Upload File

a balanced perspective on rfid

24
Security, RFID and Consumers RFID Security, Theory and Practice mr. dr. Bart Schermer RFID Platform Nederland

Upload: considerati

Post on 22-Jan-2015

260 views

Category:

Technology


0 download

Report

Tags:

DESCRIPTION

 

TRANSCRIPT

  • 1. Security, RFID and Consumers
    • RFID Security, Theory and Practice
  • mr. dr. Bart Schermer RFID Platform Nederland

2. About me

  • Secretary RFID Platform Nederland
  • Privacy specialist at ECP.NL
  • Partner at Considerati
  • Assistent professor at the University of Leiden (faculty of law)

3. Board RFID Nederland 4. RFID Nederland

  • Stimulating the uptake of RFID technology and ensuring its responsible use
  • Market initiative
  • 50 participants
  • www.rfidnederland.nl
  • www.watisrfid.nl

5. Business drivers for RFID

  • Realtime insight into business processes increases:
  • Efficiency
  • Security
  • Customer loyalty

6. Why are these similar? Source: ADT Tyco 7. Opposing views... 8. RFID and the Public Opinion 9. RFID vulnerabilities

  • Skimming / eavesdropping
  • Weak crypto
  • Tag reader authentication

10. Security risks

  • Access to data on the chip (including possible keys)
  • Access to associated databases
  • Access to communication between tag and reader
  • Attack vector for databases (e.g. viruses, SQL injects)
  • Cloning (!!!!)
  • Possibility to follow / track trace people

11. Big Brother is watching you! 12. Privacy risks

  • Due to its invisible nature RFIDcanbe used to surreptisiously gather personal data.
  • Companiescanuse this information to profile and classify customers
  • Companiescanuse this information to follow and track consumers throughout their daily lives
  • Companiescanuse invasiveMinority Reportstyle advertising

13. The role of privacy

  • Information is power
  • (Personal) data is used to profile and classify consumers
  • Privacy is a means to maintain economic equality between companies and consumers
  • Consumers (should) have a say in the processing of their personal data

14. EU Privacy Law

  • Data Protection Directive (95/46/EC)
  • Telecom Privacy Directive (2002/58/EC)

15. EU Privacy Law

  • Surreptitious gathering of personal data is a violation of the data protection directive (95/46/EC).
  • Using personal data for other purposes than for which they have been gathered is a violation of the data protection directive
  • Surreptiously monitoring and following people is a criminal offence (and where not, it should be).
  • Targeted advertising without prior permission from consumers is a violation of the data protection directive and the Telecom Privacy Directive (2002/58/EC).

16. Example I: OV chipkaart

  • Mifare Classic (subscriptions etc.) / Mifare Ultralight (day tickets)
  • Hack Plotz & Nohl (reverse engineering -> skimming -> cloning)
  • Hack Radboud I (Mifare Ultralight) (skimming -> cloning)
  • Dutch Data Protection Authority warns GVB, NS
  • Hack Radboud II (Mifare Classic) (cryptoanalysis -> skimming -> cloning)
  • Press coverage differs from the facts
  • NXP (wrongfully) bashed for providing insecure chip
  • Security through obscurity worked for 13 years...

See also:https://ovchip.cs.ru.nl/Event_history 17. Example II: retail 18. Privacy or security? 19. Incident driven response...

  • Consumer backlash (boycott) against technology
  • Motion to cancel the OV chipkaart
  • EU Recommendation on RFID & Privacy: -Mandatory privacy impact assesment -Opt-in for retail environment

20. Observations

  • Emphasis on technology instead of application
  • Security issues and privacy issues are often confused
  • Business reality can differ from security reality - security through obscurity may make sense for a business - cost/risk analysis is leading, not 100% security
  • Solutions are currently viewed as either/or (e.g. opt-in for retail)
  • There is no integrated approach towards security and privacy

21. The right tool for the job

  • 100% security is not always the most optimal economic decision
  • RFID should not be the only security measure
  • Focus on the problem, not the technology
  • What tool is most effective

22. Suggestions

  • Clear(er) distinction between privacy and security - strengthen overall system security - create tools to enhance privacy (Privacy by design, PETs) - create tools to effectuate legal safeguards (consumer in control)
  • Security experts must educate businesses, consumers, policymakers and politicians (in English please)
  • Security, business processes, and legal safeguards must strengthen each other

23. The way forward

  • Companies should:
  • Use RFID in a responsible manner
  • Provide benefits not only to themselves, but also to consumers
  • Provide openness and transparency about the use of RFID
  • Provide a truly free choice for consumers
  • Government should:
  • Create tools for the protection of privacy (PETs, RFID guardians, logo system)
  • Place the consumer in control
  • Monitor possible shifts in the balance of power, and correct where necessary
  • Security experts and researchers should:
  • Try to translate their work in proper English (e.g. Jip and Janneke)
  • ...Keep up the good work

24. Bart Schermer ECP.NL / RFID Platform Nederland Overgoo 11 2260 AG Leidschendam 070-4190309 [email_address] RFID zal een grotere impact op onze samenleving hebben dan Internet heeft gehad-- Prof. Cor Molenaar, voorzitter RFID Nederland Questions?


