SlideShare una empresa de Scribd logo

A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access

Matthieu Schapranow
Matthieu Schapranow

1) The document presents a dynamic mutual RFID authentication model to prevent unauthorized third party access in the European pharmaceutical supply chain. 2) It describes security threats like product identification, illegal access, eavesdropping, tag spoofing, and replay attacks. 3) The authentication model uses a distributor middleware that separates companies and detects fake tags, and an enterprise middleware that stores encryption keys to authenticate tags.

Tecnología
1 de 18
A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access 4th Int’l Conference on Network and System Security 1-3 Sep, 2010 - Melbourne, Australia Matthieu-P. Schapranow Hasso Plattner Institute
Agenda Key Facts about the Hasso Plattner Institute European Pharmaceutical Supply Chain Security Threats Authentication Model Processing Steps Benchmark Setup Cost Evaluation Security Evaluation NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 2
Key Facts about the Hasso Plattner InstituteInternals Founded as a public-private partnershipin 1998 in Potsdam near Berlin, Germany Institute belongs to theUniversity of Potsdam Ranked 1st in CHE 2009 500 B.Sc. and M.Sc. students 10 professors, 92 PhD students Course of study: IT Systems Engineering NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 3
Key Facts about the Hasso Plattner Institute Research Group Hasso Plattner / Alexander Zeier Research focus: real customer data for enterprisesoftware and design of complex applications In-Memory Data Management for Enterprise Applications Human-Centered Software Design and Engineering Maintenance and Evolution of SOA Systems Integration of RFID Technology in Enterprise Platforms Cooperations Academic: Stanford, MIT, etc. Industry: SAP, Siemens, Audi, etc. NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 4
Key Facts about the Hasso Plattner InstituteWhat can we do for you? Network between industry andacademia,e.g. European section of the Curriculum RFID seminars for graduate / undergraduate students Trends & concepts lecture (Prof. Hasso Plattner) Enterprise Application Architecture Laboratory Enterprise software, e.g. SAP, Microsoft, etc. Equipped RFID Lab, e.g. deister electronic, noFilis, etc. Concrete sizing and simulation of customer supply chains NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 5
European Pharma Supply ChainManufacturing NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 6
European Pharma Supply ChainCounterfeits NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 7
European Pharma Supply ChainBusiness-level Security NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 8
European Pharma Supply ChainBusiness-level Security NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 9
European Pharma Supply ChainRoles Main Roles Manufacturers: ~2.2k Wholesalers: ~50k Retailers: ~140k Other Roles Logistics Providers End Consumers NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 10
European Pharma Supply ChainData Sizing Assumptions ~15 billion pharmaceuticals on prescription per year ~9 events per unique item 1 x manufacturer (create + ship) 2 x wholesaler (receive + ship) 1 x retailer (receive + sell) 1 x end consumer (check) Assuming 364 days production results in ~4,300 events/second within the European supply chain NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 11
Security Threats Product Identification: Trace of Pharmaceuticals or Customers, and vice versa Illegal Access: manipulate valid EPC, KILL, etc. Eavesdropping/Sniffing: Get EPC of similar products, Derive product class Tag Spoofing: behave like a tag of an authentic pharmaceutical Tag Impersonation: simulate responses of an existing tag Reader Impersonation: simulate responses of an existing reader Replay Attacks: re-use data from former communication, e.g. KILL NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 12
Authentication ModelProcessing Steps Distributor Middleware Separates current company and manufacturer Detects faked tags Enterprise Middleware Stores details about all issued EPCs Contains details about tag-specific PUF NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 13
Authentication ModelBenchmark Setup NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 14 ,[object Object]
Based on SAP’s In-Memory Database
2 Intel E5450, 4 cores, 3GHz, 6MB L2 cache, 8 x 4GB RAM,[object Object]
Authentication ModelCost Evaluation (cont’d) Protocol overhead compared to existing RFID communication To Tag: Step 1: 30 bit PRN Step 9: 30 bit h(PW) + 20 bit PW* To Reader: 18 bit EP_ID + 24 bit T_ID + 30 bit h(PW) Sum: 152 bit Other Protocols, e.g. POP: 288 bit per authentication NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 16
Authentication ModelSecurity Evaluation NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 17

