EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University.

Slides:

Advertisements

Similar presentations

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April

Advertisements

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

Security in RFID Presented By… NetSecurity-Spring07

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

RFID Security and Privacy Part 2: security example.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

RFID Security CMPE 296T -Sankate Sharma -Sangbeom Ryu.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.

GS1 Certification & Accreditation Programmes October 2014 Rome Standards Event.

R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan Ph.D. Jin Kwak Kyushu University, JAPAN

Lecture Notes #7 Radio Frequency Identification (RFID)

Persistent Security for RFID Mike Burmester & Breno de Medeiros RFIDSec’07.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

David Molnar, David Wagner - Authors Eric McCambridge - Presenter.

- 1 - Secure and Serverless RFID Authentication and Search Protocols Chiu C. Tan, Bo Sheng, and Qun Li IEEE Transactions on Wireless Communication APRIL.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Developing RFID Application In Supply Chain

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Cryptanalysis of Two Dynamic ID-based Authentication

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

- 1 - RFID Security and Privacy: A Research Survey Ari Juels RSA Laboratories IEEE Journal on Selected Areas in Communication (J-SAC) in 2006 Taesung Kim.

MIXNET for Radio Frequency Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri.

Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.

Handling Security Threats to the RFID System of EPC Networks J. Garcia-Alfaro, M. Barbeau, E. Kranakis Presenter Gicheol Wang.

RFID Privacy: An Overview of Problems and Proposed Solutions Maxim Kharlamov (mkha130, #13) S. Garfinkel, A. Juels, R. Pappu, “RFID Privacy: An Overview.

RFID Privacy Using User-controllable Uniqueness Sozo INOUE, Hiroto YASUURA System LSI Research Center, Grad. Sch. Information Science & Electrical Engineering,

Standard: Comparison and Security Jason Gibson TCM471 Professor Crum.

Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.

Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore.

Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February.

© copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Qinghan Xiao, Cam Boulet and Thomas Gibbons Second International Conference on Availability, Reliability and Security, 2007 Speaker : 黃韋綸 RFID Security.

ASIACCS 2007 Protecting RFID Communications in Supply Chains Yingjiu Li & Xuhua Ding School of Information Systems Singapore Management University.

On The Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup Presented By Professor LI Yingjiu.

Enabling Secure Secret Updating for Unidirectional Key Distribution in RFID-Enabled Supply Chains Shaoying Cai 1, Tieyan Li 2, Changshe Ma 1, Yingjiu Li.

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

June All Hands Meeting Security in Sensor Networks Tanya Roosta Chris Karlof Professor S. Sastry.

By Chris Zachor CS 650.  Introduction  SSH Overview  Scenarios  How To:  Results  Conclusion.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Security of the Internet of Things: perspectives and challenges

1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Big Data Security Issues in Cloud Management. BDWG Big Data Working Group Researchers 1: Data analytics for security 2: Privacy preserving 3: Big data-scale.

1 Security problems on RFID tags (short introduction) Sakurai Lab., Kyushu Univ. Junichiro SAITO

CMSC 414 Computer and Network Security Lecture 15

Zahra Ahmadian Recursive Linear and Differential Cryptanalysis of Ultra-lightweight Authentication Protocols Zahra Ahmadian

RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information.

Revisting Unpredictability-Based RFID Privacy Models

Randomized PRF Tree Walking Algorithm for Secure RFID

An Improved Novel Key Management Protocol for RFID Systems

Presentation transcript:

EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University 1August National RFID Center

2 What is EPCglobal Network? EPC and EPCglobal Network

3 Double-Edge Sword ID collection, track and trace, information sharing Adversaries (passive, active, and physical) –Eavesdropping –Masquerading –Replay –MITM –De-synchronization –Tag cloning –DoS –Side-channel attack –Physical attack

4 Major Security Requirements Private identification, anti-tracking, secure information sharing Our focus: private ID and anti-tracking –Strong, moderate, weak, null anti-tracking –Secure handover (ownership transfer)

5 Challenges in Protocol Design Conflicting objectives with constraints Security (private ID and anti-tracking) Visibility (track and trace) Efficiency (dynamic structure and massive data) Cost

6 Technical Solutions RFID privacy without ownership handover –Overview of problems and proposed solutions (Garfinkel, Juels, and Pappu: S&P 05) RFID security in EPCglobal Network (RFID-enabled supply chain) –Private ID: encryption or keyed hash of ID –Anti-tracking: random numbers are used to generate private ID –Secure ownership handover: key update with de- synchronization resilience –Visibility: distributed or centralized –Efficiency: how to search DB to identify a tag (linear or log-linear) –Low cost: thousands of gates with PRNG and hash

7 Solution 1: Protecting RFID Communications in Supply Chains (Li and Ding: ASIACCS 07)

8 Solution 2: RFID Tag Ownership Transfer (Song: RFIDSec 08)

9 Solution 3: Unidirectional Key Distribution Across Time and Space (Juels, Pappu, Parno: USENIX 08) Secret sharing across space: a secret key is distributed across the tags in a pallet. Secret sharing across time: a secret key is distributed across multiple pallets.

10 Solution 4: Dual Security Modes in RFID-Enabled Supply Chain Systems

11 Comparison of Typical Technical Solutions Anti- tracking Handover and visibility Efficiency (tag search) Cost (tag) ASIACCS 07 WeakDistributed (EPC IS) Batch process Moderate RFIDSec 08 StrongDistributed (EPC IS) Tag by tagModerate USENIX 08 NullDistributed (EPC IS) DecryptionLow Dual modes StrongCentralized (EPC DS) SwitchModerate

12 Future Direction A security framework for EPCglobal network –Access control, flow control, disclosure control, trust negotiation, key management, audit, visibility maintenance, query authentication at high level –Secure RFID protocol at low level (covert channel) –Ownership handover in between (key management)

13 Questions? Please contact me at