Upload
amber-stevenson
View
212
Download
0
Embed Size (px)
Citation preview
World Class Standards
Security challenges in an Internet of Things
RFID and beyond, RFID03_07
Scott CADZOW
C3L© C3L 2008. All rights reserved
Workshop – RFID Networks Start
World Class Standards
2
Concepts and content
Security Internets Internets of Things Conclusions
World Class Standards
Security
Very poor word It doesn’t have a specific meaning Collection of attributes or functions leading to well-being
CIA … Confidentiality Integrity Authenticity Availability Access Reliability Repeatability …
3
World Class Standards
Internets and IP
Historically joining heterogeneous networks DECnet to SNA and similar Abstraction of a network with 2 abstracted transport services
Developed towards ubiquitous network technology Internet becomes the network
• IP allows great abstraction of link capability
4
World Class Standards
Internets of things
Devices versus hosts Hosts are addressed
• In RFID the readers are hosts (if networked)
Devices are named• In RFID the tags are devices
Hosts need to be reachable (Semi-)Permanent address Routing capabilities deep in the network (DNS, BGP)
5
World Class Standards
The security challenge
Devices are not reachable Most of the time a device is not connected
Devices can be lost and stolen Makes security difficult when the device is not connected
Devices are not crypto-engines Strong security difficult without processing power
Devices have finite life Credentials need to be tied to lifetime
Devices are transportable Will cross borders
Devices need to be recognised by many readers What data is released to what reader?
6
World Class Standards
Security work in an Internet of Things
Assurance Risk analysis Device analysis Crypto capability and export analysis
• RFID tags will not do crypto for some years
Security objective• Privacy protection• Identity protection• Traffic analysis protection
Identity and identifier management Separation of identity and identifier (see TR 187 010)
7
World Class Standards
Relationships
TISPAN Developer of the “Design for assurance” paradigm
• EG 202 387• TR 187 011• TS 102 165-1• TS 102 165-2
MTS Developer of the “Making better standards” approach
OCG-SEC General guidance
SAGE Guidance on cryptographic capability
SCP Smartcard and tag development
8