A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions Advanced Information Systems Engineering Lab Saitama University, Japan 2008-April-17 K.H.S Sabaragamu Koralalage and J. Cheng Department of Information and Computer Sciences, Saitama University, Japan {krishan,
Agenda POP Architecture The Problem Goal Evaluation Conclusion Future Works
17-April-2008ISA What is POP What is Product-flow with Ownership-transferring Protocol A comprehensive mechanism used to ensure the security and privacy of the passive RFID systems used in a product lifecycle How Tagged-product flow with an anonymous ownership transference Robust communicational protocol
17-April-2008ISA How to change the ownership PRIVACY SECURITY KaKa SaSa EPC E KbKb SbSb E KdKd SdSd E KeKe SeSe E KfKf SfSf E KgKg SgSg E KhKh ShSh E KiKi SiSi E KjKj SjSj E KkKk SkSk E KlKl SlSl E E E E KcKc ScSc E
17-April-2008ISA The Problem Position of POP Architecture ? Level of Security ? Level of Privacy ? Level of Functionality ?
17-April-2008ISA Goal and Objectives Goal Compare and contrast previously proposed RFID solutions against the POP Architecture Objectives 1. Define security criterion 2. Define privacy criterion 3. Define desired functionalities 4. Evaluate available RFID Solutions
17-April-2008ISA Previous Solutions 1. Faraday Cage[1] 2. Blocker Tag[1] 3. Active Jamming[1] 4. Frequency Modification[12] 5. Kill Tag[1] 6. RFID Guardian[10] 7. Renaming[3] 8. Hash Based Schemes[12,11,9] 9. Delegated Pseudonym[7] 10. Zero knowledge[5] 11. Re-encryption Method[8,2]
17-April-2008ISA Security Objectives Authentication Authorization Confidentiality Anonymity Data Integrity No-Repudiation Availability Forward Security Anti-Cloning Anti-Reverse Engineering
17-April-2008ISA Achievement of security objectives
17-April-2008ISA Attacking RFID Tags Attacking Interrogators Access-key/Cipher-text Tracing Eavesdropping Spoofing Man-in-the-middle Replay Attack Brute-force Attacks Security Attacks
17-April-2008ISA Protection Against the attacks
17-April-2008ISA Corporate espionage Competitive marketing Action threat Association threat Location threat Preference threat Constellation threat Transaction threat Breadcrumb threat Privacy Threats
17-April-2008ISA Protection against privacy threats
17-April-2008ISA Interoperability Reliability Usability Feasibility Scalability Manage new and damaged tags Control Accessing Transfer ownership online/offline Achieve multiple authorizations Recycle the tagged products Desired Functionalities
17-April-2008ISA Functional Abilities
17-April-2008ISA Evaluation POP Achieves Highest security objectives, attack prevention throughout the product lifecycle Highest protection against the privacy threats Highest interoperability Highest level of feasibility, scalability, manageability of new and damaged tags and self controllability Resolve multiple authorizations issue
17-April-2008ISA Evaluation No solution provides both online/offline anonymous ownership transference other than POP But POP yields for universal customer card and PIN only for after purchase use
17-April-2008ISA Our evaluation reveals that the POP Architecture is the best out of all those solutions as no one provides such level of achievement so far. Conclusion
17-April-2008ISA Future Works We hope to analyze the performance of POP Tags in following aspects Computational Overhead Storage Overhead Communication Overhead Cost Overhead
17-April-2008ISA Thank you very much for your attention !!!..... Please feel free to ask questions…………or put forward your opinions……..
17-April-2008ISA Q & A
17-April-2008ISA Thank you
17-April-2008ISA K. H. S. Sabaragamu Koralalage and Jingde Cheng: A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions, Proceedings of the 2nd International Conference on Information Security and Assurance (ISA '08), pp , Busan, Korea, IEEE Computer Society Press, April 2008.