Recomendados

In-memory Applications for Informed Patients
In-memory Applications for Informed PatientsIn-memory Applications for Informed Patients
In-memory Applications for Informed Patients
Matthieu Schapranow
 
RFID -- Real Life Experiences At The Hasso Plattner Institute
RFID -- Real Life Experiences At The Hasso Plattner InstituteRFID -- Real Life Experiences At The Hasso Plattner Institute
RFID -- Real Life Experiences At The Hasso Plattner Institute
Matthieu Schapranow
 
Best Practices for Rigorous Evaluation of RFID Software Components
Best Practices for Rigorous Evaluation of RFID Software ComponentsBest Practices for Rigorous Evaluation of RFID Software Components
Best Practices for Rigorous Evaluation of RFID Software Components
Matthieu Schapranow
 
Event Applications: Real-Life Experiences at the Hasso Plattner Institute
Event Applications: Real-Life Experiences at the Hasso Plattner InstituteEvent Applications: Real-Life Experiences at the Hasso Plattner Institute
Event Applications: Real-Life Experiences at the Hasso Plattner Institute
Matthieu Schapranow
 
SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...
SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...
SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...
Matthieu Schapranow
 
Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...
Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...
Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...
Matthieu Schapranow
 
Impact Of Column Oriented Main Memory Databases On Enterprise Applications
Impact Of Column Oriented Main Memory Databases On Enterprise ApplicationsImpact Of Column Oriented Main Memory Databases On Enterprise Applications
Impact Of Column Oriented Main Memory Databases On Enterprise Applications
Matthieu Schapranow
 
A Federated In-Memory Database System for Life Sciences
A Federated In-Memory Database System for Life SciencesA Federated In-Memory Database System for Life Sciences
A Federated In-Memory Database System for Life Sciences
Matthieu Schapranow
 

Recomendados

In-memory Applications for Informed Patients
In-memory Applications for Informed PatientsIn-memory Applications for Informed Patients
In-memory Applications for Informed Patients
Matthieu Schapranow
 
RFID -- Real Life Experiences At The Hasso Plattner Institute
RFID -- Real Life Experiences At The Hasso Plattner InstituteRFID -- Real Life Experiences At The Hasso Plattner Institute
RFID -- Real Life Experiences At The Hasso Plattner Institute
Matthieu Schapranow
 
Best Practices for Rigorous Evaluation of RFID Software Components
Best Practices for Rigorous Evaluation of RFID Software ComponentsBest Practices for Rigorous Evaluation of RFID Software Components
Best Practices for Rigorous Evaluation of RFID Software Components
Matthieu Schapranow
 
Event Applications: Real-Life Experiences at the Hasso Plattner Institute
Event Applications: Real-Life Experiences at the Hasso Plattner InstituteEvent Applications: Real-Life Experiences at the Hasso Plattner Institute
Event Applications: Real-Life Experiences at the Hasso Plattner Institute
Matthieu Schapranow
 
SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...
SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...
SAP World Tour 2010: Impact of Column-Oriented Main-Memory Databases on Ente...
Matthieu Schapranow
 
Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...
Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...
Enabling Real-Time Charging for Smart Grid Infrastructures using In-Memory Da...
Matthieu Schapranow
 
Impact Of Column Oriented Main Memory Databases On Enterprise Applications
Impact Of Column Oriented Main Memory Databases On Enterprise ApplicationsImpact Of Column Oriented Main Memory Databases On Enterprise Applications
Impact Of Column Oriented Main Memory Databases On Enterprise Applications
Matthieu Schapranow
 
