privacy challenges in rfid
play

Privacy Challenges in RFID Gildas Avoine Information Security Group - PowerPoint PPT Presentation

Oct 09, 2023 •23 likes •343 views

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

  1. Privacy Challenges in RFID Gildas Avoine Information Security Group Universit´ e catholique de Louvain Belgium

  2. SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

  3. BACKGROUND ABOUT RFID Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

  4. Definitions Technical View Radio Frequency IDentification (RFID) consists in remotely retrieving datas (identifier and potentially additional datas) using devices called RFID tags. An RFID tag contain a microcircuit (chip) and an antenna to enable it to receive and respond to radio-frequency queries from an RFID reader/writer. An RFID tag can be a low-capability device e.g. for pet identification, but also a powerful contactless smartcard e.g. for biometric passports. Credit: Gildas Avoine Gildas Avoine Privacy Challenges in RFID 4

  5. Architecture T ag Reader T ag T ag T ag Back-end Reader System Gildas Avoine Privacy Challenges in RFID 5

  6. RFID Applications Basic Applications Supply chain tracking. ◦ Track boxes, palettes, etc. www.aeroid.co.uk Libraries. ◦ Improve book borrowing and inventories. www.rfid-library.com Pet identification. ◦ Replace tattoos by electronic ones. ◦ ISO11784, ISO11785. www.flickr.com Localisation. ◦ Children in amusement parks, Elderly people. ◦ Counting cattle. www.safetzone.com Gildas Avoine Privacy Challenges in RFID 6

  7. RFID Applications Evolved Applications Building access control. ◦ Eg. UCL, MIT. Credit: G. Avoine Automobile ignition key. Credit: G. Avoine ◦ Eg. TI DST, Keeloq. Public transportation. www.carthiefstoppers.com ◦ Eg. Brussels, Boston, Paris, ..., Thalys. Payment. ◦ Eg. Visa, Baja Beach Club. www.brusselnieuws.be Electronic documents. ◦ Eg. ePassports. Loyalty cards. blogs.e-rockford.com www.bajabeach.es Gildas Avoine Privacy Challenges in RFID 7

  8. Tag Characteristics power frequency UHF active HF communication meters LF dm passive cm UID 1 KB 40 KB storage no pwd 10 cents sym crypto EPC asym crypto 50 cents ISO14443 euros calculation ISO15693 cost standard Gildas Avoine Privacy Challenges in RFID 8

  9. Security Specificities Low capabilities. Wireless. Ubiquity. Fast authentication. Gildas Avoine Privacy Challenges in RFID 9

  10. Security Threats Classification Security. ◦ Impersonation. ◦ Denial of service. Privacy. ◦ Information leakage. ◦ Malicious traceability. Gildas Avoine Privacy Challenges in RFID 10

  11. Research fields about RFID Privacy http://www.avoine.net/rfid/ Privacy models. Untraceable (lightweight) protocols. Untraceable (scalable) protocols. Counterfeiting. Grouping Proof. Ownership transfer. Applications: ePassport, pacemakers, etc. Gildas Avoine Privacy Challenges in RFID 11

  12. PRIVACY: INFORMATION LEAKAGE Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

  13. Importance of Avoiding Traceability Other Technologies Differences between RFID and the other technologies eg. video, credit cards, GSM, Bluetooth. ◦ Tags cannot be switched-off. ◦ Passive tags answer without the agreement of their bearers. ◦ Easy to analyze the logs of the readers. ◦ Increasing of the communication range. ◦ Tags can be almost invisible. Gildas Avoine Privacy Challenges in RFID 13

  14. Importance of Avoiding Traceability Liberty Rights Organizations Even if you do not think that privacy is important, some people think so and they are rather influential (CASPIAN, FoeBud,...). Gildas Avoine Privacy Challenges in RFID 14

  15. European Commission Member States should ensure that operators (...) conduct an assessment of the implications of the application implementation for the protection of personal data and privacy, including whether the application could be used to monitor an individual. Because of its potential to be both ubiquitous and practically invisible, particular attention to privacy and data protection issues is required in the deployment of RFID. Consequently, privacy and information security features should be built into RFID applications before their widespread use (principle of security and privacy by design). [Viviane Reding, EC Recommendation, 12.5.2009] Gildas Avoine Privacy Challenges in RFID 15

