RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information.

Slides:

Advertisements

Similar presentations

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

Advertisements

Doc.: IEEE /243r0 Submission March 2002 James Kempf, DoCoMo LabsSlide and IP James Kempf Seamoby WG Co-chair DoCoMo Labs USA

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

Attribute-Based Access Control Models and Beyond

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

David Molnar, David Wagner - Authors Eric McCambridge - Presenter.

RFID and Wine Alfio Grasso Deputy Director Auto-ID Lab, ADELAIDE.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.

EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore.

GS1 System Thomas Bikeev B2B Group Manager, GS1 Oasis Adoption Forum, London 17 October 2005.

Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

ASIACCS 2007 Protecting RFID Communications in Supply Chains Yingjiu Li & Xuhua Ding School of Information Systems Singapore Management University.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

On The Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup Presented By Professor LI Yingjiu.

Enabling Secure Secret Updating for Unidirectional Key Distribution in RFID-Enabled Supply Chains Shaoying Cai 1, Tieyan Li 2, Changshe Ma 1, Yingjiu Li.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

1 /10 Pascal URIEN, IETF 76 th, Monday November 9 th Hiroshima Japan draft-urien-hip-iot-00.txt HIP support for RFID

Trusted Operating Systems

Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

CISSP-Certified Information Systems Security Professional Presented By Passin1day.com

TAG Presentation 18th May 2004 Paul Butler

Interoperable Internet Scale Security Framework for RFID Networks

Identity and Access Management

Presented by Meghana Ananth Gad and Archita Pathak

TOPIC: Applications of Web Technologies in Distributed Systems

Lightweight Mutual Authentication for IoT and Its Applications

Issues need harmonization

Phil Hunt, Hannes Tschofenig

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.

Cryptography and Network Security

Discussions on Heterogeneous Identification Service

An Overview of Data-PASS Shared Catalog

TAG Presentation 18th May 2004 Paul Butler

Integrating the Healthcare Enterprise

Zahra Ahmadian Recursive Linear and Differential Cryptanalysis of Ultra-lightweight Authentication Protocols Zahra Ahmadian

Secure 3-Party Protocol

Presenter: Patrick N. zwane Advisor: Dr. Kai-Wei Kevin Ke 21/09/2018

Changshe Ma, Yingjiu Li, Robert Deng, Tieyan Li

Revisting Unpredictability-Based RFID Privacy Models

RFID Privacy Models & A Minimal Condition

Jason cooper blockchain specialist Unlock blockchain 14 January 2018

Attribute-Based Access Control (ABAC)

draft-ipdvb-sec-01.txt ULE Security Requirements

O. Otenko PERMIS Project Salford University © 2002

Multi-party Authentication in Web Services

Amar B. Patel , Shushan Zhao

Dashboard eHealth services: actual mockup

IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx

Identity and Access Control in the

An Improved Novel Key Management Protocol for RFID Systems

Smart Meter Data Privacy: A Survey

Attribute-Based Access Control (ABAC)

EAP Method Requirements for Emergency Services

Presentation transcript:

RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information Systems Singapore Management University 2018/11/18

RFID Security & Privacy at Physical Level 2018/11/18

Radio Frequency IDentification (RFID) Radio signal (contactless) Authenticate / Identify Read / Update Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency Reader (transceivers) Read data off tags without direct contact Database Match tag IDs to physical objects 2018/11/18

RFID Security Issues Tag Authentication Reader Authentication Only valid tags are accepted by a valid reader Reader Authentication Only valid readers are accepted by valid tags Not always required but mandatory in some applications (e.g., e-tickets) Availability Infeasible to manipulate honest tags such that honest readers do not accept them 2018/11/18

Radio signal (contactless) RFID Privacy Issues Privacy requirements Anonymity: Confidentiality of the tag identity Untraceability: Unlinkability of the tag’s transactions Privacy issues Adversaries identify tags Adversaries track tags Radio signal (contactless) Tags Reader 2018/11/18

RFID Privacy Preserving Authentication Protocol Design Tag T Reader R c r f (optional) Security requirements One way or mutual authentication Privacy requirements Anonymity: Confidentiality of the tag identity Untraceability: Unlinkability of the tag’s transactions 2018/11/18

Cryptographic Protocols for RFID Privacy Numerous lightweight RFID protocols for low-cost tags have been proposed They use simple operations (XOR, bit inner product, CRC, etc) Most of them have been broken (T. van Deursen and S. Radomirovic: Attacks on RFID Protocols, ePrint Archive: Report 2008/310) 2018/11/18

Recent Progress: RFID Privacy Models Ind-privacy: indistinguishability of two tags (Jules & Weis, PerCom 2007) Ideal model, but not easy to work with Unp-privacy: unpredictability of protocol messages (Ha, Moon, Zhou & Ha, ESORICS 2008), (Ma, Li, Deng, Li, CCS09) Only works with symmetric key based protocols ZK-privacy model: Zero knowledge model (Deng, Li, Yung, Zhao, Esorics 2010) Output of real world experiment and output of simulated world experiment are indistinguishable Works with both symmetric key and public key protocols 2018/11/18

RFID Security & Privacy at System Level 2018/11/18

An IoT Architecture for Sharing RFID Information Query/ Answer Discovery service Query/ Answer Internet User Query/ Answer Publish/ Update Publish/ Update Information service Information service RFID readers RFID readers RFID tags RFID tags Enterprise information system Enterprise information system 2018/11/18

Security and Privacy Security: Identification/authentication of involving parties Users, discovery services, information services Privacy: Only authorized parties can access RFID data as needed Query, read, write, update, delete Solution: Access control Policy management, enforcement, implementation 2018/11/18

Access Control Requirements Cross domain RFID data to be shared are managed by different parties (IS and DS) Unknown users Query issuer may not have prior business relationship or be known to data holders Visibility Access to RFID data is based on supply chain information Compatibility Access control can be easily enforced in web services and database systems 2018/11/18

Existing Access Control Models Discretionary access control (DAC) Mandatory access control (MAC) Role based access control (RBAC) Attribute based access control (ABAC) Access Subject Object 2018/11/18

Comparison √ Cross Domain Unknown users Visibility Compatibility DAC Χ MAC RBAC ABAC 2018/11/18

Current Effort Data Discovery Requirements Document (EPCglobal draft, 2009) Description of requirements on RFID discovery services, including data confidentiality, integrity and access control A framework of components for access control in data discovery services (BRIDGE final report, 2009) Focus on networked services for inter-company operation of supply chains Our current work Design secure discovery services and implement the whole system in Singapore 2018/11/18