0 RFID Security & Privacy National Institute of Standards and Technology Tom Karygiannis Email: [email protected] Georgia Tech November 27, 2007
0
RFID Security & PrivacyNational Institute of Standards and Technology
Tom KarygiannisEmail: [email protected]
Georgia TechNovember 27, 2007
1
Presentation Outline
About NIST
RFID Security
NIST RFID Activities
NIST Guidelines for Securing Radio Frequency Identification
New technologies, new security and privacy challenges….
Discussion
Contact Information
2
NIST Provides Innovation Infrastructure…
NonNon--regulatory agency within U.S. Department of regulatory agency within U.S. Department of Commerce. Commerce.
Founded in 1901 as National Bureau of StandardsFounded in 1901 as National Bureau of Standards
~2900 employees~2900 employees
Nobel Prize Winner in Physics in 1997, 2001, 2005Nobel Prize Winner in Physics in 1997, 2001, 2005
NIST Mission: To promote U.S. innovation and industrial NIST Mission: To promote U.S. innovation and industrial competitiveness by advancing measurement science, competitiveness by advancing measurement science, standards, and technology in ways that enhance standards, and technology in ways that enhance economic security and improve our quality of life.economic security and improve our quality of life.
Provide the measurement “tool box” for the nation– Provide solutions to measurement problems– Try to assure that the necessary measurements and
quality are available to meet the nations most significant needs
Absolute correctness of results is paramount to NIST Labs.
3
The NIST Laboratories
NIST’s work enables• Science
• Technology innovation
• Trade
• Public benefit
4
Food andFood andnutritionnutrition
Law enforcementLaw enforcement
TransportationTransportationPharmaceuticalsPharmaceuticals
Environmental Environmental TechnologiesTechnologies
ManufacturingManufacturing
Computer softwareComputer softwareand equipmentand equipment
BiotechnologyBiotechnologyConstructionConstruction
NIST Serves a Broad Customer Base…
5
www.time.govbillions of hits daily
volume and flow – measurement based
secure automated banking
electric power metering
NIST provides innovation infrastructure to…
...facilitate trade
Integrity of financial transactions
6
Research Projects in the Computer Security DivisionAdvanced Cryptography (e.g., hash, public key, quantum, light footprint)
Inherently Secure, High Assurance, and Provably Secure Systems and Architectures
Composable and Scalable Secure Systems
Wireless Security
Network Measurement and Visualization Tools
Secure Distributed Systems
Infrastructure for Information Security R&D
Security for Quantum Computing
Foundations of Measurement Science for Information Systems
Biometrics and Cryptographic Identity Verification
URL: http://csrc.nist.gov
7
INFOSEC Research Council Hard Problem– Enterprise-level security metrics and composable security metrics
Security is an “undecidable” problem– Fundamental Axioms of Security
Every system has vulnerabilities.The system owner does not know all of those vulnerabilities.The system owner does not know all of her adversaries’ capabilities.
– Net resultThere is no “consistent” set of metrics for security.
For real-world systems we must still try to answer:
– How much security is enough?– What are the appropriate metrics? Are there useful metrics?– How can we can compare the relative “insecurity” of two different systems? Two
different configurations of the same system?
How do we measure IT security?
8
Presentation Outline
About NIST
RFID Security
NIST RFID Activities
NIST Guidelines for Securing Radio Frequency Identification
New technologies, new security and privacy challenges….
