rfid and ticketing application
play

RFID and ticketing application Who? C edric Lauradoux - PowerPoint PPT Presentation

Sep 15, 2022 •835 likes •1.2k views

RFID and ticketing application Who? C edric Lauradoux EPL/INGI/GSI When? January 22, 2009 Outline RFID primer Technology Information leakage Malicious tracability Denial of service Relay attacks Ticketing primer

  1. RFID and ticketing application Who? C´ edric Lauradoux EPL/INGI/GSI When? January 22, 2009

  2. Outline • RFID primer ◮ Technology ◮ Information leakage ◮ Malicious tracability ◮ Denial of service ◮ Relay attacks • Ticketing primer ◮ Problem ◮ Attacks • when RFID meet ticketing. . .

  3. Radio Frequency IDentification

  4. Radio Frequency IDentification The big Napoleon Distance Frequency meters 2.4Ghz 900Mhz 13.56Mhz centimeters 124Khz ISO 14443 EPC Gen 2 Norms Tamper resistance no yes ISO 15963 128 xor 0.20$ symmetric 0.80$ 1024 asymmetric Memory 3$ Crypto Cost

  5. Radio Frequency IDentification Identification Definition The result of an identification protocol is the identity claimed by the queried RFID tag. Bob the door Alice the tag Who are you ? Alice

  6. Radio Frequency IDentification Authentification Definition The result of an authentification protocol is the genuine identity of a(the) participant(s). Bob the door Alice the tag n 1 f ( k , n 1 , Id ) ( k , Id ) ( k , Id ) In brief: Authentification = Identity + Proof.

  7. Frequency band • 125–134 kHz (LF): Pet identification, livestock tracking. . . • 13.553–13.567 MHz (HF): Smartcards, libraries. . . • 860–960 MHz (UHF): Supply chain tracking. . . • 2.4000–2.4835 GHz (UHF): Highway toll, vehicle fleet. . .

  8. Norms lost in translation ?? ISO Identification protocols: 18046 17365 11785 17366 24710 18185 24721 15418 19762 19789 18000 15693 15459 17368 14443 10536 15963 17367 18047 11784 15961

  9. Radio Frequency IDentification Beijing Olympic Games First event of this scale to use RFID: (2 24 ) • 16 millions RFID tags used Tags usage: • ticket anti-counterfeiting system • food production and delivery monitoring • subway and hotels access control Next event, the Universal Exhibition (Shanghai 2010): (2 26 ) • 70 millions tickets

  10. Radio Frequency IDentification Beijing Olympic Games Tag technology: • 13.56 Mhz range 1-10cm; • ISO 14443B; • No cryptographic capabilities; • TMC products THR1064. Reader technology: • CPLD centric (reconfigurable); • Software Defined Radio; • PDA interface.

  11. Tag RF−interface Collision Interface Authen. ALU Memory

  12. RFID and security • Information leakage Okay, you got us. . . crypto what ? • Malicious tracability We don’t care ! • Relay attacks What the hell is that ? • Denial of service . . . . . . ?

  13. Malicious traceability Definition An adversary should not be able to track the tag holder: impossibility to correlate the tag interactions with the context of the usage. Bob the door Alice the tag n 1 ( k , Id ) f ( k , n 1 , Id ) ( k , Id ) n 1 f ( k , n 1 , Id ) n 1 f ( k , n 1 , Id ) Got you!

  14. Malicious traceability Tag architecture ALU Id RF−interface Collision Memory Interface RNG f k

  15. Malicious traceability

  16. Malicious traceability Data analysis in forensic t 1 , p 1 , Id 1 t 1 , p 2 , Id 1 F 2 n E E c 1 ∈ F 2 m , m ≤ n c 2 ∈ F 2 m , m ≤ n Choices for E : • plaintext, transposition differential analysis • adaptative compression ?? • strict avalanche criteria functions ?? • cryptography side-channel attacks

  17. Tonight word: Definition Anonymity – [. . . ] the term typically refers to a person, and often means that the personal identity, or personally identifiable information of that person is not known. More strictly, and in reference to an arbitrary element [. . . ], within a well-defined set (called the ”anonymity set”), ”anonymity” of that element refers to the property of that element of not being identifiable within this set. If it is not identifiable, then the element is said to be ”anonymous”. WIKIPEDIA Definition Anonymity – we don’t put your data into the database. STIB, RATP. . .

