Security and privacy in RFID
|
|
- Jeffrey French
- 8 years ago
- Views:
Transcription
1 Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar 8 November 2007
2 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion
3 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion
4 Radio Frequency Identification RFID is a family of emerging technologies for automated identification of objects and people, and the system components are 1 RFID tag 2 RFID reader attached/embedded to/into items to be identified transmits data over the air in response to interrogation by an RFID reader consists of coupling element for communications (and also possibly power supply) and microchip forms the radio interface to tags provides high-level interface to a host computer system to transmit the captured tag data 3 Back-end Server maintains relevant information for identification process
5 Radio Frequency Identification RFID is a family of emerging technologies for automated identification of objects and people, and the system components are 1 RFID tag 2 RFID reader attached/embedded to/into items to be identified transmits data over the air in response to interrogation by an RFID reader consists of coupling element for communications (and also possibly power supply) and microchip forms the radio interface to tags provides high-level interface to a host computer system to transmit the captured tag data 3 Back-end Server maintains relevant information for identification process
6 RFID tags
7 Active vs. Passive Active tags Passive tags Power Source battery powered powered by radio waves Life limited by battery unlimited Range up to hundreds of meters up to 3-5m Cost $ $
8 Current RFID applications 1 Supply-chain/inventory management Electronic Product Code (EPC) tags (under development) containers and crates/pallets tracking 2 Asset-tracking system health-care information system (partly currently used) (drug/medicine identification and staff/patient tracking) e-passport (under development) children and animal (pet) tracking library baggage handling in airport 3 Access control proximity card car immobiliser 4 Contactless payment system SpeedPass TM, American Express ExpressPay TM, Mastercard PayPass TM
9 RFID becomes ubiquitous Advantages of RFID RFID has been originally suggested as a successor to the optical barcode 1 Automation - no line-of-sight contact with readers and no human intervention 2 Unique identification - not only a generic product identifier but an individual serial number What s behind RFID 1 Efforts of large organisations such as WalMart, US DoD, and etc 2 Tag cost dropping and RFID standardisation 3 Development of EPC technologies
10 RFID becomes ubiquitous Advantages of RFID RFID has been originally suggested as a successor to the optical barcode 1 Automation - no line-of-sight contact with readers and no human intervention 2 Unique identification - not only a generic product identifier but an individual serial number What s behind RFID 1 Efforts of large organisations such as WalMart, US DoD, and etc 2 Tag cost dropping and RFID standardisation 3 Development of EPC technologies
11 RFID becomes ubiquitous Advantages of RFID RFID has been originally suggested as a successor to the optical barcode 1 Automation - no line-of-sight contact with readers and no human intervention 2 Unique identification - not only a generic product identifier but an individual serial number What s behind RFID 1 Efforts of large organisations such as WalMart, US DoD, and etc 2 Tag cost dropping and RFID standardisation 3 Development of EPC technologies
12 Electronic Product Code & EPCglobal 1 EPC tag is a Barcode-type RFID device 2 EPCgolbal : an organization set up to achieve world-wide adoption and standardization of EPC technology 3 EPCglobal is currently working on reader and tag communication protocols middleware between reader and enterprise systems Object Name Service (ONS) with VeriSign EPC Information Service (EPC-IS) and EPC Discovery Service (EPC-DS)
13 RFID Standards 1 Standards for logistic applications ISO/IEC ISO/IEC ISO/IEC Standards for automatic livestock identification ISO ISO Standards for vicinity coupling cards ISO/IEC ISO/IEC ISO/IEC ISO/IEC Supply-chain management EPC (under development)
14 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion
15 Issues on passive tags 1 Passive tags with very limited memory and logical gates will be mostly deployed in mass market 2 Most of current privacy concerns focus on applications using passive tags, and those include smart check-out in supermarket RFID-enabled banknote medical drugs and luxury goods human identification through tag injection under skin 3 Active tags are assumed to provide strong security and privacy protection with strong cryptographic primitives
16 Coupling and Frequencies 1 Frequency bands LF (Low Frequency): khz HF (High Frequency): MHz UHF (Ultra High Frequency): 868/915 MHz MW (Microwave): 2.45 and 5.8 GHz 2 Due to process known coupling Inductive coupling within the near field region Electromagnetic coupling in the far field
17 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion
18 Read range issues 1 Nominal read range maximum distance at which a normally operating reader (with ordinary antenna and ordinary power output) can reliably scan tag data ex. ISO : 10cm 2 Rogue read range a determined attacker might still achieve longer distances using larger antenna and/or higher signal transmission power ex. ISO : 50cm 3 Tag-to-reader eavesdropping read range once a tag is powered, a second reader can monitor resulting tag emissions without itself outputting signal might be longer than rogue read range 4 Reader-to-tag eavesdropping read range this signal can be received hundreds of meters away
19 Privacy