  16. Importance of Avoiding Traceability Anne Cavioukan “Privacy and Security must be built in from the outset, at the design Stage”. [Privacy Guidelines for RFID Information Systems, 2006, Anne Cavioukan, Information and Privacy Commissioner of Ontario] Gildas Avoine Privacy Challenges in RFID 16

  17. Importance of Avoiding Traceability Palliative Solutions Kill-command (Eg.: EPC Gen 2 requires a 32-bit kill command.) Faraday cages. Blocker tags. Bill of Rights. www.idstronghold.com Removable antenna. ◦ US Patent 7283035 - RF data communications device with selectively removable antenna portion and method. Tag must be pressed (SmartCode Corp.). Gildas Avoine Privacy Challenges in RFID 17

  18. Classification Information meaningful by itself. Information meaningful with the database. Gildas Avoine Privacy Challenges in RFID 18

  19. Information Meaningful by Itself Typical Examples Information leakage appears when the data sent by the tag reveals information intrinsic to the marked object or the holder of the object. ◦ Tagged books in libraries. ◦ Tagged pharmaceutical products, as advocated be the US. Food and Drug Administration. ◦ E-documents (passports, ID cards, etc.). ◦ Loyalty cards, Public transportation passes. Gildas Avoine Privacy Challenges in RFID 19

  20. Information Meaningful by Itself Ari Juels’s Famous Picture Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Kapital and Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie Credit: Ari Juels Gildas Avoine Privacy Challenges in RFID 20

  21. Information Meaningful by Itself Public Transportation: MOBIB Card in Brussels MOBIB card (RFID) launched in Brussels in 2008. Before getting in a subway, bus or tram, customers are required to show up their MOBIB card in front of a validator. MOBIB is Calypso technology. MOBIB cards are rather powerful RFID tags that embed cryptographic mechanisms to avoid impersonation or cloning. Personal data are stored in the clear in the card: name, birthdate, zipcode. Information about 3 last validations: date, time, bus line, bus stop, subway station, ... Gildas Avoine Privacy Challenges in RFID 21

  22. Information Meaningful with a Database Ari Juels’s Famous Picture 41126751 93479122 54872164 55542390 09840921 Credit: Inspired by Ari Juels Gildas Avoine Privacy Challenges in RFID 22

  23. Information Meaningful with a Database ABIEC Information Leakage Gildas Avoine Privacy Challenges in RFID 23

  24. PRIVACY: MALICIOUS TRACEABILITY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

  25. Privacy: Malicious Traceability Informal Definition An adversary should not be able to track a tag holder, ie. he should not be able to link two interactions tag/reader. Eg. tracking of employees by the boss, tracking of children in an amusement park, tracking of military troops, etc. Gildas Avoine Privacy Challenges in RFID 25

  26. Privacy: Malicious Traceability Tracking through the Layers The main concepts of cryptography, i.e. confidentiality, integrity, and authentication, are treated without any practical considerations. If one of these properties is theoretically ensured, it remains ensured in practice whatever the layer we choose to implement the protocol. Privacy needs to be ensured at each layer: All efforts to prevent traceability in the application layer may be useless if no care is taken at the lower layers. Gildas Avoine Privacy Challenges in RFID 26

  27. Privacy: Malicious Traceability Traceability Through the Layers Application Layer Authentication / Identification. Collision-avoidance. Communication Layer Radio fingerprints. Diversity of standards. Physical Layer Gildas Avoine Privacy Challenges in RFID 27

  28. Privacy: Malicious Traceability Application Layer Reader (list of keys) Tag (key k ) r − − − − − − − − − − − − − − − → ID , E k ( r , r ′ ) ← − − − − − − − − − − − − − − − This protocol is not privacy-friendly because the ID is revealed. CR protocols avoiding malicious traceability do not scale well. ◦ Authenticating one tag requires O ( n ) operations. Gildas Avoine Privacy Challenges in RFID 28

