1 / 17

RFID in Mobile Commerce and Security Concerns

RFID in Mobile Commerce and Security Concerns. Chassica Braynen April 25, 2007. Agenda. Introduction Technology Uses of RFID in Mobile Commerce Security & Privacy Concerns. Introduction. Radio Frequency Identification (RFID) is also known as Dedicated Short-Range Communication

gracie
Download Presentation

RFID in Mobile Commerce and Security Concerns

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007

  2. Agenda • Introduction • Technology • Uses of RFID in Mobile Commerce • Security & Privacy Concerns

  3. Introduction • Radio Frequency Identification (RFID) is also known as Dedicated Short-Range Communication • RFID is an automatic identification method, relying on remotely storing and/or retrieving data from small objects, called RFID tags. These tags contain antennae to receive and respond to queries from an RFID reader. A typical RFID system consists of two main components, tags and readers. • RFID devices are similar to barcodes • Bar Codes are read or scanned using light – infrared, laser, or optical scanning. • RFID tags are read using RF energy – radio waves.  • Does not require physical contact or line of sight • Used in various environmental conditions • More beneficial than Bar Codes

  4. Introduction • Radio Frequency Identification (RFID) has existed for over 50 yrs • Used in World War II on Allied aircraft to identify “friendly” planes • Used in the 1960’s and 70’s to tag nuclear equipment • Civilian uses began around 1970’s • animal ID and temp tracking • Railroad inventory tracking • In the 1980’s, became more prevalent worldwide • Electronic toll collection began in 1990’s • Present uses expanding

  5. Agenda • Introduction • Technology • Uses of RFID in Mobile Commerce • Security & Privacy Concerns

  6. Reader Antenna Tag Antenna w/ integrated circuit chip Computer or Database Technology • Basic RFID System 

  7. Technology • 3 types of RFID tag technologies: • Active • Have an internal power source • Longer range, larger memory • Stores the most information • Read distance = several 10’s of meters • Semi-passive • Similar to passive, except with small battery • Passive • Have no internal power supply • Powered by radio frequency signal • Read distance = 10 mm to 1 meter

  8. Technology • 4 different types of tags in use (by radio frequency) • Low frequency tags (125 or 134.2 kHz) • High frequency tags (13.56 MHz) • UHF tags (868 to 956 MHz) • Microwave tags (2.45 GHz)

  9. Agenda • Introduction • Technology • Uses of RFID in Mobile Commerce • Security & Privacy Concerns

  10. Uses of RFID Contactless Payment Systems • Exxon Mobile - “Speed Pass” • American Express -“ExpressPay” • MasterCard - “Pay Pass” • Hong Kong - “Octopus Card” • MARTA - “Breeze Card”

  11. Uses of RFID • Electronic toll control • Georgia’s Cruise Card • California’s Fas Trak • Illinois’ I-Pass • Food Services • Freedom Pay • Concert Entry • Tickets embedded with tags • Hitachi’s RFID “mu-chip”

  12. Uses of RFID • RFID-enabled mobile phones • Japan Airlines’ cell phone check-in • Can be used as a payment system (still in beginning stages) • Restaurants • Gas stations • Convenience stores • The way it works: “Patrons hold their phones up to terminals, causing the amount due to appear on the phone's screen. The customer will enter a secret code into the phone's keypad, authorizing the payment before holding the phone up to the reader a second time to confirm it.”

  13. Agenda • Introduction • Technology • Uses of RFID in Mobile Commerce • Security & Privacy Concerns

  14. Security Concerns • Generation 1 RFID was not initially designed for security • Some RFID tags are vulnerable to alteration, corruption and deletion of the data • Wireless protocols can be jammed, creating a denial of service attack • RFID data can be copied • On Jan 29th 2005, RSA Security and a group of students from Johns Hopkins University broke the proprietary encryption algorithm used by Exxon Mobile’s Speedpass. They were able to successfully copy a Speedpass and use the copied RFID tag to purchase gas. • Companies are addressing security issues

  15. Privacy risks • Profiling • Tracking • Notification • Tag “sniffing” PRIVACY?

  16. Solutions • Lengthen passwords to 32 bits • Make tag ID non-broadcasting • 16-bit randomly generated keys - used to encrypt read, write and erase commands. • Authenticated RFID, 2-factor Authentication • Monitoring systems • Education • Some vendor systems are more secure than others • Ensure that tag selection is in alignment of company’s security policy • Be informed, understand risks

  17. This concludes my presentation.

More Related