Presentation is loading. Please wait.

Presentation is loading. Please wait.

The RFID Ecosystem Project Studying Next Generation RFID Applications in the Workplace Evan Welbourne University of Washington,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The RFID Ecosystem Project Studying Next Generation RFID Applications in the Workplace Evan Welbourne University of Washington,"— Presentation transcript:

1 http://rfid.cs.washington.edu/ The RFID Ecosystem Project Studying Next Generation RFID Applications in the Workplace Evan Welbourne University of Washington, CSE Chips Ahoy? The Legal Issues Associated with RFID in the Workplace May 1, 2009 - Seattle, WA

2 http://rfid.cs.washington.edu/  PART 1: RFID and The RFID Ecosystem  PART 2: Current and Future Applications  PART 3: Security and Privacy Issues + Technical Protection Mechanisms Outline

3 http://rfid.cs.washington.edu/ Image credit: Tom Reese, The Seattle Times PART ONE Radio Frequency Identification

4 http://rfid.cs.washington.edu/ What is RFID?  Wireless ID and tracking  Captures information on:  Identity  Location  Time  Unique identification  Passive (no batteries) Reader Tag

5 http://rfid.cs.washington.edu/ Radio Frequency Identification  Wireless identification and tracking  Information on:  Identity  Location  Time tagtimelocation ……… t1A t2B AB C t3C

6 http://rfid.cs.washington.edu/ RFID Tags – A Wide Variety Consumer Item CasesPalletsTrucks Ships / Trains bar codes passive tags active tags GPS-enabled active tags Cost of tag (logarithmic)

7 http://rfid.cs.washington.edu/ Elements of an RFID System RFID ReaderRFID TagsReader Antenna Network Infrastructure Data Management System Applications

8 http://rfid.cs.washington.edu/ The RFID Ecosystem  100s of passive EPC Gen 2 tags  100s of RFID antennas  85,000 sq ft (8,000 sq m) building  Simulating an RFID-saturated future

9 http://rfid.cs.washington.edu/ RFID Ecosystem at UW CSE

10 http://rfid.cs.washington.edu/ PART TWO: Current and Future RFID Applications

11 http://rfid.cs.washington.edu/ Focus: RFID for Real-Time Location  Current trend: RFID in Hospitals  Track equipment, patients, personnel  Improve utilization, track workflows  Rapid progression in 2009:  Feb 19: Awarepoint deploys RFID throughout 4 M sq. ft. Hospital  Feb 26: Versus Tech. deploys RFID system at Virginia Mason  Mar 4: St. Vincent Hospital deploys RFID workflow tracker  Mar 9: St. John’s Deploys RFID to track child patients  Mar 23: Good Samaritan tracks surgical instruments w/RFID  Mar 24: Western Maryland Health deploys RFID tracking system  Mar 25: RFID system for tracking patient files at Cleveland Clinic  April 14: RFID vendor Reva Systems gets $5M in VC funding  April 21: Greenville Hospital System tracks OR case carts  Ongoing… [ right middle and right bottom image credit: http://www.pcts.com ]

12 http://rfid.cs.washington.edu/ Focus: RFID for Real-Time Location  Proposed in research:  Infer higher-level events from data  Business Intelligence  Reminding Systems  Social Networking

13 http://rfid.cs.washington.edu/ PART THREE Security & Privacy Issues + Technical Protection Mechanisms Image credit: Karsten Nohl, from: OV-chipkaart Hack using polishing paper, a microscope and Matlab

14 http://rfid.cs.washington.edu/  Many attacks:  Encryption can improve security but…  Increases cost and power consumption, slows down read rate -- to be useful, RFID tags have to be cheap and fast!  Physical security  Foil-lined wallet: works, but you have to remove tag sometime  Skimming  Cloning  Replay attack  Eavesdropping  Ghost leech Issue: Basic Insecurity of RFID

15 http://rfid.cs.washington.edu/ Issue: Basic Insecurity of RFID  Case Study: WA State Enhanced Driver’s License  DHS claims RFID “removes risk of cloning”  Can be cloned easily in less than a second w/cheap device  Can be read more than 75 ft away  Sleeve doesn’t always work, worse when crumpled # EDL Reads, Week of Apr 27th Case study credit: Karl Koscher, Ari Juels, Tadayoshi Kohno, Vjekoslav Brajkovic

16 http://rfid.cs.washington.edu/  Our approach in the RFID Ecosystem: 1) Store little on tags, secure link between the tag ID and PII 2) Incorporate cryptographic techniques as they emerge Issue: Basic Insecurity of RFID

17 http://rfid.cs.washington.edu/  Who owns collected data?  Who has access to it? Modes of information disclosure:  Institutional  Organization collects, uses, and potentially shares personal data  Addressed by contracts, federal law, corporate practice (e.g. FIPs)  Peer-to-Peer or “Mediated”  Peers and superiors access data through some authorized channel  Mediated by access control policies  Malicious  Personal data is compromised by unauthorized parties  Addressed by secure systems engineering Issue: Data Access & Ownership

18 http://rfid.cs.washington.edu/  Our approach: “Physical Access Control Policy”  Each user has a personal view of the data  Each user has access to only those historical events that occurred when and where s/he was physically present  Models line-of-sight, augments memory  Other “context-aware” policies are possible:  “Only reveal my location during business hours”  “Only reveal my activity when I am in a meeting” Issue: Data Access & Ownership

19 http://rfid.cs.washington.edu/ Issue: Uncertainty of RFID Data 1) In practice, RFID tags are often missed by readers  Data cleaning algorithms are commonly applied 2) Further, apps need high-level information from smoothed data  Event detection and data mining algorithms applied  But there is always a “sensory gap” between what actually occurs, what is sensed and what is inferred from the data.