A Federated In-Memory Database System for Life Sciences
A Federated In-Memory Database System for Life SciencesA Federated In-Memory Database System for Life Sciences
A Federated In-Memory Database System for Life Sciences
Matthieu Schapranow
 
Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Matthieu Schapranow
 
Sustainable use of RFID Tags in the Pharmaceutical industry
Sustainable use of RFID Tags in the Pharmaceutical industrySustainable use of RFID Tags in the Pharmaceutical industry
Sustainable use of RFID Tags in the Pharmaceutical industry
Matthieu Schapranow
 
Turning Big Data into Precision Medicine
Turning Big Data into Precision MedicineTurning Big Data into Precision Medicine
Turning Big Data into Precision Medicine
Matthieu Schapranow
 
Sustainable use of rfid tags in the pharmaceutical industry
Sustainable use of rfid tags in the pharmaceutical industrySustainable use of rfid tags in the pharmaceutical industry
Sustainable use of rfid tags in the pharmaceutical industry
Matthieu Schapranow
 
Big Medical Data – Challenge or Potential?
Big Medical Data – Challenge or Potential?Big Medical Data – Challenge or Potential?
Big Medical Data – Challenge or Potential?
Matthieu Schapranow
 
A Formal Model for Enabling RFID in Pharmaceutical Supply Chains
A Formal Model for Enabling RFID in Pharmaceutical Supply ChainsA Formal Model for Enabling RFID in Pharmaceutical Supply Chains
A Formal Model for Enabling RFID in Pharmaceutical Supply Chains
Matthieu Schapranow
 
Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Enabling Real-time Genome Data Research with In-memory Database Technology (S...Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Matthieu Schapranow
 
In-Memory Data Management for Systems Medicine
In-Memory Data Management for Systems MedicineIn-Memory Data Management for Systems Medicine
In-Memory Data Management for Systems Medicine
Matthieu Schapranow
 
How Real-time Analysis turns Big Medical Data into Precision Medicine
How Real-time Analysis turns Big Medical Data into Precision MedicineHow Real-time Analysis turns Big Medical Data into Precision Medicine
How Real-time Analysis turns Big Medical Data into Precision Medicine
Matthieu Schapranow
 
SAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
SAP HANA: Re-Thinking Information Processing for Genomic and Medical DataSAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
SAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
Matthieu Schapranow
 
ICT Platform to Enable Consortium Work for Systems Medicine of Heart Failure
ICT Platform to Enable Consortium Work for Systems Medicine of Heart FailureICT Platform to Enable Consortium Work for Systems Medicine of Heart Failure
ICT Platform to Enable Consortium Work for Systems Medicine of Heart Failure
Matthieu Schapranow
 
CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply ChainsCoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
Matthieu Schapranow
 
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply ChainsSAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
Matthieu Schapranow
 
License-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksLicense-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal Networks
Matthieu Schapranow
 
Profibus International and basics of Profibus and Profinet - Mark Freeman
Profibus International and basics of Profibus and Profinet - Mark FreemanProfibus International and basics of Profibus and Profinet - Mark Freeman
Profibus International and basics of Profibus and Profinet - Mark Freeman
PROFIBUS and PROFINET InternationaI - PI UK
 
Overview of PROFIBUS and PROFINET International's current and developing tech...
Overview of PROFIBUS and PROFINET International's current and developing tech...Overview of PROFIBUS and PROFINET International's current and developing tech...
Overview of PROFIBUS and PROFINET International's current and developing tech...
PROFIBUS and PROFINET InternationaI - PI UK
 
Rfid Presentations BY SUBRATO CHOWDHURY
Rfid Presentations BY SUBRATO CHOWDHURYRfid Presentations BY SUBRATO CHOWDHURY
Rfid Presentations BY SUBRATO CHOWDHURY
Subrato Chowdhury
 
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
PANKAJ DOGRA
 
VoIP Fraud
VoIP FraudVoIP Fraud
VoIP Fraud
Giorgos Fragiadakis
 
RFID
RFIDRFID
RFID
mehdisimoussa
 
SSG4Env EGU2010
SSG4Env EGU2010SSG4Env EGU2010
SSG4Env EGU2010
Jean-Paul Calbimonte
 
