Freight Container E-seal - Data Protection Report on NP4 18185 by armedman1

VIEWS: 0 PAGES: 15

									Freight Container E-seal - Data
Protection
Report on NP4 – 18185 part 4




  April 19-20, 2005
  Eric Sandberg
2005-04-19, Rev: pA4
                       Slide 1    9 December, 2008
ISO18185-4 Scope
      This standard specifies requirements for
      the data protection capabilities of
      electronic seals whilst the data is stored
      within the seal as well as during
      communication to and from the seal.
      These capabilities will address the
      accessibility, confidentiality, data
      integrity, authentication and non-
      repudiation of stored data.
2005-04-19, Rev: pA4
                        Slide 2               9 December, 2008
The major DIS18185 comments
(Nov 2002)
 No data security
 No single protocol or selected
  frequency
        Three protocols on three frequencies
 Lack of User involvement
 Not a complete e-Seal standard
        Only the air interface(s)
2005-04-19, Rev: pA4
                         Slide 3            9 December, 2008
What happened, before Dec 2004
 Sweden/SIS submitted a secure air interface protocol,
  (DSSS, i.e. similar to CDMA)
         Oct 2002, Oct 2003 and Feb 2004!
 One telephone conf, June 2004
         2 participants (Julia Zhu and Eric Sandberg)
 Draft document, basic terminology, submitted prior to
  WG2 meeting in Moscow Aug 2004
         Draft Docs SC4WG2 N0179&N0188
             http://www.autoid.org/2004_doc/aug/sc4wg2n0179_18185-4_040812.doc
             http://www.autoid.org/2004_doc/aug/sc4wg2n0188_18185-4_040820.doc
         No comments received
 WI18185-4 & 5 Halted by the WG in Aug 2004, due to
         The choice of simple passive tag proposal
                • No write capabilities in the protocol
         Use once only
2005-04-19, Rev: pA4
         No user data storage, not 4even container-ID
                                 Slide                                       9 December, 2008
What else happened, in 2004
 Communication protocol
         focus on e.g. R/W, battery lifetime indicator
         CD18185-1 is basically a subpart of 18000-7
 Selection of PHY layer
         CD18185-7, i.e. only reference to 18000-7
         Based on non-existing criteria
 E-seal is a security application
 RFID standards for Item Management like e.g.
  ISO18000-6 & 7 lack security solutions


2005-04-19, Rev: pA4
                               Slide 5                    9 December, 2008
What’s happened, after Dec 2004
 Data security was highlighted by Motorola and
  ALL SET in Beijing, Dec 2004
 Security is related to and shall be supported
  by 18185 part 1, 2 and 7, but:
         18185 Part 1, 2, 3 and 7 were sent out for CD
          balloting Dec 2004
         Without any security or threat analysis
         Part 1 and 7 is based on one (single supplier)
          existing RFID ISO standards
                • Any changes or modifications will be done by ISO/IEC
                  JTC1/SC31 and not TC104/SC4

2005-04-19, Rev: pA4
                                     Slide 6                         9 December, 2008
The security analysis...
 Vulnerability assessment Feb-April 2005
         Extensive Threat analysis, level setting and
          common understanding (by Motorola)
                • Motorola, ALL SET, SAVI, HiGTek, Transcore
                • DoD, WSC (partly)
         Goals
                • Recommendations to the WG
                       – Countermeasures vs. Vulnerability
                       – Set of Requirements
                       – Assessments of 18185-x, regarding Security


2005-04-19, Rev: pA4
                                        Slide 7                       9 December, 2008
      Vulnerabilities Map
                                                       Reader systems will incorrectly accept
                                                         compromised seals as legitimate.




