Date post: | 27-Mar-2015 |
Category: |
Documents |
Upload: | sebastian-donahue |
View: | 221 times |
Download: | 3 times |
World Class Standards
Footer text (edit in View : Header and Footer)
Security paradigms and RFID
RFID03_03
Scott W CADZOW
C3L
World Class Standards
Footer text (edit in View : Header and Footer) 2
Security and standards development
Risk based assessment Design based assurance
World Class Standards
History of RFID
Origins not terribly well documented Henry Stockman, 1948 Mario Cardullo (US Patent 3,713,148) in 1973 Charles Walton (US Patent 4,384,288) in 1983
Standards development ISO, base standards ETSI??
• ITS active, passive transponders, road pricing
Footer text (edit in View : Header and Footer) 3
World Class Standards
Standards (not radio)
ISO 14223/1 Radio frequency identification of Animals, advanced transponders –
Air interface
ISO 14443 HF (13.56 MHz) standard used as the basis of RFID-enabled passports
under ICAO 9303.
ISO 15693 HF (13.56 MHz) standard, used for non-contact smart payment and
credit cards.
ISO 18000-7 UHF (433 MHz) industry standard for active RFID products
ISO 18185 Industry standard for electronic seals for tracking cargo containers
Footer text (edit in View : Header and Footer) 4
World Class Standards
Security issues in RFID
Well documented Aired in previous RFID workshops
Tracking – traffic analysis Masquerade may result
Physical weaknesses Chip can be broken Antenna can be broken Antenna can be easily masked
Religious fervour ??? Weird claim of RFID as mark of the beast (Revelation 13:16)
Footer text (edit in View : Header and Footer) 5
World Class Standards
Objective Objective Objective
Function Function Function Function Function Function
Requirement Requirement
Existing StandardsExisting Standards
“System”
!!
Requirement
Requirement
Requirement Requirement
Requirement
Requirement Requirement
Requirement Requirement
Requirement
World Class Standards
Paradigm to be adopted
Design for assurance Advancement of ITU-T 3 stage method Development in line with Common Criteria (ISO/IEC 15408) Use of ETSI EG 202 387 as basis Development of Protection Profiles using ES 202 382 as template
Risk analysis as fundamental key in development ETSI TS 102 165-1 as the root document
Objective and requirements engineering Key to success being developed in TISPAN WI-07027
Security architecture and countermeasure analysis Using key capabilities from ISO/IEC 15408-2
Footer text (edit in View : Header and Footer) 7
World Class Standards
Definitions to be going on with
Objectives Broad intention of system (WHAT)
Functions Abstract grouping of features
Requirements Implementation detail (HOW)
World Class Standards
Understanding of security A Threat, enacted by a Threat Agent, may lead to an Unwanted
Incident breaking certain pre-defined security objectives Aim is to avoid Unwanted Incidents Countermeasures restrict the ability of threat agents to operate
World Class Standards
The root model for eTVRAclass Security
ThreatThreatAgent
SecurityObjectiv e
«UnwantedIncident»Incident
+Enacts
1..*
+Is performed by
0..*
+Attacks 1..*
+IsAttackedBy 0..*
+May lead to
World Class Standards
Threat types (#1)class ThreatTree
Threat
Interception Manipulation Repudiation DenialOfServ ice
Masquerade Forgery InformationCorruption InfornationLossUnauthorisedAccess
World Class Standards
Threat types (#2)class ThreatThree2
Threat
Automated
ThreatAgent
Scripted
Manual
Controlled Autonomous
+Enacts
1..*
+Is performed by
0..*
World Class Standards
SUMMARYWhere we need to go
Footer text (edit in View : Header and Footer) 13
World Class Standards
Key points
Adoption of “design for assurance” paradigm Risk based development of security functions
Distribution of risk based on least cost loss function
Cryptographic development with SAGE as partners Systems security development with TISPAN and OCG-Sec as
partners
Footer text (edit in View : Header and Footer) 14
World Class Standards
Thanks for listening
Scott CADZOW Scott @ Cadzow . com
Footer text (edit in View : Header and Footer) 15