690 4.1.1 I1-T 692 Next Header: 0x3B 693 Header Length: 0x4 694 Packet Type: 0x40 695 Version: 0x1 696 Reserved: 0x1 697 Control: 0x0 698 Checksum: 0x0000 699 Sender's HIT (RFID) : 0x0123456789ABCDEF 700 0123456789ABCDEF 701 Receiver's HIT (Portal) : 0x0000000000000000 702 0000000000000000 704 The checksum is computed by portal and reader according to rules 705 specified in [HIP]; it covers the source and destination IP 706 addresses. 708 4.1.2 R1-T 710 Next Header: 0x3B 711 Header Length: 0xB 712 Packet Type: 0x41 713 Version: 0x1 714 Reserved: 0x1 715 Control: 0x0 716 Checksum: 0xabcd 717 Sender's HIT (Portal) 0xA5A5A5A5A5A5A5A5 718 5A5A5A5A5A5A5A5A 719 Receiver's HIT (RFID) 0x0123456789ABCDEF 720 0123456789ABCDEF 721 R-T 0x040000280002rrrr 722 rrrrrrrrrrrrrrrr 723 rrrrrrrrrrrrrrrr 724 rrrrrrrrrrrrrrrr 725 rrrrrrrrrrrrpppp 726 HIP-T-Transforms 0x0402001000020001 727 000000020000pppp 729 r1 is a 128 bits value 730 Transforms 1, 2 are supported by the reader. 732 HIP support for RFIDs October 2011 734 4.1.3 I2-T 736 Next Header: 0x3B 737 Header Length: 0x14 738 Packet Type: 0x42 739 Version: 0x1 740 Reserved: 0x1 741 Control: 0x0 742 Checksum: 0x0000 743 Sender's HIT (RFID) : 0x0123456789ABCDEF 744 0123456789ABCDEF 745 Sender's HIT (Portal) : 0xA5A5A5A5A5A5A5A5 746 5A5A5A5A5A5A5A5A 747 HIP-T-Transform 0x0402001000060001 748 0000pppppppppppp 749 R-T 0x040000280002rrrr 750 rrrrrrrrrrrrrrrr 751 rrrrrrrrrrrrrrrr 752 rrrrrrrrrrrrrrrr 753 rrrrrrrrrrrrpppp 754 F-T 0x040400280002ffff 755 ffffffffffffffff 756 ffffffffffffffff 757 ffffffffffffffff 758 ffffffffffffpppp 759 MAC-T 0x040600040006ssss 760 ssssssssssssssss 761 ssssssssssssssss 762 sssspppppppppppp 764 The RFID selects the HIP-Transform number one. It produces an r2 765 nonce and computes a f value. It appends a 20 bytes keyed MAC. 767 HIP support for RFIDs October 2011 769 4.1.4 R2-T 771 Next Header: 0x3B 772 Header Length: 0x08 773 Packet Type: 0x40 774 Version: 0x1 775 Reserved: 0x1 776 Control: 0x0 777 Checksum: 0xabcd 778 Sender's HIT (RFID) : 0x0123456789ABCDEF 779 0123456789ABCDEF 780 Sender's HIT (Portal) : 0xA5A5A5A5A5A5A5A5 781 5A5A5A5A5A5A5A5A 782 MAC-T 0x040600040006ssss 783 ssssssssssssssss 784 ssssssssssssssss 785 sssspppppppppppp 787 Reader ends the BEX-T. 789 4.2 HIP-T Transform 0x0001, HMAC 791 EPC = 0123456789abcdefcdab 793 4.2.1 I1-T 795 << 3B 04 40 11 00 00 00 00 6A 68 2E 53 51 6B 51 6F 796 2F 58 CE 60 25 42 1A E6 00 00 00 00 00 00 00 00 797 00 00 00 00 00 00 00 00 799 HEAD 3b04401100000000 800 sHIT 6a682e53516b516f2f58ce6025421ae6 801 dHIT 00000000000000000000000000000000 803 4.2.2 R1-T 805 >> 3B 0A 41 11 00 00 00 00 00 00 00 00 00 00 00 00 806 00 00 00 00 00 00 00 00 6A 68 2E 53 51 6B 51 6F 807 2F 58 CE 60 25 42 1A E6 04 00 00 20 00 06 27 6D 808 03 4D DD 2D 52 79 3B 17 2C B9 5B CD 02 97 E2 DF 809 61 15 00 00 00 00 00 00 04 02 00 10 00 06 00 02 810 00 00 00 00 00 00 00 00 812 HEAD 3b0a411100000000 813 sHIT 00000000000000000000000000000000 814 dHIT 6a682e53516b516f2f58ce6025421ae6 816 ATT 0400 20 bytes 276d034ddd2d52793b172cb95bcd0297e2df6115 817 