Beginning of the end for big iron ATE?
Beginning of the end for big iron ATE?Beginning of the end for big iron ATE?
Beginning of the end for big iron ATE?
Hank Lydick
 

Más contenido relacionado

Destacado

Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Matthieu Schapranow
 
Sustainable use of RFID Tags in the Pharmaceutical industry
Sustainable use of RFID Tags in the Pharmaceutical industrySustainable use of RFID Tags in the Pharmaceutical industry
Sustainable use of RFID Tags in the Pharmaceutical industry
Matthieu Schapranow
 
Sustainable use of rfid tags in the pharmaceutical industry
Sustainable use of rfid tags in the pharmaceutical industrySustainable use of rfid tags in the pharmaceutical industry
Sustainable use of rfid tags in the pharmaceutical industry
Matthieu Schapranow
 
A Formal Model for Enabling RFID in Pharmaceutical Supply Chains
A Formal Model for Enabling RFID in Pharmaceutical Supply ChainsA Formal Model for Enabling RFID in Pharmaceutical Supply Chains
A Formal Model for Enabling RFID in Pharmaceutical Supply Chains
Matthieu Schapranow
 
Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Enabling Real-time Genome Data Research with In-memory Database Technology (S...Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Matthieu Schapranow
 
SAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
SAP HANA: Re-Thinking Information Processing for Genomic and Medical DataSAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
SAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
Matthieu Schapranow
 

Destacado (11)

Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
Consuming SAP Enterprise Services for "Order-To-Cash" at the Hasso Plattner I...
 
Sustainable use of RFID Tags in the Pharmaceutical industry
Sustainable use of RFID Tags in the Pharmaceutical industrySustainable use of RFID Tags in the Pharmaceutical industry
Sustainable use of RFID Tags in the Pharmaceutical industry
 
Turning Big Data into Precision Medicine
Turning Big Data into Precision MedicineTurning Big Data into Precision Medicine
Turning Big Data into Precision Medicine
 
Sustainable use of rfid tags in the pharmaceutical industry
Sustainable use of rfid tags in the pharmaceutical industrySustainable use of rfid tags in the pharmaceutical industry
Sustainable use of rfid tags in the pharmaceutical industry
 
Big Medical Data – Challenge or Potential?
Big Medical Data – Challenge or Potential?Big Medical Data – Challenge or Potential?
Big Medical Data – Challenge or Potential?
 
A Formal Model for Enabling RFID in Pharmaceutical Supply Chains
A Formal Model for Enabling RFID in Pharmaceutical Supply ChainsA Formal Model for Enabling RFID in Pharmaceutical Supply Chains
A Formal Model for Enabling RFID in Pharmaceutical Supply Chains
 
Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Enabling Real-time Genome Data Research with In-memory Database Technology (S...Enabling Real-time Genome Data Research with In-memory Database Technology (S...
Enabling Real-time Genome Data Research with In-memory Database Technology (S...
 
In-Memory Data Management for Systems Medicine
In-Memory Data Management for Systems MedicineIn-Memory Data Management for Systems Medicine
In-Memory Data Management for Systems Medicine
 
How Real-time Analysis turns Big Medical Data into Precision Medicine
How Real-time Analysis turns Big Medical Data into Precision MedicineHow Real-time Analysis turns Big Medical Data into Precision Medicine
How Real-time Analysis turns Big Medical Data into Precision Medicine
 
SAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
SAP HANA: Re-Thinking Information Processing for Genomic and Medical DataSAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
SAP HANA: Re-Thinking Information Processing for Genomic and Medical Data
 
ICT Platform to Enable Consortium Work for Systems Medicine of Heart Failure
ICT Platform to Enable Consortium Work for Systems Medicine of Heart FailureICT Platform to Enable Consortium Work for Systems Medicine of Heart Failure
ICT Platform to Enable Consortium Work for Systems Medicine of Heart Failure
 

