1 / 13

EPCglobal Network Security: Research Challenges and Solutions

EPCglobal Network Security: Research Challenges and Solutions. Yingjiu Li Assistant Professor School of Information Systems Singapore Management University 1August 2008 @ National RFID Center. What is EPCglobal Network?. EPC and EPCglobal Network. Double-Edge Sword.

colman
Télécharger la présentation

EPCglobal Network Security: Research Challenges and Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University 1August 2008 @ National RFID Center

  2. What is EPCglobal Network? • EPC and EPCglobal Network

  3. Double-Edge Sword • ID collection, track and trace, information sharing • Adversaries (passive, active, and physical) • Eavesdropping • Masquerading • Replay • MITM • De-synchronization • Tag cloning • DoS • Side-channel attack • Physical attack

  4. Major Security Requirements • Private identification, anti-tracking, secure information sharing • Our focus: private ID and anti-tracking • Strong, moderate, weak, null anti-tracking • Secure handover (ownership transfer)

  5. Challenges in Protocol Design • Conflicting objectives with constraints • Security • (private ID and anti-tracking) Cost • Efficiency • (dynamic structure • and massive data) • Visibility • (track and trace)

  6. Technical Solutions • RFID privacy without ownership handover • Overview of problems and proposed solutions (Garfinkel, Juels, and Pappu: S&P 05) • RFID security in EPCglobal Network (RFID-enabled supply chain) • Private ID: encryption or keyed hash of ID • Anti-tracking: random numbers are used to generate private ID • Secure ownership handover: key update with de-synchronization resilience • Visibility: distributed or centralized • Efficiency: how to search DB to identify a tag (linear or log-linear) • Low cost: thousands of gates with PRNG and hash

  7. Solution 1: Protecting RFID Communications in Supply Chains (Li and Ding: ASIACCS 07)

  8. Solution 2: RFID Tag Ownership Transfer (Song: RFIDSec 08)

  9. Solution 3: Unidirectional Key Distribution Across Time and Space (Juels, Pappu, Parno: USENIX 08) Secret sharing across space: a secret key is distributed across the tags in a pallet. Secret sharing across time: a secret key is distributed across multiple pallets.

  10. Solution 4: Dual Security Modes in RFID-Enabled Supply Chain Systems

  11. Comparison of Typical Technical Solutions

  12. Future Direction • A security framework for EPCglobal network • Access control, flow control, disclosure control, trust negotiation, key management, audit, visibility maintenance, query authentication at high level • Secure RFID protocol at low level (covert channel) • Ownership handover in between (key management)

  13. Questions? Please contact me at yjli@smu.edu.sg

More Related