TRACKING TECHNOLOGIES

14 MARCH

COMP 381

Wireless Technologies RFID Infrared: 5m, line of sight Bluetooth: 10m WiFi: 30m Cellphone: 10k GPS: reach satellite, line of sight

GPS Global Positioning System U.S. space-based system World-wide services

positioningnavigationtiming

COMPONENTS OF GPS

24 satellites receiver

and data bases galore with GPS coordinated

GPS Well Accepted UsesEmergency Tracking Marine Vessels Personal GPS Locator

Transportation Safety Aviation Automobiles

Criminal Tracking House arrest Enhanced probation Enforce prohibitions

National Security Port Security Military Tracking

And others… Parents tracking their kids

Cellphone trackingHidden GPS in teens cars

Companies tracking vehicles and driversDispatchers are privy to private

information Being tracked without knowing

Spouses tracking each other

What is RFID?

Tag Reader

Passive vs Active Passive

Power only from reader 

No battery Smaller

ActivePower from tag and

reader On board batteryLarger

Current RFID ranges Passive

Shorter rangeBetween 1 ft and 4 ft Restricted by

strength of reader magnetic field

ActiveLonger rangeUp to 50 ftRestricted by

material interference

ApplicationsProduct tracking

LivestockLibrary booksWalMart

EZ PassNightclubs in BarcelonaSecurity in MexicoPets

ID chipPet door

MedicalTracking drugsMatching patients

with drugs/procedures

Emergency medical information

Surgical spongesAlzheimer patientsGun control

RFID ExploitsEavesdropping

Impersonation

Data tampering

Information theft

RFID Hacks Your credit card info: $8

Your passport info: $250

Free gas for life: $280

Cryptography solutionsObjectives

ConfidentialityIntegrity

Standard techniquesencryptionchallenge-response

Information Transmission Attack

Trusted Third Partyarbiter, distributor of

secret informationS

ecur

e M

essa

ge

Sec

ure

Mes

sage

Mes

sage

Information channel

Sender Receiver

Secret Information Security related

transformation

Secret Information

Mes

sage

Opponent

Key Technologies

Encryption -> ConfidentialityBefore 1976 private (secret) key Public key introduced in 1976 (Diffie & Hellman)

Authentication -> IntegrityDigital Signature: Sender cannot deny having sent

message (non-repudiation)Kerberos: Central server issues identity voucher

Encryption

PLAINTEXT CIPHERTEXTKEY

ENCRYPTION

DECRYPTION

Types of Attacks

Attack Adversary has Goal is to find

ciphertext only ciphertext plaintext, maybe key

known plaintext plaintext and ciphertext

key

chosen plaintext

ciphertext of selected plaintext

key

Levels of Encryption Unconditionally Secure

Unlimited resources + unlimited timePlaintext CANNOT be recovered from

ciphertext Computationally Secure

Cost of breaking exceeds information valueTime to break exceeds useful lifetime

Private KeySender, receiver share common key

Techniques Substitution ciphers Transposition ciphers (rearrange bits) Combinations of the two basic types

Caesar Cipher Substitute the letter 3 ahead for each

one Example:

Et tu, BruteHw wx, Euxwh

Quite sufficient for its timeHigh illiteracyNew idea

Enigma Machine(Germany, World War II)

Simple Caesar cipher through each rotor

But rotors shifted at different ratesRoller 1 rotated one

position after every encryption

Roller 2 rotated every 26 times…

http://russells.freeshell.org/enigma/

Attack Mechanisms Brute force Statistical analysis

Knowledge of natural language○ All English words have vowels○ There are only 2 1-letter words in English○ High probability that u follows q○ …

DES (Data Encryption Standard)

Government standard History:

First version 1976Replaced with AES in 2001

Longer keys, computationally harder Cracking:

1998: EFF supercomputer 56 hrs 1999: Distributed.net 22 hrs Today:$1M specialized hardware <1 hr

Public KeyTwo keys: one private, one public

Public Key Cryptography Two keys

Private key known only to individualPublic key available to anyone

○ Public key, private key inverses Confidentiality

encipher using public keydecipher using private key

Integrity/authenticationencipher using private key decipher using public one

Popular Public Key Systems

RSA Rivest, Shamir, and Adelman MIT professors 1977

PGPPretty Good PrivacyZimmerman 1991Freeware Versions

Surveillance

Video Surveillance Brief History:

Press suggested use by police as early as 1965.

1969: Use in NYC. Became quite popular

Video Surveillance – Government Law enforcement

Video Surveillance - Britain 4.2 Million Closed Circuit Television

Cameras currently in Britain

Britain ranks worst among Western nations about guarding privacy….

…but compared to the World suddenly not so bad….

Scotland Yard’s New Strategy….will it work?

Video Surveillance - Private Private retail stores and businesses use

cameras for security purposesWorld’s Dumbest Criminal (for your amusement)

http://www.youtube.com/watch?v=_quStvTNynI

UNChttp://its2.unc.edu/resnet/webcams/

And lots morehttp://www.earthcam.com/

Definition of Privacy

pri·va·cy: freedom from unauthorized intrusion: state of being let alone and able to keep certain personal matters to oneself

Facial Recognition Government

London CCTVsTampa PDAirports

PrivateCasinos iPhoto

Wiretapping

Ruled legal

PATRIOT Act

1,891 wiretaps authorized

1928

2001

2008

Brief History

Facts and Stats Average cost in 2008: $47,624 Total cost 2008: $81 million Total cost 1988: $355 million

Convictions 2008: 810 of 4133 arrests Convictions 1998-2008: 56%

Opportunity for Misuse Greek government

had over 100 cell phones tapped by an unknown source

AT&T caught working with NSA to tap American conversations in 2003

Orwell’s 1984There was of course no way of knowing whether you

were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live—did live, from habit that became instinct—in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.