nfc rfid security
play

NFC (RFID) Security Prof. Gildas Avoine Universit e catholique de - PowerPoint PPT Presentation

Mar 01, 2023 •165 likes •370 views

NFC (RFID) Security Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY Technological Background Security Threats Examples Conclusion TECHNOLOGICAL BACKGROUND Technological Background

  1. NFC (RFID) Security Prof. Gildas Avoine Universit´ e catholique de Louvain, Belgium Information Security Group

  2. SUMMARY Technological Background Security Threats Examples Conclusion

  3. TECHNOLOGICAL BACKGROUND Technological Background Security Threats Examples Conclusion

  4. Definition and Architecture Definition (RFID (Recommandation U.E. 2009)) [RFID] means the use of electromagnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or other data stored on it. Gildas Avoine NFC (RFID) Security 4/19

  5. Near Field Communication Extension of several RFID proximity communication standards [ISO14443]. Additional Features [ISO18092], [ISO21481] ◦ Peer-to-Peer connections between two (active) devices. ◦ Emulation of (passive) RFID tags. (Initiator / Target). ◦ NFC Data Echange Format. Gildas Avoine NFC (RFID) Security 5/19

  6. Basic RFID Supply chain tracking. ◦ Track boxes, palettes, etc. www.aeroid.co.uk Libraries. ◦ Improve book borrowing and inventories. www.rfid-library.com Pet identification. ◦ Replace tattoos by electronic ones. ◦ ISO11784, ISO11785. www.flickr.com Localisation. ◦ Children in amusement parks, Elderly people. ◦ Counting cattle. www.safetzone.com Gildas Avoine NFC (RFID) Security 6/19

  7. Evolved RFID and NFC Building access control. ◦ Eg. UCL, MIT. Credit: G. Avoine Automobile ignition key. Credit: G. Avoine ◦ Eg. TI DST, Keeloq. Public transportation. www.carthiefstoppers.com ◦ Eg. Brussels, Boston, Paris, ..., Thalys. Payment. ◦ Eg. Visa, Baja Beach Club. www.brusselnieuws.be Electronic documents. ◦ Eg. ePassports. Loyalty cards. blogs.e-rockford.com Gildas Avoine NFC (RFID) Security 7/19

  8. Tag Characteristics power frequency UHF active HF communication meters LF dm passive cm UID 1 KB 40 KB storage no pwd 10 cents sym crypto EPC asym crypto 50 cents ISO14443 euros calculation ISO15693 cost Logistics standard Access control Gildas Avoine NFC (RFID) Security 8/19

  9. SECURITY THREATS Technological Background Security Threats Examples Conclusion

  10. Security Threats Adversary’s objectives 41126751 Wig model #4456 (cheap polyester) 93479122 Replacement hip medical part #459382 Das Kapital and Communist-party 54872164 handbook 500 Euros in wallet 55542390 Serial numbers: 597387,389473… 09840921 30 items of lingerie Credit: Ari Juels Credit: Inspired by Ari Juels Gildas Avoine NFC (RFID) Security 10/19

  11. RFID/NFC Specificities Low capabilities. ◦ Calculation, Memory, Bandwidth, Asymmetry. Wireless. ◦ Easy to skim and eavesdrop. Ubiquity. ◦ Answer without holder’s agreement or awareness. Fast authentication. ◦ On-the-fly authentication. Gildas Avoine NFC (RFID) Security 11/19

  12. EXAMPLES Technological Background Security Threats Examples Conclusion

  13. Example 1: Impersonation Mifare Classic, NXP Semiconductors, 1995. Access control, public transportation, payment (wallet), ... Broken in 2008. Gildas Avoine NFC (RFID) Security 13/19

  14. Example 2: Relay Attacks Verbatim messages are relayed. Cannot be avoided with cryptographic means. Attacks are doable by a scriptkiddies (NFC). No satisfactory solution yet. Gildas Avoine NFC (RFID) Security 14/19

  15. Example 3: Information Leakage from the Card Public Transportation. Last validations in the card not protected. Quite limited anonymity. Gildas Avoine NFC (RFID) Security 15/19

  16. Example 3: Information Leakage from the Database Pet Identification. Database is public in some countries. Problem not only related to NFC/RFID, but amplified. Logphilia. Gildas Avoine NFC (RFID) Security 16/19

  17. CONCLUSION Technological Background Security Threats Examples Conclusion

  18. From Manufacturers to Users Gildas Avoine NFC (RFID) Security 18/19

  19. Conclusion “Because of its potential to be both ubiquitous and practically invisible, particular attention to privacy and data protection issues is required in the deployment of RFID. Consequently, privacy and information security features should be built into RFID applications before their widespread use (principle of security and privacy-bydesign)”. (European Commission Recommendation of 12.5.2009) Gildas Avoine NFC (RFID) Security 19/19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

934 views • 64 slides
A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI & Security A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006 RFIDSec06 July 13-14, 2006, Graz, Austria

232 views • 21 slides
Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen

Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen

Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen 1 Goals of today What are smartcards and RFID tags? what can they do? what security can they provide? and what are the limits here?