20 Privacy (I) Tags respond to reader interrogation without alerting their owners or bears, and most tags emit unique identifiers 1 Location privacy pooled several clandestine scans reveals a tag bearer s whereabout along a tag reading infrastructure 2 Data privacy certain tags such as EPC tags carry information about items EPC tag bearers are subject to clandestine inventorying Privacy, however, is not just consumer concerns - ex. military or company supply-chain management
21 Privacy (I) Tags respond to reader interrogation without alerting their owners or bears, and most tags emit unique identifiers 1 Location privacy pooled several clandestine scans reveals a tag bearer s whereabout along a tag reading infrastructure 2 Data privacy certain tags such as EPC tags carry information about items EPC tag bearers are subject to clandestine inventorying Privacy, however, is not just consumer concerns - ex. military or company supply-chain management
22 Privacy (I) Tags respond to reader interrogation without alerting their owners or bears, and most tags emit unique identifiers 1 Location privacy pooled several clandestine scans reveals a tag bearer s whereabout along a tag reading infrastructure 2 Data privacy certain tags such as EPC tags carry information about items EPC tag bearers are subject to clandestine inventorying Privacy, however, is not just consumer concerns - ex. military or company supply-chain management
23 Privacy (II) 1 Euro banknote in 2001, European Central Bank planed to embed RFID tags into banknote as anti-counterfeiting measure it seems increasingly implausible due to technical difficulties 2 Human-implantable chips VeriChip TM for health-care information system flamed the passion of privacy advocates 3 E-passport ICAO (International Civil Aviation Organisation) promulgated the guideline for RFID-enabled passport the US has mandated the adoption of these standards by VISA-waiver countries delayed due to technical challenges
24 Authentication 1 Privacy concerns that bad readers harvest information from good tags, but authentication concerns that good readers detect bad tags 2 EPC tags are vulnerable to simple counterfeiting attacks 3 Detect cloning by consistent and centralised data collection, but not always possible 4 Various countermeasures but permit limited solutions
25 Adversary Model 1 RFID system is secure and private for what? formal model that characterises the capabilities of potential adversaries - as form of a game in cryptography 2 We need formulation of weakened security models that accurately reflects real-world threat and real-world tag capabilities 3 Multiple communication layers in RFID systems cryptographic security models captures top-layer communication protocols between tags and readers need to consider low layer and physical levels of communications 4 Security models in literatures Okubo, Szuki, and Kinoshita ( 03) (symmetric-tags) Juels ( 04) - Minimalist security model (basic tags) Juels and Weis ( 06) - Strong privacy model (symmetric-key tags) Avoine ( 05) Zhang and King ( 08)
26 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion
27 Killing 1 Dead tags cannot talk - Kill the TAG 2 Currently in EPC Class-1 Gen-2 tags 3 When an EPC tag receives a kill command from a reader, it renders itself permanently inoperative 4 Kill command is PIN-protected 5 It eliminates all of the post-purchase benefits of RFID
28 Re-naming approaches : Minimalist 1 Tags contain small collection of pseudonyms and release a different one upon each reader inquiry 2 Throttle tag replies to prevent rogue readers rapidly reading out all available pseudonyms of tags in a single sweep, it slows down response for quick interrogations
29 Re-naming approaches : re-encryption (I) 1 Juels and Pappu ( 03) proposed public key re-encryption scheme to enhance consumer privacy for RFID-enabled banknote 2 Scheme law enforcement holds private/public key pair (x, y) of ElGamal encryption scheme banknote serial number s encrypted to c = E y (s) to prevent malicious tracing, c is periodically re-encrypted to c to prevent malicious writing, keyed writing by optical-scanning the banknote 3 They introduced the principle that cryptography can enhance tag privacy, even when tags themselves cannot perform cryptographic operations
30 Re-naming approaches : re-encryption (II) 1 What about if we have multiple key pairs? 2 Including a public key in tags, however, permits certain degree of malicious tracking and profiling 3 Universal re-encryption permits re-encryption without knowledge of the corresponding public key in public-key encryption schemes 4 Golle et al. ( 04) proposed ElGamal-based universal re-encryption 5 It suffers from serious attacks, since it does not preserve integrity
31 Re-naming approaches: re-encryption (III) 1 Ateniese, Camenisch, and de Medeiros ( 05) 2 Insubvertible encryption scheme which also permits universal re-encrpytion 3 Ciphertext is digitally singed by a CA and permits anyone to verify the authenticity of the ciphertext 4 To prevent malicious tracing, the ciphertext as well as signature can be randomisable by any entity
32 Proxy approach Consumers carry their own privacy-enforcing devices (proxies) 1 Watchdog tags audit system for RFID privacy monitor ambient scanning of tags and collect information form readers 2 RFID Guardian or RFID Enhancer Proxy (REP) batter-powered personal RFID firewall intermediates reader request to tags and selectively simulates tags under its control can implement sophisticated privacy policies further research includes how a Guardian or REP should acquire and release control of tags and associated PINs and keys