  18. Relay attacks Chess player problem 1. d4 1. d4 1. .. Cf6 1. .. Cf6 Rusé ce Jean−Pierre !

  19. Relay attacks in RFID. Bob the door Alice the tag n 1 f ( k , n 1 , Id ) ( k , Id ) ( k , Id ) Bob the door n 1 ( k , Id ) Alice the tag f ( k , n 1 , Id ) ( k , Id )

  20. Relay attacks Solution Round Trip Time ? ( n 1 ◦ t 1 ) F ( n 1 ◦ t 1 , k , Id ) Verification Problem • reception t 2 • σ ? • f − 1 ( n 1 ◦ t 1 , k , Id ) • BCET • ok if δ t < σ • WCET

  21. Relay attacks More headaches ! • Attacker model: ◮ freeze the time ◮ speed the time ◮ he is all-mighty ! • On tag solutions: ◮ don’t dream no clock ! ◮ any computation is a potential noise for the result.

  22. Relay attacks 3 types of attacks • Mafia fraud: the basic attack. • Distance fraud: the prover cheats by sending early answer. • Terrorism fraud: the prover colludes with the attacker without revealing its secret key. The solutions are the distance-bounding protocols.

  23. Denial of services DoS is important in a competition context: • RF Jammer: secure spread spectrum; • Collision Jammer: improved algorithms; • ElectroMagnetic Pulse: no possible solution. Almost unvoidable attacks: • Important to know your enemy; • Critical to know what can do your commpetitor to ternish your reputation; • Fun.

  24. Ticketing applications An access control problem

  25. Ticketing problem The players Designer of the system A few constraints: money, time... Collusion with the thief to increase profit The owner Don’t want to know any complex stuffs Responsible for the customers line The steward Hold the ticket (don’t expect anything else) Don’t like to wait (short line) The customer Smart: through time find always all the weaknesses Unlimited evilness Collusion with the owner The thief

  26. Ticketing problem The rules control check collusion check ?? collusion sell Specific attacks on ticketing systems: • Counterfeit one for many; • Pass-back a few for many; • Illegal multiple sales many for many; • Black market money for money.

  27. Counterfeit control sell 63 check 63 check 63 counterfeit 63

  28. Counterfeit: ticket like bills ? . . . or can we take advantage of money anti-counterfeiting system Paper anti-counterfeiting system: • special paper; • special ink; • holography; Hard to check !

  29. Pass-back t 1 t 2 t 3 t 4

  30. Pass-Back t 1 , t 2 , t 3 , t 4

  31. Pass-back t 1 t 2 t 3 t 4

  32. Pass-back

  33. Pass-back Coupon Disavantages: • one shot; • not resistant to collusion;

  34. Black market and illegal multiple sales I am not Santa Claus !

  35. RFID and ticketing I have a dream of an RFID ticketing solutions that is: • efficient; • secure; • cheap (no crypto on tag); • compatible; • simple (this is a dream); I am free to forget: • privacy; • relay; • other complex stuffs;

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
Mobile Ticketing for All Transit Agencies By Sam Daly Founder, Token Transit Presentation

Mobile Ticketing for All Transit Agencies By Sam Daly Founder, Token Transit Presentation

Mobile Ticketing for All Transit Agencies By Sam Daly Founder, Token Transit Presentation Overview 1- Why mobile ticketing 2- Mobile ticketing launch learnings 3- Case Studies from Reno, Humboldt County and Lincoln, NE Dispel a few questions

435 views • 30 slides
OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy

OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy

OVERVIEW AnniList is a powerful tracking application that uses RFID/NFC technology with an easy to operate platform, allowing you to track just about anything protocol and process related - No more paper checklists or notepads - Easy-to-use

787 views • 10 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp; Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID - From Farm to Fork Strengthening SME competitive advantage through RFID implementation RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by the EU as part of the Competitiveness and Innovation

356 views • 9 slides
RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen sented ed b by: Francis Brown Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew RFID badge

883 views • 50 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides
Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2

Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2

Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2 WELCOME Transportation 3 Introduction The final link in the RFID program is the receiving of the project onto the project site. The producer

508 views • 30 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code &amp; BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code &amp; BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code &amp; BLE based ed Hybri rid d Asset set Trac acking ing syst stem em Smart Sensing RFID Technology and Management Consultancy Every day, our work helps

579 views • 27 slides
RECLAIMING SECONDARY TICKETING AudienceNet / Music Ally research: 77% of the UK

RECLAIMING SECONDARY TICKETING AudienceNet / Music Ally research: 77% of the UK

RECLAIMING SECONDARY TICKETING AudienceNet / Music Ally research: 77% of the UK public say you should be able to resell a ticket. 58% say resale should be for the price of purchase. 1. RECLAIMING SECONDARY TICKETING The

511 views • 21 slides
Leading ticketing to open source A challenge for Calypso Calypso, an Open and Secure Contactless

Leading ticketing to open source A challenge for Calypso Calypso, an Open and Secure Contactless

