Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jaap-Henk Hoepman Security of Systems (SoS) group Institute for Computing and Information Sciences Radboud University Nijmegen, the Netherlands

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Jaap-Henk Hoepman Security of Systems (SoS) group Institute for Computing and Information Sciences Radboud University Nijmegen, the Netherlands"— Presentation transcript:

1 Jaap-Henk Hoepman Security of Systems (SoS) group Institute for Computing and Information Sciences Radboud University Nijmegen, the Netherlands jhh@cs.ru.nl www.cs.ru.nl/~jhh Calling All Things RFID technology, its impact and our challenges

2 22-11-2005 J.H. Hoepman Calling All Things: RFID 2 ContentsContents  How it works (Hardware)  What it can do (Applications)  How it affects us (Societal issues)  How to control it (Countermeasures)

3 22-11-2005 J.H. Hoepman Calling All Things: RFID 3 I How it works

4 22-11-2005 J.H. Hoepman Calling All Things: RFID 4 A typical RFID system  Transponder/tag  active / passive  1 bit – 64 kB (EEPROM/SRAM)  controller / CPU  read-only / read- write  Reader  LF / UHF  Communication range  Coupling  Backoffice  Databases  Datamining

5 22-11-2005 J.H. Hoepman Calling All Things: RFID 5 RFID tags

6 22-11-2005 J.H. Hoepman Calling All Things: RFID 6 RFID readers

7 22-11-2005 J.H. Hoepman Calling All Things: RFID 7 Primary classifiers  Active / passive  LF / HF / UHF / micro  Read-only / read-write  State-machine / CPU  n-bit / 1-bit

8 22-11-2005 J.H. Hoepman Calling All Things: RFID 8 Reading distance (1)  Design range  Close-coupling (0 – 1 cm)  Proximity coupling (7 – 15 cm)  Vicinity/Remote-coupling (0 – 1 m)  Long range (> 1m)  Eavesdropping range  Maximum reading range

9 22-11-2005 J.H. Hoepman Calling All Things: RFID 9 Reading distance (2) LFHFUHFSHF 125 kHz 13.56 MHz 860-960 MHz 2.4 / 5.7 GHz Ca 1 m1,5 – 2 m4 – 8 m20 m Good penetration through objects Limited by power consumption of controller/CPU on tag Longer for active tags

10 22-11-2005 J.H. Hoepman Calling All Things: RFID 10 CommunicationCommunication  Principle (load modulation)  Collision avoidance  Prefixes of ID Tag-to- reader eavesdropping hard

11 22-11-2005 J.H. Hoepman Calling All Things: RFID 11 II What it can do

12 22-11-2005 J.H. Hoepman Calling All Things: RFID 12 We now face the imminent expansion of cyberspace into physical space in the form of ■ networked cameras, ■ biometric identification devices, ■ RFID tags on consumer goods, ■ and a wide variety of sensors.

13 22-11-2005 J.H. Hoepman Calling All Things: RFID 13 ApplicationsApplications  Health care  Emergency services  Blindness (“The object in front is a …”)  Obsessive Compulsive Disorder (OCD )  Access control  “Who is inside?” Emergency information  Logistics / Supply chain  WalMart  Shopping  METRO store  PRADA “Mind that tree, Richard!

14 22-11-2005 J.H. Hoepman Calling All Things: RFID 14 ApplicationsApplications  Travel/traffic  Passport   Hypertag (advertisement)  Tag on object; user (gsm) reads  Exploratorium, San Fransisco  Reader at object; user wears tag

15 22-11-2005 J.H. Hoepman Calling All Things: RFID 15 Example: “What-is-this”  With RFID  Not only immovables (GPS) Including billboards  RFID (UphID) → URL  Conditional access “Sowing seeds” vs “1 UphID for all” 1 RFID = n UphID

16 22-11-2005 J.H. Hoepman Calling All Things: RFID 16 Smart Dust…

17 22-11-2005 J.H. Hoepman Calling All Things: RFID 17 III How it affects us

18 22-11-2005 J.H. Hoepman Calling All Things: RFID 18 In a mediated environment –where everything is connected to everything - it is no longer clear what is being mediated, and what mediates.