Similar a A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access

CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply ChainsCoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
Matthieu Schapranow
 
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply ChainsSAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
Matthieu Schapranow
 
License-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksLicense-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal Networks
Matthieu Schapranow
 
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
PANKAJ DOGRA
 
Beginning of the end for big iron ATE?
Beginning of the end for big iron ATE?Beginning of the end for big iron ATE?
Beginning of the end for big iron ATE?
Hank Lydick
 
Barcode & RFID Convergence: Enabling Greater Visibility Through Standards
Barcode & RFID Convergence: Enabling Greater Visibility Through StandardsBarcode & RFID Convergence: Enabling Greater Visibility Through Standards
Barcode & RFID Convergence: Enabling Greater Visibility Through Standards
VDC Research Group
 
RFID-Env: methods and software simulation for RFID environments
RFID-Env: methods and software simulation for RFID environmentsRFID-Env: methods and software simulation for RFID environments
RFID-Env: methods and software simulation for RFID environments
Carlos Fernando Jung
 
Christian Kreuzfeld – Static vs Dynamic Stream Processing
Christian Kreuzfeld – Static vs Dynamic Stream ProcessingChristian Kreuzfeld – Static vs Dynamic Stream Processing
Christian Kreuzfeld – Static vs Dynamic Stream Processing
Flink Forward
 

Similar a A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access (20)

CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply ChainsCoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains
 
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply ChainsSAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
SAPPHIRE NOW 2011: Business Impacts of RFID-aided Supply Chains
 
License-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksLicense-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal Networks
 
Profibus International and basics of Profibus and Profinet - Mark Freeman
Profibus International and basics of Profibus and Profinet - Mark FreemanProfibus International and basics of Profibus and Profinet - Mark Freeman
Profibus International and basics of Profibus and Profinet - Mark Freeman
 
Overview of PROFIBUS and PROFINET International's current and developing tech...
Overview of PROFIBUS and PROFINET International's current and developing tech...Overview of PROFIBUS and PROFINET International's current and developing tech...
Overview of PROFIBUS and PROFINET International's current and developing tech...
 
Rfid Presentations BY SUBRATO CHOWDHURY
Rfid Presentations BY SUBRATO CHOWDHURYRfid Presentations BY SUBRATO CHOWDHURY
Rfid Presentations BY SUBRATO CHOWDHURY
 
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
Europe Real-time Quantitative PCR Detecting System (QPCR) Market Report 2016
 
VoIP Fraud
VoIP FraudVoIP Fraud
VoIP Fraud
 
RFID
RFIDRFID
RFID
 
SSG4Env EGU2010
SSG4Env EGU2010SSG4Env EGU2010
SSG4Env EGU2010
 
Beginning of the end for big iron ATE?
Beginning of the end for big iron ATE?Beginning of the end for big iron ATE?
Beginning of the end for big iron ATE?
 
Building Reference Architectures for the Industrial IoT
Building Reference Architectures for the Industrial IoTBuilding Reference Architectures for the Industrial IoT
Building Reference Architectures for the Industrial IoT
 
Barcode & RFID Convergence: Enabling Greater Visibility Through Standards
Barcode & RFID Convergence: Enabling Greater Visibility Through StandardsBarcode & RFID Convergence: Enabling Greater Visibility Through Standards
Barcode & RFID Convergence: Enabling Greater Visibility Through Standards
 
Evolving Fast Fourier Transform and Deoxyribonucleic Acid for Security of RFI...
Evolving Fast Fourier Transform and Deoxyribonucleic Acid for Security of RFI...Evolving Fast Fourier Transform and Deoxyribonucleic Acid for Security of RFI...
Evolving Fast Fourier Transform and Deoxyribonucleic Acid for Security of RFI...
 