Leading ticketing to open source A challenge for Calypso Calypso, an Open and Secure Contactless Ticketing Standard Calypso deployement 125 cities &amp; regions 25 countries 150 million transportation smart cards 490 000 readers Challenges

287 views • 16 slides
AIR TICKETING | SAFARIS | CAR RENTALS AGM AGM AGM SPECIAL SPECIAL SPECIAL LAKE MANYARA

AIR TICKETING | SAFARIS | CAR RENTALS AGM AGM AGM SPECIAL SPECIAL SPECIAL LAKE MANYARA

YOUR TRIP, OUR PRIDE JAMES MASERA Managing Director AIR TICKETING CAR RENTALS SAFARIS AIR TICKETING | SAFARIS | CAR RENTALS AGM AGM AGM SPECIAL SPECIAL SPECIAL LAKE MANYARA TARANGIRE ngorongoro crater The Lake Manyara National Park

387 views • 3 slides
Quantum Structures and Causation Brussels, 30 Nov.- 1 Dec. 2013 Karin Verelst CLEA, Vrije

Quantum Structures and Causation Brussels, 30 Nov.- 1 Dec. 2013 Karin Verelst CLEA, Vrije

Whither Quantum Structures? Quantum Structures and Causation Brussels, 30 Nov.- 1 Dec. 2013 Karin Verelst CLEA, Vrije Universiteit Brussel kverelst@vub.ac.be Summary What can quantum logic do for philosophy? What can cateogry theory do

528 views • 26 slides
Game theory for wireless networks static games; dynamic games; repeated games; strict and weak

Game theory for wireless networks static games; dynamic games; repeated games; strict and weak

Game theory for wireless networks static games; dynamic games; repeated games; strict and weak dominance; Nash equilibrium; Pareto optimality; Subgame perfection; Game theory for wireless networks Georg-August University Gttingen

777 views • 38 slides
Exact Expressions in Source and Channel Coding Problems Using Integral Representations Speaker:

Exact Expressions in Source and Channel Coding Problems Using Integral Representations Speaker:

Exact Expressions in Source and Channel Coding Problems Using Integral Representations Speaker: Igal Sason Joint Work with Neri Merhav EE Department, Technion - Israel Institute of Technology 2020 IEEE International Symposium on Information

1.53k views • 28 slides
Robust GPS-Based Timing for Phasor Measurement Units A Position-Information-Aided Vector Tracking

Robust GPS-Based Timing for Phasor Measurement Units A Position-Information-Aided Vector Tracking

ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 Robust GPS-Based Timing for Phasor Measurement Units A Position-Information-Aided Vector Tracking Approach NOVEMBER 12, 2014 DANIEL CHOU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN TRUSTWORTHY

366 views • 17 slides
Quantum Mechanics: mysteries and solutions ANGELO BASSI Department of Theoretical Physics,

Quantum Mechanics: mysteries and solutions ANGELO BASSI Department of Theoretical Physics,

Quantum Mechanics: mysteries and solutions ANGELO BASSI Department of Theoretical Physics, University of Trieste, Italy and INFN - Trieste Frascati, 4 August 2014 Angelo Bassi 1 Quantization of light: Plancks hypothesis (1900) All

404 views • 19 slides
Lecture 14: UML State Machines &amp; Software Quality Assurance 2017-07-10 Prof. Dr. Andreas

Lecture 14: UML State Machines &amp; Software Quality Assurance 2017-07-10 Prof. Dr. Andreas

Softwaretechnik / Software-Engineering Lecture 14: UML State Machines &amp; Software Quality Assurance 2017-07-10 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal Albert-Ludwigs-Universitt Freiburg, Germany 14 2017-07-10 main

1.01k views • 68 slides
Spacetime Trigonometry: a Cayley-Klein Geomety approach to Special and General Relativity Rob

Spacetime Trigonometry: a Cayley-Klein Geomety approach to Special and General Relativity Rob

Spacetime Trigonometry: a Cayley-Klein Geomety approach to Special and General Relativity Rob Salgado UW-La Crosse Dept. of Physics outline motivations the Cayley-Klein Geometries (various starting points) Relativity

755 views • 36 slides
Synthesis of Optimal Strategies Using H Y T ECH Patricia Bouyer 1 , Franck Cassez 2 , Emmanuel

Synthesis of Optimal Strategies Using H Y T ECH Patricia Bouyer 1 , Franck Cassez 2 , Emmanuel

Synthesis of Optimal Strategies Using H Y T ECH Patricia Bouyer 1 , Franck Cassez 2 , Emmanuel Fleury 3 &amp; Kim Guldstrand Larsen 3 1 LSV, ENS-Cachan, France 2 IRCCyN, Nantes, France 3 Comp. Science. Dept., Aalborg University, Danemark Games in

1.01k views • 82 slides

More recommend