19 22-11-2005 J.H. Hoepman Calling All Things: RFID 19 Current RFID systems unsafe  No authentication  No friend/foe distinction  No access control  Rogue reader can link to tag  Rogue tag can mess up reader  No encryption  Eavesdropping possible (esp. reader)  Predictable responses  Traffic analysis, linkability  No GUI…  … and “distance” not enforced by tag

20 22-11-2005 J.H. Hoepman Calling All Things: RFID 20 RFID Risks: Consumers  User profiling  Possible robbery target  Possible street-marketing target  Personalised loyalty/discounts  Refuse/grant access to shop/building Even for tags without serial no#  Loss of location privacy By tracking same user profile  Fake transactions / Identity theft

21 22-11-2005 J.H. Hoepman Calling All Things: RFID 21 RFID Risks: Companies  Corporate espionage  Scanning competitors inventory (or customer base) Eavesdropping tags Querying tags  Unauthorised access Fake RFIDs  Derived/competing services  Using competitors installed base  Denial of service attacks  Supply chain failure Jamming signals Fake RFIDs

22 22-11-2005 J.H. Hoepman Calling All Things: RFID 22 Aggregate data  Maybe too big to analyse/datamine….  …. but easily searched for 1 person time & space

23 22-11-2005 J.H. Hoepman Calling All Things: RFID 23 IV How to control it

24 22-11-2005 J.H. Hoepman Calling All Things: RFID 24 First ideas  “Kill” command  Blocker tag  Metal shielding  Many tags

25 22-11-2005 J.H. Hoepman Calling All Things: RFID 25 Random identifier identifier h g to reader

26 22-11-2005 J.H. Hoepman Calling All Things: RFID 26 Tracing banknotes (1)  Primary issues  Prevent tracing  Prevent “purse scanning”  Prevent counterfeiting  Trace money laundering

27 22-11-2005 J.H. Hoepman Calling All Things: RFID 27 Tracing banknotes (2)

28 22-11-2005 J.H. Hoepman Calling All Things: RFID 28 Biometric passport (1)  Primary issues  Prevent tracing  Prevent skimming Especially biometric data  Prevent counterfeiting

29 22-11-2005 J.H. Hoepman Calling All Things: RFID 29 Biometric passport (2)

30 22-11-2005 J.H. Hoepman Calling All Things: RFID 30

31 22-11-2005 J.H. Hoepman Calling All Things: RFID 31 ResourcesResources  Klaus Finkenzeller “RFID-Handbook”, 2nd (3 rd ) ed, Wiley & Sons, ISBN: 0-470-84402-7 http://www.rfid-handbook.de/

Download ppt "Jaap-Henk Hoepman Security of Systems (SoS) group Institute for Computing and Information Sciences Radboud University Nijmegen, the Netherlands"

Similar presentations

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.
Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands 

Jaap-Henk Hoepman TNO ICT, Groningen, the Netherlands  Digital Security (DS) Radboud University Nijmegen, the Netherlands 
RFID Group Progress Leader: Muhammad Salman Younas Team: Jawad Khalil Sheikh Saad Al-Shaalan Muhammad Al-Khamees.

RFID Group Progress Leader: Muhammad Salman Younas Team: Jawad Khalil Sheikh Saad Al-Shaalan Muhammad Al-Khamees.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 16 Integrating Wireless Technology in business.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 16 Integrating Wireless Technology in business.
NFC Devices: Security and Privacy

NFC Devices: Security and Privacy
e-Solutions for Access Control, CCTV, Attendance Monitoring, Personal Identification, Building Management and Fire Detection SECURITY & SAFETY IS ONE.

e-Solutions for Access Control, CCTV, Attendance Monitoring, Personal Identification, Building Management and Fire Detection SECURITY & SAFETY IS ONE.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.

Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
RFID Radio Frequency IDentification By Özcan Tunalılar 27 th March 2008.

RFID Radio Frequency IDentification By Özcan Tunalılar 27 th March 2008.
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EMBEDDED RFID IN PRODUCT IDENTIFICATION Tommi Kallonen Jari Porras Lappeenranta University of Technology.

EMBEDDED RFID IN PRODUCT IDENTIFICATION Tommi Kallonen Jari Porras Lappeenranta University of Technology.
J.J. Faxon Andy Vu Dustin Beck Jessica Bentz Mandi Ellis

J.J. Faxon Andy Vu Dustin Beck Jessica Bentz Mandi Ellis
RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.

RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
Presentation for CS 5910 – Network Security UCCS, Fall Semester 2010 Presented by Robin Kimzey & George Mudrak 1.

Presentation for CS 5910 – Network Security UCCS, Fall Semester 2010 Presented by Robin Kimzey & George Mudrak 1.
563.9.2 RFID Security & Privacy Matt Hansen University of Illinois Fall 2007.

RFID Security & Privacy Matt Hansen University of Illinois Fall 2007.
RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg 9.12.2005.

RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg

Similar presentations

Ads by Google