TagCentric Status and Direction - Arkansas State University ...

musicincurableData Management

Jan 31, 2013 (4 years and 6 months ago)

120 views

Secure Identity Solutions

Craig Thompson, Dale R. Thompson, Jia Di

University of Arkansas, Fayetteville


February 21, 2007



{cwt, drt, jdi}@uark.edu

Computer Science and Computer Engineering Dept., University of Arkansas

311 Engineering Hall, Fayetteville, Arkansas 72701



Everything is Alive

Craig W. Thompson

University of Arkansas

Craig Thompson’s story


SSN at birth, developed a personality, passport at
10, collected coins, CA DL at 17, TX DL at 21,
member of CACM & IEEE, married, got credit
cards, TN DL at 27, bought car for daughter,
wrote autobiographies for family members


worked on DBMS, middleware & architectures,
agents, policy languages, digital rights, RFID,
threats, privacy, synthetic data generation,
participated in this conference


Records of my life include birth certificates,
transcripts, photos, diary, job records, phone bills,
… DBMS(me)/mylifebits, … models of myself

I see a


tank!

Need

fuel!

observations &

recommendations

orders &

subscriptions

Any

threats?


Everything is Alive

a world where everything is alive (EiA) and can sense, act, think, feel, communicate, and maybe even move and reproduce. Thi
s m
ight include
equipment, vehicles, robots, toys, clothing, pets, and objects such as trees and walls.

TagCentric RFID Middleware

Reader
2

Tag Printer

Motion Sensor

Reader
1

Camera

GUI Dashboard

DBMS



XML messages sent between “agents”



Device

Wrappers

Architecture


Developed TagCentric RFID application:


4 reader types supported: Alien, Symbol, Thingmagic, and “Fake”.


1 Tag printer supported: Zebra


5 databases supported: DB2, Derby, MySQL, Oracle, PostgreSQL


Open Source Toolkit available


Smart devices + Supply chains


Humans now manage 10 network devices and will
need to manage 100s to 1000s


Many kinds of sensors


Item level RFID


Data synchronization networks


Download plugins from the web


Simple and complex user interfaces


Scheduler


Log History


Natural language I/F and/or GUI





Predictive menu to guide user to correct sentence

Menu Based Natural Language I/F Plugin

Many Puzzles Remain


Technical


we don’t yet have all the puzzle pieces


Universal plug and play, composability & MDE


Querying collections of agents & Policy languages & …


Social


extrapolate today’s direction to tomorrow


Humans are increasingly connected


cell phones, instant
messaging, chat, blogs, social networks, role playing games, …


1000 closest friends, borgs, precision communication,
Internet people, anonymity


Information aggregation


DBMS[me]


Human augmentation


Better hearing, seeing, memory, …


Transferring your identity to your smart card, memory stick,
personal agents, models


Safe information sharing


Publications


C. Thompson
, “Everything is Alive,” Architectural
Perspective Column, IEEE Internet Computing, Jan
-
Feb
2004.


C. Thompson
, P. Parkerson, “DBMS[me],” Architectural
Perspective Column, IEEE Internet Computing, May
-
June
2004.


C. Thompson
, “Smart Devices and Soft Controllers,”
Architectural Perspective Column, IEEE Internet Computing,
Jan
-
Feb 2005.


C. Thompson
, P. Pazandak, H. Tennant, “Talk to your
Semantic Web,” Architectural Perspective Column, IEEE
Internet Computing, Nov
-
Dec 2005.


J. Hoag,
C. Thompson
, “Architecting RFID Middleware,”
Architectural Perspectives column, IEEE Internet
Computing, September
-
October, 2006.

