Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 RFID Security Nicholas Alteen Computer Science Program Florida Gulf.

Published byCarol Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 RFID Security Nicholas Alteen Computer Science Program Florida Gulf."— Presentation transcript:

1 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 RFID Security Nicholas Alteen Computer Science Program Florida Gulf Coast University Mentor: Dr. Janusz Zalewski 28 April 2012

2 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 What is RFID? Small circuit boards containing data that can be accessed without Line of Sight: Passive (no power source); Active (dedicated power source).

3 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 What is a Security Threat? “A potential event that causes a system to respond in an unexpected or damaging way.” – Chaudhry Tampering with Data Information Disclosure Spoofing Identity Repudiation Denial of Service Elevation of Privilege

4 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Data Tempering “An attacker modifies, adds/deletes, or reorders data.” Tag killing is a serious threat to RFID security. Requires knowledge of the kill password. Commonly occurs during purchases. Information Disclosure “Information is exposed to unauthorized user.” Physical attacks are a threat to RFID systems. Aluminum wallets are an effective solution to prevent unauthorized access.

5 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Spoofing Identity “An attacker poses as an authorized user.” Protecting data using authorization passwords. Can we lock a tag to prevent it?

6 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Repudiation “An attacker denies an action and no proof exists to prove that the action was performed.” Blocking a valid user from performing a normal task within their authority. Locking a tag to prevent valid access.

7 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Denial of Service “Service is denied to valid and invalid users.” Common form of attack for web services. Rapid tag interrogations by an attacker block any valid attempts at reading tag data.

8 Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Elevation of Privilege “Occurs when an unprivileged user gains higher privilege in a system which they are authorized.” If retail companies drop UPC in favor of RFID, this poses a significant threat (Tag cloning). Employees potentially have too much privilege.

Download ppt "Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 RFID Security Nicholas Alteen Computer Science Program Florida Gulf."

Similar presentations

4 Information Security.

4 Information Security.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Using Your Knowledge – Security Threats

Using Your Knowledge – Security Threats
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Estimating Missing Parameters in a Distributed Real-Time System: Anti-Lock.

Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Estimating Missing Parameters in a Distributed Real-Time System: Anti-Lock.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Bayesian Belief Networks in Anomaly Detection, Fault Diagnosis & Failure.

Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Bayesian Belief Networks in Anomaly Detection, Fault Diagnosis & Failure.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
The Impact of Physical Security on Network Security

The Impact of Physical Security on Network Security
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Architecting secure software systems

Architecting secure software systems
1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.

1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.
Chapter 4.  Can technology alone provide the best security for your organization?

Chapter 4.  Can technology alone provide the best security for your organization?

Similar presentations

Ads by Google