Presentation is loading. Please wait.

Presentation is loading. Please wait.

RFID Security and Privacy. RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things.

Similar presentations


Presentation on theme: "RFID Security and Privacy. RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things."— Presentation transcript:

1 RFID Security and Privacy

2 RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things

3 Most basic use: replacement of barcode wireless readout no alignment required passive tag - reader provides power through EM field tag contains only ID, no processor very cheap database of tag IDs and their meaning DB T-shirt ## FEEBDAED ##

4 Peggy Yorkshire Terrier Owner: J. Smith Peggy Yorkshire Terrier Owner: J. Smith Phone: …

5

6 What is needed for this? Small identifying tag –can be placed in an animal / object –very cheap –most basic form: almost no logic Contactless readout –reading device provides electromagnetic field –tag gets power from EM field –tag causes time-dependent impedance changes

7 At the other end of the spectrum: wireless smartcards processor optional: battery active transmitter, not just passive impedance ROM memory -keys -software RAM memory flash / EEPROM -sensitive data supports read & write operations password protection crypto

8 RFID vs. Traditional smart cards Similar: data on an electronic device Different: power supply and data exchange without galvanic contacts Different: limited power on the card side

9 Active tagsPassive tags PowerBatterySupplied by the reader Availability of power ContinuousOnly in field of reader Range~100mup to 3-5m, usually less Price>10 euroless than 10 cents Memory1-2Mb0.5-2Kb Size> 2cm*2cm> 0.05mm*0.05mm (without antenna) Active vs passive

10 Some examples Shanghai public transportation card Passports Dutch library reader’s pass Animal identification Stock identification Car keys Toll payment

11 Key holderClockPlastic card Nails Small boxLabelPlastic pinRoll of smart labels toys toys connected to PC

12 Is this an active or a passive tag?

13 Implications for security… No money/power for –public key crypto -tamper resistance / detection -tamper-resistant clock Multiple readers and millions of tags –tag collision, reader collision anti-collision protocols –synchronisation –lots of different keys Non-contact and non-line-of-sight –hard to physically impede the communication

14 Implications for privacy Internet Of Things will make this even worse

15

16 Implanting RFID in humans? Advantageous for –cancer patients undergoing chemotherapy; –people with pacemakers or other medical implants; –cognitive impairment due to epilepsy, diabetes, or Alzheimer’s disease; –emergency (allergy)… Your favourite drink at the bar?!

17 2004: The attorney general of Mexico and 18 of his staff had chips implanted to allow them to gain access to certain high-security areas. 2006: President of Colombia agreed to require Colombian citizens to be implanted with RFID chips before they could gain entry into the US for seasonal work. 2008: UK jails considering RFID implants for prisoners : OV Chipkaart security issues in the Netherlands. Security of car locks, wireless payment, etc Impact on society

18 Things that can go wrong (1) Illicit tracking of RFID tags

19 Things that can go wrong (2) Skimming (obtain secrets by eavesdropping)

20 Things that can go wrong (3) Tag cloning

21 Things that can go wrong (4) Cross contamination

22 Things that can go wrong (5) Tag killing

23 Things that can go wrong (6) Tags captured and secret info extracted (invasive and side channel attacks)

24 Things that can go wrong (7) Jamming Can also be selective

25 The Pandora's box of RFID Ethical issues Privacy Tracking Skimming Tag cloning Cross-contamination Tag killing Invasive attacks Jamming

26 Questions ?

27 Some sources… areas/rfid-privacy-and-security.htm And the “usual suspects”: –http://www.Wikipedia.org/http://www.Wikipedia.org/ –http://scholar.google.com/http://scholar.google.com/

28 Suggested topics: choose three sub-topics Applications: banknotes e-Passports anti-counterfeiting public transport car keys Protocols HB + EC-RAC EMAP distance bounding... other protocols Various kinds of attacks & countermeasures Mifare hack RFID viruses / malware Cloning... other attacks Privacy enhancement (universal) re-encryption blocker tag formal privacy verification Crypto on RFID tags PUFs elliptic curves random number generators... other crypto


Download ppt "RFID Security and Privacy. RFID Radio Frequency IDentification Warning: "RFID tag" can mean a lot of things."

Similar presentations


Ads by Google