                                                                                                                                           User (Carrier, Shipper, Governments)
                       #2. Imposter / substitution reader                          #1: Imposter / substitution seal




                                                                      Mimic
             Collect




                       #8: Passive Information Gathering                           #3: Spoof Messages from Seal
                       #9: Seal Probing                                            #11: Man-in-the-Middle
                       #11: Man-in-the-Middle




                                                                                                                                 Network
                                                                                                                      Reader
Tag




                                                                   Service (DOS)   #5: Jamming
                                                                     Denial of

                                                                                   #6: Shielding
                                                                                   #7: Seal Disruption
                                                                                   #10: Seal Destruction
                                                                                   #12: Make seal not respond



                                                      Makes the electronic seal not detectable
                                                                by reader systems
      2005-04-19, Rev: pA4
                                                                Slide 8                                                        9 December, 2008
Issues
     User, Application or system requirements need to address the
      level of security, based on ConOps, Threats and system/IT
      architecture, such as:
         Authentication method? Who have access to what?
         Digital Signature method? On session or messages?
         Symmetric or Asymmetric cryptography? Key management?
     Communication protocol as well as PHY layer need to be able
      to perform authentication, encryption etc.
         Without performance degradation
         None of the existing FDIS18000 (e.g. part 7) protocols have
          support for security*
         EPCglobal has started to consider it in Gen2
         Data security is included in most of the IEEE802.x standards
     System design for security needed


2005-04-19, Rev: pA4
                                    Slide 9                              9 December, 2008
Implications
 CD18185-1, 2 and 7 has to be re-worked,
  considerably!
         ConOps need to described and set the application
          requirements, by taking a systems approach?
                • Data messages has to support any suggested solution
                • Shall countermeasures be implemented for all
                  identified threats? If not, which to select?
         Can part 1 and 7 support any kind of security
          without performance degradation?
                • FCC regulations to transmit data, not only signaling?
                • Is 0.5 MHz bandwidth enough for jamming or
                  interference resistance?
                • Is 0.5 MHz bandwidth enough for code spreading?

2005-04-19, Rev: pA4
                                      Slide 10                            9 December, 2008
US FCC §15.231 and §15.240
           FCC regulations comparison §15.231 and §15.240
           Author: Eric S         ALL SET Marine Security AB
           Date:       2005-01-24




                                FCC §15.231 Before April 2004       New FCC §15.240     Remarks
           Peak P      P (W)     2,29342E-05 W                       0,000577732 W
                       P(mW)             0,02 mW                             0,58 mW
                       P(dBm)          -16,40 dBm                           -2,38 dBm   DutyCycle <1.7%!
                                                                                        Silent periods >10s!
           Average     P (W)      3,66947E-06 W                      2,31093E-05 W
                       P(mW)              0,00 mW                            0,02 mW
                       P(dBm)           -24,35 dBm                         -16,36 dBm




      FDIS18000-7:
      Interrogator Transmit Maximum EIRP
      “5.6 dBm (peak power) or as allowed by local regulations”
2005-04-19, Rev: pA4
                                                         Slide 11                                              9 December, 2008
The security analysis...
 Proposals
         Draft e-seal security proposal by SAVI, March
          31 2005
                • Some suggestions or enhancements how to
                  implement some security, around digital signatures,
                  in the optional data field
         New secure air interface proposal by Motorola,
          April 15 2005
                • Based on CDMA, with possibility to security on PHY
                  layers as well as key management
                • No need for digital signatures and asymmetric keys


2005-04-19, Rev: pA4
                                   Slide 13                      9 December, 2008
Outside the scope?
 Security is not just something that can
  be ”fixed later..”
         ”...”
         Security has to be build on layers, that fits
          together like a chain
 Is the scope of WG2 really enough to
  cover the security in e-seals?
         Network threats?
         Production threats?

2005-04-19, Rev: pA4
                            Slide 14                      9 December, 2008
     Vulnerability Assessment Scope
                                                          Network
               License
                                                        Network                users
                 tag
                                                      Network
          EL data RF
                              air              RF                            users
Container
 Chassis                  interface           RF Reader                   users
   Or       e-seal                          RFReader                 Applications
  Truck                                                            Applications
          EL data RF                         Reader
                                                                Applications
           physical                                         outside of scope
                                                          outside of scope
            Scope of the vulnerability study            outside of scope
                                        data
      With the understanding that the tag, air interface, and reader information
                contributes to the end-to-end complete system trust
                                                   EL = electronic security
     2005-04-19, Rev: pA4                          RF = RF interface
                                       Slide 15    Data = data stored and communicated   9 December, 2008
18185 in parts - Work flow
                Vulnerability Assessment


                          18185 Part 2 & 3


                                    18185 Part 4


                                                  18185 Part 6


                                                           18185 Part 1 & 7

                                                                       TIME
2005-04-19, Rev: pA4
                                       Slide 16                               9 December, 2008

								
To top