ATT 0402 04 bytes 00020000 818 HIP support for RFIDs October 2011 820 4.2.3 I2-T 822 << 3B 13 40 11 00 00 00 00 6A 68 2E 53 51 6B 51 6F 823 2F 58 CE 60 25 42 1A E6 00 00 00 00 00 00 00 00 824 00 00 00 00 00 00 00 00 04 02 00 10 00 06 00 01 825 00 00 00 00 00 00 00 00 04 00 00 20 00 06 C5 95 826 8B 23 6B 9B 0E AA 7A BB 25 F2 7D 24 C5 04 6E 89 827 19 9E 00 00 00 00 00 00 04 04 00 20 00 06 80 1D 828 BC 55 C5 F3 97 89 F8 3C 6C BA 14 50 18 7D 83 83 829 3C AF 00 00 00 00 00 00 04 06 00 20 00 06 2A 23 830 68 93 2B F7 3A BE C4 6B DD B8 3F 1B 3F 7F 9D ED 831 8B 83 00 00 00 00 00 00 833 HEAD 3b13401100000000 834 sHIT 6a682e53516b516f2f58ce6025421ae6 835 dHIT 00000000000000000000000000000000 837 ATT 0402 04 bytes 00010000 838 ATT 0400 20 bytes c5958b236b9b0eaa7abb25f27d24c5046e89199e 839 ATT 0404 20 bytes 801dbc55c5f39789f83c6cba1450187d83833caf 840 ATT 0406 20 bytes 2a2368932bf73abec46bddb83f1b3f7f9ded8b83 842 5. HIP-T-Transforms Definition 844 5.1 Type 0x0001, HMAC 846 5.1.1 Suite-ID 848 Suite-ID: 0x0001 849 Length-of-Suite-ID: 0x0000 851 5.1.2 F-T computing (f function) 853 The F-T function produces a 20 bytes result, according to the 854 relation: 856 K = HMAC-SHA1(r1 | r2, EPC-Code) 858 Y = f(r1, r2, EPC-Code) = HMAC-SHA1(K, CT1 | "Type 0001 key") 860 Where: 862 - SHA1 is the SHA1 digest function 864 - EPC-Code is the RFID identity 866 - HMAC-SHA1 is the keyed MAC algorithm based on the SHA1 digest 867 procedure. 869 - CT1 is a 32 bits string, whose value is equal to 0x00000001 870 HIP support for RFIDs October 2011 872 - r1 and r2 are the two random values exchanged by the BEX 874 5.1.3 K-Auth-Key computing (g function) 876 The K-Auth-Key is computing according to the relation: 878 K = HMAC-SHA1(r1 | r2, EPC-Code) 880 Y = HMAC-SHA1(K, CT2 | "Type 0001 key") 882 Where: 884 - SHA1 is the SHA1 digest function 886 - EPC-Code is the RFID identity 888 - HMAC-SHA1 is the keyed MAC algorithm based on the SHA1 digest 889 procedure. 891 - CT2 is a 32 bits string, whose value is equal to 0x00000002 893 - r1 and r2 are the two random values exchanged by the BEX 895 5.1.4 MAC-T computing 897 The HMAC-SHA1 function is used with the K-Auth-Key secret value: 899 MAC-T(HIT-T packet) = HMAC-SHA1(K-Auth-Key, HIP-T packet) 901 5.2 Type 0x0002, Keys-Tree 903 5.2.1 Suite-ID 905 Suite-ID: 0x0002 906 Length-of-Suite-ID: 0x0006 907 Value1: an index, a two bytes number, identifying a HASH function 908 (H), which produces h bytes. 909 Value2: n, the depth of the tree, a two bytes number. 910 Value3: p, the maximum number of child nodes, for each node, a two 911 bytes number. 913 The maximum elements of a keys-tree is therefore p**n 915 5.2.2 F-T computing (f function) 917 The F-T function produces a list of Hi, 1<= i <= n, of nh bytes 918 results, according to the relation: 920 Y = f(r1, r2, EPC-Code) = H1 | H2 | Hi | Hn 921 HIP support for RFIDs October 2011 923 With 924 Hi = HMAC-SHA1(r1 | r2, Ki:j) 926 Where: 928 - H is digest function producing t bytes 930 - Ki:j is a set of pn secret keys. 932 Each EPC-Code is associated with an index, whose value is written as: 934 RFID-Index = an p**(n-1) + an-1 p**(n-2) + a1 936 Each ai digit( ai p**(i-1) )whose value ranges between 0 and p-1, is 937 associated with a key Ki:j (i.e. the tree is made with pn keys, but 938 only n values are stored in a given RFID), with j=ai 940 - HMAC-H is the keyed MAC algorithm based on the H digest procedure. 