Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jaap-Henk Hoepman Security of Systems (SoS) Radboud University Nijmegen The Netherlands Jaap-Henk Hoepman TNO Information.

Published byBethany Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "Jaap-Henk Hoepman Security of Systems (SoS) Radboud University Nijmegen The Netherlands Jaap-Henk Hoepman TNO Information."— Presentation transcript:

1 Jaap-Henk Hoepman Security of Systems (SoS) Radboud University Nijmegen The Netherlands jhh@cs.ru.nl www.cs.ru.nl/~jhh Jaap-Henk Hoepman TNO Information & Communication Technology Groningen The Netherlands jaap-henk.hoepman@tno.nl RFID: Applications, Risks & Countermeasures An introduction to the PEARL project (www.pearl-project.org)

2 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 2 ContentsContents  A typical RFID system  Applications of RFID  Privacy & security risks  Possible solutions: the PEARL project

3 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 3 A typical RFID system  Transponder/tag  active / passive  1 bit – 64 kB (EEPROM/SRAM)  controller / CPU  read-only / read- write  Reader  LF / UHF  Communication range  Coupling backoffice database(s)

4 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 4 Reading distance  For passive tags  Low frequency (LF) ~ 1.2 meter better penetration of objects  Ultra High Frequency (UHF) mostly: ~ 2 meter latest product: ~ 3.3 meter in the labs: ~ +10 meters  Higher for active tags Limited by power consumption of controller/CPU on tag

5 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 5 We now face the imminent expansion of cyberspace into physical space in the form of ■ networked cameras, ■ biometric identification devices, ■ RFID tags on consumer goods, ■ and a wide variety of sensors. The issue The Internet of Things

6 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 6 Applications (1)  Home  Neighbourhood garbage depots  Tactile user interfaces “real” gaming (cf GPS based stuff)  Work  Alcatel Rijswijk linking laptops to owners  Fun / Shopping  Metro store  Prada  Legoland kidspotter  Apenheul (crowd performance)  Madesjki Smart Stadium (crowd control)

7 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 7 Applications (2)  Infotainment  Tagged billboards  Science museum LA  City tours  Travel  KLM baggage handling  OV chipcard (vs London Oyster card)  Biometric passport  Healthcare

8 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 8 Current RFID systems unsafe  No authentication  No friend/foe distinction  No access control  Rogue reader can link to tag  Rogue tag can mess up reader  No encryption  Eavesdropping possible  Predictable responses  Traffic analysis, linkability  No GUI…  … and “distance” not enforced by tag

9 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 9 RFID Risks: Consumers  User profiling  Possible robbery target  Possible street-marketing target  Personalised loyalty/discounts  Refuse/grant access to shop/building Even for tags without serial no#  Loss of location privacy By tracking same user profile  Fake transactions / Identity theft  No protection by privacy laws…

10 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 10 RFID Risks: Companies  Corporate espionage  Scanning competitors inventory (or customer base) Eavesdropping tags Querying tags  Unauthorised access Fake RFIDs  Derived/competing services  Using competitors installed base  Denial of service attacks  Supply chain failure Jamming signals Fake RFIDs

11 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 11 RFID countermeasures:  Blocker tag  RFID Guardian  PIN/pass/hashcodes  Private handshakes

12 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 12 Spot the Fed

13 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 13 Private handshake

14 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 14 State of the art  [BG85] Baldwin, R. W., and Gramlich, W. C. Cryptographic protocol for trustable match making. In IEEE Security & Privacy (Oakland, CA, USA, 1985), IEEE, pp. 92–100.  [ZN] Zhang, K., and Needham, R. A private matchmaking protocol. http://citeseer.nj.nec.com/71955.html.  [BDS+03] Balfanz, D., Durfee, G., Shankar, N., Smetters, D. K., Staddon, J., and Wong, H. C. Secret handshakes from pairing-based key agreements. In IEEE Security & Privacy (Oakland, CA, USA, 2003), IEEE, pp. 180–196.  [CJT04] C. Castelluccia, S. Jarecki, and G. Tsudik. Secret handshakes from ca-oblivious encryption. In P. Lee, editor, Advances in Cryptology - ASIACRYPT 2004, Springer, 2004.  [XY04] Xu, S., and Yung, M. k-anonymous secret handshakes with reusable credentials. In 11th CCS (Washington D.C., USA, 2004), ACM, pp. 158–167.

15 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 15 Match making  Allows users sharing “wish” W /credentials to find each other

16 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 16 Secret handshake  Same-group discovery  Impersonation resistance  Detection resistance  Traceability  Forward repudiability  Collusion resistance  No fairness

17 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 17 Secret handshake - discussion  Two protocols [BDS03, CJT04]  Users need pool of single-use pseudonyms  Multiple groups: time  Traceability vs privacy?  Group owner “sees” everything

18 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 18 Private handshake  More private: no traceability  And also no collusion resistance  Extension to multiple groups  A and B learn  No pool of pseudonyms required

19 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 19 Handling single groups

20 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 20 Multiple groups

21

22 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 22 Project partners  Academic team  TU Eindhoven  TU Delft  University of Twente  Radboud University Nijmegen  Business partners  Philips Research  TNO Inform  ECP.NL

23 30-10-2007 J.H. Hoepman RFID: Applications, Risks & Countermeasures 23 Project structure Design (RU, TUD)  Cryptographic algorithms  Security protocols Assessment (TU/E,UT)  Modelling properties  Policies  Modelling systems  Verification

Download ppt "Jaap-Henk Hoepman Security of Systems (SoS) Radboud University Nijmegen The Netherlands Jaap-Henk Hoepman TNO Information."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands 

Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands 
Optionally Identifiable Private Handshakes Yanjiang Yang.

Optionally Identifiable Private Handshakes Yanjiang Yang.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
Jaap-Henk Hoepman Security of Systems (SoS) group Institute for Computing and Information Sciences Radboud University Nijmegen, the Netherlands

Jaap-Henk Hoepman Security of Systems (SoS) group Institute for Computing and Information Sciences Radboud University Nijmegen, the Netherlands
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
Presentation for CS 5910 – Network Security UCCS, Fall Semester 2010 Presented by Robin Kimzey & George Mudrak 1.

Presentation for CS 5910 – Network Security UCCS, Fall Semester 2010 Presented by Robin Kimzey & George Mudrak 1.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.

Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
David Molnar, David Wagner - Authors Eric McCambridge - Presenter.

David Molnar, David Wagner - Authors Eric McCambridge - Presenter.
 A device that has the ability to read or identify a product or an object  Mainly tracks and identifies objects  Used for security and identification,

 A device that has the ability to read or identify a product or an object  Mainly tracks and identifies objects  Used for security and identification,
Implementing and Maintaining an RFID Tagging Program November 9 th, 2012 Christian Gutierrez Director of Special Projects.

Implementing and Maintaining an RFID Tagging Program November 9 th, 2012 Christian Gutierrez Director of Special Projects.
ByBrendanMalindaRachael. Electronic Monitoring Electronic monitoring can take many forms, this happens because technology is becoming cheaper and very.

ByBrendanMalindaRachael. Electronic Monitoring Electronic monitoring can take many forms, this happens because technology is becoming cheaper and very.
Developing RFID Application In Supply Chain

Developing RFID Application In Supply Chain

Similar presentations

Ads by Google