Nitesh Saxena - PowerPoint PPT Presentation

1 / 46
About This Presentation
Title:

Nitesh Saxena

Description:

Nitesh Saxena Computer and Information Sciences University of Alabama at Birmingham Security and Privacy In Emerging Systems (SPIES) group http://spies.cis.uab.edu – PowerPoint PPT presentation

Number of Views:255
Avg rating:3.0/5.0
Slides: 47
Provided by: sax97
Category:
Tags: nitesh | saxena | weka

less

Transcript and Presenter's Notes

Title: Nitesh Saxena


1
  • Nitesh Saxena
  • Computer and Information Sciences
  • University of Alabama at Birmingham
  • Security and Privacy In Emerging Systems (SPIES)
    group
  • http//spies.cis.uab.edu
  • Center for Information Assurance and Joint
    Forensics Research (CIAJFR)
  • http//thecenter.uab.edu/

2
Outline
  • Background
  • What NFC is
  • NFC Applications
  • What all one could do with it
  • NFC Attacks/Fraud
  • What all can go wrong
  • NFC Defenses
  • How things could be fixed

3
Outline
  • Background
  • What NFC is
  • NFC Applications
  • What all one could do with it
  • NFC Attacks/Fraud
  • What all can go wrong
  • NFC Defenses
  • How things could be fixed

4
RFID System Overview
An RFID system usually consists of RFID tags and
readers and a back-end server. Tags are
miniaturized wireless radio devices that
store information about their corresponding
subject, such as a unique identification number.
Readers broadcast queries to tags in their
radio transmission ranges for information
contained in tags and tags reply with such
information.
reading signal
back-end database
ID
Reader
Tag
5
  • (Some) RFID Applications

6
Near Field Communication (NFC)
  • NFC technology enables smart phones to have RFID
    tag and RFID reader functionality
  • Phones can be used as payment tokens
  • Next generation of payment system
  • For example, Google Wallet App uses this function
  • Already deployed in many places
  • Just like RFID, it uses wireless radio
    communication

7
Outline
  • Background
  • What NFC is
  • NFC Applications
  • What all one could do with it
  • NFC Attacks/Fraud
  • What all can go wrong
  • NFC Defenses
  • How things could be fixed

8
NFC Applications
  • Google Wallet
  • ISIS

9
Google Wallet Vision
10
NFC Applications
  • Patient Id
  • Mobile Ticket Purchase Austrian Federal Railways

11
NFC Applications
  • NFC Tags
  • Sharing

12
Other Applications
  • Interactive Experience
  • NFC at Museum of London
  • Posters / Replacement to QR Codes
  • Productivity (Phone Use Cases)
  • Automatic Pairing with Bluetooth
  • Connect to Wifi
  • Make a Call/Text to a number
  • Change settings automatically
  • Check ins / Locations / Other social activity
  • Open Apps
  • SleepTrak (health monitoring)
  • many many more

13
Outline
  • Background
  • What NFC is
  • NFC Applications
  • What all one could do with it
  • NFC Attacks/Fraud
  • What all can go wrong
  • NFC Defenses
  • How things could be fixed

14
The RFID Privacy Problem
  • Good tags, Bad readers

15
NFC Privacy Problem
  • Should you worry?
  • NFC is near field (one has to tap to read!)
  • Yes, unfortunately
  • Researchers have shown that it is possible to
    eavesdrop NFC signals from a distance larger than
    its typical communication range
  • Kortvedt-MjĂžlsnes 2009

16
The NFC Privacy Problem
  • Good tags, Bad readers

17
The RFID Cloning Problem
  • Good readers, Bad tags

Counterfeit!!
18
The NFC Cloning Problem
  • Good readers, Bad tags

19
Relay Attack I Ghost-and-Leech
response
query
query
query
response
response
20
Relay Attack II Ghost-and-Reader
Server
Variant of a Man-in-the-Middle attack
Drimer et al., 2007 demonstrated live on
Chip-and-PIN cards
Malicious Reader
Authentic Reader
Ghost
21
Reader and Ghost Relay Attack
  • Fake reader relays information from legitimate
    NFC tag to Ghost
  • relays information from the legitimate tag to
    fake tag
  • Ghost relays received information to a
    corresponding legitimate reader
  • Happens simultaneously while user performs
    transaction with legitimate NFC tag
  • But for a higher amount
  • Impersonating a legitimate NFC tag without
    actually possessing the device.
  • While at a different physical location

22
NFC Malware Problem
Youtube video http//www.youtube.com/watch?featu
replayer_detailpageveEcz0XszEic
23
Outline
  • Background
  • What NFC is
  • NFC Applications
  • What all one could do with it
  • NFC Attacks/Fraud
  • What all can go wrong
  • NFC Defenses
  • How things could be fixed

24
The NFC Privacy Problem
  • Good tags, Bad readers

25
The NFC Cloning Problem
  • Good readers, Bad tags

26
Relay Attack I Ghost-and-Leech
response
query
query
query
response
response
27
Selective Unlocking
  • Promiscuous reading is to blame
  • Currently, NFC supports selective unlocking via
    PIN/passwords
  • Works in practice but passwords are known to have
    problems especially in terms of usability
  • Our approach gesture-enabled unlocking