942 - r1 and r2 are the two random values exchanged by the BEX. 944 5.2.3 K-Auth-Key computing (g function) 946 The K-Auth-Key is computing according to the relation: 948 K-Auth-Key = HMAC-H(r1 | r2, RFID-Index) 950 Where: 952 - H is a digest function producing t bytes 954 - HMAC-H is the keyed MAC algorithm based on the H digest procedure. 956 - RFID INDEX is the RFID index. 958 - r1 and r2 are the two random values exchanged by the BEX. 960 5.2.4 MAC-T computing 962 The HMAC-H function is used with the K-Auth-Key secret value: 964 MAC-T(HIT-T packet) = HMAC-H(K-Auth-Key, HIP-T packet) 966 6. Security Considerations 968 In this section we only discuss the case where no ESP channel is 969 negotiated, i.e. a three ways handshake is performed thanks to the 970 I1-T, R1-T and I2-T packets. 972 The HIP-RFID infrastructure comprises a set readers establishing 973 sessions with a PORTAL. The exchanged packets MUST be protected by 974 HIP support for RFIDs October 2011 976 secure tunnels such as IPSEC or any appropriate means. Readers feed 977 RFIDs and consequently deliver information about their position. 978 Without security association between readers and PORTALs rogue 979 devices can inject malicious packets such as I1-T and I2-T whose goal 980 is to forward a fake f equation that could not be solved by the 981 IDENTITY-SOLVER entity. This class of attack targets a Denial of 982 Service (DoS) threat; computing resources will be consumed by the 983 PORTAL that will stop its solving process after a given timeout. 985 Malicious RFIDs can also perform DoS attacks. However upon detection, 986 they could be discarded by their associated reader. 988 The I1-T packet includes no security feature. It may be forged by any 989 entity. 991 The R1-T packet includes no security feature. It may be forged by any 992 entity. A rogue portal SHOULD NOT expect to retrieve the HIP-RFID 993 identity thanks to cryptographic weaknesses of the f equation. 994 Nerveless hardware or software implementation of the HIP-RFID 995 protocol MUST be aware that the R1-T packet MUST be carefully parsed 996 and checked. 998 The I2-T packet includes a pseudo unique value r2, the f equation and 999 is MACed. The MAC field proves this packet integrity and optionally 1000 the whole dialog integrity (dealing with I1-T, R1-T and I2-T). 1001 Although HIP-T-TRANSFORMs detailed in this document only deal with 1002 I2-T integrity, other transforms MAY use different schemes. 