and Security Concerns

cribabsurdΗλεκτρονική - Συσκευές

27 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

103 εμφανίσεις

RFID in Mobile Commerce
and Security Concerns

Chassica Braynen

April 25, 2007



Introduction



Technology



Uses of RFID in Mobile Commerce



Security & Privacy Concerns

Agenda

Introduction


Radio Frequency Identification (RFID)

is also known as Dedicated Short
-
Range Communication



RFID is an automatic identification method, relying on
remotely storing and/or
retrieving data from small objects, called RFID tags. These tags contain
antennae to receive and respond to queries from an RFID reader. A typical RFID
system consists of two main components, tags and readers.



RFID devices are similar to barcodes



Bar Codes are read or scanned using light


infrared, laser, or optical scanning.



RFID

tags are read using RF energy


radio waves.



Does not require physical contact or line of sight


Used in various environmental conditions


More beneficial than Bar Codes

Introduction


Radio Frequency Identification (RFID)
has existed for over 50 yrs



Used in World War II on Allied aircraft to identify “friendly” planes


Used in the 1960’s and 70’s to tag nuclear equipment


Civilian uses began around 1970’s


animal ID and temp tracking


Railroad inventory tracking


In the 1980’s, became more prevalent worldwide


Electronic toll collection began in 1990’s


Present uses expanding




Introduction



Technology



Uses of RFID in Mobile Commerce



Security & Privacy Concerns

Agenda

Technology


Basic RFID System


Compute
r or
Database


Reader
Antenn
a


Tag Antenna


w/ integrated

circuit chip

Technology


3 types of RFID tag technologies:


Active


Have an internal power source


Longer range, larger memory


Stores the most information


Read distance = several 10’s of meters


Semi
-
passive


Similar to passive, except with small battery


Passive


Have no internal power supply


Powered by radio frequency signal


Read distance = 10 mm to 1 meter

Technology


4 different types of tags in use (by radio frequency)


Low frequency tags (125 or 134.2 kHz)


High frequency tags (13.56 MHz)


UHF tags (868 to 956 MHz)


Microwave tags (2.45 GHz)



Introduction



Technology



Uses of RFID in Mobile Commerce



Security & Privacy Concerns

Agenda

Uses of RFID

Contactless Payment Systems



Exxon Mobile
-


Speed Pass



American Express
-

ExpressPay



MasterCard
-


Pay Pass



Hong Kong
-


Octopus Card



MARTA
-


Breeze Card




Uses of RFID


Electronic toll control


Georgia’s Cruise Card


California’s Fas Trak


Illinois’ I
-
Pass



Food Services


Freedom Pay



Concert Entry


Tickets embedded with tags


Hitachi’s RFID “mu
-
chip”


Uses of RFID



RFID
-
enabled mobile phones


Japan Airlines’ cell phone check
-
in


Can be used as a payment system



(still in beginning stages)


Restaurants


Gas stations


Convenience stores


The way it works:
“Patrons hold their phones up to terminals,
causing the amount due to appear on the phone's screen.
The customer will enter a secret code into the phone's
keypad, authorizing the payment before holding the phone
up to the reader a second time to confirm it.”





Introduction



Technology



Uses of RFID in Mobile Commerce



Security & Privacy Concerns

Agenda

Security Concerns


Generation 1 RFID was not initially designed for security



Some RFID tags are vulnerable to alteration, corruption and deletion
of the data



Wireless protocols can be jammed, creating a denial of service attack




RFID data can be copied


On Jan 29th 2005, RSA Security and a group of students from Johns Hopkins University
broke the proprietary encryption algorithm used by Exxon Mobile’s Speedpass. They were
able to successfully copy a Speedpass and use the copied RFID tag to purchase gas.




Companies are addressing security issues



Privacy risks



Profiling


Tracking



Notification


Tag “sniffing”


Solutions


Lengthen passwords to 32 bits



Make tag ID non
-
broadcasting


16
-
bit randomly generated keys
-

used to encrypt
read, write and erase commands.


Authenticated RFID, 2
-
factor Authentication


Monitoring systems


Education


Some vendor systems are more secure than others


Ensure that tag selection is in alignment of company’s
security policy


Be informed, understand risks


This concludes my presentation.