1 Presented by July-2013, IIM Indore. 2  RFID = Radio Frequency IDentification.  RFID is ADC (Automated Data Collection) technology that:-  uses radio-frequency.

Slides:

Advertisements

Similar presentations

Network Security Chapter 1 - Introduction.

Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Bridging the gap between software developers and auditors.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Lecture 1: Overview modified from slides of Lawrie Brown.

CSA 223 network and web security Chapter one

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

RFID Policy Update 1/23/08 Dan Caprio President DC Strategies, LLC.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Storage Security and Management: Security Framework

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

مدیریت تولید پیشرفته جلسه پنجم : Introduction: CIM, RFID

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

1 RFID Technology and Threat Modeling Presented by: Neeraj Chaudhry University of Arkansas.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

1 RFID Technical Tutorial and Threat Modeling Presented by: Neeraj Chaudhry University of Arkansas.

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Radio Frequency Identification

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Practical Threat Modeling for Software Architects & System Developers

Chap1: Is there a Security Problem in Computing?.

Lesson Title: Social Implications of RFID Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

Lesson Title: Media Interface Threats, Risks, and Mitigation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Computer Security By Duncan Hall.

Network Security Introduction

Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 RFID Security Nicholas Alteen Computer Science Program Florida Gulf.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Computers and Security by Calder Jones. What is Computer Security Computer Security is the protection of computing systems and the data that they store.

Chapter 1: Security Governance Through Principles and Policies

Module 7: Designing Security for Accounts and Services.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

Security Issues in Information Technology

Cryptography and Network Security

Threat Modeling for Cloud Computing

By: Tarun Sharma Chinta Rahul SCSE VIT University

Design for Security Pepper.

Information System and Network Security

Secure Software Confidentiality Integrity Data Security Authentication

BY GAWARE S.R. DEPT.OF COMP.SCI

Information and Network Security

CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017.

Copyright Gupta Consulting, LLC.

Module 4 System and Application Security

Mohammad Alauthman Computer Security Mohammad Alauthman

Chapter 5 Computer Security

Presentation transcript:

1 Presented by July-2013, IIM Indore

2  RFID = Radio Frequency IDentification.  RFID is ADC (Automated Data Collection) technology that:-  uses radio-frequency waves to transfer data between a reader and a movable item to identify, categorize, track.  is fast and does not require physical sight or contact between reader/scanner and the tagged item.  attempts to provide unique identification and backend integration that allows for wide range of applications.

3

4

5  Broadly threats are categorized based on:- Confidentiality, Integrity, Availability as-  Spoofing identity  Tampering with data  Repudiation  Information disclosure  Denial of service  Elevation of privilege

6  “Spoofing occurs when an attacker successfully poses as an authorized user of a system”  A competitor or thief performs an unauthorized inventory of a store by scanning tags with an unauthorized reader to determine the types and quantities of items.  An attacker trying to save money by buying expensive goods that have RFID price tags spoofed to display cheaper prices.

7  Appropriate authentication,  Protect secrets,  Don’t store secrets

8  “Data tampering occurs when an attacker modifies, adds, deletes, or reorders data”  For Eg:-  An attacker modifies a passport tag to appear to be a citizen in good standing.  An attacker adds additional tags in a shipment that makes the shipment appear to contain more items than it actually does.

9  Appropriate authentication,  Message authentication codes  Digital signatures,  Tamper-resistant protocols

10  “Repudiation occurs when a user denies an action and no proof exists to prove that the action was performed”  A retailer denies receiving a certain pallet, case, or item.  The owner of the EPC number denies having information about the item to which the tag is attached.

11  Digital signatures,  Timestamps,  Audit trails

12  “Information disclosure occurs when information is exposed to an unauthorized user”  A bomb in a restaurant explodes when there are five or more Americans with RFID-enabled passports detected.  An attacker blackmails an individual for having certain merchandise in their possession.  A sufficiently powerful directed reader reads tags in your house or car.

13  Authorization,  Privacy-enhanced protocols,  Encryption,

14  “Denial-of-service denies service to valid users. Denial-of-service attacks are easy to accomplish and difficult to guard against.”  An attacker with a powerful reader jams the reader.  An attacker intrudes into the system thereby aborting the transactions.

15  Appropriate authentication,  Appropriate authorization,  Filtering,  Throttling,  Quality of Service

16  “A user logging on to the database to know the product’s information can become an attacker by raising his/her status in the information system from a user to a root server administrator and write or add malicious data into the system.”  A system user modifies the authorisation & authentication privileges to transfer money to his account.

17  Run with least privilege  Hierarchy based privilege  Restricted privilege to user.

18  Damage potential (1-10)  Reproducibility (1-10)  Exploitability (1-10)  Affected Users (1-10)  Discoverability (1-10)

19  RFID is extensively used worldwide due to its efficient and convenient features.  Still, it has threats & vulnerabilities associated with it.  Despite the proposed mitigation strategies yet it is not possible to design full-proof RFID system.  Extensive research is being carried out for reliable RFID system.

20 PPT downloaded from

21