1004 The two main classes of the f(r1,r2,EPC-Code) equation are bijections 1005 (such as cipher algorithms) and surjections (such as digest 1006 procedures). In the first case the solution (EPC-Code) is unique; its 1007 correctness is checked via the keyed MAC. In the second case there 1008 are multiples solutions, with very low probability of collisions; the 1009 correctness of the highly probable solution is checked by the keyed 1010 MAC. 1012 7. IANA Considerations 1014 None. 1016 8 References 1018 8.1 Normative references 1020 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1021 Requirement Levels", BCP 14, RFC 2119, March 1997. 1023 [HIP] R. Moskowitz, P. Nikander, P. Jokela, T. Henderson, Host 1024 Identity Protocol, RFC 5201, April 2008. 1026 HIP support for RFIDs October 2011 1028 8.2 Informative references 1030 [EPC] Brock, D.L, The Electronic Product Code (EPC), A Naming Scheme 1031 for Physical Objects, MIT AUTO-ID CENTER, 2001. 1033 [PML] Brock, D.L - The Physical Markup Language, MIT AUTO-ID CENTER, 1034 2001. 1036 [EPCGLOBAL] EPCglobal, EPC Radio Frequency Identity Protocols Class 1 1037 1516 Generation 2 UHF RFID Protocol for Communications at 860 MHz-960 1038 MHz Version 1517 1.0.9, EPCglobal Standard, January 2005. 1040 [NIST-800-108] NIST Special Publication 800-108, Recommendation for 1041 Key Derivation Using Pseudorandom Functions. 1043 [SEC] S. Weis, S. Sarma, R. Rivest and D. Engels. "Security and 1044 privacy aspects of low-cost radio frequency identification systems" 1045 In D. Hutter, G. Muller, W. Stephan and M. Ullman, editors, 1046 International Conference on Security in Pervasive Computing - SPC 1047 2003, volume 2802 of Lecture Notes in computer Science, pages 454- 1048 469. Springer-Verlag, 2003. 1050 [HIP-TAG-EXP] Pascal Urien, Simon Elrharbi, Dorice Nyamy, Herve 1051 Chabanne, Thomas Icart, Francois Lecocq, Cyrille Pepin, Khalifa 1052 Toumi, Mathieu Bouet, Guy Pujolle, Patrice Krzanik, Jean-Ferdinand 1053 Susini, "HIP-Tags architecture implementation for the Internet of 1054 Things", AH-ICI 2009. First Asian Himalayas International Conference 1055 on Internet, 3-5 Nov. 2009. 1057 [BLIND] Dacheng Zhang, Miika Komu, "An Extension of HIP Base Exchange 1058 to Support Identity Privacy", draft-zhang-hip-privacy-protection-00, 1059 work in progress, March 2010. 1061 9 Annex I 1063 This annex provides a sample code, for NFC RFIDs working at 13.56 Mhz 1064 and implementing a Java Virtual Machine. 1066 9.1 Binary Interface with HIP RFIDs 1068 According to the ISO 7816 standards, embedded RFID applications are 1069 identified by an AID attribute (Application IDentifier) whose size 1070 ranges between 5 and 16 bytes. 1072 Commands exchanged between RFIDs and readers are named APDUs and are 1073 associated with a short prefix, whose size is usually 5 bytes 1074 referred as CLA, INS, P1, P2, P3. 1076 HIP support for RFIDs October 2011 1078 In our sample we choose an arbitrary value for the AID 1079 (11223344556601, in hexadecimal representation) and a unique command 1080 CLA=00, INS=C2, P1=00, P2=00. The P3 byte is set to null in order to 1081 trig the RFID (which resets its state machine and returns the I1 1082 packet, or a non null value when it pushes the R1 packet. 1084 9.3 Exchanged data 1086 The reader selects the embedded HIP-RFID application. 