20 http://rfid.cs.washington.edu/ Issue: Uncertainty of RFID Data  Our approach: Directly represent uncertainty with probabilistic data e.g. “Bob could be in his office (p = 0.5), the lounge (p = 0.1), or next door (p = 0.4)”  Problem: probabilistic data is huge; and compressed by throwing away less likely possibilities.

21 http://rfid.cs.washington.edu/ Main Takeaways 1) Use what security the technology provides  Should improve with time 2) Verify implementation meets security/privacy claims 3) Access control can help enforce a policy framework  Novel, context-aware access controls are a possibility 4) RFID data and higher-level info inferred from it probably should not be considered actionable

22 http://rfid.cs.washington.edu/ Thanks Thank you!  Check out our blog: http://rfid.cs.washington.edu/blog/  Follow us on Twitter! http://twitter.com/rfid_ecosystem  See publications for details: http://rfid.cs.washington.edu/publications.html

23 http://rfid.cs.washington.edu/ Backup Slides Backup Slides…

24 http://rfid.cs.washington.edu/ Privacy & Security Discussion…  Just having an RFID tag could be a privacy risk  Pseudonymity not Anonymity  Each RFID tag you carry has a unique number  Sequential readings of your tags create a trace  Over time this trace can be used to identify you - “The person who: wears this sweater, takes this bus, uses this bus stop, shops at this grocery, …”  U.S. privacy law doesn’t consider these traces to be PII  European and Canadian law may handle this better  Important to discuss these issues  RFID is increasingly ubiquitous, may be in the REAL ID cards

25 http://rfid.cs.washington.edu/ Security of Tags and Readers Promise: Provides a faster, easier payment option Problem: Name, #, expiration sent as plaintext  $150 homemade device can steal and replay credit cards  Next generation of cards includes better security Promise: Faster border-crossings, improved security Problem: Identity, nationality sent in the clear  Malicious parties can easily identify / target U.S. citizens  Revised passport includes faraday shielding and BAC First generation RFID credit card vulnerabilities (UMass Amherst, RSA labs) Security and Privacy Risks of the U.S. e-Passport (UC Berkeley)

26 http://rfid.cs.washington.edu/ Data Privacy and Security RFID and Contactless Smart Card Transit Fare Payment Promise: Streamlines transit experience and book keeping Problem: Massive databases with transit traces of individuals  Not entirely clear what data is private and how it can be used  Oyster card data is the new law enforcement tool in London  Increasing # of requests for Oyster data: 4 in all of 2004 61 in Jan. 2007 ORCA Card: RFID-Based Transit Card for Seattle Area (August 2008) Promise: Streamlines transit experience and book keeping Integrated with easy pay and institutional partners Problem: The word “privacy” appears twice in 500 pages of docs…

27 http://rfid.cs.washington.edu/ Data Privacy and Security  From RFID Ecosystem user studies:  “How do I know if I have a tag on me?”, “How do I opt out?”  Users must be carefully educated before consenting  There should be equal, available alternatives to the RFID option  If personal RFID data is stored:  Clearly define how each piece of information can and will be used  Define and enforce appropriate access control policies May depend on user, application, and context of use (PAC)  Formal data privacy techniques to further ensure privacy (K-anonymity) Store only the information you need, and add noise!  Provide users with direct access to and control of their data

28 http://rfid.cs.washington.edu/ sightingstimestampsightingstimestampsightingstimestamp Time:0 ’s data store 000

29 http://rfid.cs.washington.edu/ sightingstimestampsightingstimestampsightingstimestamp Time: ’s data store 111 1 000

30 http://rfid.cs.washington.edu/ sightingstimestampsightingstimestampsightingstimestamp Time: ’s data store 111 000 222 2

Download ppt "The RFID Ecosystem Project Studying Next Generation RFID Applications in the Workplace Evan Welbourne University of Washington,"

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Made Harta Dwijaksara Park, Yi Jae

Made Harta Dwijaksara Park, Yi Jae
RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
TPS – UNIQUE HARDWARE (WWW.HOWSTUFFWORKS.COM) Option 1: Transaction Processing Systems.

TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
RFIDs and the Future Logistic System Dr. Hayden So Department of Electrical and Electronic Engineering 17 Sep, 2008.

RFIDs and the Future Logistic System Dr. Hayden So Department of Electrical and Electronic Engineering 17 Sep, 2008.
The RFID Ecosystem Project Longitudinal Study of a Building-Scale RFID Ecosystem Evan Welbourne with Karl Koscher, Emad.

The RFID Ecosystem Project Longitudinal Study of a Building-Scale RFID Ecosystem Evan Welbourne with Karl Koscher, Emad.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Risk of Using RFID chips in Passports Oscar Mendez.

Risk of Using RFID chips in Passports Oscar Mendez.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Evan Welbourne University of Washington, Dept. of Computer Science & Engineering “ Radio Frequency Identification: What’s.

Evan Welbourne University of Washington, Dept. of Computer Science & Engineering “ Radio Frequency Identification: What’s.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
Privacy Research In the RFID Ecosystem Project Evan Welbourne joint work with Magdalena Balazinska, Gaetano Borriello, Tadayoshi.

Privacy Research In the RFID Ecosystem Project Evan Welbourne joint work with Magdalena Balazinska, Gaetano Borriello, Tadayoshi.

Similar presentations

Ads by Google