RFID Security and Privacy Concerns - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

RFID Security and Privacy Concerns

Description:

RFID Security and Privacy Concerns Corby Ziesman Privacy and Security Privacy and security are important factors that need to be considered in every project If the ... – PowerPoint PPT presentation

Number of Views:179
Avg rating:3.0/5.0
Slides: 19
Provided by: CorbyZ6
Category:

less

Transcript and Presenter's Notes

Title: RFID Security and Privacy Concerns


1
RFID Security and Privacy Concerns
  • Corby Ziesman

2
Privacy and Security
  • Privacy and security are important factors that
    need to be considered in every project
  • If the users privacy rights are not protected,
    the product becomes unfeasible
  • If security consequences are not kept in mind
    during product development, then the product will
    be flawed by design and a workaround may need to
    be patched in later on at a greater expense

3
Controversy
  • Some privacy activists see RFIDs widespread and
    unrestricted deployment as a kind of doomsday
    scenario in which corporate and government
    interests can pervasively track
    individualspaving the way for a
    techno-totalitarian state in which each persons
    movements, associates, and casual acquaintances
    are carefully monitored and recorded in
    futuristic data centers. 1
  • One of the leading crusaders here is Katherine
    Albrecht, director of Consumers Against
    Supermarket Privacy Invasion and Numbering
    (Caspian). Albrecht variously calls RFID tags
    spy chips and tracking devices she organized
    a Benetton boycott that forced the company to
    officially repudiate any RFID testing plans. 1

4
RFIDs Situation
  • RFID is small and cheap, and therefore easily
    deployed on a large scale without being
    conspicuous
  • RFID transmits wirelessly, and sensitive
    identifying data can be eavesdropped upon
  • RFID data from multiple sources can be combined
    to create a history of a persons daily
    activities
  • As a result, RFID poses the risk of compromising
    a persons private information

5
Security Hazards
RFID Environment Abstract 1
6
Security Hazards
RFID Threat Contexts 1
7
Some Current Uses of RFID
1 4 5
  • Automobile Immobilizers
  • Key sends signal so car can start
  • Animal Tracking
  • Sub-dermal implant identified lost pets
  • Payment Systems
  • Allows quicker check-outs at the store
  • Automobile Toll Collection
  • Helps traffic flow quickly
  • Inventory Management
  • Improves supply chain efficiency
  • Bank Notes
  • Prevents forgery
  • Libraries
  • Allows easier management of books and materials
  • Passports, Drivers Licenses, and National IDs
  • Provides an extra way to verify identities

and more everyday
8
Corporate Data Security Threats
1
  • Corporate Espionage Threat
  • Competitors can collect confidential supply chain
    data
  • Competitive Marketing Threat
  • Competitors steal users preferences and use that
    to enhance their own competing product
  • Infrastructure Threat
  • As companies become reliant on RFID, they become
    more susceptible to new forms of
    denial-of-service attacks
  • Trust Perimeter Threat
  • As more data is shared, the sharing mechanisms
    increasingly provide new opportunities for attack

9
Personal Privacy Threats
1
  • Action Threat
  • A persons behavior or intent is inferred from
    RFID data, which may be inaccurate
  • (e.g. expensive store items suddenly disappearing
    from the shelf may indicate shoplifting and
    customer is approached as a potential criminal,
    when the customer actually only bumped some
    clothes onto the floor by accident)
  • Association Threat
  • A persons identity is linked with a purchased
    item
  • Different from loyalty cars (e.g. Frys VIP)
    because this may be involuntary, and linked to a
    specific item (serial number) as opposed to a
    product

10
Personal Privacy Threats
1
  • Location Threat
  • If an item is linked to a specific person (as in
    Association Threat), and there are clandestine
    RFID readers in various locations, a persons
    location may be tracked or be open to
    unauthorized disclosure
  • Preference Threat
  • A persons preferences may be revealed and abused
  • (e.g. a thief who targets those who purchase
    high-cost items as opposed to cheaper items)

11
Personal Privacy Threats
1
  • Constellation Threat
  • Even if a persons actual identity is not known,
    the RFID tags around that person form a unique
    constellation which can be tracked
  • Transaction Threat
  • When an item moves from one constellation to
    another, it can be inferred some transaction has
    taken place between the two individuals
    associated with each constellation
  • Breadcrumb Threat
  • As a person collects tagged items, they build a
    database of items associated with their identity
  • Some items get discarded (breadcrumbs) but the
    association still remains with the original owner
  • If the breadcrumb is picked up by another
    individual and involved in some crime, the
    breadcrumb leads back to the original owner, and
    not the criminal
  • The original owner is liable, at the very least,
    to be bothered by law enforcement

12
An Example Way to Protect RFID
3
  • Provide a mechanism to lock/unlock RFID tags
    (using a hash function)
  • While unlocked, the full functionality and memory
    of the tag are available to anyone in the
    interrogation zone
  • Tags will be equipped with a physical
    self-destruct mechanism and will only be unlocked
    during communication with an authorized reader
  • In the event of power loss or transmission
    interruption, tags will return to a default
    locked state

13
Locking Tags
3
  • To lock a tag, the owner computes a hash value of
    a random key and sends it to the tag as a lock
    value
  • The tag stores the lock value in the meta-ID
    memory location and enters the locked state
  • While locked, a tag responds to all queries with
    the current meta-ID value and restricts all other
    functionality
  • Each tag always responds to queries in some form
    and thus always reveals its existence

14
Unlocking Tags
3
  • To unlock a tag, the owner sends the original key
    value to the tag
  • The tag then hashes this value and compares it to
    the lock stored under the meta-ID
  • If the values match, the tag unlocks itself

15
Another Example
1 2
  • Blocker Tags
  • Require no change in hardware
  • Use auxiliary tags to create a noisy RF
    environment for unauthorized readers
  • Unauthorized readers see a lot of spam RFID
    messages and can not pick out the real messages
  • Authorized readers are able to function normally
  • A blocker can simulate all RFID tags
    simultaneously, or selectively simulate a subset
    of the ID codes
  • (Such as for a specific brand, or some subset
    determined to be in a privacy zone)
  • A blocking device may be worn by a consumer to
    create the noisy RF environment around their body
    to prevent unwanted RFID scanning of items they
    may be carrying or wearing

16
Conclusion
  • RFID offers many benefits and useful properties
  • RFID systems require that privacy and security be
    taken into account during every step of the
    design because of the unique avenues they provide
    to be abused
  • There are methods that can be used to help
    protect against abuse, so that they may be
    utilized without sacrificing security or privacy,
    preventing possible consumer backlash

17
References
  • 1 RFID Privacy An Overview of Problems and
    Proposed Solutions S. Garfinkel, A. Juels, R.
    Pappu IEEE 2005
  • 2 The Blocker Tag Selective Blocking of RFID
    Tags for Consumer Privacy A. Juels, R. Rivest,
    M. Szydlo
  • 3 RFID Systems and Security and Privacy
    Implications S. Sarma, S. Weis, D. Engels 2003
  • 4 Squealing Euros Privacy Protection in
    RFID-Enabled Banknotes A. Juels, R. Pappu 2003
  • 5 Privacy and Security in Library RFID Issues,
    Practices, and Architectures D. Molnar, D.
    Wagner ACM 2004

18
End
  • Questions and Discussion
Write a Comment
User Comments (0)
About PowerShow.com