a comparative study of rfid solutions for security and privacy: pop vs. previous solutions
DESCRIPTION
A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions. K.H.S Sabaragamu Koralalage and J. Cheng Department of Information and Computer Sciences, Saitama University, Japan {krishan, cheng}@aise.ics.saitama-u.ac.jp. - PowerPoint PPT PresentationTRANSCRIPT
A Comparative Study of RFID Solutions for Security and Privacy:
POP vs. Previous Solutions
Advanced Information Systems Engineering LabSaitama University, Japan2008-April-17
K.H.S Sabaragamu Koralalage and J. ChengK.H.S Sabaragamu Koralalage and J. ChengDepartment of Information and Computer Sciences,Department of Information and Computer Sciences,
Saitama University, JapanSaitama University, Japan{krishan, cheng}@aise.ics.saitama-u.ac.jp{krishan, cheng}@aise.ics.saitama-u.ac.jp
Agenda
POP ArchitectureThe Problem GoalEvaluationConclusionFuture Works
17-April-2008 ISA 2008 3
What is POP
What is Product-flow with Ownership-transferring Protocol A comprehensive mechanism used to
ensure the security and privacy of the passive RFID systems used in a product lifecycle
How Tagged-product flow with an anonymous
ownership transference Robust communicational protocol
17-April-2008 ISA 2008 4
How to change the ownership
PR
IVA
CY
SEC
UR
ITY
Ka Sa EPC E
Kb Sb EPC E
Kd Sd EPC E
Ke Se EPC E
Kf Sf EPC E
Kg Sg EPC E
Kh Sh EPC E
Ki Si EPC E
Kj Sj EPC E
Kk Sk EPC E
Kl Sl EPC E
EPC E
EPC E
EPC E
Kc Sc EPC E
17-April-2008 ISA 2008 5
The Problem Position of POP Architecture ? Level of Security ? Level of Privacy ? Level of Functionality ?
17-April-2008 ISA 2008 6
Goal and Objectives Goal
Compare and contrast previously proposed RFID solutions against the POP Architecture
Objectives1. Define security criterion 2. Define privacy criterion3. Define desired functionalities4. Evaluate available RFID Solutions
17-April-2008 ISA 2008 7
Previous Solutions1. Faraday Cage[1]2. Blocker Tag[1]3. Active Jamming[1]4. Frequency Modification[12]5. Kill Tag[1]6. RFID Guardian[10]7. Renaming[3]8. Hash Based
Schemes[12,11,9]9. Delegated Pseudonym[7]10. Zero knowledge[5]11. Re-encryption Method[8,2]
17-April-2008 ISA 2008 8
Security Objectives Authentication Authorization Confidentiality Anonymity Data Integrity No-Repudiation Availability Forward Security Anti-Cloning Anti-Reverse Engineering
17-April-2008 ISA 2008 9
Achievement of security objectives
17-April-2008 ISA 2008 10
Attacking RFID Tags Attacking Interrogators Access-key/Cipher-text
Tracing Eavesdropping Spoofing Man-in-the-middle Replay Attack Brute-force Attacks
Security Attacks
17-April-2008 ISA 2008 11
Protection Against the attacks
17-April-2008 ISA 2008 12
Corporate espionage Competitive
marketing Action threat Association threat Location threat Preference threat Constellation threat Transaction threat Breadcrumb threat
Privacy Threats
17-April-2008 ISA 2008 13
Protection against privacy threats
17-April-2008 ISA 2008 14
Interoperability Reliability Usability Feasibility Scalability Manage new and damaged tags Control Accessing Transfer ownership online/offline Achieve multiple authorizations Recycle the tagged products
Desired Functionalities
17-April-2008 ISA 2008 15
Functional Abilities
17-April-2008 ISA 2008 16
Evaluation POP Achieves
Highest security objectives, attack prevention throughout the product lifecycle
Highest protection against the privacy threats
Highest interoperability
Highest level of feasibility, scalability, manageability of new and damaged tags and self controllability
Resolve multiple authorizations issue
17-April-2008 ISA 2008 17
Evaluation No solution provides both online/offline
anonymous ownership transference other than POP
But
POP yields for universal customer card and PIN only for after purchase use
17-April-2008 ISA 2008 18
Our evaluation reveals that the POP Architecture is the best out of all those solutions as no one provides such level of achievement so far.
Conclusion
17-April-2008 ISA 2008 19
Future Works
We hope to analyze the performance of POP Tags in following aspects Computational Overhead Storage Overhead Communication Overhead Cost Overhead
17-April-2008 ISA 2008 20
Thank you very much for your
attention !!!.....
Thank you very much for your
attention !!!.....
Please feel free to ask questions…………or put forward your opinions……..
17-April-2008 ISA 2008 21
Q & A
17-April-2008 ISA 2008 22
Thank youThank you
17-April-2008 ISA 2008 23
K. H. S. Sabaragamu Koralalage and Jingde Cheng: A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions, Proceedings of the 2nd International Conference on Information Security and Assurance (ISA '08), pp. 342-349, Busan, Korea, IEEE Computer Society Press, April 2008.