1 / 21

Executive Post Graduate Programme in e-Governance (EPGP-EG), 2013-14 Identity Management

Executive Post Graduate Programme in e-Governance (EPGP-EG), 2013-14 Identity Management. Threats for RFID. Presented by. GROUP # 3 Pravin Kolhe M. Jyothi Rani Sanjay Singh Vivek Srivastava Chandan Kumar Jha. July-2013, IIM Indore. 1. What is RFID.

berg
Download Presentation

Executive Post Graduate Programme in e-Governance (EPGP-EG), 2013-14 Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Executive Post Graduate Programme in e-Governance (EPGP-EG), 2013-14 Identity Management Threats for RFID Presented by GROUP # 3 Pravin Kolhe M. Jyothi Rani Sanjay Singh VivekSrivastava Chandan Kumar Jha July-2013, IIM Indore

  2. 1. What is RFID • RFID = Radio Frequency IDentification. • RFID is ADC (Automated Data Collection) technology that:- • uses radio-frequency waves to transfer data between a reader and a movable item to identify, categorize, track. • is fast and does not require physical sight or contact between reader/scanner and the tagged item. • attempts to provide unique identification and backend integration that allows for wide range of applications.

  3. Some RFID TAGS…

  4. Some RFID READERS…

  5. 3. TYPES OF Threats for RFID • Broadly threats are categorized based on:- Confidentiality, Integrity, Availability as- • Spoofing identity • Tampering with data • Repudiation • Information disclosure • Denial of service • Elevation of privilege

  6. 4. Spoofing identity • “Spoofing occurs when an attacker successfully poses as an authorized user of a system” • A competitor or thief performs an unauthorized inventory of a store by scanning tags with an unauthorized reader to determine the types and quantities of items. • An attacker trying to save money by buying expensive goods that have RFID price tags spoofed to display cheaper prices.

  7. 4. MITIGATING Spoofing identity • Appropriate authentication, • Protect secrets, • Don’t store secrets

  8. 5. Tampering with data • “Data tampering occurs when an attacker modifies, adds, deletes, or reorders data” • For Eg:- • An attacker modifies a passport tag to appear to be a citizen in good standing. • An attacker adds additional tags in a shipment that makes the shipment appear to contain more items than it actually does.

  9. 5. MITIGATING Tampering with data • Appropriate authentication, • Message authentication codes • Digital signatures, • Tamper-resistant protocols

  10. 6. Repudiation • “Repudiation occurs when a user denies an action and no proof exists to prove that the action was performed” • A retailer denies receiving a certain pallet, case, or item. • The owner of the EPC number denies having information about the item to which the tag is attached.

  11. 6. Mitigating Repudiation • Digital signatures, • Timestamps, • Audit trails

  12. 7. Information disclosure • “Information disclosure occurs when information is exposed to an unauthorized user” • A bomb in a restaurant explodes when there are five or more Americans with RFID-enabled passports detected. • An attacker blackmails an individual for having certain merchandise in their possession. • A sufficiently powerful directed reader reads tags in your house or car.

  13. 7. MITIGATING Information disclosure • Authorization, • Privacy-enhanced protocols, • Encryption,

  14. 8. Denial of service • “Denial-of-service denies service to valid users. Denial-of-service attacks are easy to accomplish and difficult to guard against.” • An attacker with a powerful reader jams the reader. • An attacker intrudes into the system thereby aborting the transactions.

  15. 8. Mitigating Denial of service • Appropriate authentication, • Appropriate authorization, • Filtering, • Throttling, • Quality of Service

  16. 9. Elevation of privilege • “A user logging on to the database to know the product’s information can become an attacker by raising his/her status in the information system from a user to a root server administrator and write or add malicious data into the system.” • A system user modifies the authorisation & authentication privileges to transfer money to his account.

  17. 9. Mitigating Elevation of privilege • Run with least privilege • Hierarchy based privilege • Restricted privilege to user.

  18. 10. Assign Risk with DREAD • Damage potential (1-10) • Reproducibility (1-10) • Exploitability (1-10) • Affected Users (1-10) • Discoverability (1-10)

  19. 12. CONCLUSION • RFID is extensively used worldwide due to its efficient and convenient features. • Still, it has threats & vulnerabilities associated with it. • Despite the proposed mitigation strategies yet it is not possible to design full-proof RFID system. • Extensive research is being carried out for reliable RFID system.

  20. Contact: - Pravin Kolhe, Executive Engineer Water Resources Department, Government of Maharashtra Email:- pravinkolhe82@gmail.com www.pravinkolhe.com PPT downloaded from www.pravinkolhe.com

  21. Thank You…! GROUP # 3, EPGP-EG, IIM Indore, 2013-14

More Related