etsi security worshop rfid data protection and privacy activities in … · 2013-01-16 ·...
Post on 07-Apr-2020
0 Views
Preview:
TRANSCRIPT
16-1-2013
1
CEN/TC 225 ‘AIDC Technologies’ 1
RFID data protection and privacy activities in CEN/TC225
Gerard Dessenne, CEN/TC225/WG5 Chair
ETSI SECURITY WORSHOP
CEN/TC 225 ‘AIDC Technologies’ 2
M/436 Mandate
Background documents
• Directive 95/46 EC on Privacy on 23 Nov 1995 and Directive 2002/58 EC on 12 July 2002
• Directive 1999/5/EC (Directive R&TTE) on 9 Mar 1999
• OECD Policy Guidance on RFID 17-18 on June 2008
• M 436 Mandate on 8 December 2008
• Commission Recommandation of 12 May 2009
• PIA Framework from DG/INFSO of 12 February 2010 (1)
(1): Accepted by Article 29 Working Party
16-1-2013
2
CEN/TC 225 ‘AIDC Technologies’ 3
M/436 Mandate
Standardization Mandate to the European Standardization Organizations
CEN CENELEC and ETSI
In the field of Information and Communication
Technologies applied to Radio Frequency
Identification (RFID) and systems
DG ENTR/D4 8 December 2008
CEN/TC 225 ‘AIDC Technologies’ 4
M/436 Mandate
M/436 Project
• M 436 Mandate divided in two phases:
• Phase 1: Jan 2010 to September 2011 to analyse the gaps in terms of standardization. The deliverable is the document ETSI 187020 of April 2010.
• Phase 2: Jan 2011 to March-May 2014. There are 11 deliverables under the form of EN, TS, TR.
•
16-1-2013
3
M436 Phase 2 Project Teams
CEN/TC 225 ‘AIDC Technologies’ 5
• Signage and Emblem
• Chair: Stephane PiquePTA
• RFID Device Privacy
• Chair: Josef Preishuber-PflüglPTB
• Privacy Impact Assessment
• Chair: Claude TetelinPTC
• RFID Penetration testing
• Chair: Jacques HulshofPTD• Extended RFID device security
capability
• Chair: Henk DannenbergPTE
CEN/TC 225 ‘AIDC Technologies’ 6
M/436 Project Phase 2Deliverables11 Deliverables in three groups derived from EC
Recommendation of 15th February 2009:
Information, PIA, Technical.• CEN European standard: EN ISO/IEC 29160 Information technology -- Radio frequency identification for item
management -- RFID Emblem
• CEN Technical Specification: Notification of RFID: The information sign to be displayed in areas where RFID
interrogators are deployed
• CEN Technical report: Notification of RFID: Additional information to be provided by operators
• CEN European Standard: Notification of RFID: The information sign and additional information to be provided by
operators of RFID data capture applications
• CEN Technical Report: Privacy: Capability features of current RFID technologies
• CEN Technical Report: RFID PIA analysis for Specific Sectors
• CEN Technical Report: Analysis of PIA methodologies relevant to RFID
• CEN European Standard: RFID privacy impact assessment (PIA) process
• CEN Technical Report Threat and vulnerability Analysis
• CEN Technical Report: Authorisation of mobile phones when used as RFID interrogators
• CEN Technical Specification: Device interface to support ISO/IEC 18000-3 Mode 1 and Mode 3 tags
16-1-2013
4
M436 Project Teams
CEN/TC 225 ‘AIDC Technologies’ 7
• Signage and EmblemPTA
CEN/TC 225 ‘AIDC Technologies’ 8
• The Common European RFID Notification Signage
system will provide a simple means to notify citizens of
the presence of RFID interrogators in public areas,
including shops, public transport locations, libraries, etc.
• The Signage system will allow citizens to be advised of
the presence of RFID tags placed on or in items,
including contactless bank and public transport cards,
library books, and tags used to assist in warranty,
maintenance and recycling of durable household goods.
