Presentation is loading. Please wait.

Presentation is loading. Please wait.

RFID Security and Privacy. RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things.

Published byJudith Hosmer Modified over 9 years ago

Similar presentations

Presentation on theme: "RFID Security and Privacy. RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things."— Presentation transcript:

1 RFID Security and Privacy

2 RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things

3 Most basic use: replacement of barcode wireless readout no alignment required passive tag - reader provides power through EM field tag contains only ID, no processor very cheap database of tag IDs and their meaning DB T-shirt ## FEEBDAED ##

4 Peggy Yorkshire Terrier Owner: J. Smith Peggy Yorkshire Terrier Owner: J. Smith Phone: +31040…

5

6 What is needed for this? Small identifying tag –can be placed in an animal / object –very cheap –most basic form: almost no logic Contactless readout –reading device provides electromagnetic field –tag gets power from EM field –tag causes time-dependent impedance changes

7 At the other end of the spectrum: wireless smartcards processor optional: battery active transmitter, not just passive impedance ROM memory -keys -software RAM memory flash / EEPROM -sensitive data supports read & write operations password protection crypto

8 RFID vs. Traditional smart cards Similar: data on an electronic device Different: power supply and data exchange without galvanic contacts Different: limited power on the card side

9 Active tagsPassive tags PowerBatterySupplied by the reader Availability of power ContinuousOnly in field of reader Range~100mup to 3-5m, usually less Price>10 euroless than 10 cents Memory1-2Mb0.5-2Kb Size> 2cm*2cm> 0.05mm*0.05mm (without antenna) Active vs passive

10 Some examples Shanghai public transportation card Passports Dutch library reader’s pass Animal identification Stock identification Car keys Toll payment

11 Key holderClockPlastic card Nails Small boxLabelPlastic pinRoll of smart labels toys toys connected to PC

12 Is this an active or a passive tag?

13 Implications for security… No money/power for –public key crypto -tamper resistance / detection -tamper-resistant clock Multiple readers and millions of tags –tag collision, reader collision anti-collision protocols –synchronisation –lots of different keys Non-contact and non-line-of-sight –hard to physically impede the communication

14 Implications for privacy Internet Of Things will make this even worse

15

16 Implanting RFID in humans? Advantageous for –cancer patients undergoing chemotherapy; –people with pacemakers or other medical implants; –cognitive impairment due to epilepsy, diabetes, or Alzheimer’s disease; –emergency (allergy)… Your favourite drink at the bar?!

17 2004: The attorney general of Mexico and 18 of his staff had chips implanted to allow them to gain access to certain high-security areas. 2006: President of Colombia agreed to require Colombian citizens to be implanted with RFID chips before they could gain entry into the US for seasonal work. 2008: UK jails considering RFID implants for prisoners. 2008 -...: OV Chipkaart security issues in the Netherlands. Security of car locks, wireless payment, etc Impact on society

18 Things that can go wrong (1) Illicit tracking of RFID tags

19 Things that can go wrong (2) Skimming (obtain secrets by eavesdropping)

20 Things that can go wrong (3) Tag cloning

21 Things that can go wrong (4) Cross contamination

22 Things that can go wrong (5) Tag killing

23 Things that can go wrong (6) Tags captured and secret info extracted (invasive and side channel attacks)

24 Things that can go wrong (7) Jamming Can also be selective

25 The Pandora's box of RFID Ethical issues Privacy Tracking Skimming Tag cloning Cross-contamination Tag killing Invasive attacks Jamming

26 Questions ?

27 Some sources… http://www.avoine.net/rfid/ http://www.emc.com/emc-plus/rsa-labs/research- areas/rfid-privacy-and-security.htm http://eprint.iacr.org/2008/310.pdf And the “usual suspects”: –http://www.Wikipedia.org/http://www.Wikipedia.org/ –http://scholar.google.com/http://scholar.google.com/

28 Suggested topics: choose three sub-topics Applications: banknotes e-Passports anti-counterfeiting public transport car keys Protocols HB + EC-RAC EMAP distance bounding... other protocols Various kinds of attacks & countermeasures Mifare hack RFID viruses / malware Cloning... other attacks Privacy enhancement (universal) re-encryption blocker tag formal privacy verification Crypto on RFID tags PUFs elliptic curves random number generators... other crypto

Download ppt "RFID Security and Privacy. RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things."

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.

Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
TPS – UNIQUE HARDWARE (WWW.HOWSTUFFWORKS.COM) Option 1: Transaction Processing Systems.

TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
ITEC 810 Overview of Micropayment Technology

ITEC 810 Overview of Micropayment Technology
Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.

Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
RFID (Radio Frequency Identification) Jonathan Green, Kevin Thornberg, Erica Jennings May 16, 2007.

RFID (Radio Frequency Identification) Jonathan Green, Kevin Thornberg, Erica Jennings May 16, 2007.
RFID By Jake Schmitt, Neil McLain, Steve Staten. Overview RFID Defined Defined History History Current Applications Controversy Controversy Testing and.

RFID By Jake Schmitt, Neil McLain, Steve Staten. Overview RFID Defined Defined History History Current Applications Controversy Controversy Testing and.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
RFID Security and Privacy Part 2: security example.

RFID Security and Privacy Part 2: security example.
RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.

RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.
Radio-Frequency Identification (RFID) Andrew Bowdle MD, PhD Professor of Anesthesiology and Pharmaceutics Chief of the Division of Cardiothoracic Anesthesiology.

Radio-Frequency Identification (RFID) Andrew Bowdle MD, PhD Professor of Anesthesiology and Pharmaceutics Chief of the Division of Cardiothoracic Anesthesiology.
RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.

RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

Similar presentations

Ads by Google