Discussion
Contact Information
9
RF technology is used in many different applications, such as satellite TV, radio, cellular phones, radar, GPS, and lately in automatic identification systems…
Radio Frequency Identification (RFID) describes the use of radio signals toprovide automatic identification of items and remote data collection
RFID is used for applications such as:– Supply Chain & Retail Item Management– Pharmaceuticals, Healthcare– Asset Identification & Tracking– Security Access Control– Electronic Toll Collection– Railway Car Tracking– Financial applications– Animal Tracking
10
A typical Radio Frequency Identification system will contain tags (transponders) a reader (transceiver) and a host PC that controls the operation of the reader…
RF Energy
Identify
ID
Inventory Tags
Identity – Unique identifier that links specific asset item to a specific information set
Location – Physical location of a specific asset
Status – Summary of activities performed on a specific asset
Condition – Physical condition of asset including environmental exposure and tampering(Active RFID only)
Database
Tag Data
Read/Write
Tag Data
Read/WriteData from Tag
Tag Data
Tag Antenna Reader
RFID Host PC
Passive RFID Illustration
11
Why is RFID an interesting asset tracking and management technology?
Features of RFID:
Read/Write Capabilities (some tags) – Ability to add information directly to tags enables each unique asset to carry its own unique history
Non-contact Reads – Ability to read tags at a distance, under a variety of environmental conditions, without physical manipulation of the asset
Fast Read – Ability to simultaneously read large numbers (1750 tags/sec) of items
Embedded Sensors – Ability to directly capture environmental information
Automation – Requires less human intervention
Authenticity – Each RFID chip is unique and can not be replicated
12
Automatic identification systems mix RFID-unique risks with traditional information technology and network security risks…
Radio Frequency Segment Enterprise IT Segment Extranet Segment• RFID transponders
(active, passive, or hybrid tags)• Antennae• RFID readers
• Many security risks are unique to RFID
• Reader to RFID middleware communications
• Back-end database/application platforms
Traditional IT security risks
• External network services to support RFID business process
Network security risks
RFID Extranet
13
Adversaries design attacks using three key pieces of information about RFID systems…
Active/ Passive
Operating Range
Storage Capacity
Storage Capacity
Tags that have read/write capabilities are generally at higher risk because of on-board data storage
Read-only tags supply just an identification number (license plates) and present lower risk
Active/Passive
Passive tags have short operating ranges, which lowers their risk
Current generations of passive tags generally do not have on-board data storage
Operating Range
Range is governed by several factors including frequency band, antenna type, and transmission power
Active tags generally have a longer range than passive tags and have ranges up to several hundred feet
14
Monitoring the air interface
Modifying/deleting data on the tag
Blocking access to the tag
Permanently disabling tags
The radio frequency segment of RFID systems has several inherent vulnerabilities to be addressed…
15
Threat Model: Effective range depends on transponder type, frequency, antenna size, power emitted by the reader, and finally the surrounding environment
Monitoring the RF Interface
16
Countermeasures: Several techniques are under development to protect the RFID tag read/write process…
Confidentiality – Data encryption on the tag– Encrypting data before sending it to tag
Authentication– Challenge/response authentication– Improved passwords via persistent state– Hash chaining– Randomized hash lock– One-time authenticators
Optimized Air Link Protocols– Randomized tag identity– Anonymous IDs
Monitoring the RF Interface
17
Countermeasures: Several techniques are under development to protect the authenticity of user data on RFID tags…Current security features– RFID tags have very simple logic, usually between 500-5000 total
gates on a typical transponder; this leaves very little capacity for advanced security features
– Symmetric encryption (e.g., AES, SHA1) not possible on today’s tags– Some high-end tags have implemented stream cipher designs, but no
standard low-gate encryption primitives exist in any tag category– Simple password comparisons and XOR comparisons are all that is
typically offered today– Cost is such an important driver that the added cost of security
features might not be feasible in the near term (except for specialty applications)
Future security features– Authenticity, using randomized transaction IDs (for R/W tags)– Advanced authentication– On-board encryption primitives
Modifying/Deleting Data On Tags
18
Countermeasures: Password management mechanisms will need to be developed before tag/reader authentication succeeds…
Current standards– Several categories of tags allow passwords for protecting data (e.g., READ,
WRITE) and command functions (e.g., LOCK, KILL) – These tags all transmit their passwords in the clear between the tag and the
reader, making them susceptible to monitoring and replay attacks– Passwords are also stored in the clear on the tag’s memory– This is true for all cards except for certain contactless smartcards used for
financial transactions
Password management– Currently, no password management mechanism has been defined or
implemented in the RFID community– Most RFID implementations use single group passwords for large numbers of
tags– By implementing individual passwords for individual tags, a password
management mechanism would need to identify unique tags– Therefore password management may be incompatible with privacy objectives
Modifying/Deleting Data On Tags
19
Countermeasures: How can RFID tag data be protected while remaining accessible to valid users?