33 Proxy approach Consumers carry their own privacy-enforcing devices (proxies) 1 Watchdog tags audit system for RFID privacy monitor ambient scanning of tags and collect information form readers 2 RFID Guardian or RFID Enhancer Proxy (REP) batter-powered personal RFID firewall intermediates reader request to tags and selectively simulates tags under its control can implement sophisticated privacy policies further research includes how a Guardian or REP should acquire and release control of tags and associated PINs and keys
34 Distant measurement 1 The distance between tags and readers serve as a metric for trust 2 Fishkin, Roy, and Jiang ( 04) signal-to-noise ratio of reader signal provides rough metric of distance when scanned in a distance, expose little information release its unique identifier only at close range
35 Blocking tags 1 It jams tree-based anti-collision protocols, thus making impossible to read out tags nearby 2 As cheap to manufacture, it could be integrated into paper bags 3 To prevent jamming of legitimate readers, a privacy bit is set during check-out
36 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion
37 Assumptions 1 Tags are assumed to perform keyed hash function or hardware efficient symmetric encryption scheme (and also often assumed to have a pseudo random number generator) 2 We assume a centralised system, where readers have constant access to their back-end server 3 Notations we have n tags each tag T i contains in memory a shared secret key k i with the server
38 Authentication 1 Simple challenge-response protocol prevents cloning T i R : ID Ti T i R : P T i R : h(k i, P) or e ki (P) In practice, resource constraints in commercial tags sometimes leads to deployment of weak cryptographic primitives 2 Digital Signature Transponder (DST) currently a theft-deterrent in automobiles and SpeedPass TM use the protocol described above broken since they expect security through obscurity to overcome short key-length
39 Authentication 1 Simple challenge-response protocol prevents cloning T i R : ID Ti T i R : P T i R : h(k i, P) or e ki (P) In practice, resource constraints in commercial tags sometimes leads to deployment of weak cryptographic primitives 2 Digital Signature Transponder (DST) currently a theft-deterrent in automobiles and SpeedPass TM use the protocol described above broken since they expect security through obscurity to overcome short key-length
40 Authentication 1 Simple challenge-response protocol prevents cloning T i R : ID Ti T i R : P T i R : h(k i, P) or e ki (P) In practice, resource constraints in commercial tags sometimes leads to deployment of weak cryptographic primitives 2 Digital Signature Transponder (DST) currently a theft-deterrent in automobiles and SpeedPass TM use the protocol described above broken since they expect security through obscurity to overcome short key-length
41 Reverse-engineering & Side channels 1 Reverse engineering physical invasive attacks possible tags are too inexpensive to include temper-resistance mechanism 2 Side channels - potentially serious threat in RFID Timing attacks - extract information based on variations in the rate of computation of target devices - over-the-air timing attacks against tags : open research topic Power analysis attacks - measure electromagnetic emanation - exploit measurable variations in power consumption
42 Reverse-engineering & Side channels 1 Reverse engineering physical invasive attacks possible tags are too inexpensive to include temper-resistance mechanism 2 Side channels - potentially serious threat in RFID Timing attacks - extract information based on variations in the rate of computation of target devices - over-the-air timing attacks against tags : open research topic Power analysis attacks - measure electromagnetic emanation - exploit measurable variations in power consumption
43 Relay attacks 1 Relay attack is always possible no matter how well designed cryptographic protocols in RFID systems and no matter how strong cryptographic primitives are used 2 Often security based on assumption - limited read range of tags 3 Attack allows proximity cards to open a door or RFID-based credit cards to effect payment from a kilometer away RFID TAG Leech Ghost RFID Reader Figure of Relay attack in RFID systems
44 Privacy 1 Paradox if a tag emits identifier in challenge-response protocol, no privacy if a reader does not know which tag it is interrogating, it cannot determine which key to use 2 Key search: straightforward but heavy solution tag emits E = f ki (P) reader searches from the space of all keys K = {k j } j for a key k K such that f k (P) = E 3 Weis, Sarma, Rivest, and Engel ( 03) 4 The computational cost of key-search for the reader is linear in the number of tags, thus key search is prohibitively costly in large systems 5 More efficient solutions?
45 Privacy 1 Paradox if a tag emits identifier in challenge-response protocol, no privacy if a reader does not know which tag it is interrogating, it cannot determine which key to use 2 Key search: straightforward but heavy solution tag emits E = f ki (P) reader searches from the space of all keys K = {k j } j for a key k K such that f k (P) = E 3 Weis, Sarma, Rivest, and Engel ( 03) 4 The computational cost of key-search for the reader is linear in the number of tags, thus key search is prohibitively costly in large systems 5 More efficient solutions?
46 Privacy 1 Paradox if a tag emits identifier in challenge-response protocol, no privacy if a reader does not know which tag it is interrogating, it cannot determine which key to use 2 Key search: straightforward but heavy solution tag emits E = f ki (P) reader searches from the space of all keys K = {k j } j for a key k K such that f k (P) = E 3 Weis, Sarma, Rivest, and Engel ( 03) 4 The computational cost of key-search for the reader is linear in the number of tags, thus key search is prohibitively costly in large systems 5 More efficient solutions?
