Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-hip-tag-00.txt HIP support for RFID

Published byCecily Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "1 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-hip-tag-00.txt HIP support for RFID"— Presentation transcript:

1

2 1 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-hip-tag-00.txt HIP support for RFID Pascal.Urien@telecom-paristech.fr http://www.telecom-paristech.fr

3 2 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland Summary This document describes an architecture based on the Host Identity Protocol (HIP) for active tags, i.e. RFIDs that include tamper resistant computing resources. HIP-Tags never expose their identity in clear text, but hide this value (typically an EPC-Code) by a particular equation (f) that can be only solved by a dedicated entity, referred as the portal. HIP exchanges occurred between HIP-Tags and portals; they are shuttled by IP packets, through the Internet cloud.

4 3 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland Internet Of Thing (IoT) Architecture ReaderTag Start EPC-Code URI ConversionONS Resolver EPCIS Server Local System DNS Cloud PML Files EPC: Electronic Product Code ONS: Object Name Service EPCIS: EPC Information Service PML: Physical Markup language

5 4 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland Identity Protection Privacy issues EPC-Code MUST be protected f(r1,r2,EPC-Code) Example Many proposal in the scientific literature f(r1,r2, EPC-Code) = SHA1 (r1 | r2 | EPC-Code) Reader Tag r1 r2, f(r1,r2, EPC-Code) S. Weis, S. Sarma, R. Rivest and D. Engels. "Security and privacy aspects of low-cost radio frequency identification systems." In D. Hutter, G. Muller, W. Stephan and M. Ullman, editors, International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of Lecture Notes in computer Science, pages 454- 469. Springer-Verlag, 2003.

6 5 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland Main Ideas The TAG runs a modified version of HIP HIP Only! – NO IP stack The Reader is an IP node It acts as a docking host for HIP tag The Reader is not able to solve f The identity solver is located in a node called the PORTAL HIP dialog between Tag and Portal HIP packets MAY be encapsulated by a HAT (HIP Address Translation) layer.

7 6 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland HIP-Tags Architecture IP MAC PHY IP MAC PHY RFID-MAC RFID-PHY RFID-MAC RFID-PHY HIP PortalTagReader HAT HIP Identity Solver SPI-I SPI-R ?

8 7 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland T-BEX Exchange, I1-T HIT-I A random value generated by the tag HIT-R A known HIT A null value Tag Portal HIT-I, HIT-R

9 8 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland T-BEX Exchange, R1-T r1, random value generated by the Portal. HIT-T-Transforms, list of f functions and associated parameters. ESP-Transforms, optional list of ESP- Transforms, used when a secure communication channel is requested. Tag Portal HIT-R, HIT-I, HIT-R(r1), HIT-T-Transforms, [ESP-Transforms]

10 9 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland T-BEX Exchange, I2-T r2, random value generated by the Tag. HIT-T-Transform, selected f function. F-T, equation to solve ESP-Transform, optional selected ESP-Transform ESP-Info, optional info about ESP transform, includes the SPI-I value. Signature-T, signature of the I2-T message KI-Auth-key = g(r1, r2, EPC-Code) Tag Portal HIT-I, HIT-R, HIT-R(r2), HIT-T-Transform, F-T = f(r1,r2,EPC-Code), [ESP-Transform], [ESP-Info], Signature-T

11 10 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland T-BEX Exchange, R2-T (Optional) ESP-Info, optional info about ESP transform, includes the SPI-R value. Signature-T, signature of the I2-T message r1, random value generated by the Portal. Tag Portal HIT-R, HIT-I, [ESP-Info], T-Signature Optional ESP Dialog

12 11 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland Binary Encoding Next Header Payload Length Type VER RES ControlChecksum Sender’s HIT Receiver’s HIT HIP Parameters HIP Header TLVTypeData R-T HIP-T-TRANSFORM F-T SIGNATURE-T ESP-TRANSFORM ESP-INFO 0x400 0x402 0x404 0x406 0x408 0x40A Random value r1 or r2 HIP-Tag transform f function value Signature ESP transforms ESP parameters Type 0 15 16 31 Type (0x400)Length Padding-lengthValue Padding R-T 0 15 16 31 Type (0x404)Length Padding-lengthValue Padding F-T 0 15 16 31 Type (0x406)Length Padding-lengthSignature Padding Signature-T 0 15 16 31 Type (0x402)Length Padding-lengthSuite-ID#1 Length-of-suite-ID#1Value Suite-ID#2 …Padding HIP-T-Transform

13 12 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland Questions ?

Download ppt "1 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-hip-tag-00.txt HIP support for RFID"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
IPv6 Network Security.

IPv6 Network Security.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Similar presentations

Ads by Google