1 / 23

A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions

A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions. K.H.S Sabaragamu Koralalage and J. Cheng Department of Information and Computer Sciences, Saitama University, Japan {krishan, cheng}@aise.ics.saitama-u.ac.jp.

royal
Download Presentation

A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Comparative Study of RFID Solutions for Security and Privacy:POP vs. Previous Solutions K.H.S Sabaragamu Koralalage and J. Cheng Department of Information and Computer Sciences, Saitama University, Japan {krishan, cheng}@aise.ics.saitama-u.ac.jp Advanced Information Systems Engineering Lab Saitama University, Japan 2008-April-17

  2. Agenda POP Architecture The Problem Goal Evaluation Conclusion Future Works

  3. What is POP • What is Product-flow with Ownership-transferring Protocol • A comprehensive mechanism used to ensure the security and privacy of the passive RFID systems used in a product lifecycle • How • Tagged-product flow with an anonymous ownership transference • Robust communicational protocol ISA 2008

  4. E E E E E E E E Ki Kk Ke Ka Kg Kc Kl Sg Sk Sl Sa Se Sc Si EPC EPC EPC EPC EPC EPC EPC EPC PRIVACY SECURITY E E E E E E E Kd Kf Kb Kh Kj Sj Sh Sb Sf Sd EPC EPC EPC EPC EPC EPC EPC How to change the ownership ISA 2008

  5. The Problem • Position of POP Architecture ? • Level of Security ? • Level of Privacy ? • Level of Functionality ? ISA 2008

  6. Goal and Objectives • Goal • Compare and contrast previously proposed RFID solutions against thePOP Architecture • Objectives • Define security criterion • Define privacy criterion • Define desired functionalities • Evaluate available RFID Solutions ISA 2008

  7. Previous Solutions Faraday Cage[1] Blocker Tag[1] Active Jamming[1] Frequency Modification[12] Kill Tag[1] RFID Guardian[10] Renaming[3] Hash Based Schemes[12,11,9] Delegated Pseudonym[7] Zero knowledge[5] Re-encryption Method[8,2] ISA 2008

  8. Security Objectives • Authentication • Authorization • Confidentiality • Anonymity • Data Integrity • No-Repudiation • Availability • Forward Security • Anti-Cloning • Anti-Reverse Engineering ISA 2008

  9. Achievement of security objectives ISA 2008

  10. Security Attacks • Attacking RFID Tags • Attacking Interrogators • Access-key/Cipher-text Tracing • Eavesdropping • Spoofing • Man-in-the-middle • Replay Attack • Brute-force Attacks ISA 2008

  11. Protection Against the attacks ISA 2008

  12. PrivacyThreats • Corporate espionage • Competitive marketing • Action threat • Association threat • Location threat • Preference threat • Constellation threat • Transaction threat • Breadcrumb threat ISA 2008

  13. Protection against privacy threats ISA 2008

  14. Desired Functionalities • Interoperability • Reliability • Usability • Feasibility • Scalability • Manage new and damaged tags • Control Accessing • Transfer ownership online/offline • Achieve multiple authorizations • Recycle the tagged products ISA 2008

  15. Functional Abilities ISA 2008

  16. Evaluation • POP Achieves • Highest security objectives, attack prevention throughout the product lifecycle • Highest protection against the privacy threats • Highest interoperability • Highest level of feasibility, scalability, manageability of new and damaged tags and self controllability • Resolve multiple authorizations issue ISA 2008

  17. Evaluation • No solution provides both online/offline anonymous ownership transference other than POP But • POP yields for universal customer card and PIN only for after purchase use ISA 2008

  18. Conclusion • Our evaluation reveals that the POP Architecture is the best out of all those solutions as no one provides such level of achievement so far. ISA 2008

  19. Future Works • We hope to analyze the performance of POP Tags in following aspects • Computational Overhead • Storage Overhead • Communication Overhead • Cost Overhead ISA 2008

  20. Thank you very much for your attention !!!..... Please feel free to ask questions…………or put forward your opinions…….. ISA 2008

  21. Q & A ISA 2008

  22. Thank you ISA 2008

  23. K. H. S. Sabaragamu Koralalage and Jingde Cheng: A Comparative Study of RFID Solutions for Security and Privacy: POP vs. Previous Solutions, Proceedings of the 2nd International Conference on Information Security and Assurance (ISA '08), pp. 342-349, Busan, Korea, IEEE Computer Society Press, April 2008. ISA 2008

More Related