47 Tree approach 1 Molnar and Wagner ( 04) each node (or edge) is associated with a key each tag is assigned to a unique leaf tag contains the keys defined from a root to the leaf if we have a depth d and branching factor b, each tag contains d keys and the scheme accommodates d b tags in total 2 Efficiency reader can identify a tag by means of a depth-first search of the tree search through at most db keys rather than d b keys 3 Security compromise of the secrets in one tag compromise of secrets in other tags
48 Synchronisation approach 1 Suppose that every tag T i maintains a counter c i and the tag outputs E = f ki (c i ) on interrogation 2 Provided that a reader knows the approximate value of c i, it can store a searchable table of tag output values, i.e., reader maintains the output values f ki (c i ), f k i (c i + 1),, f ki (c i + d), for c i [c i, c i + d] 3 Literatures with stronger security (such as forward security) and more efficiency
49 Outline 1 RFID Primer 2 Passive RFID tags 3 Issues on Security and Privacy 4 Basic Tags 5 Symmetric-key Tags 6 Conclusion
50 RFID becomes ubiquitous
RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project
RFID Security and Privacy: A Research Survey Vincent Naessens Studiedag Rabbit project RFID Security and Privacy: A Research Survey 1. Introduction 2. Security and privacy problems 3. Basic RFID tags 4.
More informationEnabling the secure use of RFID
Enabling the secure use of RFID BLACK ME/FOTOLIA.com Enhancing security of radio frequency identification to connect safely to the Internet of Things UHF radio frequency identification (RFID) promises
More informationRFID Security. April 10, 2006. Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark
April 10, 2006 Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark 1 Outline What is RFID RFID usage Security threats Threat examples Protection Schemes for
More informationA Study on the Security of RFID with Enhancing Privacy Protection
A Study on the Security of RFID with Enhancing Privacy Protection *Henry Ker-Chang Chang, *Li-Chih Yen and *Wen-Chi Huang *Professor and *Graduate Students Graduate Institute of Information Management
More informationBack-end Server Reader Tag
A Privacy-preserving Lightweight Authentication Protocol for Low-Cost RFID Tags Shucheng Yu, Kui Ren, and Wenjing Lou Department of ECE, Worcester Polytechnic Institute, MA 01609 {yscheng, wjlou}@wpi.edu
More informationPrivacy and Security in library RFID Issues, Practices and Architecture
Privacy and Security in library RFID Issues, Practices and Architecture David Molnar and David Wagner University of California, Berkeley CCS '04 October 2004 Overview Motivation RFID Background Library
More informationContactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked
More informationSecurity Issues in RFID. Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China wang-kai09@mails.tsinghua.edu.
Security Issues in RFID Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China wang-kai09@mails.tsinghua.edu.cn Abstract RFID (Radio Frequency IDentification) are one
More informationPAP: A Privacy and Authentication Protocol for Passive RFID Tags
PAP: A Privacy and Authentication Protocol for Passive RFID s Alex X. Liu LeRoy A. Bailey Department of Computer Science and Engineering Michigan State University East Lansing, MI 48824-1266, U.S.A. {alexliu,
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationRF ID Security and Privacy
RF ID Security and Privacy EJ Jung 11/15/10 What is RFID?! Radio-Frequency Identification Tag Antenna Chip How Does RFID Work? 02.3DFEX4.78AF51 EasyToll card #816 Radio signal (contactless) Range: from
More informationAn Overview of Approaches to Privacy Protection in RFID
An Overview of Approaches to Privacy Protection in RFID Jimmy Kjällman Helsinki University of Technology Jimmy.Kjallman@tkk.fi Abstract Radio Frequency Identification (RFID) is a common term for technologies
More informationOn the Security of RFID
On the Security of RFID Hung-Min Sun Information Security Lab. Department of Computer Science National Tsing Hua University slide 1 What is RFID? Radio-Frequency Identification Tag Reference http://glossary.ippaper.com
More informationRFID SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
RFID SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationHow Does It Work? Internet of Things
Intermec UAP-2100 What is RFID? 18-759: Wireless Networks Lecture 14: RFID Peter Steenkiste and Hedda R. Schmidtke Departments of Computer Science and Electrical and Computer Engineering Spring Semester
More informationRadio Frequency Identification (RFID)
