Download presentation
Presentation is loading. Please wait.
Published bySebastian Donahue Modified over 11 years ago
1
World Class Standards Footer text (edit in View : Header and Footer) Security paradigms and RFID RFID03_03 Scott W CADZOW C3L
2
World Class Standards Footer text (edit in View : Header and Footer) 2 Security and standards development Risk based assessment Design based assurance
3
World Class Standards History of RFID Origins not terribly well documented Henry Stockman, 1948 Mario Cardullo (US Patent 3,713,148) in 1973 Charles Walton (US Patent 4,384,288) in 1983 Standards development ISO, base standards ETSI?? ITS active, passive transponders, road pricing Footer text (edit in View : Header and Footer) 3
4
World Class Standards Standards (not radio) ISO 14223/1 Radio frequency identification of Animals, advanced transponders – Air interface ISO 14443 HF (13.56 MHz) standard used as the basis of RFID-enabled passports under ICAO 9303. ISO 15693 HF (13.56 MHz) standard, used for non-contact smart payment and credit cards. ISO 18000-7 UHF (433 MHz) industry standard for active RFID products ISO 18185 Industry standard for electronic seals for tracking cargo containers Footer text (edit in View : Header and Footer) 4
5
World Class Standards Security issues in RFID Well documented Aired in previous RFID workshops Tracking – traffic analysis Masquerade may result Physical weaknesses Chip can be broken Antenna can be broken Antenna can be easily masked Religious fervour ??? Weird claim of RFID as mark of the beast (Revelation 13:16) Footer text (edit in View : Header and Footer) 5
6
World Class Standards
7
Paradigm to be adopted Design for assurance Advancement of ITU-T 3 stage method Development in line with Common Criteria (ISO/IEC 15408) Use of ETSI EG 202 387 as basis Development of Protection Profiles using ES 202 382 as template Risk analysis as fundamental key in development ETSI TS 102 165-1 as the root document Objective and requirements engineering Key to success being developed in TISPAN WI-07027 Security architecture and countermeasure analysis Using key capabilities from ISO/IEC 15408-2 Footer text (edit in View : Header and Footer) 7
8
World Class Standards Definitions to be going on with Objectives Broad intention of system (WHAT) Functions Abstract grouping of features Requirements Implementation detail (HOW)
9
World Class Standards Understanding of security A Threat, enacted by a Threat Agent, may lead to an Unwanted Incident breaking certain pre-defined security objectives Aim is to avoid Unwanted Incidents Countermeasures restrict the ability of threat agents to operate
10
World Class Standards The root model for eTVRA
11
World Class Standards Threat types (#1)
12
World Class Standards Threat types (#2)
13
World Class Standards SUMMARY Where we need to go Footer text (edit in View : Header and Footer) 13
14
World Class Standards Key points Adoption of design for assurance paradigm Risk based development of security functions Distribution of risk based on least cost loss function Cryptographic development with SAGE as partners Systems security development with TISPAN and OCG-Sec as partners Footer text (edit in View : Header and Footer) 14
15
World Class Standards Thanks for listening Scott CADZOW Scott @ Cadzow. com Footer text (edit in View : Header and Footer) 15
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.