Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modelling Privacy for Off-line RFID Systems Flavio Garcia Radboud University Nijmegen together with Peter van Rossum RFIDSec 2009.

Published byMarjory Chase Modified over 9 years ago

Similar presentations

Presentation on theme: "Modelling Privacy for Off-line RFID Systems Flavio Garcia Radboud University Nijmegen together with Peter van Rossum RFIDSec 2009."— Presentation transcript:

1 Modelling Privacy for Off-line RFID Systems Flavio Garcia Radboud University Nijmegen together with Peter van Rossum RFIDSec 2009

2 Outline Current RFID privacy models A new model for off-line RFID systems that considers reader corruption Forward and self-stabilizing backwards privacy Protocols Conclusions

3 RFID Systems

4 Current RFID Models Permanent secure connexion Juels and Weis (2006) Vaudenay (2007) Avoine (2005) Fwd-Privacy

5 SafeUn-Safe Time

6 Narrow-FWD Private protocol [OSK03]

7 Many real systems are more complex Periodic connexion What kind of security can still be guaranteed? More information on the readers

8 Consider off-line systems where readers can be compromised

9 An adversary is a PPTA with access to the set of oracles O: CreateReader(R) CreateTag(T) Launch(R) Send(m,A) Result() CorruptTag(T) Sync() O+ = O  {DestroyReader(R)}

10 Fwd and Bwd-Privacy Safe Un-Safe Unachievable! (Unless extra assumptions are made) Safe

11 Forward privacy

12 Self-stabilizing backwards privacy

13 Forward and Self-stabilizing Backwards Private Protocol (idea) new day! BO K ← h(k’+1) K’ ← h(k’) K ← h(k) MAC using k’ K to `talk’ with the reader K’ to `talk’ with the BO

14 Forward and Self-stabilizing Backwards Private Protocol

15 Previous protocol is vulnerable to de- synchronization attacks Problem

16 Forward and Self-stabilizing Backwards Private Protocol

17 Verify key update Improvement

18 Improving synchronization

19 But still de-syncs if a reader is compromised Almost there

20 Improving synchronization

21 What to do Take special measures when a reader is compromised. Only update k’’s in BO if no reader corruption Con: this extends the privacy lost by one time slot

22 Conclusions model for (off-line) RFID systems in the presence of reader corruption forward and self-stabilizing backwards private protocols that uses only hash functions. De-sync resilience

Download ppt "Modelling Privacy for Off-line RFID Systems Flavio Garcia Radboud University Nijmegen together with Peter van Rossum RFIDSec 2009."

Similar presentations

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
1 Hardware Security Organisational stuff Lejla Batina & Erik Poll Digital Security Radboud University Nijmegen.

1 Hardware Security Organisational stuff Lejla Batina & Erik Poll Digital Security Radboud University Nijmegen.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
From: Cryptographers’ Track of the RSA Conference 2008 Date:2011-11-29 Reporter: Yi-Chun Shih 1.

From: Cryptographers’ Track of the RSA Conference 2008 Date: Reporter: Yi-Chun Shih 1.
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

Similar presentations

Ads by Google