190 likes | 355 Vues
RFID Security and Privacy Concerns. Corby Ziesman. Privacy and Security. Privacy and security are important factors that need to be considered in every project If the users’ privacy rights are not protected, the product becomes unfeasible.
E N D
RFID Security and Privacy Concerns Corby Ziesman
Privacy and Security • Privacy and security are important factors that need to be considered in every project • If the users’ privacy rights are not protected, the product becomes unfeasible • If security consequences are not kept in mind during product development, then the product will be flawed by design and a workaround may need to be patched in later on at a greater expense
Controversy “Some privacy activists see RFID’s widespread and unrestricted deployment as a kind of doomsday scenario in which corporate and government interests can pervasively track individuals—paving the way for a techno-totalitarian state in which each person’s movements, associates, and casual acquaintances are carefully monitored and recorded in futuristic data centers.” [1] “One of the leading crusaders here is Katherine Albrecht, director of Consumers Against Supermarket Privacy Invasion and Numbering (Caspian). Albrecht variously calls RFID tags ‘spy chips’ and ‘tracking devices’; she organized a Benetton boycott that forced the company to officially repudiate any RFID testing plans.” [1]
RFID’s Situation • RFID is small and cheap, and therefore easily deployed on a large scale without being conspicuous • RFID transmits wirelessly, and sensitive identifying data can be eavesdropped upon • RFID data from multiple sources can be combined to create a history of a person’s daily activities • As a result, RFID poses the risk of compromising a person’s private information
Security Hazards RFID Environment Abstract [1]
Security Hazards RFID Threat Contexts [1]
Some Current Uses of RFID [1] [4] [5] • Automobile Immobilizers • Key sends signal so car can start • Animal Tracking • Sub-dermal implant identified lost pets • Payment Systems • Allows quicker check-outs at the store • Automobile Toll Collection • Helps traffic flow quickly • Inventory Management • Improves supply chain efficiency • Bank Notes • Prevents forgery • Libraries • Allows easier management of books and materials • Passports, Drivers’ Licenses, and National IDs • Provides an extra way to verify identities …and more everyday
[1] Corporate Data Security Threats • Corporate Espionage Threat • Competitors can collect confidential supply chain data • Competitive Marketing Threat • Competitors steal users’ preferences and use that to enhance their own competing product • Infrastructure Threat • As companies become reliant on RFID, they become more susceptible to new forms of denial-of-service attacks • Trust Perimeter Threat • As more data is shared, the sharing mechanisms increasingly provide new opportunities for attack
[1] Personal Privacy Threats • Action Threat • A person’s behavior or intent is inferred from RFID data, which may be inaccurate • (e.g. expensive store items suddenly disappearing from the shelf may indicate shoplifting and customer is approached as a potential criminal, when the customer actually only bumped some clothes onto the floor by accident) • Association Threat • A person’s identity is linked with a purchased item • Different from loyalty cars (e.g. Fry’s VIP) because this may be involuntary, and linked to a specific item (serial number) as opposed to a product
[1] Personal Privacy Threats • Location Threat • If an item is linked to a specific person (as in Association Threat), and there are clandestine RFID readers in various locations, a person’s location may be tracked or be open to unauthorized disclosure • Preference Threat • A person’s preferences may be revealed and abused • (e.g. a thief who targets those who purchase high-cost items as opposed to cheaper items)
[1] Personal Privacy Threats • Constellation Threat • Even if a person’s actual identity is not known, the RFID tags around that person form a unique constellation which can be tracked • Transaction Threat • When an item moves from one constellation to another, it can be inferred some transaction has taken place between the two individuals associated with each constellation • Breadcrumb Threat • As a person collects tagged items, they build a database of items associated with their identity • Some items get discarded (“breadcrumbs”) but the association still remains with the original owner • If the breadcrumb is picked up by another individual and involved in some crime, the breadcrumb leads back to the original owner, and not the criminal • The original owner is liable, at the very least, to be bothered by law enforcement
[3] An Example Way to Protect RFID • Provide a mechanism to lock/unlock RFID tags (using a hash function) • While unlocked, the full functionality and memory of the tag are available to anyone in the interrogation zone • Tags will be equipped with a physical self-destruct mechanism and will only be unlocked during communication with an authorized reader • In the event of power loss or transmission interruption, tags will return to a default locked state
[3] Locking Tags • To lock a tag, the owner computes a hash value of a random key and sends it to the tag as a lock value • The tag stores the lock value in the meta-ID memory location and enters the locked state • While locked, a tag responds to all queries with the current meta-ID value and restricts all other functionality • Each tag always responds to queries in some form and thus always reveals its existence
[3] Unlocking Tags • To unlock a tag, the owner sends the original key value to the tag • The tag then hashes this value and compares it to the lock stored under the meta-ID • If the values match, the tag unlocks itself
[1] [2] Another Example Blocker Tags • Require no change in hardware • Use auxiliary tags to create a noisy RF environment for unauthorized readers • Unauthorized readers see a lot of “spam” RFID messages and can not pick out the real messages • Authorized readers are able to function normally • A blocker can simulate all RFID tags simultaneously, or selectively simulate a subset of the ID codes • (Such as for a specific brand, or some subset determined to be in a “privacy zone”) • A blocking device may be worn by a consumer to create the noisy RF environment around their body to prevent unwanted RFID scanning of items they may be carrying or wearing
Conclusion • RFID offers many benefits and useful properties • RFID systems require that privacy and security be taken into account during every step of the design because of the unique avenues they provide to be abused • There are methods that can be used to help protect against abuse, so that they may be utilized without sacrificing security or privacy, preventing possible consumer backlash
References [1]RFID Privacy: An Overview of Problems and Proposed Solutions; S. Garfinkel, A. Juels, R. Pappu; IEEE 2005 [2]The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy; A. Juels, R. Rivest, M. Szydlo [3]RFID Systems and Security and Privacy Implications; S. Sarma, S. Weis, D. Engels; 2003 [4]Squealing Euros: Privacy Protection in RFID-Enabled Banknotes; A. Juels, R. Pappu; 2003 [5]Privacy and Security in Library RFID Issues, Practices, and Architectures; D. Molnar, D. Wagner; ACM 2004
End Questions and Discussion