Unlicensed spectrum– Virtually all RFID system operate in unlicensed frequency bands– Non-infringing use is mandated, but not guaranteed; “survival of the fittest”– Unplanned RF issues must be addressed by contingency planning
RF engineering– Users must engineer systems to work around known RF issues– RFID read/write processes must be defined in a concept-of-operations document– System must be engineered to support specific scenarios (e.g., tag type, tag mounting,
reader type, read orientation and distance)
Tag Blocking– Most tags can be blocked from readers by wrapping them in foil or other material– Tags can also be damaged or destroyed easily– The impermanence of tags needs to be accounted for by contingency planning
Blocking Access To Tags
20
Threat Model: Permanently disabling tags can cause widespread denial-of-service issues…
The KILL command
The LOCK command
Electronic attacks
Physical attacks
Permanently Disabling Tags
21
Electronic and physical attacks on tags can take many forms…
Physical damage– Crushing– Bending– Ripping
Electronic damage– Electrostatic discharge
(e.g., conveyor belts, label application, transport)– High-energy RF– Microwave ovens…
Environmental damage– Most tags have been ruggedized for their environment– Temperature, humidity, shock not normally a problem
Permanently Disabling Tags
22
Countermeasures: How can users protect their system from disruption caused by disabling tags?
Administrative and Operational Controls– Disallow unauthorized users within the read/transmit range of tags– Ensure that only those users with a need have access and rights
to use RFID readers– Regularly audit employees for suspicious activity– Utilize perimeter fencing, guards, and access cards to secure
physical entrances– Develop and test contingency plans for responding to this risk
Technical Controls– Develop and implement password management plan for KILL and
LOCK commands– Permanently LOCK all unused data fields on tags– Validate each tag at multiple points during its life cycle; replace
defective tags as they appear– Research will determine if there are any technical solutions to
mitigate these vulnerabilities
Permanently Disabling Tags
23
Presentation Outline
About NIST
RFID Security
NIST RFID Activities
NIST Guidelines for Securing Radio Frequency Identification
New technologies, new security and privacy challenges….
Discussion
Contact Information
24
NIST RFID ActivitiesInternational and domestic RFID standards policy and guidance – U.S. Government
RFID/smart and wireless sensor network standards
Technical support for other U.S. Government Agencies
RFID in the construction industry
Manufacturing Extension Partnership RFID Community of Practice (support for U.S. small and medium-sized manufacturers)
Future RFID - organic electronics
RFID Eavesdropping and Jamming Analysis Counterfeit RFID Detection Counterfeit RFID Detection
Chip-Level RFID security
RFID-Assisted Indoor Localization
NIST Guidelines
25
RFID Eavesdropping and Jamming AnalysisRFID Eavesdropping and Jamming Analysis (Boulder)
NIST Boulder Electromagnetics Division
Eavesdropping and jamming tests were performed on a High Frequency (HF-13.56 MHz) Radio Frequency Identification (RFID) system.
Tests were performed on a Pegoda Type-A reader, and seven different Type-A tags from 4 different manufacturers.
Eavesdropping (listening in on a transaction between a reader and tag) was successful up to 15 m.
Jamming (incapacitating a transaction between a reader and tag) was successful up to 8 m with 0.3 W using a system that would fit in a suitcase.
