Transcript 下載/瀏覽
Benjamin Fabian, Oliver G¨unther and Sarah Spiekermann
Humboldt-University Berlin
Spandauer Str. 1, 10178 Berlin, Germany
報告者:向峻霈
Outline
1.
The EPC Network
2. DNS Threat
3. EPC Confidentiality and Privacy
4. Mitigation Attempts
5. Discussion
The EPC Network
Electronic Product Code(EPC)
Tags and Reader
EPC Middleware
Object Name Service---(ONS)
EPC Information Services---(EPC-IS)
The EPC Network
RFID Tag-to-Reader Communication
The EPC Network
ONS Resolution
The EPC Network
EPC-IS Access
DNS Threat
Packet interception(封包攔截)
Query prediction(預測查詢)
Cache poisoning(快取中毒)
Betrayal by trusted server(背叛信任伺服器)
Denial of service(阻斷服務攻擊)
EPC Confidentiality and Privacy
There are many contexts where the EPC of a RFID tag
could be regarded as highly sensitive information
the eavesdropper could easily add fake serial parts to
the captured incomplete EPC and query the
corresponding EPC-IS servers until a match is found
EPC Confidentiality and Privacy
SSL/TLS 加密
The main privacy enhancing strategy lies in obfuscating
the source IP or the real physical orign of the query
ONS Threat
ONS context refers to the correctness and completeness
if only due to its necessary widespread accessibility.
ONS 將會成為一個在網路上高度暴露的被攻擊者
可能會被下列攻擊
Distributed Denial-of-Service (DDoS)
man-in-the-middle
Mitigation Attempts
Network Design
Virtual Private Networks and Extranets
Anonymous Mixes
DNSSEC
Network Design
internal and private version of the EPC network
without depending on outside information
優點:EPC封包不會洩漏
限制內部攻擊者
降低風險完整性
缺點:無法在網路作動態更新等動作
prolonging of ONS and EPC-IS caching time
VPN and Extranets
Anonymous Mixes
Discussion
什麼部分的EPC和儲存信息應考慮公開,以及如何存
取權限配置?
如果這些存取權限已經影響結果查找的服務?
謝謝大家的聆聽