1087 >> 00 A4 04 00 07 11 22 33 44 55 66 01 1088 << 90 00 1090 The reader trigs the first packet I1-T. 1092 >> 00 C2 00 00 00 1094 The RFID delivers the R1-T packet. 1096 << 3B 04 40 11 00 00 00 00 A3 12 9D 5E 28 16 67 4F FC 4F A8 08 4E 30 1097 55 E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 1099 The reader forwards the R1-T packet to the HIP RFID. 1101 >> 00 C2 00 00 58 3B 0A 41 11 00 00 00 00 00 00 00 00 00 00 00 00 00 1102 00 00 00 00 00 00 00 A3 12 9D 5E 28 16 67 4F FC 4F A8 08 4E 30 55 E8 1103 04 00 00 20 00 06 68 46 95 15 02 10 32 C2 B7 8D 13 E7 53 F6 25 0F 09 1104 AD 7A BD 00 00 00 00 00 00 04 02 00 10 00 06 00 01 00 00 00 00 00 00 1105 00 00 1107 The RFID produces the I2-T packet. 1109 << 3B 13 40 11 00 00 00 00 A3 12 9D 5E 28 16 67 4F FC 4F A8 08 4E 30 1110 55 E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 02 00 10 00 1111 06 00 01 00 00 00 00 00 00 00 00 04 00 00 20 00 06 71 3A DD 19 C4 CB 1112 59 D4 AF D0 2B FD F9 7C 2F 8A D1 23 32 E0 00 00 00 00 00 00 04 04 00 1113 20 00 06 70 DA C1 F7 0B CA 63 15 57 CB D7 AA 66 A9 FD 36 B4 1F DB E3 1114 00 00 00 00 00 00 04 06 00 20 00 06 A6 A7 00 67 5D FD A9 2F 3E 5C 00 1115 D6 B0 8A 55 A2 99 D8 86 79 00 00 00 00 00 00 90 00 1116 HIP support for RFIDs October 2011 1118 9.3 Javacard code sample 1120 package hiprfid; 1122 // Author Pascal Urien 1124 import javacard.framework.*; 1125 import javacard.security.* ; 1127 public class rfid extends Applet 1128 { 1129 final static byte SELECT = (byte)0xA4 ; 1130 final static byte INS-HIP = (byte)0xC2 ; 1132 final static short R-T = (short)0x400 ; 1133 final static short HIP-T-TRANSFORM = (short)0x402 ; 1134 final static short F-T = (short)0x404 ; 1135 final static short Signature-T = (short)0x406 ; 1136 final static short ESP-Transform = (short)0x408 ; 1137 final static short ESP-Info = (short)0x40A ; 1139 final static short ALIGN = 8; 1140 final static short len-r2 =(short)20; 1141 final byte[] algo1 = {(byte)0x00,(byte)0x01,(byte)0x00,(byte)0x00 }; 1143 final byte[] ct1 = { 1144 (byte)0x00,(byte)0x00,(byte)0x00,(byte)0x01, 1145 (byte)'T',(byte)'y', (byte)'p',(byte)'e', 1146 (byte)' ',(byte)'0',(byte)'0',(byte)'0',(byte)'1', 1147 (byte)' ',(byte)'k',(byte)'e',(byte)'y' }; 1149 final byte[] ct2 = { 1150 (byte)0x00,(byte)0x00,(byte)0x00,(byte)0x02, 1151 (byte)'T',(byte)'y',(byte)'p',(byte)'e', 1152 (byte)' ',(byte)'0',(byte)'0',(byte)'0',(byte)'1', 1153 (byte)' ',(byte)'k',(byte)'e',(byte)'y' }; 1155 MessageDigest sha1=null ; 1156 RandomData rnd=null; 1157 byte[] DB =null; 1158 final static short DBSIZE=(short)200; 1159 final static short off-myHIT = (short)0 ; 1160 final static short off-rHIT = (short)16 ; 1161 final static short off-R1 = (short)32 ; 1162 final static short off-R2 = (short)64 ; 1163 final static short off-kaut = (short)96 ; 1164 final static short off-k = (short)128 ; 1165 final static short off-FT = (short)160 ; 1166 HIP support for RFIDs October 2011 1168 final byte[] HEADER= { 1169 (byte)0x3b,(byte)0x04,(byte)0x40,(byte)0x11, 1170 (byte)0x00,(byte)0x00,(byte)0x00,(byte)0x00 }; 1172 