Presentation on theme: "Emerging Threats, RF-ID and eCrime issues. Pascal Chauvaud 28/06/2006."— Presentation transcript:
Emerging Threats, RF-ID and eCrime issues. Pascal Chauvaud 28/06/2006
2 titre du document/date/confidentiel/auteur Existing telecommunications networks have been secure so far. Fixed Networks have been safe for many years. Mobile networks deployment was quite challenging but so far GSM and new 3G mobile phones have been really safe compared to computer world. Premium rate attacks or extensive use of subscription have been the most efficient attacks Networks are reliable and did not suffer of many successful denial of services attacks or disruptions
3 titre du document/date/confidentiel/auteur Why is it safer than the internet? Security a main concern since the beginning of GSM standardization Reliable physical address for fixed phones Reliable subscription address and information in the SIM cards Use of SIM and SIM Toolkit for most of the dangerous applications such like downloading parameters secured SMSs.
4 titre du document/date/confidentiel/auteur Security is of paramount importance for telecommunications -Important for the consumer confidence to keep as high as possible the security level of mobile networks (and any telecommunication networks) -Establish more trust in internet communications -Reliability of IP based communications needs to get improved. -New security mechanisms are standardised (ETSI, ITU-T, 3GPP, OMA, etc..) and needs to be used.
5 titre du document/date/confidentiel/auteur New Trends / Threats VOIP Voip communication are more and more widely used leading to new security concerns - Denial of service and disruption more likely. - Lawful interception more complicated and expansive. - etc… New services requiring security : egovernments services : more and more deployed and used in all european countries. All attacks already existing on the PC world may spread out on all telecommunications networks and services.
6 titre du document/date/confidentiel/auteur New trends / Threats Fixed/mobile convergence : Bimode phones WIFI/2G(3G), Wimax… Mobile phones more and more open to the internet and to usual threats of internet : Masquerading, Spamming, Viruses Organised crimes and misbehaviour Threatening, Blackmailing, etc All these new threats are incorporated in the changes in the threat list of the report.
7 titre du document/date/confidentiel/auteur RFID overview Radio frequency identification is a very promising technology offering the same services as very cheap contactless cards. One killer application for passive tags : stock and inventory control. Other applications : Nightclub access control in barcelona… Numerous potential applications requiring security and more sophisticated tags : - counterfeiting (genuineness of pharmaceuticals or high value plane/car parts), food chain control, coin/notes. Most of those services have strong privacy issues and impact on SMEs markets.
8 titre du document/date/confidentiel/auteur RFID security Tiny and cheap devices compared to strong cryptography costs. Strong cryptography is usually expansive in terms of storage and computations. Cheap solutions are needed for RFID. Implementation of secret key algorithms (AES based) are already quite expansive. Most of public key algorithms such as RSA are not possible. Some other algorithms have to be analysed and/or standardized. A subclause dedicated to RFID has been added to the report
9 titre du document/date/confidentiel/auteur RFID standardization today Passive tags : EPC global platform, Ubiquitious… Active tags : Lots of research papers and activities on the subject but no real standardisation. The deployment of passive tags is already there. Active tags and therefore secure services based on tags would gain from standardization progress.
10 titre du document/date/confidentiel/auteur E-CRIME Important problem since many crimes are much easier due to the "anonymous" side of internet. (proofs are difficult) International police cooperation has always been complicated and slow due to different legislation in each country. Unfortunately internet is very fast and without (almost) any borders. Therefore, there is a strong need for cooperation between all actors on an international level. For this report, a new section will be added.