Remote Power Analysis of {RFID} Tags

We describe the first power analysis attack on passive RFID tags. Compared to standard power analysis attacks, this attack is unique in that it requires no physical contact with the device under attack. The power analysis can be carried out even if both the tag and the attacker are passive and transmit no data, making the attack very hard to detect. As a proof of concept, we use power analysis to extract the kill passwords from Class 1 EPC tags operating in the UHF frequency range. Tags from several major vendors were successfully attacked. Our attack can be extended to HF tags and to remote fault analysis. The main significance of our attack is not in the discovery of kill passwords but in its implications on future tag design -- any cryptographic functionality built into tags needs to be designed to be resistant to power analysis, and achieving this resistance is an undertaking which has an effect both on the price and on the performance of tags. (this is my Master\u27s thesis, carried out under the supervision of Prof. Adi Shamir. It may be considered as the extended version of the article Remote Password Extraction from RFID Tags , recently published in IEEE Transactions on Computers and indexed as http://dx.doi.org/10.1109/TC.2007.1050 or as http://ieeexplore.ieee.org/iel5/12/4288079/04288095.pdf

Implementation of Middleware for Internet of Things in Asset Tracking Applications: In-lining Approach

ThesisInternet of Things (IoT) is a concept that involves giving objects a digital identity and limited artificial intelligence, which helps the objects to be interactive, process data, make decisions, communicate and react to events virtually with minimum human intervention. IoT is intensified by advancements in hardware and software engineering and promises to close the gap that exists between the physical and digital worlds. IoT is paving ways to address complex phenomena, through designing and implementation of intelligent systems that can monitor phenomena, perform real-time data interpretation, react to events, and swiftly communicate observations. The primary goal of IoT is ubiquitous computing using wireless sensors and communication protocols such as Bluetooth, Wireless Fidelity (Wi-Fi), ZigBee and General Packet Radio Service (GPRS). Insecurity, of assets and lives, is a problem around the world. One application area of IoT is tracking and monitoring; it could therefore be used to solve asset insecurity. A preliminary investigation revealed that security systems in place at Central University of Technology, Free State (CUT) are disjointed; they do not instantaneously and intelligently conscientize security personnel about security breaches using real time messages. As a result, many assets have been stolen, particularly laptops. The main objective of this research was to prove that a real-life application built over a generic IoT architecture that innovatively and intelligently integrates: (1) wireless sensors; (2) radio frequency identification (RFID) tags and readers; (3) fingerprint readers; and (4) mobile phones, can be used to dispel laptop theft. To achieve this, the researcher developed a system, using the heterogeneous devices mentioned above and a middleware that harnessed their unique capabilities to bring out the full potential of IoT in intelligently curbing laptop theft. The resulting system has the ability to: (1) monitor the presence of a laptop using RFID reader that pro-actively interrogates a passive tag attached to the laptop; (2) detect unauthorized removal of a laptop under monitoring; (3) instantly communicate security violations via cell phones; and (4) use Windows location sensors to track the position of a laptop using Googlemaps. The system also manages administrative tasks such as laptop registration, assignment and withdrawal which used to be handled manually. Experiments conducted using the resulting system prototype proved the hypothesis outlined for this research

IoT based on secure personal healthcare using RFID technology and steganography

Internet of things (IoT) makes it attainable for connecting different various smart objects together with the internet. The evolutionary medical model towards medicine can be boosted by IoT with involving sensors such as environmental sensors inside the internal environment of a small room with a specific purpose of monitoring of person's health with a kind of assistance which can be remotely controlled. RF identification (RFID) technology is smart enough to provide personal healthcare providing part of the IoT physical layer through low-cost sensors. Recently researchers have shown more IoT applications in the health service department using RFID technology which also increases real-time data collection. IoT platform which is used in the following research is Blynk and RFID technology for the user's better health analyses and security purposes by developing a two-level secured platform to store the acquired data in the database using RFID and Steganography. Steganography technique is used to make the user data more secure than ever. There were certain privacy concerns which are resolved using this technique. Smart healthcare medical box is designed using SolidWorks health measuring sensors that have been used in the prototype to analyze real-time data

Secure and efficient data extraction for ubiquitous computing applications

Ubiquitous computing creates a world where computers have blended seamlessly into our physical environment. In this world, a computer is no longer a monitor-and-keyboard setup, but everyday objects such as our clothing and furniture. Unlike current computer systems, most ubiquitous computing systems are built using small, embedded devices with limited computational, storage and communication abilities. A common requirement for many ubiquitous computing applications is to utilize the data from these small devices to perform more complex tasks. For critical applications such as healthcare or medical related applications, there is a need to ensure that only authorized users have timely access to the data found in the small device. In this dissertation, we study the problem of how to securely and efficiently extract data from small devices.;Our research considers two categories of small devices that are commonly used in ubiquitous computing, battery powered sensors and battery free RFID tags. Sensors are more powerful devices equipped with storage and sensing capabilities that are limited by battery power, whereas tags are less powerful devices with limited functionalities, but have the advantage of being operable without battery power. We also consider two types of data access patterns, local and remote access. In local data access, the application will query the tag or the sensor directly for the data, while in remote access, the data is already aggregated at a remote location and the application will query the remote location for the necessary information, The difference between local and remote access is that in local access, the tag or sensor only needs to authenticate the application before releasing the data, but in remote access, the small device may have to perform additional processing to ensure that the data remains secure after being collected. In this dissertation, we present secure and efficient local data access solutions for a single RFID tag, multiple RFID tags, and a single sensor, and remote data access solutions for both RFID tag and sensor

Wireless communication, identification and sensing technologies enabling integrated logistics: a study in the harbor environment

In the last decade, integrated logistics has become an important challenge in the development of wireless communication, identification and sensing technology, due to the growing complexity of logistics processes and the increasing demand for adapting systems to new requirements. The advancement of wireless technology provides a wide range of options for the maritime container terminals. Electronic devices employed in container terminals reduce the manual effort, facilitating timely information flow and enhancing control and quality of service and decision made. In this paper, we examine the technology that can be used to support integration in harbor's logistics. In the literature, most systems have been developed to address specific needs of particular harbors, but a systematic study is missing. The purpose is to provide an overview to the reader about which technology of integrated logistics can be implemented and what remains to be addressed in the future

Smart homes under siege: Assessing the robustness of physical security against wireless network attacks

© 2024 The Authors. Published by Elsevier Ltd. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/Nowadays domestic smart security devices, such as smart locks, smart doorbells, and security cameras, are becoming increasingly popular with users, due to their ease of use, convenience, and declining prices. Unlike conventional non-smart security devices, such as alarms and locks, performance standards for smart security devices, such as the British TS 621, are not easily understandable by end users due to the technical language employed. Users also have very few sources of unbiased information regarding product performance in real world conditions and protection against attacks from cyber attacker-burglars and, as a result, tend to take manufacturer claims at face value. This means that, as this work proves, users may be exposed to threats, such as theft, impersonation (should an attacker steal their credentials), and even physical injury, if the device fails and is used to prevent access to hazardous environments. As such, this paper deploys several attacks using popular wireless attack vectors (i.e., 433MHz radio, Bluetooth, and RFID) against domestic smart security devices to assess the protection offered against a cyber attacker-burglar. Our results suggest that users are open to considerable cyber physical attacks, irrespective if they use lesser known (i.e., no name) or branded smart security devices, due to the poor security offered by these devices.Peer reviewe

Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99