Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anuradha Jambunathan – Computer Security Seminar BIT WS 06/07

Published byElaine Bradford Modified over 5 years ago

Similar presentations

Presentation on theme: "Anuradha Jambunathan – Computer Security Seminar BIT WS 06/07"— Presentation transcript:

1 Anuradha Jambunathan – 276786 Computer Security Seminar BIT WS 06/07
Sneaking RFID Anuradha Jambunathan – Computer Security Seminar BIT WS 06/07 11/21/2018 Sneaking RFID-Anuradha J

2 Sneaking RFID-Anuradha J
Agenda What is RFID? RFID vs Barcode RFID System Architecture Uses of RFID Systems RFID Threats & Attacks Protection Against Attacks Conclusion 11/21/2018 Sneaking RFID-Anuradha J

3 Sneaking RFID-Anuradha J
What is RFID ? Acronym for Radio Frequency Identification. Automatic Identification Procedure RFID uses radio waves to automatically identify people or other objects. Useful for tracking the associated object. 11/21/2018 Sneaking RFID-Anuradha J

4 Sneaking RFID-Anuradha J
RFID Vs BARCODE Technology Used RFID - Radio Technology BARCODE - Optical Technology Line of Sight Reading RFID - Doesn’t Require Line of Sight – Pass through Barriers BARCODE – Requires Line of Sight reading Efficiency RFID - Multiple tags read simultaneously BARCODE - One at a Time 11/21/2018 Sneaking RFID-Anuradha J

5 Sneaking RFID-Anuradha J
RFID Vs BARCODE Storage RFID Large amount of Storage Ability to Read and Write BARCODE Only be Read Cost RFID is expensive compared to BARCODE 11/21/2018 Sneaking RFID-Anuradha J

6 RFID System Architecture
11/21/2018 Sneaking RFID-Anuradha J

7 Sneaking RFID-Anuradha J
RFID Components RFID Tag or Transponder Actual data carrying device of an RFID system. Combination of Transmitter and Responder Types of RFID Tags Passive Tag Active Tag 11/21/2018 Sneaking RFID-Anuradha J

8 Sneaking RFID-Anuradha J
RFID Components Passive RFID Tag Do not have Internal Battery Power Short Range Communications Read Only Tags Active RFID Tag Have Own Internal Battery Long Range Communications Read/Write Tags 11/21/2018 Sneaking RFID-Anuradha J

9 Sneaking RFID-Anuradha J
RFID Components RFID Reader Antenna, Transceiver and Decoder Sends Signals to Query Tag data Read or Read/Write the tags RFID Middleware Data processing Connects to Backend Database 11/21/2018 Sneaking RFID-Anuradha J

10 Common Uses of RFID Systems
Hospitals Track Patient Location Track Expensive & Critical equipments Pet identification Animal Identification Purpose Control Rabies – Portugal Gov Retail stores Monitor & Control Inventory Supply Chain Management 11/21/2018 Sneaking RFID-Anuradha J

11 Common Uses of RFID Systems
Traffic Monitoring Roadside RFID readers to collect signals Passports The first RFID passports were issued by Malaysia in 1998 Records the travel history of entries and exists Human implants 11/21/2018 Sneaking RFID-Anuradha J

12 Sneaking RFID-Anuradha J
RFID Threats Sniffing -- Skimming of digital passports Spoofing -- SQL injection, Buffer Overflow attacks Denial of Service -- e.g.. Hospital applications 11/21/2018 Sneaking RFID-Anuradha J

13 Sneaking RFID-Anuradha J
RFID Threats Replay Attacks -- Man in the Middle Attack -- e.g. Passport Readers Unwanted Tracking -- Tracking without the Knowledge 11/21/2018 Sneaking RFID-Anuradha J

14 Sneaking RFID-Anuradha J
Real World Scenarios In Retail Stores Attacker purchase product that has RFID tag attached Writes a virus in Blank RFID Tag Attaches the Virus Tag to the product Whole Product database system is infected 11/21/2018 Sneaking RFID-Anuradha J

15 Sneaking RFID-Anuradha J
Real World Scenarios In Pet Pet with RFID Tag attached Writes a virus in Pet RFID Tag Asks for Pet Scan Database system is infected Newly-tagged animals also infected 11/21/2018 Sneaking RFID-Anuradha J

16 Sneaking RFID-Anuradha J
Real World Scenarios In Airport Baggage system Baggage handling Systems with RFID tags Easier to read at greater distances Virus Tag attached to baggage Whole Database system is infected E.g. Smugglers or terrorists to hide their baggage 11/21/2018 Sneaking RFID-Anuradha J

17 Sneaking RFID-Anuradha J
RFID Passports Advantages Avoid human errors by immigration officials Efficiency of processing passenger data Safeguard against counterfeit passports Problems Skimming Eavesdropping 11/21/2018 Sneaking RFID-Anuradha J

18 Problems with RFID Systems
Lots of Source Code RFID tags – Power constraint RFID middleware – Millions of Code Software Bugs Generic Protocols and Facilities RFID middleware on existing internet architecture Internet attacks 11/21/2018 Sneaking RFID-Anuradha J

19 Problems with RFID Systems
Back-End Databases Data Collection Centre – Core Part Critical part of the RFID system Databases have their own unique attacks High-Value Data Extremely confidential Data Eg. Data on e-passports Harms tagged real-world objects False Sense of Security 11/21/2018 Sneaking RFID-Anuradha J

