Secure Identity Solutions - PowerPoint PPT Presentation

Loading...

PPT – Secure Identity Solutions PowerPoint presentation | free to download - id: 9a033-NDM1Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Secure Identity Solutions

Description:

on Applied Research in Information Technology, Conway, Arkansas, Mar. 3, 2006. ... Dual-Spacer Dual-Rail Delay-Insensitive Logic (D3L) 1. 1. All-one Spacer. 0 ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 27
Provided by: events
Learn more at: http://events.astate.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Secure Identity Solutions


1
Secure Identity Solutions
Craig Thompson, Dale R. Thompson, Jia
Di University of Arkansas, Fayetteville February
21, 2007 cwt, drt, jdi_at_uark.edu Computer
Science and Computer Engineering Dept.,
University of Arkansas 311 Engineering Hall,
Fayetteville, Arkansas 72701
2
Everything is Alive
  • Craig W. Thompson
  • University of Arkansas

3
Craig Thompsons story
  • SSN at birth, developed a personality, passport
    at 10, collected coins, CA DL at 17, TX DL at 21,
    member of CACM IEEE, married, got credit cards,
    TN DL at 27, bought car for daughter, wrote
    autobiographies for family members
  • worked on DBMS, middleware architectures,
    agents, policy languages, digital rights, RFID,
    threats, privacy, synthetic data generation,
    participated in this conference
  • Records of my life include birth certificates,
    transcripts, photos, diary, job records, phone
    bills, … DBMS(me)/mylifebits, … models of myself

4
Everything is Alive
a world where everything is alive (EiA) and can
sense, act, think, feel, communicate, and maybe
even move and reproduce. This might include
equipment, vehicles, robots, toys, clothing,
pets, and objects such as trees and walls.
5
TagCentric RFID Middleware
Architecture
  • Developed TagCentric RFID application
  • 4 reader types supported Alien, Symbol,
    Thingmagic, and Fake.
  • 1 Tag printer supported Zebra
  • 5 databases supported DB2, Derby, MySQL,
    Oracle, PostgreSQL
  • Open Source Toolkit available

6
Smart devices Supply chains
  • Humans now manage 10 network devices and will
    need to manage 100s to 1000s
  • Many kinds of sensors
  • Item level RFID
  • Data synchronization networks
  • Download plugins from the web
  • Simple and complex user interfaces
  • Scheduler
  • Log History
  • Natural language I/F and/or GUI
  • …

7
Menu Based Natural Language I/F Plugin
  • Predictive menu to guide user to correct sentence

8
Many Puzzles Remain
  • Technical we dont yet have all the puzzle
    pieces
  • Universal plug and play, composability MDE
  • Querying collections of agents Policy languages
    …
  • Social extrapolate todays direction to
    tomorrow
  • Humans are increasingly connected cell phones,
    instant messaging, chat, blogs, social networks,
    role playing games, …
  • 1000 closest friends, borgs, precision
    communication, Internet people, anonymity
  • Information aggregation DBMSme
  • Human augmentation
  • Better hearing, seeing, memory, …
  • Transferring your identity to your smart card,
    memory stick, personal agents, models
  • Safe information sharing

9
Publications
  • C. Thompson, Everything is Alive, Architectural
    Perspective Column, IEEE Internet Computing,
    Jan-Feb 2004.
  • C. Thompson, P. Parkerson, DBMSme,
    Architectural Perspective Column, IEEE Internet
    Computing, May-June 2004.
  • C. Thompson, Smart Devices and Soft
    Controllers, Architectural Perspective Column,
    IEEE Internet Computing, Jan-Feb 2005.
  • C. Thompson, P. Pazandak, H. Tennant, Talk to
    your Semantic Web, Architectural Perspective
    Column, IEEE Internet Computing, Nov-Dec 2005.
  • J. Hoag, C. Thompson, Architecting RFID
    Middleware, Architectural Perspectives column,
    IEEE Internet Computing, September-October, 2006.

10
Security and Privacy Threats to Identity
  • Dale R. Thompson
  • University of Arkansas

11
Security Threats to Identity
M. Howard and D. LeBlanc, Writing Secure Code,
2nd ed., Redmond, Washington Microsoft Press,
2003.
12
STRIDE Categories and Mitigation Techniques
M. Howard and D. LeBlanc, Writing Secure Code,
2nd ed., Redmond, Washington Microsoft Press,
2003.
13
What is Privacy?
  • The right to be let alone 1
  • The right of individuals to determine when, how,
    and how much information about themselves is
    released to others. 2
  • Privacy includes the right to make decisions
    about ones own life, to keep personal secrets,
    and to keep secrets about where we come and go.
    3
  • It is the right to make decisions without
    interference from the government or economic
    pressures from commercial entities. 3