RFID-Env: methods and software simulation for RFID environments
RFID-Env: methods and software simulation for RFID environmentsRFID-Env: methods and software simulation for RFID environments
RFID-Env: methods and software simulation for RFID environments
 
Enabling Next Generation RFID Application
Enabling Next Generation RFID ApplicationEnabling Next Generation RFID Application
Enabling Next Generation RFID Application
 
A New Hardware-Level Approach to Fix the Internet of Broken Things
A New Hardware-Level Approach to Fix the Internet of Broken ThingsA New Hardware-Level Approach to Fix the Internet of Broken Things
A New Hardware-Level Approach to Fix the Internet of Broken Things
 
Christian Kreuzfeld – Static vs Dynamic Stream Processing
Christian Kreuzfeld – Static vs Dynamic Stream ProcessingChristian Kreuzfeld – Static vs Dynamic Stream Processing
Christian Kreuzfeld – Static vs Dynamic Stream Processing
 
FutureTDM Symposium_DEMOS
FutureTDM Symposium_DEMOSFutureTDM Symposium_DEMOS
FutureTDM Symposium_DEMOS
 
10 Good Reasons to use PROFINET
10 Good Reasons to use PROFINET10 Good Reasons to use PROFINET
10 Good Reasons to use PROFINET
 

Más de Matthieu Schapranow

Más de Matthieu Schapranow (20)

Patient Journey in Oncology 2025: Molecular Tumour Boards in Practice
Patient Journey in Oncology 2025: Molecular Tumour Boards in PracticePatient Journey in Oncology 2025: Molecular Tumour Boards in Practice
Patient Journey in Oncology 2025: Molecular Tumour Boards in Practice
 
How will AI affect the patient journey of the future?
How will AI affect the patient journey of the future?How will AI affect the patient journey of the future?
How will AI affect the patient journey of the future?
 
AI in Oncology
AI in OncologyAI in Oncology
AI in Oncology
 
AnalyzeGenomes.com: A Federated In-Memory Database Platform for Digital Health
AnalyzeGenomes.com: A Federated In-Memory Database Platform for Digital HealthAnalyzeGenomes.com: A Federated In-Memory Database Platform for Digital Health
AnalyzeGenomes.com: A Federated In-Memory Database Platform for Digital Health
 
Algorithmen statt Ärzte: Algorithmen statt Ärzte: Ersetzt Big Data künftig ...
Algorithmen statt Ärzte: Algorithmen statt Ärzte: Ersetzt Big Data künftig ...Algorithmen statt Ärzte: Algorithmen statt Ärzte: Ersetzt Big Data künftig ...
Algorithmen statt Ärzte: Algorithmen statt Ärzte: Ersetzt Big Data künftig ...
 
A Federated In-Memory Database Computing Platform Enabling Real-Time Analysis...
A Federated In-Memory Database Computing Platform Enabling Real-Time Analysis...A Federated In-Memory Database Computing Platform Enabling Real-Time Analysis...
A Federated In-Memory Database Computing Platform Enabling Real-Time Analysis...
 
In-Memory Apps for Precision Medicine
In-Memory Apps for Precision MedicineIn-Memory Apps for Precision Medicine
In-Memory Apps for Precision Medicine
 
"When time matters..."
"When time matters...""When time matters..."
"When time matters..."
 
Gesundheit geht uns alle an: Smart Data ermöglicht passendere Entscheidungen...
Gesundheit geht uns alle an: Smart Data ermöglicht passendere Entscheidungen...Gesundheit geht uns alle an: Smart Data ermöglicht passendere Entscheidungen...
Gesundheit geht uns alle an: Smart Data ermöglicht passendere Entscheidungen...
 