final byte[] MyEPCCODE = { 1173 (byte)0x01,(byte)0x23,(byte)0x45,(byte)0x67,(byte)0x89, 1174 (byte)0xab,(byte)0xcd,(byte)0xef,(byte)0xcd,(byte)0xab }; 1176 public void init(){ 1177 try { sha1=MessageDigest.getInstance(MessageDigest.ALG-SHA,false);} 1178 catch (CryptoException e){sha1=null;} 1180 try { rnd = RandomData.getInstance(RandomData.ALG-SECURE-RANDOM);} 1181 catch (CryptoException e){rnd=null;} 1183 DB = JCSystem.makeTransientByteArray(DBSIZE, 1184 JCSystem.CLEAR-ON-DESELECT); 1186 } 1188 public short GetAttOffset(byte[] pkt, short off, short len,short att) 1189 { boolean more=true; 1190 short type=(short)0; 1191 short tl=(short)0; 1193 if (len <= (short)40) return (short)-1 ; 1195 while (more) 1196 { type = Util.getShort(pkt,off) ; 1197 tl = Util.getShort(pkt,(short)(off+2)); 1198 if (type == att) return off ; 1199 off =(short)(off+tl) ; 1200 if (off >= (short)(off+len))more=false; 1201 } 1203 return -1; 1204 } 1206 public static short GetPadLength(short size) 1207 { 1208 if ( (short)(size % ALIGN) == (short)0) return (short)0; 1209 return (short)(ALIGN - size % ALIGN ); 1210 } 1212 public static short Set_Att(short att, byte[] ref-att, short off-att, 1213 short len-att, byte[] pkt, short off) 1214 { 1215 short tl = (short) (len-att + 6) ; 1216 HIP support for RFIDs October 2011 1218 short tp = GetPadLength(tl) ; 1220 tl= (short) (tp+tl); 1222 Util.setShort(pkt,off,att) ; 1223 Util.setShort(pkt,(short)(off+2),tl); 1224 Util.setShort(pkt,(short)(off+4),tp); 1226 if (ref_att != null) 1227 Util.arrayCopy(ref-att,off-att,pkt,(short)(off+6),len-att); 1228 else 1229 Util.arrayFillNonAtomic(pkt,(short)(off+6),len-att,(byte)0); 1231 if (tp != (short)0) 1232 Util.arrayFillNonAtomic(pkt,(short)(off+6+len-att),tp,(byte)0); 1234 return tl ; 1235 } 1237 public void process(APDU apdu) throws ISOException 1238 { 1239 short len=(short)0, readCount=(short)0; 1240 short off=(short)0,pad=(short)0,len-r1=(short)0; 1241 short size=(short)0; 1243 byte[] buffer = apdu.getBuffer() ; // CLA INS P1 P2 P3 1245 byte cla = buffer[ISO7816.OFFSET_CLA]; 1246 byte ins = buffer[ISO7816.OFFSET_INS]; 1247 byte P1 = buffer[ISO7816.OFFSET_P1] ; 1248 byte P2 = buffer[ISO7816.OFFSET_P2] ; 1249 byte P3 = buffer[ISO7816.OFFSET_LC] ; 1251 switch (ins) 1252 { 1253 case SELECT: 1254 size = apdu.setIncomingAndReceive(); 1255 return; 1257 case INS_HIP: 1259 if (P3 == (byte)0) 1260 { 1261 rnd.generateData(DB,off_myHIT,(short)16); 1262 Util.arrayCopy(HEADER,(short)0,buffer,(short)0,(short)8); 1263 Util.arrayCopy(DB,off-myHIT,buffer,(short)8,(short)16) ; 1264 Util.arrayFillNonAtomic(DB,(short)24,(short)16,(byte)0) ; 1265 apdu.setOutgoingAndSend((short)0,(short)40) ; 1266 break; 1267 } 1268 HIP support for RFIDs October 2011 1270 else 1271 { 1272 size = apdu.setIncomingAndReceive(); 1273 len = Util.makeShort((byte)0,buffer[6]); 1274 len = (short)(len << 3); 1275 len = (short)(len+(short)8) ; 1277 if (len != size) ISOException.throwIt(ISO7816.SW-DATA-INVALID) ; 1278 size = (short)(len-(short)40); 1280 // HEADER 00...08 1281 // HIT-S 08...24 1282 // HIT-D 24...40 