28
Relay Attack II Ghost-and-Reader
Server
Variant of a Man-in-the-Middle attack
Drimer et al., 2007
Malicious Reader
Authentic Reader
Ghost
29
Authentication is not Enough
  • Alices device must authenticate the whole
    transaction
  • So Alices phone knows that the reader charges
    250
  • But Alice doesnt
  • The big screen on the malicious reader says 5
  • Even if phone displays the correct amount, Alice
    may not look at it
  • Or make a mistake due to rushing

30
Our Approach Proximity Detection
  • A second line of defense
  • rather than relying upon the user
  • Verify phone and reader are in same location
  • Each device measures local data with sensor
  • We use ambient audio
  • Send authenticated data to server
  • Server checks that the data is the same in both
    measurements
  • Or at least similar enough
  • Then approves the transaction

31
Advantages of our Approach
  • Does not require explicit user action
  • Does not change traditional NFC usage model
  • Extremely difficult for attacker to change
    environnemental attributes
  • Geographical location not sent to server
  • users location privacy is protected (unlike the
    use of GPS coordinates)
  • Compatible with current payment infrastructure

32
Implementation and Evaluation
  • Sensor data collected by two devices in close
    proximity
  • Capture audio from cell phones built-in
    microphone (two Nokia N97 phones)
  • Recorded 20 consecutive segments from two sensors
    simultaneously at different pairs of locations
  • At 5 different locations

33
Detection Techniques
  • Techniques based on time, frequency or both
  • In both domains tested
  • Euclidean distance between signals
  • Correlation between signals
  • Combined method frequency distance and
    time-correlation
  • Best results achieved for combined time-frequency
    based method

34
Time-Frequency Distance Technique
  • Our new Time-Frequency-based technique
  • Calculating distance between two signals
  • Calculate Euclidean distance between frequency
    feature vectors
  • Calculate Time-based correlation between signals
  • Distance defined as DC 1 - Correlation
  • Both distances combined for classification
  • Combined as a 2-D point in space

35
Test Results
  • Time-Frequency distance measure

Numbers are distance measured squared
36
Detection Techniques
  • Used simple classifier to detect samples taken at
    the same locations
  • Simple-Logistics classifier from Weka
  • 10-Fold classification
  • Data divided into 10 groups, 9 used for training,
    one for testing
  • Input to the classifier Time-Frequency distance
    measure squared

37
Results
  • Our tests showed perfect classification
  • False Accept Rate 0 and False Reject Rate 0
  • High level of security and usability

38
Comparison to Other Sensors
  • Magnetometer tested, method to distinguish
    location not found
  • Temperature not expected to vary much
  • Therefore, overall audio gave most promising
    results

39
Conclusions from Proximity Detection
  • Designed a defense for the Reader-and-Ghost
    attack
  • Promising defense
  • without changes to the traditional RFID usage
    model
  • without location privacy leakage
  • also applicable to sensor-equipped RFID cards
  • Audio is a stronger signal compared to light
  • More experiments are planned in the future
  • Paper ESORICS Halevi et al. 2012
  • Media Coverage Bloomberg, ZDNet, NFCNews, UAB
    News, etc

40
NFC Malware Problem
Youtube video http//www.youtube.com/watch?featu
replayer_detailpageveEcz0XszEic
41
Malware Protection via Gestures
  • Malware actions are software-generated
  • Legitimate actions, on the other hand, are
    human-generated
  • Human gestures will tell the OS whether an access
    request is benign or malicious
  • Luckily, for NFC, a gesture that can work is
    tapping
  • An explicit gesture could also be employed

42
Tap-Wave-Rub (TWR) Gestures
  • Phone Tapping
  • accelerometer
  • Waving/Rubbing/Tapping
  • proximity sensor
  • Waving
  • light sensor

43
TWR Enhanced Android Permissions
44
Initial Results
Phone Tapping (accelerometer)
Tap/wave/rub (proximity sensor)
45
Conclusions from TWR
  • Initial results are promising
  • The approach is applicable for protecting any
    other critical mobile device service
  • SMS, phone call, camera access, etc.
  • TWR gestures are also ideal for selective
    unlocking

46
Take Away from the Talk
  • NFC is a promising new platform with immense
    possibilities
  • However, a full deployment requires careful
    assessment of security vulnerabilities and
    potential fraudulent activities
  • Many vulnerabilities similar to RFID
  • Except Malware a burgeoning threat to NFC
  • Other attacks possible such as phishing via
    malicious NFC tag
  • Security solutions need to be developed and
    integrated with NFC from scratch
  • Research shows promise
  • Phone is almost a computer so lot could be done
    (unlike RFID)
  • User convenience or usability is an important
    design metric when developing security solutions

47
Acknowledgments
  • Students the SPIES
  • Jaret Langston, Babins Shrestha, Tzipora Halevi,
    Jonathan Voris, Sai Teja Peddinti, Justin Lin,
    Borhan Uddin, Ambarish Karole, Arun Kumar,
    Ramnath Prasad, Alexander Gallego
  • Other Collaborators
  • More info http//spies.cis.uab.edu
  • http//spies.cis.uab.edu/research/rfid-security-an
    d-privacy/
  • Thanks!
Write a Comment
User Comments (0)
About PowerShow.com