Implementing high-level Counterfeit Security using RFID and PKI

Similar documents

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

What is a Smart Card?

Implementation of biometrics, issues to be solved

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Fighting product clones through digital signatures

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

Preventing fraud in epassports and eids

Secure web transactions system

50 ways to break RFID privacy

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

PUF Physical Unclonable Functions

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

RFID Security: Threats, solutions and open challenges

Adobe Digital Signatures in Adobe Acrobat X Pro

Strengthen RFID Tags Security Using New Data Structure

Network Authentication X Secure the Edge of the Network - Technical White Paper

Research Article. Research of network payment system based on multi-factor authentication

RFID Penetration Tests when the truth is stranger than fiction

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Security Policy Revision Date: 23 April 2009

A Secure RFID Ticket System For Public Transport

Using Contactless Smart Cards for Secure Applications

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs

Measurement and Analysis Introduction of ISO7816 (Smart Card)

SSL A discussion of the Secure Socket Layer

IBM Client Security Solutions. Client Security User's Guide

Hacking the NFC credit cards for fun and debit ;) Renaud Lifchitz BT Hackito Ergo Sum 2012 April 12,13,14 Paris, France

Gemalto Mifare 1K Datasheet

Security and Privacy Issues of Wireless Technologies

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

What Do We Really Mean By Security for RFID

Smart Card Technology Capabilities

eid Security Frank Cornelis Architect eid fedict All rights reserved

Using etoken for Securing s Using Outlook and Outlook Express

Privacy and Security in library RFID Issues, Practices and Architecture

New Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Longmai Mobile PKI Solution

Using RFID Technology to Stop Counterfeiting

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft

A KIND OF IMPLEMENT ABOUT MOBILE SIGNATURE SERVICE BASED ON MOBILE TELEPHONE TERMINAL

Authentication in WLAN

Introduction to Cryptography

Design And Implementation Of Bank Locker Security System Based On Fingerprint Sensing Circuit And RFID Reader

ZEBRA CUSTOM LAMINATE QUOTE REQUEST FORM Custom Laminate Quick Reference Guide: Added Security to Meet Your Needs

Intelligent Fleet Management System Using Active RFID

Fingerprint Based Biometric Attendance System

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

SBClient SSL. Ehab AbuShmais

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

Localization System for Roulette and other Table Games

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda

Lecture II : Communication Security Services

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

RF ID Security and Privacy

Smart Cards a(s) Safety Critical Systems

Introducing etoken. What is etoken?

Table: Security Services (X.800)

SECURITY OF PASSIVE ACCESS VEHICLE ANSAF IBRAHEM ALRABADY DISSERTATION. Submitted to the Graduate School. of Wayne State University, Detroit, Michigan

Certificate Authorities and Public Keys. How they work and 10+ ways to hack them.

Certified Information Systems Auditor (CISA)

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

SECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

Understanding Digital Signature And Public Key Infrastructure

A. Background. In this Communication we can read:

W.A.R.N. Passive Biometric ID Card Solution

EPC C-1 G-2 / ISO C RFID IC

Smart Card Authentication. Administrator's Guide

Digital Signatures on iqmis User Access Request Form

User s Guide. Security Operations Ver. 1.02

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Chip Card & Security ICs Mifare NRG SLE 66R35

RFID Security and Privacy. Simson L. Garfinkel, Ph.D. Center for Research on Computation and Society Harvard University October 5, 2005

Protected Cash Withdrawal in Atm Using Mobile Phone

White Paper. Enhancing Website Security with Algorithm Agility

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

Securing Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015

An Overview of RFID Security and Privacy threats

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

How To Understand The Power Of An Freddi Tag (Rfid) System

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

Snow Agent System Pilot Deployment version

International Journal of Engineering Research & Management Technology

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Military Usage of Passive RFID 1

How To Create A Digital Signature And Sign A Document With Adobe Reader XI

E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption

Transcription:

Implementing high-level using RFID and PKI Drugs as example products RFID SysTech 2007 June, 13 Andreas Wallstabe, Hartmut Pohl

Technologies RFID, PKI Anti-ing Implementation, Review und

Suspected damage: Damage estimation of counterfeit drugs drugs of 35 billion $ US in 2005 Company (financial) Anti- Consumer (health) Harmful ingredients (below 0%) 100% 0% Active substance concentration in comparison to the original

security Validation of an supposed identity by special features Anti- The counterfeiting effort must be worth more than the feasible benefit and profit of the counterfeiter secure Benefit/Profit: Financial Authority, Respect Damage against other There is no 100% security

Anti- security rating Authentication effort, Anti-counterfeit level high micro color particle, micro text, UV light isotopes consistency, spectrum, DNA low print, holography, water mark overt covert forensic Kind of anti counterfeit feature

RFID Radio Frequency Identification Anti- Physical security Static analysis: Dummy-Structures / Memory usage / Protection layers / Scrambling Dynamic analysis: Passive monitoring / Voltage monitoring/ Frequency monitoring / Different kinds of memory Software security Test routines for hard- and software/ Checksums/ Encapsulating / Deactivation / General processes

RFID Radio Frequency Identification aspects + considered: Transponder, Data transmission to the reader device Anti- not considered: Reader device, System development, Production, Application, Social aspects

PKI Public Key Infrastructure Public Key Infrastructure public verifiable (for everybody) Asymmetric encryption Anti- Digital signature Like a signature by hand (Germany 2001) Enables reliability Authentication

security Anti- Available technologies TI and VeriSign Patent product security system Using transponder as memory Easy to clone Intelligent combination Storing the signature on the transponder Transponder becomes an intelligent part of the system Transponder is able to authenticate itself

security rating of the combination Attacks: Communication/ Key/ Algorithm /Physically Anti- Resistance of RSA (has to be verified continuously)

Microcontroller ATAM893 4-Bit, 4-KByte ROM, Current consumption 20μA Anti- Transponderinterface U3280M Contact less communication, Power supply Connection of components Adapter, Antenna, Capacitor, Starter-Kit T4xCx92

Transponder Components Anti-

Software qforth and MARC 4 are stack oriented Anti- 4-Bit Microcontroller, no libraries for multiplication with overflow, Modulo, Encryption Rare resources, proper signature generation RSA algorithm for a 8-Bit signature / key realized Program sequence Receiving challenge / Signature generation (RSA) / Send response

Use Case Example Anti- Transponder with RSA algorithm and private key is attached to a drug The public key is distributed in a public directory Drug is sold in a pharmacy store Customer can proof identity (authentication) on a terminal or at home with the help of the public key Check is possible for everybody without knowing any password OK!

Rating Authentication effort, Anti-counterfeit level high isotopes consistency, spectrum, DNA Anti- micro color particle, micro text, UV light low print, holography, water mark overt covert forensic Kind of anti counterfeit feature

RFID security level 6 Process ( level: 1=low / 6=high) Public Key Infrastructure, digital signature Anti- 5 4 3 Encrypted communication Encrypted stored information: program and data Password protected ID Authentication 2 1 ID: Object Name Service (ONS) Unique Identification (UID) Identification

RFID security level 6 Process ( level: 1=low / 6=high) Public Key Infrastructure, digital signature Anti- 5 4 3 Encrypted communication Encrypted stored information: program Passive and data Password protected ID Management Management Authentication 2 1 ID: Object Name Service (ONS) Unique Identification (UID) Cloning Identification

Conclusion Anti- New kind of method Low price per item Resources available (max. 128 / 256 Bit) Flexible check for every user possible Supplier/ POS/ Drugstore High security level (The allocation is one to one) Implementation within the next 5-10 years

Anti- Thank you for attention Andreas Wallstabe Hartmut Pohl andreas.wallstabe(at)smail.inf.fh-bonn-rhein-sieg.de hartmut.pohl(at)fh-bonn-rhein-sieg.de