Radio Frequency Identification (RFID) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/
More informationBest Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council
Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity
More informationRFID Security: Threats, solutions and open challenges
RFID Security: Threats, solutions and open challenges Bruno Crispo Vrije Universiteit Amsterdam crispo@cs.vu.nl 1 Table of Content RFID technology and applications Security Issues Privacy Proposed (partial)
More informationTackling Security and Privacy Issues in Radio Frequency Identification Devices
Tackling Security and Privacy Issues in Radio Frequency Identification Devices Dirk Henrici and Paul Müller University of Kaiserslautern, Department of Computer Science, PO Box 3049 67653 Kaiserslautern,
More informationSecurity Issues in RFID systems. By Nikhil Nemade Krishna C Konda
Security Issues in RFID systems By Nikhil Nemade Krishna C Konda Agenda Introduction to an RFID System Possible Application Areas Need for Security Vulnerabilities of an RFID system Security Measures currently
More informationHow To Attack A Key Card With A Keycard With A Car Key (For A Car)
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars (NDSS ) Aurélien Francillon, Boris Danev, Srdjan Čapkun (ETHZ) Wednesday System Security April Group 6, 1 Agenda 1. Overview of Car
More informationThe Study on RFID Security Method for Entrance Guard System
The Study on RFID Security Method for Entrance Guard System Y.C. Hung 1, C.W. Tsai 2, C.H. Hong 3 1 Andrew@mail.ncyu.edu.tw 2 s0930316@mail.ncyu.edu.tw 3 chhong@csie.ncyu.edu.tw Abstract: The RFID technology
More informationRelay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Srdjan Čapkun (joint work with Aurélien Francillon, Boris Danev) 1 Agenda 1. Overview of Car Key Systems 2. Previous Attacks: In
More informationRF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
More informationRelay Attacks on Passive Keyless Entry and Start Systems in Modern Cars
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurélien Francillon, Boris Danev, Srdjan Čapkun 1 Modern Cars Evolution Increasing amount of electronics in cars For convenience
More informationRFID Penetration Tests when the truth is stranger than fiction
RFID Penetration Tests when the truth is stranger than fiction Dr. Tomáš Rosa, tomas.rosa@rb.cz Raiffeisenbank, a.s. Agenda Technology overview Physical layer of LF and HF bands The Unique ID phenomenon
More informationSecurity in RFID Networks and Protocols
International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 5 (2013), pp. 425-432 International Research Publications House http://www. irphouse.com /ijict.htm Security
More informationRADIO FREQUENCY IDENTIFICATION (RFID) is a
IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 24, NO. 2, FEBRUARY 2006 381 RFID Security and Privacy: A Research Survey Ari Juels Invited Paper Abstract This paper surveys recent technical research
More informationAn Overview of RFID Security and Privacy threats
An Overview of RFID Security and Privacy threats Maxim Kharlamov mkha130@ec.auckland.ac.nz The University of Auckland October 2007 Abstract Radio Frequency Identification (RFID) technology is quickly deploying
More informationData Protection Technical Guidance Radio Frequency Identification
Data Protection Technical Guidance Radio Frequency Identification This technical guidance note is aimed at those using or contemplating using RFID technology. It gives a brief summary of the technology
More informationSecurity Requirements for RFID Computing Systems
International Journal of Network Security, Vol.6, No.2, PP.214 226, Mar. 2008 214 Security Requirements for RFID Computing Systems Xiaolan Zhang 1 and Brian King 2 (Corresponding author: Xiaolan Zhang)
More informationProxy Framework for Enhanced RFID Security and Privacy
Proxy Framework for Enhanced RFID Security and Privacy Tassos Dimitriou Athens Information Technology Markopoulo Ave., 19002, Peania Athens, Greece tdim@ait.edu.gr Abstract Radio Frequency IDentification
More informationSecurity and Privacy for Internet of Things Application
Security and Privacy for Internet of Things Application Qi fang, School of Information Science and Engineering, Central South University, Changsha, China 8-1 Copyright Disclamation This course material
More informationHow To Hack An Rdi Credit Card
RFID Payment Card Vulnerabilities Technical Report Thomas S. Heydt-Benjamin 1, Daniel V. Bailey 2, Kevin Fu 1, Ari Juels 2, and Tom O'Hare 3 Abstract 1: University of Massachusetts at Amherst {tshb, kevinfu}@cs.umass.edu
More informationexpand to a minimum of 128 bits in length with extensions for 256 bits or more.
