Author: Author: Esteban Masobro Esteban Masobro[esteban.masobro@yahoo.co.uk][Esteban.Masobro@tecnocom.es] 1 Royal Holloway, University of London Weekend

  • Published on
    24-Dec-2015

  • View
    217

  • Download
    5

Embed Size (px)

Transcript

  • Slide 1
  • Author: Author: Esteban Masobro Esteban Masobro[esteban.masobro@yahoo.co.uk][Esteban.Masobro@tecnocom.es] 1 Royal Holloway, University of London Weekend Conference Weekend Conference 6 & 7 September 2014 6 & 7 September 2014 The MSc Project Experience: Security Protocols for Low- Cost RFID Tags Analysis and Automated Verification of Proposed Solutions Supervisor: Dr Konstantinos Markantonakis Dr Konstantinos Markantonakis http://km.isg.rhul.ac.uk/ http://km.isg.rhul.ac.uk/
  • Slide 2
  • Acknowledgement This presentation is strongly based on the information obtained from the various resources at our disposal, mainly: The project supervisor. [1] The project seminar at the VLE. [2] The project guide. [3] Any mistakes are entirely this speakers fault. 2
  • Slide 3
  • Contents Part 1 - Introduction 1.1 The Presentation 1.1.1 Intended audience 1.1.2 Motivation 1.1.3 Objectives 1.2 The MSc Project 1.2.1 An Introductory Idea 1.2.2 The Overall Picture 1.2.3 The Project Process Steps 1.2.4 The Project Supervisor 3
  • Slide 4
  • Contents Part 2 - My Project Topic 2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture 2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3. The Big Brothers Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability 2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof 4
  • Slide 5
  • Contents Part 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions Part 4 Pitfalls and Highs Bibliography 5
  • Slide 6
  • PART 1 Introduction Introduction 6
  • Slide 7
  • Contents Part 1 - Introduction 1.1 The Presentation 1.1.1 Intended audience 1.1.2 Motivation 1.1.3 Objectives 1.2 The MSc Project 1.2.1 An introductory idea 1.2.2 The Overall Picture 1.2.3 The Project Process Steps 1.2.4 The Project Supervisor 7
  • Slide 8
  • Intended Audience Who is this presentation for? Current students on the programme Students who have not yet started the course A more general audience is also welcome Assumptions No specialist knowledge is assumed Familiarity with the basics of Information Security can be helpful 8
  • Slide 9
  • Motivation The MSc project is worth one quarter of the degrees overall mark, and so it should be taken seriously. Experience shows that a preliminary good understanding of the project process is essential. Emphasis will be placed on the identification of typical pitfalls and highs. This presenters own project will be used as a running example. 9
  • Slide 10
  • Objectives Objectives Provide an overall picture of the MSc Project. Describe the experience of the project by means of the speakers own. Overview the different steps of the project process. Identify typical pitfalls and highs. 10
  • Slide 11
  • Contents Part 1 - Introduction 1.1 The Presentation 1.1.1 Intended audience 1.1.2 Motivation 1.1.3 Objectives 1.2 The MSc Project 1.2.1 An introductory idea 1.2.2 The Overall Picture 1.2.3 The Project Process Steps 1.2.4 The Project Supervisor 11
  • Slide 12
  • An Introductory Idea The MSc project: Is an independent and well-defined piece of work, dealing with some aspect of Information Security. Must show that an all-encompassing perspective has been obtained of all that is known about the subject matter. Must add value to this knowledge. Is largely represented by the report, which must be satisfactorily structured, presented, written, and have adequate length and referencing. 12
  • Slide 13
  • 13 The Overall Picture Project Process - Project Guide -VLE - Others Project Supervisor
  • Slide 14
  • 14 The Project Process Steps Step 1 Selection of the Project Topic Step 2 Specification of the Objectives Step 3 Identification of methodology Step 4 Development of the Project Plan Step 5 Collection and processing of data Step 6 Production of the report Step 7 Drawing conclusions
  • Slide 15
  • has the experience of many projects and knows what the examiners are looking for. The Project Supervisor has the experience of many projects and knows what the examiners are looking for. The Project Supervisor is the first port of call on all issues related to the project, and should be regularly informed on progress. It is wise to involve your Project Supervisor at every step of the project process, from the selection of the project topic and the establishment of the project plan, to the approval of the report structure and review of draft reports. Nonetheless, students must do all the work. 15 The Project Supervisor