1284 Util.arrayCopy(buffer,(short)13,DB,off_rHIT,(short)16); 1285 off= GetAttOffset(buffer,(short)45,size,R-T); 1286 if (off==(short)-1) ISOException.throwIt(ISO7816.SW-DATA-INVALID) ; 1287 len = Util.getShort(buffer,(short)(off+2)); 1288 pad = Util.getShort(buffer,(short)(off+4)); 1289 len = (short)(len-pad-6); 1291 len-r1=len; 1292 Util.arrayCopy(buffer,(short)(off+6),DB,off-R1,len); 1293 off= GetAttOffset(buffer,(short)45,size,HIP-T-TRANSFORM) ; 1295 if (off==(short)-1) ISOException.throwIt(ISO7816.SW-DATA-INVALID) ; 1296 len = Util.getShort(buffer,(short)(off+2)); 1297 pad = Util.getShort(buffer,(short)(off+4)); 1298 len = (short)(len-pad-6); 1300 // algo=Util.getShort(buffer,(short)(off+6) 1301 rnd.generateData(DB,(short)(off-R1+len-r1),len-r2); // r1 || r2 1303 Util.arrayCopy(MyEPCCODE,(short)0,buffer, 1304 (short)0,(short)MyEPCCODE.length); 1306 hmac(DB,off_R1,(short)(len-r1 + len-r2), 1307 buffer,(short)0,(short)MyEPCCODE.length, 1308 sha1, 1309 DB,off-k); 1311 Util.arrayCopy(ct1,(short)0,buffer,(short)0,(short)ct1.length); 1313 hmac(DB,off_k,(short)20, 1314 buffer,(short)0,(short)ct1.length, 1315 sha1, 1316 DB, off-FT); 1318 Util.arrayCopy(ct2,(short)0,buffer,(short)0,(short)ct2.length); 1319 HIP support for RFIDs October 2011 1321 hmac(DB,off-k,(short)20, 1322 buffer,(short)0,(short)ct2.length, 1323 sha1, 1324 DB, off-kaut); 1326 Util.arrayCopy(HEADER,(short)0,buffer, 1327 (short)0,(short)HEADER.length); 1329 Util.arrayCopy(DB,off-myHIT, buffer, (short)8,(short)16); 1330 Util.arrayCopy(DB, off-rHIT, buffer,(short)24,(short)16); 1332 off=(short)40; 1333 len = Set-Att(HIP-T-TRANSFORM,algo1, 1334 (short)0,(short)algo1.length,buffer,off); 1335 off = (short)(off+len); 1336 len = Set-Att(R-T,DB,(short)(off-R1+len-r1),len-r2,buffer,off); 1337 off = (short)(off+len); 1338 len = Set-Att(F-T,DB,off-FT,(short)20,buffer,off); 1339 off = (short)(off+len); 1340 len = Set-Att(Signature-T,null,(short)0,(short)20,buffer,off); 1341 size= (short)(off+len); 1342 buffer[1] = (byte) (size >>3); 1344 hmac(DB,off-kaut,(short)20, 1345 buffer,(short)0,size, 1346 sha1, 1347 buffer,(short)(off+6)); 1349 apdu.setOutgoingAndSend((short)0,size); 1350 break; 1351 } 1353 default: 1354 ISOException.throwIt(ISO7816.SW-INS-NOT-SUPPORTED); 1355 } 1357 } 1359 protected rfid(byte[] bArray,short bOffset,byte bLength) 1360 {init(); 1361 register(); 1362 } 1364 public static void install( byte[] bArray, short bOffset, byte 1365 bLength ) 1366 { 1367 new rfid(bArray,bOffset,bLength); 1368 } 1369 HIP support for RFIDs October 2011 1371 public boolean select() 1372 { 1373 return true; 1374 } 1376 public void deselect() 1377 { 1378 } 1380 Author's Addresses 1382 Pascal Urien 1383 Telecom ParisTech 1384 23 avenue d'italie, 75013 Paris, France 1386 Email: Pascal.Urien@telecom-paristech.fr 1388 Gyu Myoung Lee 1389 Telecom SudParis 1390 9 rue Charles Fourier, 91011 Evry, France 1392 Email: gm.lee@it-sudparis.eu 1394 Guy Pujolle 1395 Laboratoire d'informatique de Paris 6 (LIP6) 1396 4 place Jussieu 1397 75005 Paris France 1399 Email: Guy.Pujolle@lip6.fr