Additional jamming tests using a system that could be carried on a person’s body were successful at 5m with less than 3 W of power.
Used off-the-shelf components.
26
Counterfeit RFID Detection Counterfeit RFID DetectionDetect counterfeit RFID tags without modifying manufacturing process. Capturing RFID Electromagnetic Signatures in the field using low cost equipment.
Preliminary work indicates that the electromagnetic signatures of RFID tags can be used to uniquely identify the manufacturer of the tag, and perhaps even specific tags fabricated by the same manufacturer.
Current feasibility study will quantify the differences between the electromagnetic signatures of RFID tags used in the pharmaceutical industry, determine the repeatability of these signatures, and investigate their dependence on orientation, frequency, field levels, and other factors.
M1C1M1C2M2C1M2C2
M1C1M1C2M2C1M2C2
27
Chip-Level RFID SecurityDeveloping standards for RFID chip-level physical security
Assessment of preventative measures
Standards proposals
Verification of solution effectiveness
Three elements of a physical attackContact padsfor IC initialization
Antennacontacts
An IC removedfrom an RFID card
Understand the communication protocol and functioning of the IC– Public-domain information– Observing the functioning of the IC
Determine passwords and data on the IC– Introduction of logical faults, memory manipulation– Physical analysis of the IC
Creation of surrogate RFID cards– Could be as simple as reprogramming
commercially available RFID cardsUsing a laptop to mimic a card
Most difficult stepfor the attacker
28
RFID-Assisted Indoor LocalizationObjective: Locate and track first responders moving throughout a building
Problem: GPS ineffective/unreliable indoors or underground
Approach– Place passive RFID tags at key points in buildings (e.g., each doorway,
each level of stairwell)– Equip first responders with RFID readers– Transmit RFID tag ID over wireless network to Incident Command for last-
known location tracking– Integration with a multihop wireless network (for communication out of
building), Preliminary tests in 11-story office building (NIST Admin)
Features– Low cost– Localization accuracy to known anchor points– Natural extension with dead reckoning technology to provide tracking
between anchor points
29
International and Domestic RFID Standards Policy and Guidance
NIST provides input into developing the U.S. Government’s positions on both technology and policy aspects of RFID standards and standardization– Participates in the RFID Intra-government Working Group, and leads the Standards sub-
committee of this group– Participates in the Dept. of Commerce’s RFID working group– Will coordinate the standards policies of federal government agencies, with those of the
private sector, per the National Technology Transfer and Advancement Act– Participates in standards development activities led by the private sector, and will develop
standards for federal agencies’ IT security requirements, if so requested.
30
Integration of RFID with smart and wireless sensor networks
Fixed and mobile sensors are needed to augment RFID to enhance functionality in applications.
IEEE 1451 suite of standards for sensor data interoperability– NIST leadership, IEEE Sensor Technology Technical Committee and Sensor Standards
Harmonization Working Group – Self–identification and self-description of sensors via Transducer Electronic Data Sheets containing
transducer identification, calibration, correction data, measurement range, and manufacture-related information, etc.
– Engagement with ISO JTC 1/SC 31, IEEE TC9, ITU-T
Unifying smart and wireless sensor standards and RFID standards is essential to achieve interoperability.
Interoperability is the key for success of RFID.
31
Technical support to other U.S. Government Agencies
Personal identification documents– State Dept., DHS and GPO– Materials reliability and
electromagnetic measurements of e-Passports, including eavesdropping and jamming
32
RFID in the construction industry
Locate and manage supplies on construction site– NIST is now working on a larger scale
demonstration
Automated Construction Testbed– Pick and place assembly– Integration of RFID with robotics and laser
scanning systems
33
Manufacturing Extension Partnership (MEP) RFID Community of Practice
Manufacturing Extension Partnership has a nation-wide network of centers to provide support to small and medium-sized manufacturers.
