Presentation is loading. Please wait.

Presentation is loading. Please wait.

RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information.

Published byKenneth Clark Modified over 6 years ago

Similar presentations

Presentation on theme: "RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information."— Presentation transcript:

1 RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information Systems Singapore Management University 2018/11/18

2 RFID Security & Privacy at Physical Level
2018/11/18

3 Radio Frequency IDentification (RFID)
Radio signal (contactless) Authenticate / Identify Read / Update Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency Reader (transceivers) Read data off tags without direct contact Database Match tag IDs to physical objects 2018/11/18

4 RFID Security Issues Tag Authentication Reader Authentication
Only valid tags are accepted by a valid reader Reader Authentication Only valid readers are accepted by valid tags Not always required but mandatory in some applications (e.g., e-tickets) Availability Infeasible to manipulate honest tags such that honest readers do not accept them 2018/11/18

5 Radio signal (contactless)
RFID Privacy Issues Privacy requirements Anonymity: Confidentiality of the tag identity Untraceability: Unlinkability of the tag’s transactions Privacy issues Adversaries identify tags Adversaries track tags Radio signal (contactless) Tags Reader 2018/11/18

6 RFID Privacy Preserving Authentication Protocol Design
Tag T Reader R c r f (optional) Security requirements One way or mutual authentication Privacy requirements Anonymity: Confidentiality of the tag identity Untraceability: Unlinkability of the tag’s transactions 2018/11/18

7 Cryptographic Protocols for RFID Privacy
Numerous lightweight RFID protocols for low-cost tags have been proposed They use simple operations (XOR, bit inner product, CRC, etc) Most of them have been broken (T. van Deursen and S. Radomirovic: Attacks on RFID Protocols, ePrint Archive: Report 2008/310) 2018/11/18

8 Recent Progress: RFID Privacy Models
Ind-privacy: indistinguishability of two tags (Jules & Weis, PerCom 2007) Ideal model, but not easy to work with Unp-privacy: unpredictability of protocol messages (Ha, Moon, Zhou & Ha, ESORICS 2008), (Ma, Li, Deng, Li, CCS09) Only works with symmetric key based protocols ZK-privacy model: Zero knowledge model (Deng, Li, Yung, Zhao, Esorics 2010) Output of real world experiment and output of simulated world experiment are indistinguishable Works with both symmetric key and public key protocols 2018/11/18

9 RFID Security & Privacy at System Level
2018/11/18

10 An IoT Architecture for Sharing RFID Information
Query/ Answer Discovery service Query/ Answer Internet User Query/ Answer Publish/ Update Publish/ Update Information service Information service RFID readers RFID readers RFID tags RFID tags Enterprise information system Enterprise information system 2018/11/18

11 Security and Privacy Security: Identification/authentication of involving parties Users, discovery services, information services Privacy: Only authorized parties can access RFID data as needed Query, read, write, update, delete Solution: Access control Policy management, enforcement, implementation 2018/11/18

12 Access Control Requirements
Cross domain RFID data to be shared are managed by different parties (IS and DS) Unknown users Query issuer may not have prior business relationship or be known to data holders Visibility Access to RFID data is based on supply chain information Compatibility Access control can be easily enforced in web services and database systems 2018/11/18

13 Existing Access Control Models
Discretionary access control (DAC) Mandatory access control (MAC) Role based access control (RBAC) Attribute based access control (ABAC) Access Subject Object 2018/11/18

14 Comparison √ Cross Domain Unknown users Visibility Compatibility DAC Χ
MAC RBAC ABAC 2018/11/18

15 Current Effort Data Discovery Requirements Document (EPCglobal draft, 2009) Description of requirements on RFID discovery services, including data confidentiality, integrity and access control A framework of components for access control in data discovery services (BRIDGE final report, 2009) Focus on networked services for inter-company operation of supply chains Our current work Design secure discovery services and implement the whole system in Singapore 2018/11/18

Download ppt "RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information."

Similar presentations

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,
Doc.: IEEE 802.11-02/243r0 Submission March 2002 James Kempf, DoCoMo LabsSlide 1 802.11 and IP James Kempf Seamoby WG Co-chair DoCoMo Labs USA

Doc.: IEEE /243r0 Submission March 2002 James Kempf, DoCoMo LabsSlide and IP James Kempf Seamoby WG Co-chair DoCoMo Labs USA
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
David Molnar, David Wagner - Authors Eric McCambridge - Presenter.

David Molnar, David Wagner - Authors Eric McCambridge - Presenter.
RFID and Wine Alfio Grasso Deputy Director Auto-ID Lab, ADELAIDE.

RFID and Wine Alfio Grasso Deputy Director Auto-ID Lab, ADELAIDE.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,

Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably.

Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.

Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.
EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University.

EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University.

Similar presentations

Ads by Google