70 likes | 221 Views
RFID Privacy: An Overview of Problems and Proposed Solutions. S. Garfinkel , A. Juels , R. Pappu , “RFID Privacy: An Overview of Problems and Proposed Solutions”, IEEE Security & Privacy 3:3, 34-43, 2005. Maxim Kharlamov (mkha130, #13). R adio F requency ID entification.
E N D
RFID Privacy: An Overview of Problems and Proposed Solutions S. Garfinkel, A. Juels, R. Pappu, “RFID Privacy: An Overview of Problems and Proposed Solutions”, IEEE Security & Privacy 3:3, 34-43, 2005 Maxim Kharlamov (mkha130, #13)
Radio Frequency IDentification • How does it work? • Tag reader sends radio signal • Electricity induced in tag’s antenna powers tag’s chip • Tag responds with its ID ID Reading distance varies from several centimeters to several meters for different tag types RFID tags are used in stores (as barcodes), security systems, payment systems, passports, etc.
RFID technologies are rapidly deploying all over the world, raising privacy and security risks. It is not completely clear how to overcome these risks. Main idea Privacy. Cheap, small and easily readable tags allow virtually anyone to covertly spy on people. Security. RFID technologies are susceptible to various DoS, cloning and eavesdropping attacks.
(+) Personal privacy threats Complete and detailed classification of personal privacy threats: • Action – monitoring clients’ behaviour inside stores • Association – tag’s unique ID is associated with a consumer • Location – tracking a person using an associated ID • Preference – revealing people’s preferences – it is also a value threat • Constellation – a set of tags around a person • Transaction – tracking transactions between constellations • Breadcrumb – tagged object is still associated with a particular person even after he/she gets rid of it
(+) Corporate security threats The authors tried to explain possible security risks not only to customers but also to businesses: • Espionage – gathering supply chain data • Competitive marketing – collecting customers’ preferences • Infrastructure – DoS attacks can be disastrous • Trust perimeter – very hard to control the amount of information shared with the outer world
(-) Privacy vs. Security • Privacy is a part of security (CIA principle) • The authors tried to concentrate only on privacy, but they did not give its definition • Security issues were mentioned, but without “due diligence” • Some of the threats in between privacy and security were missed • Example: cloning could allow an adversary to gain access to someone’s private information (ex., cloning a tag used to log into your home computer)
RFID-Hacking? If somebody copies your proximity card and robs Auckland University, do you think you would be arrested for robbery? “This device can do almost anything involving almost any kind of … RFID tag.” (J. Westhues, http://cq.cx/proxmark3.pl)