MEP "RFID With Simulation" training module for MEP Center staff to train their manufacturing clients. – The simulation first compares how parts, inventory and work in process is tracked using a
paper-based manufacturing system, then hands-on incorporation of RFID into processes using readers, antennas, tags, equipment and laptops
Great interest in RFID from MEP clients
34
Future RFID – organic electronics
Vision: ubiquitous electronics
NIST is providing the integrated measurement and standards tools needed to accelerate progress in organic electronics.– iNEMI roadmap includes RFID
Advantages for RFID: – Cost – aiming for $0.01 per tag – Large volume (billions and billions of tags) – Lower temperature manufacturing (<120°C), printable
deposition processes– Cheap integration with other functions (display, sensors,
etc.)
sensor pack
power supply
processor &RFID communicationdisplay
Electronics: $0.02
35
Presentation Outline
About NIST
RFID Security
NIST RFID Activities
NIST Guidelines for Securing Radio Frequency Identification
New technologies, new security and privacy challenges….
Discussion
Contact Information
36
Special Publication 800-98: Guidelines for Securing Radio Frequency Identification (RFID) Systems
Special Publication 800-series:– The NIST Computer Security Division’s mission includes advising agencies on
cost-effective methods to secure federal IT systems– Special Publication 800-series documents report on NIST’s research, guidance,
and outreach efforts in computer security
NIST focus on RFID security:– RFID is an immature, but rapidly evolving technology that is being widely
deployed across the public and private sectors ($4.5 billion market in 2005)– RFID security risks are not well documented– Standard engineering and risk management approaches have yet to be
developed for most categories of RFID technology
37
Goals and Objectives of SP 800-98 - Section 1
To assist organizations in understanding RFID security risks and what security controls can help mitigate those risks
To provide real world guidance on how to initiate, design, implement, and operate RFID systems that mitigate risks
To provide security controls that are currently available on today’s market– Not theoretical controls– Not controls that are in development– Not controls that are not widely available
The document is vendor- and platform-independent
The document does not address the advanced authentication and cryptographic features that are incorporated in many smart card RFID systems
38
RFID Technology - Section 2Provide an overview of the field of automatic identification and data capture (AIDC) technologies (which includes RFID)
Describes the basic components of an RFID system:– The RF subsystem (depicted below), which performs wireless identification and
related transactions wirelessly– The enterprise subsystem, which can store, process, and analyze RF transactions– The inter-enterprise subsystem, which connects enterprise subsystems
39
RFID Applications and Requirements - Section 3Reviews the core types of RFID applications and the requirements of these applications:
Application TypeApplication Type Purpose of IdentificationPurpose of Identification
Asset managementAsset management Determine the presence of an itemDetermine the presence of an item
TrackingTracking Determine the location of an itemDetermine the location of an item
MatchingMatching Ensure affiliated items are not separatedEnsure affiliated items are not separated
Process controlProcess control Correlate information with the item for decision-makingCorrelate information with the item for decision-making
Access controlAccess control Authenticate a person (holding a tagged item)Authenticate a person (holding a tagged item)
Automated paymentAutomated payment Conduct a financial transactionConduct a financial transaction
Application RequirementsApplication Requirements
RFID Information CharacteristicsRFID Information Characteristics
RFID Transaction EnvironmentRFID Transaction Environment
Tag Environment between TransactionsTag Environment between Transactions
RFID EconomicsRFID Economics
40
RFID Risks - Section 4
Business Process Risks – risk that failures of the RFID system will impair the business process that the RFID system automates
Business Intelligence Risks – risk that an adversary or competitor could obtain unauthorized access or information from the RFID system
Privacy Risks – risk to personal privacy
Externality Risks – risk to other systems, assets, and people
Factors influencing an identified risk