1 S. Warren and L. Brandeis, The Right to
Privacy, Harvard Law Review, vol. 4, pp.
193-220, 1890. 2 A. F. Westin, Privacy and
Freedom, Atheneum, NY, 1967. 3 R. E. Smith and
M. Zolikoff, Citizens Getting at our Real
concerns, in RFID Applications, Security, and
Privacy, S. Garfinkel and B. Rosenberg, Eds.
Upper Saddle River, New Jersey Addison-Wesley,
2006, pp. 413-429.
14
Fair Information Practices (FIPs) Principles of
Information Privacy
  • Notice. There must be no personal-data,
    record-keeping systems whose very existence is a
    secret.
  • Access. There must be a way for a person to find
    out what information about the person is in a
    record and how it is used.
  • Choice. There must be a way to prevent personal
    information that was obtained for one purpose
    from being used or made available for other
    purposes without the persons consent.
  • Recourse. There must be a way for a person to
    correct or amend a record of identifiable
    information about the person.
  • Security. Any organization creating, maintaining,
    using, or disseminating records of identifiable
    personal data must assure the reliability of the
    data for their intended use and must take
    reasonable precautions to prevent misuse of the
    data.

The Code of Fair Information Practices, U.S.
Department of Health, Education and Welfare,
Secretarys Advisory Committee on Automated
Personal Data Systems, Records, Computers, and
the Rights of Citizens, VIII. (1973). Online.
Available http//www.epic.org/privacy/consumer/co
de_fair_info.html
15
Privacy Threats by National ID
  • Enables tracking, profiling, and surveillance of
    individuals on a large scale.

16
Alan F. Westins Privacy Classifications
  • Privacy Fundamentalist (11)
  • Very concerned
  • Unwilling to provide data
  • Privacy Unconcerned (13)
  • Mild concern
  • Willing to provide data
  • Privacy Pragmatists (75)
  • Somewhat concerned
  • Willing to provide data if they are notified and
    get a benefit

17
Publications
  • M. Byers, A. Lofton, A. K. Vangari-Balraj, and D.
    R. Thompson, Brute force attack of EPCglobal UHF
    class-1 generation-2 RFID tag, in Proc. IEEE
    Region 5 Technical Conf., Fayetteville, Arkansas,
    April 20-21, 2007, to appear.
  • D. R. Thompson, J. Di, H. Sunkara, and C.
    Thompson, Categorizing RFID privacy threats with
    STRIDE, in Proc. ACM Symposium on Usable Privacy
    and Security (SOUPS), Carnegie Mellon University,
    Pittsburgh, Pennsylvania, July 12-14, 2006.
  • D. R. Thompson, N. Chaudhry, and C. W. Thompson,
    RFID security threat model, in Proc. Acxiom
    Laboratory for Applied Research (ALAR) Conf. on
    Applied Research in Information Technology,
    Conway, Arkansas, Mar. 3, 2006.
  • N. Chaudhry, D. R. Thompson, and C. Thompson,
    RFID Technical Tutorial and Threat Modeling, ver.
    1.0, tech. report, Dept. of Computer Science and
    Computer Engineering, University of Arkansas,
    Fayetteville, Arkansas, Dec. 8, 2005. Available
    http//csce.uark.edu/drt/rfid

18
Mitigating Side-Channel Attacks to RFID Hardware
  • Jia Di
  • University of Arkansas

19
Known Attacks to Integrated Circuits (ICs)
  • Invasive attacks
  • De-packaging
  • Layout reconstruction
  • Microprobing
  • Non-invasive attacks
  • Simple power analysis (SPA)
  • Differential power analysis (DPA)
  • High-order differential power analysis (HO-DPA)
  • Timing analysis (TA)
  • Fault analysis
  • Glitch attacks

20
Power Fluctuation in Synchronous Circuits
The power and timing parameters need to be made
independent of data pattern
21
Delay-Insensitive Asynchronous Logic
  • High energy efficiency
  • No clock skew
  • High modularity (plug-n-play)
  • Stable power dissipation
  • Average case performance
  • Robust input timing handling
  • Low noise and emission
  • …

Data-spacer sequence
22
Dual-Spacer Dual-Rail Delay-Insensitive Logic
(D3L)
23
On-the-fly Random Spacer Selection
24
Results Comparison Multipliers
25
Publications
  • J. Di and F. Yang, D3L A Framework on Fighting
    against Non-invasive Attacks to Integrated
    Circuits for Security Applications, the IASTED
    International Conference on Circuits, Signals,
    and Systems (CSS 2005).
  • D. R. Thompson, J. Di, H. Sunkara, and C.
    Thompson, Categorizing RFID privacy threats with
    STRIDE, in Proc. ACM Symposium on Usable Privacy
    and Security (SOUPS), Carnegie Mellon University,
    Pittsburgh, Pennsylvania, July 12-14, 2006.
  • J. Di and S. Smith, A Hardware Threat Modeling
    Concept for Trustable Integrated Circuits, in
    Proc. IEEE Region 5 Technical Conf.,
    Fayetteville, Arkansas, April 20-21, 2007, to
    appear.
  • J. Di and S. Smith, Detecting Malicious Logic
    through Structural Checking, in Proc. IEEE
    Region 5 Technical Conf., Fayetteville, Arkansas,
    April 20-21, 2007, to appear.

26
Building a Secure Federal Real ID System
  • Today at 415 p.m.
About PowerShow.com