Signage: Scope
16-1-2013
5
CEN/TC 225 ‘AIDC Technologies’ 9
Signage: Three Deliverables
• TR = Research and Argumentation
• TS = Application: forerunner of EN (2014)
• EN seeks to help EC Enterprises to:
– Comply with existing EU Law on DPP
– Protect their customers
– Protect their reputation
CEN/TC 225 ‘AIDC Technologies’ 10
• Three constituting elements
1. Common Notification Emblem
2 Scope and purpose of RFID application
3 How to contact operator/controller
>Points to where more information can be found
• Two general signs
– Areas where readers may be operating (EC Rec 8)
– Tagged items (EC Rec 9)
In both cases: One common European Emblem!
Sign: Definition
16-1-2013
6
The RFID Notification Sign:
Three elements
• Common Emblem
• Purpose of application
• Additional information
RFID Tags may be read in this area forthe purposes of stock control security
and product warranty.
This system is controlled by Van Rees
B.V.
For more information. Contact us on :
Freephone 0800 800 8888Or visit our website
www.vanrees.com/privacy
CEN/TC 225 ‘AIDC Technologies’ 12
• What?: The Generic version of the ISO Emblem as per
29160 Standard. Uniqueness all over Europe
• Where? On the sign to be displayed in areas where RFID
interrogators are deployed. Also on items depending on
the result of the PIA
• Purpose: Different from logos that serve the purpose of
communicating a trademark of a proprietary system or a
business application, the Common European RFID
Emblem shall be utilized as a generic emblem to indicate
to the citizens the presence of an RFID application
The Common European Emblem
16-1-2013
7
CEN/TC 225 ‘AIDC Technologies’ 13
The Common European Emblem
As defined in the ISO/IEC Standard 29160
CEN/TC 225 ‘AIDC Technologies’ 14
Current unresolved issues:
– coexistence of the Common European Emblem and current logos,
especially global systems such as contactless bank cards
Ex: EMV Consortium
The Common European Emblem
16-1-2013
8
CEN/TC 225 ‘AIDC Technologies’ 15
• Where?: At an address indicated in the sign
• What?:
– the operator of the application
– the purpose of the application
– the data processed
– a summary of the Privacy Impact Assessment
– the likely risks and the mitigation measures
• Current issues:
– How to resolve the complex situation of multi operators and /or multi
applications
The Additional information:
CEN/TC 225 ‘AIDC Technologies’ 16
• RFID Device PrivacyPTB
16-1-2013
9
RFID Device Privacy
CEN/TC 225 ‘AIDC Technologies’ 17
TR: Privacy capability features of current RFID technologies
•Access protection features
•Features to protect Consumer Privacy
•Features to protect Data Security
•Features for tag authentication
•Standards support of privacy capability features
•Product support of privacy capability features
Access protection features
CEN/TC 225 ‘AIDC Technologies’ 18
REF PRIVACY CAPABILITY FEATURE
ISO
/IE
C14443
ISO
/IE
C15693
ISO
/IE
C18000-2
ISO
/IE
C18000-3
M2
ISO
/IE
C18000-3
M3
ISO
/IE
C18000-4
M1
ISO
/IE
C18000-4
M2
ISO
/IE
C18000-6
1:2
012
ISO
/IE
C18000-6
2:2
012
ISO
/IE
C18000-6
:2004
Am
1:2006
ISO
/IE
C18000-6
3:2
012
ISO
/IE
C18000-6
3R
EV
1
ISO
/IE
C18000-6
4:2
012
ISO
/IE
C18000-7
ISO
/IE
C18092
ISO
/IE
C21481
5.2.1 No protection Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
5.2.2 Password protection N N N N Y N N N N Y Y Y N N N N
5.2.2.1 Password protection with security timeout N N N N N N N N N N N N N N N N
5.2.2.2 Password protection with cover coding N N N N Y N N N N Y Y Y N N N N
5.2.3 Cryptographic protection Y N N N N N N N N N N Y N N Y Y
5.2.3.1 Symmetric-key cryptography Y N N N N N N N N N N Y N N Y Y
5.2.3.2 Public-key cryptography Y N N N N N N N N N N Y N N Y Y
5.3 Application of access protection features Y Y N N Y N N N N Y Y Y N N Y Y
16-1-2013
10
Privacy protection features