Factors influencing an identified risk
EXAMPLE
EXAMPLE
41
RFID Security Controls - Section 5
The controls are divided into three sections:– Management controls– Operational controls– Technical controls
Each control is described by four characteristics:– Control– Applicability– Benefits– Weaknesses
Example of a Technical ControlExample of a Technical Control
42
RFID Privacy Considerations - Section 6
Privacy Principles: introduces Organization for Economic Cooperation and Development (OECD) privacy principles
Federal Privacy Requirements for Federal Agencies– Describes privacy requirements for federal agencies– Describes the Privacy Act of 1974, Section 208 of the E-Government Act of 2002,
Section 522 of the Consolidated Appropriations Act of 2005, Administrative simplification requirements of the 1996 Health Insurance Portability and Accountability Act (HIPAA), FISMA, and the OMB memoranda on the implementation of privacy requirements
Applicable Privacy Controls: describes 17 privacy control families from the Federal Chief Information Officers (CIO) Council
Embedding Privacy Controls: provides guidance on incorporating privacy controls in an RFID system
43
Recommended Practices - Section 7Provides 35 recommendations that follow the system lifecycle from initiation to disposition
Describes a security practice
Describes a security practice
Provides a rationale or
discussion for the practice
Provides a rationale or
discussion for the practice
Lists RFID system
components that are impacted
Lists RFID system
components that are impacted
Classifies practice as
recommended or should consider
Classifies practice as
recommended or should consider
Provides a checklist for
implementers
Provides a checklist for
implementers
EXAMPLE
EXAMPLE
44
Case Studies - Section 8
Case Study #1– Topic: Personnel and asset tracking in a health care environment– Perspectives from the fictional Contagion Research Center (CRC)
Case Study #2– Topic: Supply chain management of hazardous materials– Perspectives from the fictional Radionuclide Transportation Agency (RTA)
Each study documents RFID technology as it is used in five life cycle phases:– Initiation– Acquisition/Development– Implementation– Operations/Maintenance– Disposition
45
Presentation Outline
About NIST
RFID Security
NIST RFID Activities
NIST Guidelines for Securing Radio Frequency Identification
New technologies, new security and privacy challenges….
Discussion
Contact Information
46
New technologies, new security and privacy challenges….
47
Accountability, Privacy, Anonymity, Convenience
48
The Government Watching the Citizens
More than 600 Chinese cities are launching surveillance systems, including face-recognition software, video cameras in Internet cafes, and "behavior-recognition software designed to spot the beginnings of a street protest and notify police." U.S. hedge funds have invested at least $150 million in the industry in the last year; from 2003 to 2010, the industry projects it will grow from $500 million to $43 billion.
49
Citizens Watching the Government
50
Mobile Devices - New Security Risks: Risk of Theft or Loss, Limited Computing Power, Multiple Access Points, Mobilit, Lack of User Awareness
An estimated 11,300 laptop computers, 31,400 handheld computers and 200,000 mobile telephones were left in taxis around the world during the last six months, a survey found on Monday. January 24th, 2005 Reuters. The survey's findings were extrapolated to reflect the total number of taxis in each city.
New technologies, new security and privacy challenges….
51
Video and Camera Phones: Government agencies, corporations, Health Clubs, prohibit their use.
SMS Text and VideoPhone
Cheating in Classroom
“The idea is simple: tell us where you are and we'll tell you who and what is around you. We'll ping your friends with your whereabouts, let you know when friends-of-friends are within 10 blocks, allow you to broadcast content to anyone within 10 blocks of you or blast messages to your groups of friends.” –dodgeball.com
New technologies, new security and privacy challenges….
52
Bluetooth: Bluejacking, Cabir/Caribe Virus Emptying the battery in the phone quicker as it tries to beam itself out to other Bluetooth devices, Cell phones running SymbianOS, requires users to accept and execute the downloaded package.
Cell Phone Jammers, Quiet Cars, Hotels, Restaurants, Theaters, Classrooms
Mobile Entertainment, Betting, Multiplayer Gaming, Wallet Phone, bots
New technologies, new security and privacy challenges….
