Presentation is loading. Please wait.

Presentation is loading. Please wait.

IWD2243 Wireless & Mobile Security

Published byCameron Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "IWD2243 Wireless & Mobile Security"— Presentation transcript:

1 IWD2243 Wireless & Mobile Security
Chapter 6 : Wireless Embedded System Security Prepared by : Zuraidy Adnan, FITM UNISEL

2 6.1 Introduction Radio Frequency Identification (RFID)
Radio transmission containing some type of identifying information. Cryptographically encoded challenges and response. Include Point of Sale (POS) Automated Vehicle Identification (AVI) Restrict access to building rooms within buildings Livestock identification Asset tracking Pet ownership identification Warehouse management and logistics and etc. Prepared by : Zuraidy Adnan, FITM UNISEL

3 6.2 RFID Security in General
RFID is being used in multiple areas where little or no consideration was given to security issues. Case : - Exxon Mobile Speedpass, RFID POS system Adi Shamir – monitor power level in RFID tags – can compromise SHA 1 algorithm in RFID Adi Shamir – common cell phone can conduct an attack in a given area. Wall mart begin use RFID in its supply chain Dept of Defense use RFID to improve data quality and management of inventories. Prepared by : Zuraidy Adnan, FITM UNISEL

4 6.3 RFID Radio Basics Radio – small piece of “electromagnetic spectrum” that covers all forms of radiation Radio frequency (RF) broken down to a number of band. US – RF handled by FCC Europe – RF mostly handled by ETSI RFID – most system utilize one of three general bands, LF (125 kHz to 134kHz), HF (13.56 MHz), and ultra HF (860 to 930 MHz). See figure 24.3 : Two different RFID tags and reader with integral antenna, page 621. Prepared by : Zuraidy Adnan, FITM UNISEL

5 6.4 RFID architecture Consist of a reader and tag (also known as a label or chip) Reader queries tag, obtain information, and then take action based on that info. Tag / label Transponders – Combination of transmitters & receivers. Transponders use in RFID is called tag/label/chip. RFID tag contain the following items : Encoding/decoding circuitry, Memory, Antenna, Power supply, Communication control. Active & Pasive tag See figure 24.4 : Passive & active tag processes, page 624 Prepared by : Zuraidy Adnan, FITM UNISEL

6 6.4 RFID architecture Consist of a reader and tag (also known as a label or chip) Reader queries tag, obtain information, and then take action based on that info. Tag / label Transponders – Combination of transmitters & receivers. Transponders use in RFID is called tag/label/chip. RFID tag contain the following items : Encoding/decoding circuitry, Memory, Antenna, Power supply, Communication control. Active & Pasive tag See figure 24.4 : Passive & active tag processes, page 624 Prepared by : Zuraidy Adnan, FITM UNISEL

7 6.4 RFID architecture Passive vs Active tag
Passive tag – no battery or power source, wait signal from a reader. Contains resonant circuit capable of absorbing power from the readers antenna. Obtaining power from reader device is done using an electromagnetic property known as Near Field. Antenna and reader must in close proximity to work. Active tag use battery as its own power source. No need Near Field functionalities. Longer distance. Semi-passive tag – have a battery but also using Near Field function to power the radio circuits. Prepared by : Zuraidy Adnan, FITM UNISEL

8 6.4 RFID architecture Reader Middleware
Can be called also as “interrogator” or “transceivers” Handheld unit – combination of reader and antenna Contains system interface such as RS232 serial port or Ethernet jack, cryptographic encoding and decoding circuitry, power supply or battery, communication control circuits. Middleware Software that manage the readers and data coming from the tags, and passes to the backend of the systems. Backend can be standard commercial database such as SQL, MySQL, Oracle, Postgres. Prepared by : Zuraidy Adnan, FITM UNISEL

9 6.5 Data communication (RFID)
Tag data Few bytes to several megabytes Depends on application and the individual tag Many proprietary formats, the latest standard Electronic Product Code (EPC) Replacement of Universal Product Code (UPC) See figure 24.5 : Typical UPC bar code, page 627. EPC – use GID-96 format. GID-96 has 96 bits (12 bytes) of data. 28 bit General Manager Number (identify organization), 24 bit object class (break down product into group), 36 bit serial number, 8 bit header. See figure 24.6 : Reader & Tag interaction, page 628. Prepared by : Zuraidy Adnan, FITM UNISEL

10 6.5 Data communication (RFID)
Tag data Few bytes to several megabytes Depends on application and the individual tag Many proprietary formats, the latest standard Electronic Product Code (EPC) Replacement of Universal Product Code (UPC) See figure 24.5 : Typical UPC bar code, page 627. EPC – use GID-96 format. GID-96 has 96 bits (12 bytes) of data. 28 bit General Manager Number (identify organization), 24 bit object class (break down product into group), 36 bit serial number, 8 bit header. See figure 24.6 : Reader & Tag interaction, page 628. Prepared by : Zuraidy Adnan, FITM UNISEL