Security and Privacy Threats to Identity

Dale R. Thompson

University of Arkansas

Security Threats to Identity

STRIDE* Category

Threats

S
poofing

Cloning ID card, replay

T
ampering with data

Change biometric, modify or
delete database entry

R
epudiation

Deny boarding plane

I
nformation disclosure

Skimming ID card,
eavesdropping ID card,
information in database(s)

D
enial of service

Jamming, access to database

E
levation of privilege

Upgrade privileges

*M. Howard and D. LeBlanc,
Writing Secure Code
, 2nd ed., Redmond, Washington: Microsoft Press, 2003.

STRIDE Categories and Mitigation
Techniques*

Category

Techniques

S
poofing identity

Appropriate authentication, Protect secrets, Don’t
store secrets

T
ampering with data

Appropriate authentication, Hashes, Message
authentication codes, Digital signatures, Tamper
-
resistant protocols

R
epudiation

Digital signatures, Timestamps, Audit trails

I
nformation disclosure

Authorization, Privacy
-
enhanced protocols,
Encryption, Protect secrets, Don’t store secrets

D
enial of service

Appropriate authentication, Appropriate authorization,
Filtering, Throttling, Quality of Service

E
levation of privilege

Run with least privilege

*M. Howard and D. LeBlanc,
Writing Secure Code
, 2nd ed., Redmond, Washington: Microsoft Press, 2003.

What is Privacy?


“The right to be let alone” [1]


“The right of individuals to determine when, how,
and how much information about themselves is
released to others.” [2]


Privacy includes the right to make decisions about
one’s own life, to keep personal secrets, and to
keep secrets about where we come and go. [3]


It is the right to make decisions without
interference from the government or economic
pressures from commercial entities. [3]

[1] S. Warren and L. Brandeis, “The Right to Privacy,” Harvard Law Review, vol. 4, pp. 193
-
220, 1890.

[2] A. F. Westin, Privacy and Freedom, Atheneum, NY, 1967.

[3] R. E. Smith and M. Zolikoff, “Citizens: Getting at our Real concerns,” in RFID: Applications, Security, and Privacy, S.
Garfinkel and B. Rosenberg, Eds. Upper Saddle River, New Jersey: Addison
-
Wesley, 2006, pp. 413
-
429.

Fair Information Practices (FIPs)
Principles of Information Privacy*


Notice
. There must be no personal
-
data, record
-
keeping
systems whose very existence is a secret.


Access
. There must be a way for a person to find out what
information about the person is in a record and how it is
used.


Choice
. There must be a way to prevent personal information
that was obtained for one purpose from being used or made
available for other purposes without the person’s consent.


Recourse
. There must be a way for a person to correct or
amend a record of identifiable information about the person.


Security
. Any organization creating, maintaining, using, or
disseminating records of identifiable personal data must
assure the reliability of the data for their intended use and
must take reasonable precautions to prevent misuse of the
data.

*The Code of Fair Information Practices, U.S. Department of Health, Education and Welfare, Secretary’s Advisory
Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens, VIII. (1973).
[Online]. Available: http://www.epic.org/privacy/consumer/code_fair_info.html

Privacy Threats by National ID


Enables tracking, profiling,
and surveillance of individuals
on a large scale.



Alan F. Westin’s Privacy Classifications


Privacy Fundamentalist (11%)


Very concerned


Unwilling to provide data


Privacy Unconcerned (13%)


Mild concern


Willing to provide data


Privacy Pragmatists (75%)


Somewhat concerned


Willing to provide data if they are notified and get a
benefit

Publications


M. Byers, A. Lofton, A. K. Vangari
-
Balraj, and
D. R. Thompson
,
“Brute force attack of EPCglobal UHF class
-
1 generation
-
2 RFID
tag,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas,
April 20
-
21, 2007, to appear.


D. R. Thompson
, J. Di, H. Sunkara, and C. Thompson, “Categorizing
RFID privacy threats with STRIDE,” in Proc. ACM Symposium on
Usable Privacy and Security (SOUPS), Carnegie Mellon University,
Pittsburgh, Pennsylvania, July 12
-
14, 2006.