53
Disposable PrePaid Cell Phone, Disposable, Anonymity, Inexpensive, Prepaid reduces risk of Telecom fraud, but introduces other security issues.
• VOIP 911 Calls -Special emergency circuit links the call to the Automatic Number Identification/Automatic Location Identification database of phone numbers, names, and addresses.
New technologies, new security and privacy challenges….
54
GPS: Rental Car Companies, Commercial Fleet Management, Military, Consumer Electronics
Terms of TAG USE: Your E- ZPasstag(s) may be used on the vehicle(s) specifically listed on this account.
WMATA Smart Trip, Short Range, Tracks time of entry and exit to metro stations, Registered $5, Unregistered Anonymous
New technologies, new security and privacy challenges….
55
GPS Child Finder
56
Wireless Vehicular Communication
Interface Devices(Built-in Display, Annunciator,
Microphone, Keypad, etc. connected to the Computer,
which is connected to the IDB)
909.75-921.75 MHzToll & Parking
OBU(Add-on when needed)
5.850-5.925 GHzMulti-Application OBU/w
360 degree antenna(factory installation)
(connected to the IDB)
Computer(factory installation)
(connected to the IDB)
87.5-107.9 MHzFM sub carrier
1575.42 MHzGPS Receiver
Other ITSCommunications
Equipment
Multiple BandsTwo-way Radio
76-77 GHzCollision
Avoidance Radar
2322.5-2345 MHz for XM Radio
Satellite Radio band
1800 to 1900 MHz2.5/3G PCS Phone
(which is connected to the IDB)
InfraredOBU
(Add-on when needed for super high data
rates)
800 to 900 MHzand
1800 to 1900 MHzCellular Phone Antenna
57
Marine Corp Marathon vs. Marine Deployment
What is the difference? Physical possession, tracking and identification
Tell consumer what you will do with the data, and do only that.
NIST Inventory Example
58
What is in the tag? Is it just a number? EPC General Identifier (GID- 96) is the most widely used data format on EPC tags…
Header 8-bits– Identifies EPC’s version number (256 possible versions)– Will allow the extension of EPCs in the future (different lengths or types of EPCs)
EPC Manager 28-bits– Identifies the manufacturer of the product the EPC is attached to (268 million managers)
Object Class 24-bits– Identifies a category or class of objects within a manufacturer (16 million object classes)
Serial Number 36-bits– Uniquely identifies a product within an object class of a manufacturer (68 billion serial
numbers within a class)
59
Brave New World or 1984?
60
Brave New World or 1984?
Orwell feared that the truth would be concealed from us.
Orwell feared we would become a captive culture.
Orwell feared those who would ban books.
• Huxley feared the truth would be drowned in a sea of irrelevance.
• Huxley feared we would become a trivial culture.
• Huxley feared that there would be no reason to ban a book, for there would be no one who wanted to read one.
• Civil libertarians and rationalists who are ever on the alert to oppose tyranny "failed to take into account man's almost infinite appetite for distractions".
61
Presentation Outline
About NIST
RFID Security
NIST RFID Activities
NIST Guidelines for Securing Radio Frequency Identification
New technologies, new security and privacy challenges….
Discussion
Contact Information
62
Tom Karygiannis, NIST, 100 Bureau Drive, MS 8930, Gaithersburg, MD 20899, USA. Email: [email protected], Tel. 301-975-4728
Ajit Jilla, Ph. D., Global Standards and Information Group, NIST, 100 Bureau Drive, MS 2100, Gaithersburg, MD 20899-2100. email: [email protected], Tel. 301-975-5089
Dr. David Wollman, Scientific Advisor, Electronics and Electrical Engineering, Coordinator of RFID Activities, email: [email protected]
Web URLs: – NIST http://www.nist.gov– Computer Security Division http://csrc.nist.gov/
Contact Information