RFID Privacy and Authentication: An Overview - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

RFID Privacy and Authentication: An Overview

Description:

of lingerie. Replacement hip. medical part #459382. The privacy problem. Bad readers, good tags ... An EPC tag is just a (wireless) barcode! Where EPC tags fall short ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 13
Provided by: acq6
Category:

less

Transcript and Presenter's Notes

Title: RFID Privacy and Authentication: An Overview


1
RFID Privacy and Authentication An Overview
www.DoDRFIDsummit.com
  • Ari Juels
  • RSA Laboratories

2
RFID underpins essential infrastructure
3
The privacy problem
Bad readers, good tags
Mr. Jones in 2020
4
The authentication problem
Good readers, bad tags
Mr. Jones in 2020
Replacement hip medical part 459382
Payment Token
5
Where EPC tags fall short
  • No explicit anti-counterfeiting features
  • An EPC tag is just a (wireless) barcode!

6
Where EPC tags fall short
  • No explicit anti-counterfeiting features
  • An EPC tag is just a (wireless) barcode!

7
Where EPC tags fall short
  • No explicit anti-counterfeiting features
  • An EPC tag is just a (wireless) barcode!

8
Why tag authentication matters
Okinawa, Japan
Kansas, USA
Supply-chain views are often fragmented so tag
authenticity can be important!
9
EPC tags and privacy
  • One true, explicit privacy feature Kill
  • Dead tags dont tell tales, but
  • they dont confer post-sale benefits on consumers
  • they dont work in supply chains where
    privacy security (e.g., military)
  • Read-locking (soon to be introduced) can help
    somewhat with privacy and authentication

10
Wont encryption solve our problems?
  • We can do
  • Challenge-response for authentication
  • Mutual authentication and/or encryption for
    privacy

Side-channel countermeasures
  • But
  • Moores Law vs. pricing pressure
  • Basic cryptography may not be enough because of
    problems of key management

11
The key-management problem
Kansas, USA
Okinawa, Japan
  • The key poses transport problems
  • It must be tag-specific
  • It must be highly available
  • It must be secured at all times
  • Like managing 10,000,000,000 passwords!

12
Conclusions
  • RFID is creating infrastructure with critical
    security problems
  • Security/privacy are not optional
  • Security is expensive as an afterthought
  • Todays Internet phishing, pharming, spam, etc
  • Todays choices will determine tomorrows RFID
    security
  • Standards bodies must draw on right expertise
    (recall 802.11)
  • System- and supply-chain- fragmentation are
    defining features of security landscape
  • Policy solutions are hard because of multiplicity
    of stakeholders, e.g., privacy
  • Encryption is not a cure-all (nor it is always
    the right choice)
  • Security and privacy are enablers
    They create conditions to
    unlock the potential of RFID
Write a Comment
User Comments (0)
About PowerShow.com