View
217
Download
0
Embed Size (px)
Citation preview
The Bluetag System
• Tag
• Consumer Software
• Retailer Software
Client
Bluetag Database
Locked Item
IDB
Store Inventory
• Housing: – 4.25” x 2” x 1.25”– Blue photopolymer, $150
• PCB: – 3” x 1.5”– Mini solenoid
• Power– 78mW DC connected, 911mW transient (unlock)– Recharge jack, on-off switch
Tag Overview
User Account Creation
• Bluetag website enables users to create valid accounts before entering a store
• Email address, password, and credit card information
• Written in HTML and PHP
Retailer Software
Client Session
IDB IDB GUI
Inventory and Bluetag
Databases
Client Session
Client Session
Client Session
Phone Software
Typical Use-case:
1. Enable Bluetooth on your phone, connect to BLUETAG wireless network
2. Login
3. Enter tag visual ID, connect to tag
4. Click “Buy”
5. Verify tag unlocked
System Security• Protection of sensitive information
– Unlock codes– User account information
• Potential vulnerabilities– Database attack– Bluetooth monitoring– WiFi monitoring– Physical abuse
Bluetooth Security
Existing Measures
• Frequency hopping (can be cracked)
• Encryption (many weaknesses)
Bluetag Additions
• Dynamic unlock codes
• Unlock code mapping
Bluetooth Security
Smartphone Software
Tag Database
Unlock Code
Unlock Code X
X
EEPROM Memory
Process Unlock Code
Mapped Code
Retailer Software Tag Software
Reset Process
Purchase Process
WiFi Security
Database
RSA encrypted at 512 bits
The number of possible keys : 2512 = 1.34E154 ;With a device that could check 1E18 keys per second,It will require 4.25E128 years to try all keys;
Where age of universe = 1.3E10 years