Analyze Genomes Services for Precision Medicine
Analyze Genomes Services for Precision MedicineAnalyze Genomes Services for Precision Medicine
Analyze Genomes Services for Precision Medicine
 
Analyze Genomes: In-memory Apps supporting Precision Medicine
Analyze Genomes: In-memory Apps supporting Precision MedicineAnalyze Genomes: In-memory Apps supporting Precision Medicine
Analyze Genomes: In-memory Apps supporting Precision Medicine
 
Analyze Genomes: In-memory Apps for Next-generation Life Sciences Research
Analyze Genomes: In-memory Apps for Next-generation Life Sciences ResearchAnalyze Genomes: In-memory Apps for Next-generation Life Sciences Research
Analyze Genomes: In-memory Apps for Next-generation Life Sciences Research
 
Analyze Genomes: A Federated In-memory Database Computing Platform enabling r...
Analyze Genomes: A Federated In-memory Database Computing Platform enabling r...Analyze Genomes: A Federated In-memory Database Computing Platform enabling r...
Analyze Genomes: A Federated In-memory Database Computing Platform enabling r...
 
Analyze Genomes Services for Precision Medicine
Analyze Genomes Services for Precision MedicineAnalyze Genomes Services for Precision Medicine
Analyze Genomes Services for Precision Medicine
 
The Driver of the Healthcare System in the 21st Century: Real-world Applicati...
The Driver of the Healthcare System in the 21st Century: Real-world Applicati...The Driver of the Healthcare System in the 21st Century: Real-world Applicati...
The Driver of the Healthcare System in the 21st Century: Real-world Applicati...
 
Festival of Genomics 2016 London: Mining and Processing of Unstructured Medic...
Festival of Genomics 2016 London: Mining and Processing of Unstructured Medic...Festival of Genomics 2016 London: Mining and Processing of Unstructured Medic...
Festival of Genomics 2016 London: Mining and Processing of Unstructured Medic...
 
Festival of Genomics 2016 London: Analyze Genomes: Modeling and Executing Gen...
Festival of Genomics 2016 London: Analyze Genomes: Modeling and Executing Gen...Festival of Genomics 2016 London: Analyze Genomes: Modeling and Executing Gen...
Festival of Genomics 2016 London: Analyze Genomes: Modeling and Executing Gen...
 
Festival of Genomics 2016 London: Analyze Genomes: A Federated In-Memory Comp...
Festival of Genomics 2016 London: Analyze Genomes: A Federated In-Memory Comp...Festival of Genomics 2016 London: Analyze Genomes: A Federated In-Memory Comp...
Festival of Genomics 2016 London: Analyze Genomes: A Federated In-Memory Comp...
 
Festival of Genomics 2016 London: Analyze Genomes: Real-world Examples
Festival of Genomics 2016 London: Analyze Genomes: Real-world ExamplesFestival of Genomics 2016 London: Analyze Genomes: Real-world Examples
Festival of Genomics 2016 London: Analyze Genomes: Real-world Examples
 
Festival of Genomics 2016 London: Challenges of Big Medical Data?
Festival of Genomics 2016 London: Challenges of Big Medical Data?Festival of Genomics 2016 London: Challenges of Big Medical Data?
Festival of Genomics 2016 London: Challenges of Big Medical Data?
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access