1.17k views • 80 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information Security Theory and Practices 1 4 September 2009, Brussels, Belgium Summary A brief reminder about RFID. Description of the threats, state of

880 views • 41 slides
RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

Ecole Internationale de Printemps Syst` emes R epartis : METIS2008 RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and Engineering RFID Security gildas.avoine@uclouvain.be Introduction Outline

1.28k views • 95 slides
Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
Persistent Security for RFID Mike Burmester and Breno de Medeiros Computer Science Department

Persistent Security for RFID Mike Burmester and Breno de Medeiros Computer Science Department

Persistent Security for RFID Mike Burmester and Breno de Medeiros Computer Science Department Florida State University Tallahassee, FL 32306 { burmeste,breno } cs.fsu.edu Abstract. Low-cost RFID tags are being deployed to support smart

513 views • 12 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on RFID Technology Concepts, Applications, Challenges in the Eleventh International Conference on Enterprise Information Systems 6 10 May

552 views • 37 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos

An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI & Security An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos Workshop on RFID Security 2010 07. - 09.06.2010,

1.12k views • 17 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown & Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at

RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at

RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at http://sites.uclouvain.be/security/publications.html Lecturer Presentation Lecturer Presentation: University Prof. Gildas Avoine. Universit

1.12k views • 90 slides
on hardware modules 17 September 2014, jug.ch Pance Cavkovski & Aleksandar Nikov About the

on hardware modules 17 September 2014, jug.ch Pance Cavkovski & Aleksandar Nikov About the

Hands on Java8 and RaspberryPi Hacking the RaspberryPi with Java8, JavaFX8 and add- on hardware modules 17 September 2014, jug.ch Pance Cavkovski & Aleksandar Nikov About the speakers Pance Cavkovski pance.cavkovski@netcetera.com

851 views • 43 slides
MANAGEMENT MICHAEL SCHULTZ, T. KUNZE, H. FRICKE, J. MUND TU DRESDEN J. LPEZ LEONS, C.

MANAGEMENT MICHAEL SCHULTZ, T. KUNZE, H. FRICKE, J. MUND TU DRESDEN J. LPEZ LEONS, C.

SESAR Innovation Days - 2012, Braunschweig UNCERTAINTY HANDLING AND TRAJECTORY SYNCHRONIZATION FOR THE AUTOMATED ARRIVAL MANAGEMENT MICHAEL SCHULTZ, T. KUNZE, H. FRICKE, J. MUND TU DRESDEN J. LPEZ LEONS, C. GRABOW, J. DE PRINS BOEING

993 views • 19 slides
An Incremental Correction Algorithm for XML Documents and Single Type Tree Grammars Martin

An Incremental Correction Algorithm for XML Documents and Single Type Tree Grammars Martin

An Incremental Correction Algorithm for XML Documents and Single Type Tree Grammars Martin Svoboda, Irena Mlnkov XML and Web Engineering Research Group Charles University in Prague The Czech Republic 24 April 2012 NDT 2012 Dubai, United

339 views • 18 slides
The TAPENADE AD Tool Laurent Hasco et, Val erie Pascual, Rose-Marie Greborio

The TAPENADE AD Tool Laurent Hasco et, Val erie Pascual, Rose-Marie Greborio

The TAPENADE AD Tool Laurent Hasco et, Val erie Pascual, Rose-Marie Greborio Laurent.Hascoet@sophia.inria.fr Tropics Project, INRIA Sophia-Antipolis AD Workshop, Cranfield, June 5-6, 2003 1 PLAN: AD: principles of Tangent and Reverse

644 views • 38 slides
Supporting Service I nteraction in the Real W orld Gregor Broll, Sven Siorpaes, Enrico Rukzio,

Supporting Service I nteraction in the Real W orld Gregor Broll, Sven Siorpaes, Enrico Rukzio,

Supporting Service I nteraction in the Real W orld Gregor Broll, Sven Siorpaes, Enrico Rukzio, Albrecht Schm idt (Media Informatics Group, University of Munich, Germany) Massim o Paolucci, John Ham ard, Matthias W agner (NTT DoCoMo Euro-Labs,

282 views • 13 slides
Android For Game Developoers Ove verview Limited APIs Window Management Input

Android For Game Developoers Ove verview Limited APIs Window Management Input

Android For Game Developoers Ove verview Limited APIs Window Management Input File I/O Audio Graphics Define a e an n Android A App pplication Activities Services Content providers Intents

305 views • 9 slides
Practical white-box topics design and attacks part 1 Joppe W. Bos White-Box Cryptography and

Practical white-box topics design and attacks part 1 Joppe W. Bos White-Box Cryptography and

Practical white-box topics design and attacks part 1 Joppe W. Bos White-Box Cryptography and Obfuscation August 14, 2016, Santa-Barbara, California, USA 1. What to White-Box? Comply with current Standardized standards / protocols

651 views • 35 slides
NFC AND THE VEHICLE. TESTING THE LINUX NFC STACK. BMW Car IT GmbH NEARD FIELD COMMUNICATION.

NFC AND THE VEHICLE. TESTING THE LINUX NFC STACK. BMW Car IT GmbH NEARD FIELD COMMUNICATION.

Timo Mller NFC AND THE VEHICLE. TESTING THE LINUX NFC STACK. BMW Car IT GmbH NEARD FIELD COMMUNICATION. WHAT IS IT? Easy connections, quick transactions, and simple data sharing. NFC-Forum.org Fast connection setup Contactless

252 views • 21 slides

More recommend