20 Sneaking RFID-Anuradha J
RFID-Based Exploits RFID tags directly exploits back-end RFID Middleware Manipulation of less than 1K bits of on-tag RFID data can exploit security holes in RFID middleware RFID Middleware attacks requires more cleverness than resources  11/21/2018 Sneaking RFID-Anuradha J

21 Sneaking RFID-Anuradha J
RFID Attacks The Main types of RFID Exploits : SQL Injection Attack Buffer Overflow Attack Code Insertion Attack 11/21/2018 Sneaking RFID-Anuradha J

22 Sneaking RFID-Anuradha J
SQL Injection Attack “A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information” RFID tag written with a virus, can attack the backend database used by the RFID middleware It may be possible to trigger the database into executing SQL code that is stored on the tag. This process is referred to as SQL injection 11/21/2018 Sneaking RFID-Anuradha J

23 Sneaking RFID-Anuradha J
SQL Injection Attack Once a virus, worm, or other malware has entered the database, subsequent tags written from the database may be infected and the problem may spread. Example: Airport Baggage System Attack Which uses the RFID tag attached to the baggage 11/21/2018 Sneaking RFID-Anuradha J

24 Sneaking RFID-Anuradha J
SQL Injection Attack Suppose the airport middleware has a template for queries "Look up the next flight to <x>" where <x> is the airport code written on the tag when the bag was checked in. The middleware then builds a query from the fetched data. Suppose the bag has a bogus tag with data "LHR; shutdown“ 11/21/2018 Sneaking RFID-Anuradha J

25 Sneaking RFID-Anuradha J
SQL Injection Attack Incorrectly filtered escape characters “This form of SQL injection attack takes place when the user input data is not properly filtered for escape characters and is directly passed on into the SQL query” Example: Stmt: = “SELECT * FROM users WHERE name = “’+ username + ’”;” The Above SQL Stmt can cause problems in Authentication systems 11/21/2018 Sneaking RFID-Anuradha J

26 Buffer Overflow Attack
“A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer.” Results Writing extra information or executable code on adjacent memory locations. The overwritten data may include other buffers, variables and program flow data. 11/21/2018 Sneaking RFID-Anuradha J

27 Buffer Overflow - Causes
Improper use of languages such as C or C++ that are considered to be non memory-safe. Functions without bounds checking like strcpy, strlen, gets etc Functions with null termination problems like strncpy, strncat etc User- created functions with pointer bugs 11/21/2018 Sneaking RFID-Anuradha J

28 Buffer Overflow Attack - Example
Attacker entering intentionally longer data than actually allocated in the Buffer Example in RFID system Suppose an application uses 128-byte tags Attacker tries to use a 512-byte fake tag or an even larger one  Buffer Overflow Attack 11/21/2018 Sneaking RFID-Anuradha J

29 Exploitations of Buffer Overflow
Classified as : Stack - Based exploitation Heap - Based exploitation 11/21/2018 Sneaking RFID-Anuradha J

30 Exploitations of Buffer Overflow
Stack - Based exploitation Manipulate the program by overwriting a local variable or Return address on the stack Heap - Based exploitation Generally do not contain return addresses such as the stack Overwrite internal structures such as linked list and pointers 11/21/2018 Sneaking RFID-Anuradha J

31 Sneaking RFID-Anuradha J
Code Insertion Attack Malicious code injected into an application by an attacker, using any of scripting languages like VBScript, JavaScript, Perl etc Special Characters in Input data like < > . ' % ; ) ( & + - Inserting malicious URLs 11/21/2018 Sneaking RFID-Anuradha J

32 Protect against RFID Attacks
Code review Rigorous Code Review of Middleware Code Bounds checking Proper bounds checking either by programmer or compiler Right choice of programming language This Prevents against buffer Overflow attacks 11/21/2018 Sneaking RFID-Anuradha J

33 Protect against RFID Attacks
Parameter binding Use Stored procedures Bound parameters using the PREPARE statement are not treated as a value Prevents against SQL Injection Attack Sanitize the input Use built-in data sanitizing available functions Limit Database Permissions Offer limited rights Tables should be made read-only or inaccessible The execution of multiple SQL statements in a single query. 11/21/2018 Sneaking RFID-Anuradha J

34 Conclusion We have Discussed RFID in General RFID Attacks
Prevention solutions “Talking barcodes that change our lives” BBC NEWS 11/21/2018 Sneaking RFID-Anuradha J

35 Sneaking RFID-Anuradha J
Danke Schön 11/21/2018 Sneaking RFID-Anuradha J

Download ppt "Anuradha Jambunathan – Computer Security Seminar BIT WS 06/07"

Similar presentations

Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.

Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Radio-Frequency Identification (RFID) Andrew Bowdle MD, PhD Professor of Anesthesiology and Pharmaceutics Chief of the Division of Cardiothoracic Anesthesiology.

Radio-Frequency Identification (RFID) Andrew Bowdle MD, PhD Professor of Anesthesiology and Pharmaceutics Chief of the Division of Cardiothoracic Anesthesiology.
TrackIT Solutions FZLLC

TrackIT Solutions FZLLC
RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.

RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.
Developing RFID Application In Supply Chain

Developing RFID Application In Supply Chain
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

Similar presentations

Ads by Google