BALANCED SCORECARD PERSPECTIVE PERFORMANCE

AAFA/VICS RFID EPC Committee Meeting Consumer Perspective of RFID in Apparel Retail Sanchit Tiwari VICS/AAFA RFID EPC Committee Meeting January 16th, 2007

GAO RFID Access Control - RFID Systems - GAO RFID

Consumer Perspective of RFID in Apparel Retail

ESDP European Spatial Development Perspective · 2018-10-04 · ESDP European Spatial Development Perspective Towards Balanced and Sustainable Development of the Territory of the

HRM, Employee Well-being and Organizational Performance: a balanced perspective

Positive Time: Balanced Time Perspective and Positive ... · RESEARCH PAPER Positive Time: Balanced Time Perspective and Positive Orientation Małgorzata Sobol-Kwapinska1 • Tomasz

Bipolar Disorder a Balanced Perspective Fiona Lobban EABCT 2013

Impressionism Rejecting Renaissance perspective, balanced composition, idealized figures, and chiaroscuro. Represented immediate visual sensations through

5032771 Balanced Scorecardfinancial Perspective

STRATEGIC COST MANAGEMENT - SPRING 2011 12-1 Balanced Scorecard Model Financial Perspective Customer Perspective Internal Business Process Perspective

Ethnicity and the Balanced Scorecard’s Customer ... and the Balanced Scorecard’s Customer Perspective: ... Through our analysis, ... We first briefly explain the evolution of the

A Catholic SDA Hymnal? Reviewing so-called "Catholic Influence" on the SDA Hymnal- A Balanced SDA Perspective

Blue ocean strategy, balanced scorecard strategy and team forming a shared perspective

Third Generation Active RFID from the Locating Applications Perspective … · 2018-09-25 · Third Generation Active RFID from t he Locating Applications Perspective 457 The working

Balanced Perspective: EPC/RFID Implementation in the CPG Industry

Balanced Time Perspective in Britain and Russia

RFID · 2015-10-12 · RFID RFID RFID RFID 1Identification systems 2Barcode 3Radio Frequency Identification 4Tag 5Reader. 4 RFID RIFD RFID RFID RFID RFID RFID ... Microsoft Word -

Journal of Global Strategic Management | V. 5 | N. 2 ...isma.info/uploads/files/037-balanced-scorecard-perspective-on... · 37 BALANCED SCORECARD PERSPECTIVE ON CHANGE AND PERFORMANCE:

Strategy Update 2020 Strategic perspective · Strategy Update 2020 Strategic perspective. ... CHEMISTRY Portfolio: More balanced & more specialty Open & performance-oriented culture

RFID Components, Applications and System Integration with Healthcare Perspective

A BALANCED PORTFOLIO PERSPECTIVE FOR INVESTING IN POPULATION HEALTH

Environmental performance as a fifth balanced scorecard ...mams.rmit.edu.au/dhpwgim0k0y7.pdfEnvironmental performance as a fifth balanced scorecard perspective: The judgemental effects

RFID Components, Applications and System …...RFID Components, Applications and System Integration with Healthcare Perspective 31 these protocols and they work within specified range

A BALANCED SCORE CARD PERSPECTIVE OF THE SAFETY …

FAA Perspective Federal Aviation Administration and Regulatory Update on …€¦ ·  · 2015-12-03and Regulatory Update on Aircraft RFID Applications ... –RFID operational considerations

Redesigning the Balanced Scorecard Model: An African Perspective · Balanced Scorecard model: An African perspective, which I hereby submit for the degree Doctor of Philosophy (Financial

The*Balanced*Scorecard* - Cambridge MBA Weblog · PDF fileThe*Balanced*Scorecard** Financial perspective e.g. Operational view Cost reduction Sales growth e.g. Shareholder view ROCE

Balanced Scorecard diffusion from a social network perspective. The effects of interlocking

RFID Readers Networks: A network layer perspective

A Balanced Perspective to Perioperative Process Management

balanced growth justifies - rothschild.com · Perspective More robust and well balanced growth justifies a reassessment of Eurozone markets! As the year begins, it’s time for a

RFID Components, Applications and System Integration …cdn.intechweb.org/pdfs/17854.pdf · 2 RFID Components, Applications and System Integration with Healthcare Perspective Kamran

Balanced Multi-Perspective Checking of Process Conformance

Brown-FormanAnnu Al RepoRt ouR BAlAnCeD peRSpeCtIVe 2008