1 RFID Security and Privacy: A Research Survey Ari Juels RSA Laboratories ajuels@rsasecurity.com 28 September 2005 Abstract This article surveys recent technical research on the problems of privacy and
More informationRFID BASED VEHICLE TRACKING SYSTEM
RFID BASED VEHICLE TRACKING SYSTEM Operating a managed, busy parking lot can pose significant challenges, especially to a government organization that also owns some of the vehicles in the lot. The parking
More informationRAIN RFID and the Internet of Things: Industry Snapshot and Security Needs. Matt Robshaw and Tyler Williamson Impinj Seattle, USA
RAIN RFID and the Internet of Things: Industry Snapshot and Security Needs Matt Robshaw and Tyler Williamson Impinj Seattle, USA Overview RAIN RFID The product and standardization landscape Security, performance,
More informationDesign And Implementation Of Bank Locker Security System Based On Fingerprint Sensing Circuit And RFID Reader
Design And Implementation Of Bank Locker Security System Based On Sensing Circuit And RFID Reader Khaing Mar Htwe, Zaw Min Min Htun, Hla Myo Tun Abstract: The main goal of this system is to design a locker
More informationA Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags
A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags Sarah Abughazalah, Konstantinos Markantonakis, and Keith Mayes Smart Card Centre-Information Security Group (SCC-ISG) Royal Holloway,
More informationSecurity and Privacy in RFID Applications
13 Security and Privacy in RFID Applications Paweł Rotter Joint Research Centre of the European Commission, Institute for Prospective Technological Studies Seville, Spain Currently at: AGH-University of
More informationUsing RFID Techniques for a Universal Identification Device
Using RFID Techniques for a Universal Identification Device Roman Zharinov, Ulia Trifonova, Alexey Gorin Saint-Petersburg State University of Aerospace Instrumentation Saint-Petersburg, Russia {roman,
More informationrf Technology to automate your BUsiness
Motorola Tech Brief June 2011 Understanding the characteristics of the rfid spectrum: Choosing the Right rf Technology to automate your BUsiness How to choose the right rfid technology for your Identification,
More informationRF Attendance System Framework for Faculties of Higher Education
RF Attendance System Framework for Faculties of Higher Education Ms. Unnati A. Patel 1 Dr. Swaminarayan Priya R 2 1 Asst. Professor, M.Sc(IT) Department, ISTAR, V.V.Nagar-388120, India 2 Head & ProfessorHH,
More informationA Research on Issues Related to RFID Security and Privacy
A Research on Issues Related to RFID Security and Privacy Jongki Kim1, Chao Yang2, Jinhwan Jeon3 1 Division of Business Administration, College of Business, Pusan National University 30, GeumJeong-Gu,
More informationFeature. Security and Privacy Trade-offs in RFID Use. Operational Zone RFID Tag. RFID Reader
Feature Security and Privacy Trade-offs in RFID Use S. Srinivasan is a professor of computer information systems at the University of Louisville in Kentucky, USA. He can be reached at srini@louisville.edu.
More informationVarious Attacks and their Countermeasure on all Layers of RFID System
Various Attacks and their Countermeasure on all Layers of RFID System Gursewak Singh, Rajveer Kaur, Himanshu Sharma Abstract RFID (radio frequency identification) system is one of the most widely used
More informationRFID Guardian Back-end Security Protocol
Master Thesis RFID Guardian Back-end Security Protocol Author: Hongliang Wang First Reader: Bruno Crispo Second Reader: Melanie Reiback Department of Computer Science Vrije Universiteit, Amsterdam The
More informationSecurity Challenges for User-Oriented RFID Applications within the Internet of Things
Security Challenges for User-Oriented RFID Applications within the Internet of Things G.P. HANCKE, K. MARKANTONAKIS and K.E. MAYES ISG Smart Card Centre Royal Holloway, University of London UNITED KINGDOM
More informationHow To Understand The Power Of An Freddi Tag (Rfid) System
Radio Frequency Identification Done by: Haitham Habli. Table of contents Definition of RFID. Do they need license? RFID vs other identification systems. Classification of RFID systems. Emerge of passive
More informationPrivacy Enhanced Active RFID Tag
Privacy Enhanced Active RFID Tag Shingo Kinoshita, Miyako Ohkubo, Fumitaka Hoshino, Gembu Morohashi, Osamu Shionoiri, and Atsushi Kanai NTT Information Sharing Platform Laboratories, NTT Corporation 1-1
More informationTHE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM
THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM Iuon Chang Lin Department of Management Information Systems, National Chung Hsing University, Taiwan, Department of Photonics and Communication Engineering,
More informationSecurity in Near Field Communication (NFC)
Security in Near Field Communication (NFC) Strengths and Weaknesses Ernst Haselsteiner and Klemens Breitfuß Philips Semiconductors Mikronweg 1, 8101 Gratkorn, Austria ernst.haselsteiner@philips.com klemens.breitfuss@philips.com
More informationKeep Out of My Passport: Access Control Mechanisms in E-passports
Keep Out of My Passport: Access Control Mechanisms in E-passports Ivo Pooters June 15, 2008 Abstract Nowadays, over 40 different countries issue biometric passports to increase security on there borders.
