1 / 15

Security paradigms and RFID

Explore the history, standards, and security issues of RFID technology. Learn about risk-based assessment, design-based assurance, and the development of security standards. Discover the key points in adopting the "design for assurance" paradigm and the importance of risk-based development in security functions.

blyon
Download Presentation

Security paradigms and RFID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security paradigms and RFID RFID03_03 Scott W CADZOW C3L Footer text (edit in View : Header and Footer)

  2. Security and standards development • Risk based assessment • Design based assurance Footer text (edit in View : Header and Footer)

  3. History of RFID • Origins not terribly well documented • Henry Stockman, 1948 • Mario Cardullo (US Patent 3,713,148) in 1973 • Charles Walton (US Patent 4,384,288) in 1983 • Standards development • ISO, base standards • ETSI?? • ITS active, passive transponders, road pricing Footer text (edit in View : Header and Footer)

  4. Standards (not radio) • ISO 14223/1 • Radio frequency identification of Animals, advanced transponders – Air interface • ISO 14443 • HF (13.56 MHz) standard used as the basis of RFID-enabled passports under ICAO 9303. • ISO 15693 • HF (13.56 MHz) standard, used for non-contact smart payment and credit cards. • ISO 18000-7 • UHF (433 MHz) industry standard for active RFID products • ISO 18185 • Industry standard for electronic seals for tracking cargo containers Footer text (edit in View : Header and Footer)

  5. Security issues in RFID • Well documented • Aired in previous RFID workshops • Tracking – traffic analysis • Masquerade may result • Physical weaknesses • Chip can be broken • Antenna can be broken • Antenna can be easily masked • Religious fervour ??? • Weird claim of RFID as mark of the beast (Revelation 13:16) Footer text (edit in View : Header and Footer)

  6. “System” Objective Objective Objective !! Existing Standards Existing Standards Function Function Function Function Function Function Requirement Requirement Requirement Requirement Requirement Requirement Requirement Requirement Requirement Requirement Requirement Requirement

  7. Paradigm to be adopted • Design for assurance • Advancement of ITU-T 3 stage method • Development in line with Common Criteria (ISO/IEC 15408) • Use of ETSI EG 202 387 as basis • Development of Protection Profiles using ES 202 382 as template • Risk analysis as fundamental key in development • ETSI TS 102 165-1 as the root document • Objective and requirements engineering • Key to success being developed in TISPAN WI-07027 • Security architecture and countermeasure analysis • Using key capabilities from ISO/IEC 15408-2 Footer text (edit in View : Header and Footer)

  8. Definitions to be going on with • Objectives • Broad intention of system (WHAT) • Functions • Abstract grouping of features • Requirements • Implementation detail (HOW)

  9. Understanding of security • A Threat, enacted by a Threat Agent, may lead to an Unwanted Incident breaking certain pre-defined security objectives • Aim is to avoid Unwanted Incidents • Countermeasures restrict the ability of threat agents to operate

  10. The root model for eTVRA

  11. Threat types (#1)

  12. Threat types (#2)

  13. Where we need to go Summary Footer text (edit in View : Header and Footer)

  14. Key points • Adoption of “design for assurance” paradigm • Risk based development of security functions • Distribution of risk based on least cost loss function • Cryptographic development with SAGE as partners • Systems security development with TISPAN and OCG-Sec as partners Footer text (edit in View : Header and Footer)

  15. Thanks for listening • Scott CADZOW • Scott @ Cadzow . com Footer text (edit in View : Header and Footer)

More Related