11 6.5 Data communication (RFID)
Protocols See table 24.2 : RFID Tag protocol, page 629. Prepared by : Zuraidy Adnan, FITM UNISEL

12 6.6 Physical Form Factor (Tag Container)
Can be in any form desired to perform required function Design may be influenced by type of antenna. May be in form of standalone device, or integrated in other object such as car ignition key. Cards Many purposes, such as building access. See figure 24.7 & 24.8 : Fake credit card showing the RFID chip and antenna, A passive tag’s internal components, page 631. Key Fobs – Exxon Mobile SpeedPass Other form factors – E-ZPass (Toll collection system) See figure 24.9 : E-ZPass windshield-mounted tag, page 633. Prepared by : Zuraidy Adnan, FITM UNISEL

13 6.7 Threat and Target Identification
Target, can be entire systems, or a section of the overall systems. Organization can suffer tremendous loss. Eg. RFID tag was manipulated in POS, so that the price of an item RM200 was reduced to RM19.95, 90% loss for company. RF manipulation. Prevent the tag of an object from being detected by a reader. Wrap item in aluminum foil, or place it in metallic coated Mylar bag. Prepared by : Zuraidy Adnan, FITM UNISEL

14 6.7 Threat and Target Identification
Attack-over-the-air-interface Four type of attacks :- Spoofing, Insert, Replay, DOS attacks. Spoofing – Supply false info that looks valid and that the system accepts. Involve a fake domain name, IP add, or MAC. Eg. Broadcasting incorrect EPC number over the air when a valid number was expected. Insert – Insert system command where data is normally expected. Common in website, where malicious code was injected into a web based app. SQL injection. Can be applied in RFID situation, by having a tag carry a system command rather that valid data in its data storage area. Prepared by : Zuraidy Adnan, FITM UNISEL

15 6.7 Threat and Target Identification
Attack-over-the-air-interface Replay – RFID signal is intercepted and its data is recorded; this data is later transmitted to a reader where it is played back. DOS – known as flood attacks – signal is flooded with more data it can handle. RF jamming. Manipulating tag data RF dump, RF dump-PDA. Prepared by : Zuraidy Adnan, FITM UNISEL

16 6.7 Threat and Target Identification
Middleware Any point between reader and backend Eg. Exxon Mobile SpeedPass system. The weakest point – LAN. Replay and DOS attack can be done. Social engineering attack. Connection between data center and credit card centers can also be a point of attack. Prepared by : Zuraidy Adnan, FITM UNISEL

17 6.7 Threat and Target Identification
Backend “Where the money is” Blended attacks Combinations of all attacks. To ensure the attack success. Prepared by : Zuraidy Adnan, FITM UNISEL

18 6.8 Management of RFID security
Risk and vulnerability assessment Who, what, when, where, and How. Hardening the target, Tag, Middleware, Backend Read : Notes from underground. Risk management Validating all the equipments Tag, Middleware, Backend. Threat management. Confirming the integrity of the system Prepared by : Zuraidy Adnan, FITM UNISEL

Download ppt "IWD2243 Wireless & Mobile Security"

Similar presentations

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
TPS – UNIQUE HARDWARE (WWW.HOWSTUFFWORKS.COM) Option 1: Transaction Processing Systems.

TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.
Presentation on RFID and GPS

Presentation on RFID and GPS
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.

Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Topic 3: Sensor Networks and RFIDs Part 3 Instructor: Randall Berry Northwestern University MITP 491: Selected Topics.

Topic 3: Sensor Networks and RFIDs Part 3 Instructor: Randall Berry Northwestern University MITP 491: Selected Topics.
Presentation for CS 5910 – Network Security UCCS, Fall Semester 2010 Presented by Robin Kimzey & George Mudrak 1.

Presentation for CS 5910 – Network Security UCCS, Fall Semester 2010 Presented by Robin Kimzey & George Mudrak 1.
RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.

RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.

Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.
Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.
SMT Proprietary and Confidential

SMT Proprietary and Confidential
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
RFID Inventory System Shaun Duncan, Thomas Keaten, Auroop Roy.

RFID Inventory System Shaun Duncan, Thomas Keaten, Auroop Roy.
General Overview Application Uses –Real-Time Location Systems –Inventory Management –Pharmaceutical Tracking –Document Management.

General Overview Application Uses –Real-Time Location Systems –Inventory Management –Pharmaceutical Tracking –Document Management.
McGraw-Hill/Irwin © The McGraw-Hill Companies, All Rights Reserved BUSINESS PLUG-IN B21 Mobile Technology.

McGraw-Hill/Irwin © The McGraw-Hill Companies, All Rights Reserved BUSINESS PLUG-IN B21 Mobile Technology.
Radio Frequency Identification (RFID) Features and Functionality of RFID Including application specific ISO specifications Presented by: Chris Lavin Sarah.

Radio Frequency Identification (RFID) Features and Functionality of RFID Including application specific ISO specifications Presented by: Chris Lavin Sarah.
Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

Similar presentations

Ads by Google