D. R. Thompson
, N. Chaudhry, and C. W. Thompson, “RFID security
threat model,” in Proc. Acxiom Laboratory for Applied Research
(ALAR) Conf. on Applied Research in Information Technology,
Conway, Arkansas, Mar. 3, 2006.


N. Chaudhry,
D. R. Thompson
, and C. Thompson, RFID Technical
Tutorial and Threat Modeling, ver. 1.0, tech. report, Dept. of
Computer Science and Computer Engineering, University of
Arkansas, Fayetteville, Arkansas, Dec. 8, 2005. Available:
http://csce.uark.edu/~drt/rfid

Mitigating Side
-
Channel Attacks to RFID
Hardware


Jia Di

University of Arkansas


Known Attacks to Integrated Circuits (ICs)


Invasive attacks


De
-
packaging


Layout reconstruction


Microprobing


Non
-
invasive attacks


Simple power analysis (SPA)


Differential power analysis (DPA)


High
-
order differential power analysis (HO
-
DPA)


Timing analysis (TA)


Fault analysis


Glitch attacks

Applicable
to RFID
Power Fluctuation in Synchronous Circuits

0.00%
20000.00%
40000.00%
60000.00%
80000.00%
100000.00%
120000.00%
0x0
1x1
2x2
3x3
4x4
Syn Mult
The power and timing parameters need to be made independent of data pattern

Delay
-
Insensitive Asynchronous Logic


High energy efficiency


No clock skew


High modularity (plug
-
n
-
play)


Stable power dissipation


Average case
performance


Robust input timing
handling


Low noise and emission




State

Rail 1

Rail 0

Spacer

0

0

Data 0

0

1

Data 1

1

0

Not allowed

1

1

Data
#
3
Spacer
Data
#
2
Spacer
Data
#
1
Spacer
Data
-
spacer sequence

Dual
-
Spacer Dual
-
Rail Delay
-
Insensitive
Logic (D
3
L)

State

Rail 1

Rail 0

All
-
zero Spacer

0

0

Data 0

0

1

Data 1

1

0

All
-
one Spacer

1

1

Data
#
3
All
-
zero
spacer
Data
#
2
All
-
one
spacer
Data
#
1
All
-
zero
spacer
State

Rail 1

Rail 0

Spacer

0

0

Data 0

0

1

Data 1

1

0

Not allowed

1

1

On
-
the
-
fly Random Spacer Selection

Old data group
New data group
New Data
1
Random
spacer
selection
Arithmetic functional
Block
Reset
1
Reset
2
Old Data n
Go to all
-
zero spacer
Go to all
-
one
spacer
New Data n
Old Data
1
REG
Results Comparison


Multipliers

0.00%
1.00%
2.00%
3.00%
4.00%
5.00%
6.00%
7.00%
8.00%
9.00%
0x0
1x1
2x2
3x3
4x4
NCL
D3L
Publications


J. Di

and F. Yang, “D
3
L


A Framework on Fighting against Non
-
invasive Attacks to Integrated Circuits for Security Applications,”
the IASTED International Conference on Circuits, Signals, and
Systems

(CSS 2005).


D. R. Thompson,
J. Di
, H. Sunkara, and C. Thompson, “Categorizing
RFID privacy threats with STRIDE,” in Proc. ACM Symposium on
Usable Privacy and Security (SOUPS), Carnegie Mellon University,
Pittsburgh, Pennsylvania, July 12
-
14, 2006.


J. Di

and S. Smith, “A Hardware Threat Modeling Concept for
Trustable Integrated Circuits,” in Proc. IEEE Region 5 Technical
Conf., Fayetteville, Arkansas, April 20
-
21, 2007, to appear.


J. Di

and S. Smith, “Detecting Malicious Logic through Structural
Checking,” in Proc. IEEE Region 5 Technical Conf., Fayetteville,
Arkansas, April 20
-
21, 2007, to appear.

Building a Secure Federal Real
ID System

Today at 4:15 p.m.