  • Slide 16
  • PART 2 My Project Topic My Project Topic 16
  • Slide 17
  • Contents Part 2 - My Project Topic 2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture 2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brothers Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability 2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof 17
  • Slide 18
  • My project topic is Security Protocols for Low-Cost RFID Tags. A short background to the topic of my project: General purpose, architecture and basic operation of an RFID system Why the technology has to overcome security and privacy issues before widespread adoption The relevance of automated formal verification of security protocols 18 My Project Topic
  • Slide 19
  • RFID is an Auto-ID technology. Other Auto-ID technologies include: Barcode systems Optical character recognition Biometrics Smart cards 19 General purpose Texas Instruments' HF-I family of 13.56 MHz RFID tags. Picture taken from [7].
  • Slide 20
  • Architecture of an RFID system: A large set of resource-constraint tags. A set of computationally powerful readers. A computationally powerful backend system. A communication channel between backend server and readers. A communication channel between reader and tags. 20Architecture
  • Slide 21
  • Architecture (Tags) Architecture (Tags) 21 Confidexs Silverline printable, flexible on-metal adhesive RFID Label. Picture taken from [7]. A steer with an eTatoo dangle tag. Picture taken from [7]. VeriChip's 134 kHz passive tag, designed for implantation in humans, is the size of a grain of rice. Picture taken from [7].
  • Slide 22
  • Architecture (Readers) Architecture (Readers) 22 Motorolas MC9190-Z handheld reader. Picture taken from [7]. qIDmini from CAEN RFID. Picture taken from [7].
  • Slide 23
  • Architecture (Traditional Model) Architecture (Traditional Model) 23 Architecture of an RFID system. Picture taken from [4]
  • Slide 24
  • Basic Operation 24 Reader Tag What is your ID? My ID is 8193 Backend System What object is tag with ID 8193 attached to? Its attached to a cheap polyester wig, etc.
  • Slide 25
  • RFID can be applied to a wide range of applications, from tracing of tagged products througout the supply chain to pet and drug identification. Lets consider an example at the Dutch horticultural supply chain called From Plant to Customer. It attempts to reduce labour cost and increment efficiency and accuracy. EPC Gen 2 passive UHF RFID tags are attached to both trays of plants and trolleys by growers. 25 Example Application
  • Slide 26
  • 26 GROWERDISTRIBUTION CENTER EXPORTER TRANSPORT COMPANY RETAILER Pictures taken from [7].
  • Slide 27
  • Example Application 27 Tag at trolley at the Hamiplant exporter. Picture taken from [7].
  • Slide 28
  • Example Application 28 RFID Portal at an outgoing dock door. Hamiplant exporter. Picture taken from [7].
  • Slide 29
  • Contents Part 2 - My Project Topic 2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture 2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brothers Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability 2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof 29
  • Slide 30
  • Basic Operation 30 Reader Tag What is your ID? My ID is 8193 Backend System What object is tag with ID 8193 attached to? Its attached to a cheap polyester wig, etc.
  • Slide 31
  • Privacy 31 Reader Tag What is your ID? My ID is 8193 Backend System What object is tag with ID 8193 attached to? Its attached to a cheap polyester wig, etc.
  • Slide 32
  • Anonymity Anonymity 32 The consumer privacy problem. Picture taken from [6]
  • Slide 33
  • Anonymity 33 Reader Tag What is your ID? My ID is 8193 Backend System What object is tag with ID 8193 attached to? Its attached to a cheap polyester wig, etc.
  • Slide 34
  • The Big Brothers Concern 34 EPC: thE sPy Chip. Picture taken from [18].
  • Slide 35
  • Hashing the identifier Hashing the identifier 35 Reader Tag What is your ID? My ID is hash(8193) Backend System What object is tag with hash(ID) = hash(8193) attached to? Its