  • 1. A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access 4th Int’l Conference on Network and System Security 1-3 Sep, 2010 - Melbourne, Australia Matthieu-P. Schapranow Hasso Plattner Institute
  • 2. Agenda Key Facts about the Hasso Plattner Institute European Pharmaceutical Supply Chain Security Threats Authentication Model Processing Steps Benchmark Setup Cost Evaluation Security Evaluation NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 2
  • 3. Key Facts about the Hasso Plattner InstituteInternals Founded as a public-private partnershipin 1998 in Potsdam near Berlin, Germany Institute belongs to theUniversity of Potsdam Ranked 1st in CHE 2009 500 B.Sc. and M.Sc. students 10 professors, 92 PhD students Course of study: IT Systems Engineering NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 3
  • 4. Key Facts about the Hasso Plattner Institute Research Group Hasso Plattner / Alexander Zeier Research focus: real customer data for enterprisesoftware and design of complex applications In-Memory Data Management for Enterprise Applications Human-Centered Software Design and Engineering Maintenance and Evolution of SOA Systems Integration of RFID Technology in Enterprise Platforms Cooperations Academic: Stanford, MIT, etc. Industry: SAP, Siemens, Audi, etc. NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 4
  • 5. Key Facts about the Hasso Plattner InstituteWhat can we do for you? Network between industry andacademia,e.g. European section of the Curriculum RFID seminars for graduate / undergraduate students Trends & concepts lecture (Prof. Hasso Plattner) Enterprise Application Architecture Laboratory Enterprise software, e.g. SAP, Microsoft, etc. Equipped RFID Lab, e.g. deister electronic, noFilis, etc. Concrete sizing and simulation of customer supply chains NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 5
  • 6. European Pharma Supply ChainManufacturing NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 6
  • 7. European Pharma Supply ChainCounterfeits NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 7
  • 8. European Pharma Supply ChainBusiness-level Security NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 8
  • 9. European Pharma Supply ChainBusiness-level Security NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 9
  • 10. European Pharma Supply ChainRoles Main Roles Manufacturers: ~2.2k Wholesalers: ~50k Retailers: ~140k Other Roles Logistics Providers End Consumers NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 10
  • 11. European Pharma Supply ChainData Sizing Assumptions ~15 billion pharmaceuticals on prescription per year ~9 events per unique item 1 x manufacturer (create + ship) 2 x wholesaler (receive + ship) 1 x retailer (receive + sell) 1 x end consumer (check) Assuming 364 days production results in ~4,300 events/second within the European supply chain NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 11
  • 12. Security Threats Product Identification: Trace of Pharmaceuticals or Customers, and vice versa Illegal Access: manipulate valid EPC, KILL, etc. Eavesdropping/Sniffing: Get EPC of similar products, Derive product class Tag Spoofing: behave like a tag of an authentic pharmaceutical Tag Impersonation: simulate responses of an existing tag Reader Impersonation: simulate responses of an existing reader Replay Attacks: re-use data from former communication, e.g. KILL NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 12
  • 13. Authentication ModelProcessing Steps Distributor Middleware Separates current company and manufacturer Detects faked tags Enterprise Middleware Stores details about all issued EPCs Contains details about tag-specific PUF NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 13
  • 14.
  • 15. Based on SAP’s In-Memory Database
  • 16.
  • 17. Authentication ModelCost Evaluation (cont’d) Protocol overhead compared to existing RFID communication To Tag: Step 1: 30 bit PRN Step 9: 30 bit h(PW) + 20 bit PW* To Reader: 18 bit EP_ID + 24 bit T_ID + 30 bit h(PW) Sum: 152 bit Other Protocols, e.g. POP: 288 bit per authentication NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 16
  • 18. Authentication ModelSecurity Evaluation NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 17
  • 19. Thank you for your interest!Keep in contact with us. Responsible: Deputy Prof. of Prof. Hasso PlattnerDr. Alexander Zeierzeier@hpi.uni-potsdam.de Matthieu-P. Schapranow, M.Sc. matthieu.schapranow@hpi.uni-potsdam.de Hasso Plattner InstituteEnterprise Platform & Integration ConceptsMatthieu-P. SchapranowAugust-Bebel-Str. 8814482 Potsdam, Germany NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010 18

Notas del editor

  1. Focus on the first five
  2. Physical Uncloneable Function (PUF)
  3. Ratio 10:1
  4. POP: product flow with ownership-transfer.
  5. Product Identifying: responses change, no tracking of EPC possible, deriving of products/customersIllegal Access: EPC not replied to every request, need current pw to initiate Tag actionEavesdropping/Sniffing: Does obtain clear PW, but requires knowledge of PUF.Tag Spoofing: impossible to simulate responses for all PRNsTag Impersonation: need knowledge about internals of tag to impersonateReader Impersonation: OTP algorithm per reader known by enterprise middlewareReplay Attacks: mainly prevented, but precise shielding possible