CEN/TC 225 ‘AIDC Technologies’ 19
REF PRIVACY CAPABILITY FEATURE
ISO
/IE
C14443
ISO
/IE
C15693
ISO
/IE
C18000-2
ISO
/IE
C18000-3
M2
ISO
/IE
C18000-3
M3
ISO
/IE
C18000-4
M1
ISO
/IE
C18000-4
M2
ISO
/IE
C18000-6
1:2
012
ISO
/IE
C18000-6
2:2
012
ISO
/IE
C18000-6
:2004
Am
1:2006
ISO
/IE
C18000-6
3:2
012
ISO
/IE
C18000-6
3R
EV
1
ISO
/IE
C18000-6
4:2
012
ISO
/IE
C18000-7
ISO
/IE
C18092
ISO
/IE
C21481
6.2 Unique chip ID or Tag ID Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
6.3 Chip selection with random number Y N N N N N N N N N N Y N N N N
6.4 Reduced read range on the tag N N N N N N N N N N N Y N N N N
6.5 Untraceable N N N N N N N N N N N Y N N N N
6.6 Hide N N N N N N N N N N N N N N N N
6.7 Kill N N N N Y N N N N Y Y Y N N N N
6.8 (1) Destroy A A A A A A A A A A A A A A A A
6.9 Remove A A A A A A A A A A A A A A A A
CEN/TC 225 ‘AIDC Technologies’ 20
• Privacy Impact AssessmentPTC
16-1-2013
11
Privacy Impact Assessment
CEN/TC 225 ‘AIDC Technologies’ 21
• Deliverables:
– TR: Analysis of PIA methodologies relevant to RFID
– TR: RFID PIA analysis for specific sectors (retail,
libraries, banking, transportation)
– EN: RFID PIA process
Privacy, Data Protection, Security and RFID
CEN/TC 225 ‘AIDC Technologies’ 22
Data Protection, Security and
Privacy
Privacy focuses on the individual not the corporationPrivacy extends beyond the operational domain of the application
Out of domain = other readers both inside and outside the read range of the application’s readers
e.g. from reading tags accidentally to deliberate illicit reading and eavesdropping
.
Data Protection : ensures appropriate collection, consent,
correction and use of data collected by anorganisation from their consumers & users
Data Security : protects all the organisation’s data
including the data about individuals as wellas other operational data held by the
organisation
Privacy : provides an individual’s control
over the use of collected data by organisations and protection from unauthorised collection ofdata from ICT in the individual’s possession
16-1-2013
12
TR: RFID PIA Analysis for Specific Sectors
CEN/TC 225 ‘AIDC Technologies’ 23
RFID PIA Framework as basis
Libraries Retail e-Ticketing Banking & Finance
Enabling RFID operators to identify risks
Identification of relevant characteristics per sector
Synthesis and conclusion lead to a generic approach
EN: RFID Privacy Impact Assessment (PIA) process
CEN/TC 225 ‘AIDC Technologies’ 24
Key points from Scope
• It provides a standardised set of procedures for developing PIA templates, including tools compatible with the RFID PIA methodology.
• In addition, it identifies the conditions that require an existing PIA to be revised, amended, or replaced by a new assessment process.
16-1-2013
13
CEN/TC 225 ‘AIDC Technologies’ 25
• RFID Penetration testingPTD
CEN/TC 225 ‘AIDC Technologies’ 26
The actual scope of this TR is to consider the threats
and vulnerabilities associated with the characteristics
of RFID technology at the air Interface level covering:
• Threats and attacks scenarios with a false reader
and false tag
• Vulnerabilities
• Mitigation measures
• Attack scenarios
• Penetration tests results (initial and additional)
TR: RFID threat and vulnerability analysis
16-1-2013
14
Initial tests
CEN/TC 225 ‘AIDC Technologies’ 27
Reference:
ETSI TR 101 543 V1.1.1(2011-04). “Electromagnetic
compatibility and Radio spectrum Matters (ERM); RFID
evaluation tests undertaken in support of M/436 Phase 1”
Tests carried out at the three principal frequencies with
output power according to regulatory limits:
Low Frequency (< 135 kHz)
High Frequency (13,56 MHz)
UHF (865 – 868 MHz)
Additional tests
CEN/TC 225 ‘AIDC Technologies’ 28
Focus on eavesdropping and activation for both HF
and UHF passive technologies.