  29. Privacy: Malicious Traceability Summary In the physical layer. ◦ Hard to avoid malicious traceability, but tracking one tag is far from being easy in practice. In the communication layer. ◦ Malicious traceability is usually do-able in practice. ◦ Can be avoided if a cryptographically-secure PRNG is used. In the application layer. ◦ Malicious traceability can be avoided but challenge-response protocols do not scale well. Gildas Avoine Privacy Challenges in RFID 29

  30. IS PRIVACY A RESEARCH CHALLENGE? Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland http://www.inf.ethz.ch/~langhein/ joint work with Chris Floerkemeier and Roland Schneider The Ubicomp Vision DIMACS WUPSS The most profound technologies are

177 views • 17 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

934 views • 64 slides
29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity is on Marc Langheinrich Institute for Pervasive Computing a par with nuclear weapons. Dr. Katherine Albrecht Katherine Albrecht,

315 views • 4 slides
A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010 Outline Introduction. Model of RFID Systems. Adaptive Completeness and Mutual Authentication. zk-Privacy: Formulation, Clarifications

456 views • 35 slides
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest Mike Szydlo MIT CSAIL RSA Laboratories RSA Laboratories What is a R adio- F requency Id entification (RFID) tag? In terms of appearance Chip

678 views • 26 slides
Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of Information Systems y Singapore Management University 2010/12/6 1 Introduction RFID tags are low-cost electronic devices, from which

547 views • 17 slides
Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

T Labs Usability Colloquium June 25, 2007 Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland C.A.S.P.I.A.N. Consumers against supermarket privacy invasions and

451 views • 25 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on RFID Technology Concepts, Applications, Challenges in the Eleventh International Conference on Enterprise Information Systems 6 10 May

552 views • 37 slides
Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Simone Fischer-Hbner Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues (LBS, RFID,...) IV. European Privacy Legislation/ Directives I. Definition Warren & Brandeis 1890 The right to

694 views • 30 slides
Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c

Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c

Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c {ton.vandeursen, sasa.radomirovic}@uni.lu University of Luxembourg Financial support received from the Fonds National de la Recherche (Luxembourg) Ton van Deursen

144 views • 12 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information Security Theory and Practices 1 4 September 2009, Brussels, Belgium Summary A brief reminder about RFID. Description of the threats, state of

880 views • 41 slides
18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon

18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon

18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon University Peking University, Summer 2016 1 Peter A. Steenkiste, CMU What is RFID ? Radio Frequency IDentification (RFID) is a method of remotely

572 views • 11 slides
Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

Soutenance Publique de Th` ese de Doctorat Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL, Lausanne, Switzerland COLE POLYTECHNIQUE December 12, 2005 www.avoine.net FDRALE DE LAUSANNE

753 views • 40 slides
TOEIC speaking and writingstructure Fri Thu 26 Sep 2019 12:24:26 PM CST

TOEIC speaking and writingstructure Fri Thu 26 Sep 2019 12:24:26 PM CST

TOEIC speaking and writingstructure Fri Thu 26 Sep 2019 12:24:26 PM CST http://github.com/drbean/curriculum/master/speaking TOEIC speaking and writingstructure Fri Thu 26 Sep 2019 12:24:26 PM CST

543 views • 38 slides
End-to-end arguments: End-to-end arguments: The Internet and beyond The Internet and beyond

End-to-end arguments: End-to-end arguments: The Internet and beyond The Internet and beyond

End-to-end arguments: End-to-end arguments: The Internet and beyond The Internet and beyond David P. Reed David P. Reed dpreed@reed.com dpreed@reed.com USENIX Security '10 USENIX Security '10 13 August 2010 13 August 2010 Agenda Agenda

708 views • 32 slides
Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

PhD Private Defense, November 23rd, 2005 Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL, Lausanne, Switzerland COLE POLYTECHNIQUE FDRALE DE LAUSANNE Presentation Outline Fair Exchange

602 views • 46 slides
Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei Wang, Dong Jiang, Lijun Chen 01 Background 02 System design 03 Evaluation 04 Conclusion What is RFID? 01 Background RFID System Antenna

567 views • 34 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M. Valls, C. Roig, F. Gin e and J.M. Miret Escola Polit` ecnica Superior. Universitat de Lleida. { santi,magda,roig,sisco,miret } @eps.udl.es

417 views • 12 slides

More recommend