Embed Size (px)
DESCRIPTION
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 What is a Security Threat? “A potential event that causes a system to respond in an unexpected or damaging way.” – Chaudhry Tampering with Data Information Disclosure Spoofing Identity Repudiation Denial of Service Elevation of Privilege
Citation preview
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
RFID SecurityNicholas Alteen
Computer Science ProgramFlorida Gulf Coast UniversityMentor: Dr. Janusz Zalewski
28 April 2012
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
What is RFID?Small circuit boards containing data that can be accessed without Line of Sight: Passive (no power source); Active (dedicated power source).
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
What is a Security Threat?“A potential event that causes a system to respond in an unexpected or damaging way.” – Chaudhry• Tampering with Data• Information Disclosure• Spoofing Identity• Repudiation• Denial of Service• Elevation of Privilege
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
Data Tempering•“An attacker modifies, adds/deletes, or reorders data.”•Tag killing is a serious threat to RFID security.•Requires knowledge of the kill password.•Commonly occurs during purchases.
Information Disclosure•“Information is exposed to unauthorized user.”•Physical attacks are a threat to RFID systems.•Aluminum wallets are an effective solution to prevent unauthorized access.
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
Spoofing Identity• “An attacker poses as an authorized user.”• Protecting data using authorization passwords. • Can we lock a tag to prevent it?
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
Repudiation• “An attacker denies an action and no proof
exists to prove that the action was performed.”• Blocking a valid user from performing a normal
task within their authority.• Locking a tag to prevent valid access.
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
Denial of Service• “Service is denied to valid and invalid users.”• Common form of attack for web services.• Rapid tag interrogations by an attacker block
any valid attempts at reading tag data.
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012
Elevation of Privilege• “Occurs when an unprivileged user gains higher privilege in a system which they are authorized.”• If retail companies drop UPC in favor of RFID, this poses a significant threat (Tag cloning).• Employees potentially have too much privilege.
