A Comparative Study of RFID Solutions for Security and Privacy: POP vs.
Download
Report
Transcript A Comparative Study of RFID Solutions for Security and Privacy: POP vs.
A Comparative Study of RFID Solutions for
Security and Privacy:
POP vs. Previous Solutions
K.H.S Sabaragamu Koralalage and J. Cheng
Department of Information and Computer Sciences,
Saitama University, Japan
{krishan, cheng}@aise.ics.saitama-u.ac.jp
Advanced Information Systems Engineering Lab
Saitama University, Japan
2008-April-17
Agenda
POP Architecture
The Problem
Goal
Evaluation
Conclusion
Future Works
What is POP
What is Product-flow with Ownership-transferring
Protocol
A comprehensive mechanism used to ensure
the security and privacy of the passive RFID
systems used in a product lifecycle
How
Tagged-product flow with an anonymous
ownership transference
Robust communicational protocol
17-April-2008
ISA 2008
3
Ka
Kc
Ke
Sc
Se
EPC
EPC
EPC
Sg EPC
E
Kb
Sb EPC
E
Kd
Sd EPC
E
Kf
Sf
EPC
E
Kh
Sh EPC
E
Kj
Sj
EPC
E
E
E
E
E
PRIVACY
SECURITY
Kg
Sa
EPC
EPC
E
Ki to
Si change
How
the ownership
17-April-2008
Kk
Sk EPC
E
Kl
EPC
E
EPC
E
ISA 2008
Sl
EPC
E
4
The Problem
Position of POP Architecture ?
Level of Security ?
Level of Privacy ?
Level of Functionality ?
17-April-2008
ISA 2008
5
Goal and Objectives
Goal
Compare and contrast previously proposed
RFID solutions against the POP Architecture
Objectives
1. Define security criterion
2. Define privacy criterion
3. Define desired functionalities
4. Evaluate available RFID Solutions
17-April-2008
ISA 2008
6
Previous Solutions
Faraday Cage[1]
2. Blocker Tag[1]
3. Active Jamming[1]
4. Frequency Modification[12]
5. Kill Tag[1]
6. RFID Guardian[10]
7. Renaming[3]
8. Hash Based Schemes[12,11,9]
9. Delegated Pseudonym[7]
10. Zero knowledge[5]
11. Re-encryption Method[8,2]
1.
17-April-2008
ISA 2008
7
Security Objectives
Authentication
Authorization
Confidentiality
Anonymity
Data Integrity
No-Repudiation
Availability
Forward Security
Anti-Cloning
Anti-Reverse Engineering
17-April-2008
ISA 2008
8
Achievement of security objectives
17-April-2008
ISA 2008
9
Security Attacks
17-April-2008
Attacking RFID Tags
Attacking Interrogators
Access-key/Cipher-text Tracing
Eavesdropping
Spoofing
Man-in-the-middle
Replay Attack
Brute-force Attacks
ISA 2008
10
Protection Against the attacks
17-April-2008
ISA 2008
11
Privacy Threats
17-April-2008
Corporate espionage
Competitive marketing
Action threat
Association threat
Location threat
Preference threat
Constellation threat
Transaction threat
Breadcrumb threat
ISA 2008
12
Protection against privacy threats
17-April-2008
ISA 2008
13
Desired Functionalities
Interoperability
Reliability
Usability
Feasibility
Scalability
Manage new and damaged tags
Control Accessing
Transfer ownership online/offline
Achieve multiple authorizations
Recycle the tagged products
17-April-2008
ISA 2008
14
Functional Abilities
17-April-2008
ISA 2008
15
Evaluation
POP Achieves
Highest security objectives, attack prevention
throughout the product lifecycle
Highest protection against the privacy threats
Highest interoperability
Highest level of feasibility, scalability, manageability of
new and damaged tags and self controllability
Resolve multiple authorizations issue
17-April-2008
ISA 2008
16
Evaluation
No solution provides both online/offline
anonymous ownership transference other
than POP
But
POP yields for universal customer card and
PIN only for after purchase use
17-April-2008
ISA 2008
17
Conclusion
Our evaluation reveals that the POP
Architecture is the best out of all those
solutions as no one provides such level of
achievement so far.
17-April-2008
ISA 2008
18
Future Works
We hope to analyze the performance of
POP Tags in following aspects
Computational Overhead
Storage Overhead
Communication Overhead
Cost Overhead
17-April-2008
ISA 2008
19
Thank you very
much for your
attention !!!.....
Please feel free to ask questions…………or put
forward your opinions……..
17-April-2008
ISA 2008
20
Q&A
17-April-2008
ISA 2008
21
Thank you
17-April-2008
ISA 2008
22
K. H. S. Sabaragamu Koralalage and
Jingde Cheng: A Comparative Study of
RFID Solutions for Security and Privacy:
POP vs. Previous Solutions, Proceedings
of the 2nd International Conference on
Information Security and Assurance
(ISA '08), pp. 342-349, Busan, Korea,
IEEE Computer Society Press, April
2008.
17-April-2008
ISA 2008
23