More informationLightweight Cryptography. Lappeenranta University of Technology
Lightweight Cryptography Dr Pekka Jäppinen Lappeenranta University of Technology Outline Background What is lightweight Metrics Chip area Performance Implementation tradeoffs Current situation Conclusions
More informationEPCglobal RFID standards & regulations. Henri Barthel OECD Paris, 5 October 2005
EPCglobal RFID standards & regulations Henri Barthel OECD Paris, 5 October 2005 Roots of EPCglobal Auto ID Center (launched in 1999) Six world-class academia Labs: MIT (US), Cambridge (UK), Adelaide (Australia),
More informationA Survey of RFID Authentication Protocols Based on Hash-Chain Method
Third 2008 International Conference on Convergence and Hybrid Information Technology A Survey of RFID Authentication Protocols Based on Hash-Chain Method Irfan Syamsuddin a, Tharam Dillon b, Elizabeth
More informationEvangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08
Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Network Security Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 2 Collaboration with Frank Akujobi
More informationA Secure RFID Ticket System For Public Transport
A Secure RFID Ticket System For Public Transport Kun Peng and Feng Bao Institute for Infocomm Research, Singapore Abstract. A secure RFID ticket system for public transport is proposed in this paper. It
More informationRFID Security and Privacy: Threats and Countermeasures
RFID Security and Privacy: Threats and Countermeasures Marco Spruit Wouter Wester Technical Report UU-CS- 2013-001 January 2013 Department of Information and Computing Sciences Utrecht University, Utrecht,
More informationSecurity and Privacy of RFID Systems. Claude Castelluccia
Security and Privacy of RFID Systems Claude Castelluccia What is RFID? Radio-Frequency Identification Tag Antenna Chip Holds a small amount of unique data a serial number or other unique attribute of the
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationAllwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security
Allwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security Technology Studies Leslie Center Rockefeller Center Tucker
More informationtags Figure D-1 Components of a Passive RFID System
Attachment D: RFID Technology Overview The following sections provide an overview to RFID technology, the applications in which they are currently used and other considerations of RFID technology as it
More informationRFID Security. Abstract
RFID Security Prof. Dr. Heiko Knospe, University of Applied Sciences Cologne, Faculty of Information, Media and Electrical Engineering, Betzdorfer Str. 2, D 50679 Köln, Germany. E-mail: heiko.knospe@fh-koeln.de
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationTowards the Internet of Things: An introduction to RFID technology
Towards the Internet of Things: An introduction to RFID technology Miguel L. Pardal and José Alves Marques Department of Computer Science and Engineering Instituto Superior Técnico, Technical University
More informationSecurity and Privacy in RFID
Security and Privacy in RFID Sirkka-Liisa Vehkaoja Oulu University of Applied Sciences, t8vesi00@students.oamk.fi Abstract Security and privacy in RFID and mobile RFID services and user-side communication
More information50 ways to break RFID privacy
50 ways to break RFID privacy Ton van Deursen 1 University of Luxembourg ton.vandeursen@uni.lu 1 Financial support received from the Fonds National de la Recherche (Luxembourg). RFID privacy 1 / 40 Outline
More informationSecurity by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA
Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the
More information4. Open issues in RFID security
4. Open issues in RFID security Lot of research efforts has been put on RFID security issues during recent years. A survey conducted by CapGemini showed that consumers see RFID more intrusive than several
More informationAttacking RFID Systems
2 Attacking RFID Systems Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda CONTENTS 2.1 Introduction...30 2.1.1 Background...30 2.1.2 Attack Objectives...30
More informationSecurity and Privacy in Intermodal Baggage Management With RFID
Security and Privacy in Intermodal Baggage Management With RFID Ricardo Carapeto Instituto Superior Técnico Universidade Técnica de Lisboa rcarapeto@gmail.com ABSTRACT In order to lower the costs associated
More informationSecurity and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags
Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags Seyed Mohammad Alavi 1, Karim Baghery 2 and Behzad Abdolmaleki 3 1 Imam Hossein Comprehensive University Tehran, Iran
More informationRFID Design Principles
RFID Design Principles Harvey Lehpamer ARTECH HOUSE BOSTON LONDON artechhouse.com Contents Introduction 2 2.1 2.1.1 2.1.2 2.1. 2.1.4 2.2 2.2.1 2.2.2 2. 2..1 2..2 2.4 2.4.1 2.4.2 2.5 2.5.1 2.5.2 Comparison
More informationa leap ahead in analog
EMV Contactless Payment Systems based on AS3911 Overview and System Simulations Giuliano Manzi, PhD Mannheim, May 23 25, 2012 CST EUROPEAN USER CONFERENCE 2012 a leap ahead in analog OUTLINE AS3911 OVERVIEW
More informationScalable RFID Security Protocols supporting Tag Ownership Transfer
Scalable RFID Security Protocols supporting Tag Ownership Transfer Boyeon Song a,1, Chris J. Mitchell a,1 a Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK
More informationProtecting the privacy of passive RFID tags
1 Protecting the privacy of passive RFID tags Email: Nimish Vartak, Anand Patwardhan, Anupam Joshi, Tim Finin, Paul Nagy* Department of Computer Science and Electrical Engineering University of Maryland,
More informationSecurity Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols
Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols Ehsan Vahedi, Rabab K. Ward and Ian F. Blake Department of Electrical and Computer Engineering The University of British
More informationASSET TRACKING USING RFID SRAVANI.P(07241A12A7) DEEPTHI.B(07241A1262) SRUTHI.B(07241A12A3)
ASSET TRACKING USING RFID BY SRAVANI.P(07241A12A7) DEEPTHI.B(07241A1262) SRUTHI.B(07241A12A3) OBJECTIVE Our main objective is to acquire an asset tracking system. This keeps track of all the assets you
More informationSATO RFID White Paper
SATO RFID White Paper Rev_0710 1 Overview This white paper describes the basic components of a Radio Frequency Identification (RFID) system and explores the technology, applications, and competitive advantages
More informationRFID privacy. Foundations of Secure e-commerce (bmevihim219) Dr. Levente Buttyán
Foundations of Secure e-commerce (bmevihim219) Dr. Levente Buttyán Associate Professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu,
More informationNEW TECHNOLOGY. Figure 1. Simplified view of data transfer in low-frequency passive RFID tags (the tag is enlarged for clarity).
