Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy in Library RFID Attacks and Proposals David Molnar David Wagner {dmolnar,

Published byBruno Johnston Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy in Library RFID Attacks and Proposals David Molnar David Wagner {dmolnar,"— Presentation transcript:

1 Privacy in Library RFID Attacks and Proposals David Molnar David Wagner {dmolnar, daw}@eecs.berkeley.edu

2 Privacy in Libraries Must protect what patrons are reading Library only source of info for many FBI Library Awareness Program –1973-1988, official policy to monitor “suspicious” persons’ reading habits –Library privacy laws passed as backlash –Even with PATRIOT act, need court order Privacy adversaries not limited to FBI –Marketers, Scientologists, pick your favorite…

3 RFID & Library Overview RFID = Radio Frequency IDentification One RFID tag per book Each RFID tag has ``bar code” ID number –Unique to each book, may identify library Exit gates read RFID for anti-theft 13.56MHz passive RFID –ISO 15693, Checkpoint, TAGSYS C220 –Read range depends on antenna size Deployed in Oakland, Santa Clara, 130+

4

5 Pictures courtesy Santa Clara City Library

6 Privacy and Ubiquitous Readers Read range not whole privacy story Even full in-view readers can be problem –Scan at airport security, events, etc. –Like metal detectors now –Not clear what read or how used Readers easy to camouflage –RFID reader looks like store anti-theft gate

7

8 Library RFID Architecture Library database No authentication between reader and tag Database maps bar code  (title, status) Bar code

9 Attack: Book Scanning Can scan me and tell what I am reading? No reader – tag authentication Anyone can read tag data Most deployments data limited to bar code –Some vendors suggest more Need library database In CA, database protected by law –Varies by state

10 Attack: Hotlisting and Profiling Hotlisting  is book on special list? Hotlisting is real – FBI and almanacs Profiling – bar code prefix identifies library –Is library in predominantly minority area? Bar code never changes so hotlisting easy Walk into library, read bar code See the book again, recognize book Does not need library database

11 Attack: Book Tracking Bar code never changes Can link different sightings Track book movement –Spatial movement –Combine w/video for person-to-person “This person checked out same book as terrorist” Does not need library database

12 “Security Bit” Denial of Service RFID used for anti-theft Some vendors store “security bit” on tag –Security bit = checked out/not checked out –Bit re-written each checkout ISO 15693 tags have “write, then lock” –No way to unlock data, no password on lock Adversary can lock security bit data page Can’t change security bit  tag useless

13 Collision Avoidance and Privacy Collision avoidance protocols identify tag Example: ISO 15693 mandates MFR ID Read passwords,changing ID,etc. don’t help Privacy requires attention to all layers Mask Does mask match MFR ID? Respond if yes

14 RFID Limitations RFID powered only when near reader –No precomputation, no caching RFID have few gates (< 5,000 for security) Randomness difficult on RFID “Cryptography” extremely hard on RFID –Best we can do is a few XOR Future generation tags focus on price, not on security features

15 Problem: Private Authentication Reader does not know tag ID Authentication must preserve privacy Privacy and authentication in tension

16 Solving Private Authentication We have an efficient solution Example parameters: –10^6 tags –Tag stores 192 bits –Tag sends 168 bits total –Only 4 XOR operations for tag –4096 XORs for reader –Adversary needs 2^60 work to break –All parameters can be traded off

17 Summary Library RFID is here now All today’s technology has privacy flaws Privacy is achievable efficiently Work still ongoing

18 Acknowledgements Many, many people to thank! In no particular order: Peter Warfield, Karen Duffy (Santa Clara City Library), Karen Saunders (Santa Clara City Library), Susan Hildreth (San Francisco Public Library), Al Skinner (Checkpoint), Paul Simon (Checkpoint),Doug Karp(Checkpoint), Rebekah E. Anderson (3M), Jackie Griffin(Berkeley Public Library), Elena Engel (BPL), Alicia Abramson(BPL)Lee Tien (Electronic Frontier Foundation), Dan Moniz (EFF), Laura Quliter (Boalt Hall School of Law, UC- Berkeley), Jennifer Urban(Boalt), Nathaniel Good (SIMS), Samuelson Technology and PolicyLaw Clinic at Boalt Hall School of Law, Elizabeth Miles (Boalt),John Han (SIMS), Ross Stapleton-Gray, Eric Ipsen, Oleg Boyarsky(Library Automation/FlashScan), Laura Smart (Library RFIDWeblog/Cal State Pomona), Craig K. Harmon (ISO 18000 committee),Justin Chen (SVCWireless RFID SIG), Steve Halliday(ISO 18000 committee), Zulfikar Ramzan (NTT DoCoMo), Craig Gentry (NTTDoCoMo), Hoeteck Wee, Matt Piotrowski, Jayanth Kumar Kannan, Kris Hildrum, David Schultz, and Rupert Scammell(RSA Security).

19 Questions?

Download ppt "Privacy in Library RFID Attacks and Proposals David Molnar David Wagner {dmolnar,"

Similar presentations

RFID and the UK Book Trade Brian Green BIC / EDItEUR.

RFID and the UK Book Trade Brian Green BIC / EDItEUR.
Vehicle Access Management System Smart Parking System.

Vehicle Access Management System Smart Parking System.
RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
Asmt. 10: ID chips in product Pro RFID chips in product Group 3. Team A Ivan Augustino Andres Crucitti.

Asmt. 10: ID chips in product Pro RFID chips in product Group 3. Team A Ivan Augustino Andres Crucitti.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
RFID Cardinality Estimation with Blocker Tags

RFID Cardinality Estimation with Blocker Tags
RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg 9.12.2005.

RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
RFID Cow Jewelry – or – Revolution Travis Sparks

RFID Cow Jewelry – or – Revolution Travis Sparks
RFID passports How does is work? Step by step By: Einav Mimram.

RFID passports How does is work? Step by step By: Einav Mimram.
上海交通大学 自动化系 FROZEN FOOD Case : Cool-Chain of RFID.

上海交通大学 自动化系 FROZEN FOOD Case : Cool-Chain of RFID.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Radio Frequency Identification (RFID) Features and Functionality of RFID Including application specific ISO specifications Presented by: Chris Lavin Sarah.

Radio Frequency Identification (RFID) Features and Functionality of RFID Including application specific ISO specifications Presented by: Chris Lavin Sarah.
RFID: Radio Frequency Identification (It’s not just a security system) By Carmin Langford LIS 515.

RFID: Radio Frequency Identification (It’s not just a security system) By Carmin Langford LIS 515.

Similar presentations

Ads by Google