Transcript A Comparative Study of RFID Solutions for Security and Privacy: POP vs.

A Comparative Study of RFID Solutions for
Security and Privacy:
POP vs. Previous Solutions
K.H.S Sabaragamu Koralalage and J. Cheng
Department of Information and Computer Sciences,
Saitama University, Japan
{krishan, cheng}@aise.ics.saitama-u.ac.jp
Advanced Information Systems Engineering Lab
Saitama University, Japan
2008-April-17
Agenda
POP Architecture
The Problem
Goal
Evaluation
Conclusion
Future Works
What is POP


What is Product-flow with Ownership-transferring
Protocol
 A comprehensive mechanism used to ensure
the security and privacy of the passive RFID
systems used in a product lifecycle
How
 Tagged-product flow with an anonymous
ownership transference
 Robust communicational protocol
17-April-2008
ISA 2008
3
Ka
Kc
Ke
Sc
Se
EPC
EPC
EPC
Sg EPC
E
Kb
Sb EPC
E
Kd
Sd EPC
E
Kf
Sf
EPC
E
Kh
Sh EPC
E
Kj
Sj
EPC
E
E
E
E
E
PRIVACY
SECURITY
Kg
Sa
EPC
EPC
E
Ki to
Si change
How
the ownership
17-April-2008
Kk
Sk EPC
E
Kl
EPC
E
EPC
E
ISA 2008
Sl
EPC
E
4
The Problem




Position of POP Architecture ?
Level of Security ?
Level of Privacy ?
Level of Functionality ?
17-April-2008
ISA 2008
5
Goal and Objectives

Goal


Compare and contrast previously proposed
RFID solutions against the POP Architecture
Objectives
1. Define security criterion
2. Define privacy criterion
3. Define desired functionalities
4. Evaluate available RFID Solutions
17-April-2008
ISA 2008
6
Previous Solutions
Faraday Cage[1]
2. Blocker Tag[1]
3. Active Jamming[1]
4. Frequency Modification[12]
5. Kill Tag[1]
6. RFID Guardian[10]
7. Renaming[3]
8. Hash Based Schemes[12,11,9]
9. Delegated Pseudonym[7]
10. Zero knowledge[5]
11. Re-encryption Method[8,2]
1.
17-April-2008
ISA 2008
7
Security Objectives










Authentication
Authorization
Confidentiality
Anonymity
Data Integrity
No-Repudiation
Availability
Forward Security
Anti-Cloning
Anti-Reverse Engineering
17-April-2008
ISA 2008
8
Achievement of security objectives
17-April-2008
ISA 2008
9
Security Attacks








17-April-2008
Attacking RFID Tags
Attacking Interrogators
Access-key/Cipher-text Tracing
Eavesdropping
Spoofing
Man-in-the-middle
Replay Attack
Brute-force Attacks
ISA 2008
10
Protection Against the attacks
17-April-2008
ISA 2008
11
Privacy Threats









17-April-2008
Corporate espionage
Competitive marketing
Action threat
Association threat
Location threat
Preference threat
Constellation threat
Transaction threat
Breadcrumb threat
ISA 2008
12
Protection against privacy threats
17-April-2008
ISA 2008
13
Desired Functionalities










Interoperability
Reliability
Usability
Feasibility
Scalability
Manage new and damaged tags
Control Accessing
Transfer ownership online/offline
Achieve multiple authorizations
Recycle the tagged products
17-April-2008
ISA 2008
14
Functional Abilities
17-April-2008
ISA 2008
15
Evaluation

POP Achieves

Highest security objectives, attack prevention
throughout the product lifecycle

Highest protection against the privacy threats

Highest interoperability

Highest level of feasibility, scalability, manageability of
new and damaged tags and self controllability

Resolve multiple authorizations issue
17-April-2008
ISA 2008
16
Evaluation

No solution provides both online/offline
anonymous ownership transference other
than POP
But

POP yields for universal customer card and
PIN only for after purchase use
17-April-2008
ISA 2008
17
Conclusion

Our evaluation reveals that the POP
Architecture is the best out of all those
solutions as no one provides such level of
achievement so far.
17-April-2008
ISA 2008
18
Future Works

We hope to analyze the performance of
POP Tags in following aspects




Computational Overhead
Storage Overhead
Communication Overhead
Cost Overhead
17-April-2008
ISA 2008
19
Thank you very
much for your
attention !!!.....
Please feel free to ask questions…………or put
forward your opinions……..
17-April-2008
ISA 2008
20
Q&A
17-April-2008
ISA 2008
21
Thank you
17-April-2008
ISA 2008
22

K. H. S. Sabaragamu Koralalage and
Jingde Cheng: A Comparative Study of
RFID Solutions for Security and Privacy:
POP vs. Previous Solutions, Proceedings
of the 2nd International Conference on
Information Security and Assurance
(ISA '08), pp. 342-349, Busan, Korea,
IEEE Computer Society Press, April
2008.
17-April-2008
ISA 2008
23