•UHF Activation distance = f(radiated power)
•HF Activation distance = f(magnetic field,
antenna size)
•UHF/HF Eavesdropping = f(antenna size, reader
sensitivity)
Measurements have be done in a way to maximize
activation and eavesdropping distances (line of sight,
no tilt, aligned polarisations, etc…)
16-1-2013
15
CEN/TC 225 ‘AIDC Technologies’ 29
• Extended RFID device security capabilityPTE
TR: Authorization of mobile phones used as RFID interrogators
CEN/TC 225 ‘AIDC Technologies’ 30
Extending NFC phones capabilities to read RFID tags
• Read range impacts due to inclusion of ISO/IEC 15693
• Extending NFC read range capabilities
• Security features in the NFC phones
Mobile phones enhanced with UHF RFID readers
• Internet research
• Only Republic of Korea
16-1-2013
16
Preliminary Conclusions
CEN/TC 225 ‘AIDC Technologies’ 31
1. Inclusion of ISO/IEC 15693 based new NFC Forum Tag Type will
not have an impact on the read range of the ISO/IEC 15693 or
ISO/IEC 14443 tags and therefore it will not increase the capabilities of NFC phones to capture data without consent
2. The capability to read ISO/IEC 15693 compliant tags might
cause a threat for existing applications that currently use such tags
3. Read range of NFC phones cannot be extended practically
4. UHF capabilities could potentially be a threat for the consumer's privacy. However, availability is very limited
5. Dual band extensions do not add different threats
(than listed for HF or UHF extensions)
TS: Device interface to support ISO/IEC 18000-3 Mode 1 and Mode 3 tags
CEN/TC 225 ‘AIDC Technologies’ 32
Initial results of PT-E
− There are several different device interfaces on the market.
Most of them are proprietary to the various reader vendors.
− Reader suppliers consider a device interface with the proposed
features very complex. The proposed handling of data structures
increases complexity even more. Such interface would need a PC
based TCP/IP architecture and cannot be used on most of the
architectures that are being used today.
They do not believe that such kind of high level software interfaces
will help to get a more rapid transformation to more security,
because it is high level and it needs a kind of PC architecture.
16-1-2013
17
PT-E Proposal
CEN/TC 225 ‘AIDC Technologies’ 33
• Way forward− Support for both ISO/IEC 18000-3 Mode 1 and ISO/IEC 18000-3 Mode 3
would fit into ISO/IEC 24791-5.
− Following the Vienna agreement, CEN should develop a NWIP for
revision of ISO/IEC 24791-5 to cover ISO/IEC 18000-3 Mode 1 and
ISO/IEC 18000-3 Mode 3 device interfaces.
− If the business need is confirmed on JTC1 level then CEN could initiate
the development of a first WD for this ISO/IEC 24791-5REV1.
• Recommendation: change deliverable into TR− The TR will report the findings of the project team and provide the input
for the NWIP for the revision of ISO/IEC 24791-5.
CEN/TC 225 ‘AIDC Technologies’ 34
M/436 Project time schedule: ENs
16-1-2013
18
CEN/TC 225 ‘AIDC Technologies’ 35
M/436 Project time schedule: TRs & TSs
# Activities Due date
1 Signature of contract between CEN and the EC T0 2011-12
x … … …
9 Submission of drafts (progress so far) to TC secretary T+11 2012-11
10 Final discussion by TC225 plenary in Brussels T+13 2013-01
11 Submission of interim report to EC T+14 2013-02
12 Submission of final drafts to TC secretary T+18 2013-06
13 Dispatch of final drafts to CCMC for Formal Vote T+18 2013-06
14 Submission to Formal Vote T+21 2013-09
15 Closure of Formal Vote T+24 2013-12
16 Definitive texts TSs and TR available T+25 2014-01
17 Publication TSs and TR by CEN T+28 2014-03
18 Submission of final report to EC T+28 2014-03
That’s all Folks
Thank You
CEN/TC 225 ‘AIDC Technologies’ 36
top related