RFID offers tantalizing benefits for supply chain management, inventory control, and many other applications. Find out whether your company could benefit. Ron Weinstein RFID: A Technical Overview and Its
More informationSECURITY IN LOW RESOURCE ENVIRONMENTS
SECURITY IN LOW RESOURCE ENVIRONMENTS SECURERF WHITE PAPER The discovery of a decades old technology is now promoted by many as the Next Big Thing. This discovery, Radio Frequency Identification (RFID),
More informationLocation-Aware and Safer Cards: Enhancing RFID Security and Privacy
Location-Aware and Safer Cards: Enhancing RFID Security and Privacy 1 K.Anudeep, 2 Mrs. T.V.Anantha Lakshmi 1 Student, 2 Assistant Professor ECE Department, SRM University, Kattankulathur-603203 1 anudeepnike@gmail.com,
More informationTowards a Lightweight, Secure, and Untraceable RFID Authentication Protocol
Georg-August-Universität Göttingen Faculty of Mathematics and Computer Science P H D T H E S I S Towards a Lightweight, Secure, and Untraceable RFID Authentication Protocol Dissertation for the award of
More informationEvolving Bar Codes. Y398 Internship. William Holmes
Evolving Bar Codes Y398 Internship By William Holmes Table of contents Introduction: What is RFID? Types of Tags: Advantages of Tags: RFID applications Conclusion: Introduction: Bar codes have evolved
More informationRFID Technology, Security Vulnerabilities, and Countermeasures
19 RFID Technology, Security Vulnerabilities, and Countermeasures Qinghan Xiao 1, Thomas Gibbons 2 and Hervé Lebrun 2 1 Defence Research and Development Canada Ottawa 2 Canadian Operational Support Command
More informationABSTRACT. Keyword: - RFID, unauthorized transaction, security. Vol-1 Issue-3 2015 1. INTRODUCTION 2. RFID SYSTEM. 1237 www.ijariie.
Survey on Enhancing Security for RFID Smart Cards Shilpa S. Badhiye 1 Prof.Rupali S. Khule 2 1 student, Electronics and telecommunication Department, MCOERC, Maharashtra, India 2 Professor, Electronics
More informationRadio Frequency Identification (RFID) Vs Barcodes
Radio Frequency Identification (RFID) Vs Barcodes Which one to choose? Which one is the better technology? Why choose one over the other? Answer: It really depends on the application, and what you want
More informationCloud RFID UHF Gen 2
Cloud RFID UHF Gen 2 Supply chain visibility In store stock management and security. - Stock take by RFID - Stock search - Reorder report, - Dynamic reorder, Security. Introduction The Adilam RFID system
More informationRFID Based Centralized Patient Monitoring System and Tracking (RPMST)
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. III (Mar-Apr. 2014), PP 08-15 RFID Based Centralized Patient Monitoring System and Tracking
More informationRFID Systems: A Survey on Security Threats and Proposed Solutions
RFID Systems: A Survey on Security Threats and Proposed Solutions Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda Computer Science Department, Carlos III
More informationCHAPTER 1 Introduction 1
Contents CHAPTER 1 Introduction 1 CHAPTER 2 Short-Range Communications Systems 3 2.1 Radio-Frequency Spectrum and Propagation 3 2.1.1 Theory of Electromagnetism and Maxwell s Equations 3 2.1.2 RF Propagation
More informationWHITE PAPER. ABCs of RFID
WHITE PAPER ABCs of RFID Understanding and using Radio Frequency Identification Basics - Part 1 B.Muthukumaran Chief Consultant Innovation & Leadership Gemini Communication Ltd #1, Dr.Ranga Road, 2nd Street,
More informationa GAO-05-551 GAO INFORMATON SECURITY Radio Frequency Identification Technology in the Federal Government Report to Congressional Requesters
GAO United States Government Accountability Office Report to Congressional Requesters May 2005 INFORMATON SECURITY Radio Frequency Identification Technology in the Federal Government a GAO-05-551 Accountability
More informationRFID in a nutshell. Colin Jervis, Director, Kinetic Consulting Ltd
Colin Jervis, Director, Kinetic Consulting Ltd Enthusiasts in healthcare fields suggest that one day a tiny RFID (or radio-frequency identification) tag implanted under your skin could transmit your NHS
More informationSecure Active RFID Tag System
Secure Active RFID Tag System Isamu Yamada 1, Shinichi Shiotsu 1, Akira Itasaki 2, Satoshi Inano 1, Kouichi Yasaki 2, and Masahiko Takenaka 2 1 Fujitsu Laboratories Ltd. 64 Nishiwaki, Ohkubo-cho, Akashi
More informationWireless Sensor Networks Chapter 14: Security in WSNs
Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks
More informationA. Background. In this Communication we can read:
On RFID The Next Step to THE INTERNET OF THINGS Information of the Presidency 2832nd Council meeting, Competitiveness (Internal Market, Industry and Research), Brussels, 22-23 November 2007 A. Background
More information