|
| |
|
|
| |
The workshop starts on Wednesday afternoon with a open data-protection session. Marisa Jimenez and David Marsh will give talks on data protection. The talks should be followed by a discussion with the audience. In order to structure this session and give the speakers the chance to prepare for your questions, we ask all potential attendents to submit their questions in advance. Please use the following link to write us an email with your contribution:
[ I like to submit a question for the open data-protection session ]
On Thursday and Friday, 12 reviewed talks and 3 invited talks more are planned.
[ Find a list of all accepted papers here ]
|
|
| |
Preliminary Program: |
|
| |
| |
Wed, 2008-07-09 |
Thu, 2008-07-10 |
Fri, 2008-07-11 |
| 8.30 |
|
8:45 Welcome |
|
| 9:00 |
|
Invited: Hermann Seuschek |
Attacks 1 |
| 9:30 |
|
+ Holger Bock |
Attacks 2 |
| 10:00 |
|
Coffee break |
Attacks 3 |
| 10:30 |
|
Implementations 1 |
Coffee break |
| 11:00 |
|
Implementations 2 |
Invited: Thomas Eisenbarth |
| 11:30 |
|
Implementations 3 |
|
| 12:00 |
|
Lunch |
Key Management 1 |
| 12:30 |
|
|
Key Management 2 |
| 13:00 |
|
|
Workshop conclusion |
| 13:30 |
|
|
Lunch |
| 14:00 |
|
Invited: Nai-Wei Lo |
|
| 14:30 |
|
|
|
| 15:00 |
|
Authentication 1 |
|
| 15:30 |
|
Authentication 2 |
|
| 16:00 |
|
Coffee break |
|
| 16:30 |
|
Authentication 3 |
|
| 17:00 |
Registration start |
Authentication 4 |
|
| 17:30 |
|
|
|
| 18:00 |
Data-protection session |
|
|
| 18:30 |
Marisa Jimenez, David Marsh |
|
|
| 19:00 |
Discussion |
Workshop dinner |
|
| 19:30 |
Welcome reception |
|
|
| 20:00 |
|
|
|
| |
|
|
|
|
|
| |
|
|
| |
Reviewed Talks:
|
|
| |
| Session |
Paper Title |
presented by |
| Implementations 1 |
WIPR -- a Public Key Implementation on Two Grains of Sand |
Yossi Oren |
| Implementations 2 |
ECC is Ready for RFID – A Proof in Silicon |
Daniel HEIN |
| Implementations 3 |
Low-Cost SHA-1 Hash Function Architecture for RFID Tags |
Maire O'NEILL |
| Authentication 1 |
Vulnerability Analysis of a Mutual Authentication Scheme under the EPC Class-1 Generation-2 Standard |
Pedro PERIS-LOPEZ |
| Authentication 2 |
Analysing the Molva and Di Pietro Private RFID Authentication Scheme |
Mate SOOS |
| Authentication 3 |
Resettable and Non-Transferable Chip Authentication for E-Passports |
Ahmad-Reza SADEGHI |
| Authentication 4 |
Data Synchronization in Privacy-Preserving RFID Authentication Schemes |
Iwen COISEL |
| Attacks 1 |
Eavesdropping Attacks on High-Frequency RFID Tokens |
Gerhard HANCKE |
| Attacks 2 |
Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes |
Thomas PLOS |
| Attacks 3 |
Power analysis on NTRU implementations for RFIDs: First results |
Benedikt GIERLICHS |
| Key Management 1 |
Password Authenticated Key Agreement for Contactless Smart Cards |
Markus ULLMANN |
| Key Management 2 |
RFID Tag Ownership Transfer |
BoYeon SONG |
|
|
| |
Invited Talks:
|
|
| |
|
Marisa Jimenez
|
Marisa Jimenez Director PPSC EWG EPCglobal Inc. Marisa Jimenez is responsible for Public Policy matters in Europe at EPCglobal and leads its Public Policy Steering Committee European Working Group (PPSC EWG).
Marisa qualified as a lawyer at the University of Zaragoza and later specialised in EU law at the Europa Institute of Saarbruken, Germany. Marisa has 9 years of public policy experience in Brussels. She woked for the EU Commisssion at the beginning of her career and before joining EPCglobal, she held various positions at Time Warner and Deutsche Post World Net Brussels Corporate public policy offices, dealing with a variety of public policy matters ranging from consumer issues (advertising and data protection among others) as well as transport and RFID policy related issues. Marisa joined EPCglobal in March 2006 as Public Policy Director Europe, based in Brussels. |
| Abstract of the talk: |
Marisa will present the key elements of the emerging policy landscape on Privacy and Data Protection in Europe and how it relates to the adoption of RFID. |
|
|
| |
|
Hermann Seuschek
|
Hermann Seuschek studied electrical engineering and information technology at Technical University of Munich, Germany. He received his Dipl.-Ing. (equivalent to Master) degree in 2005. Currently he works as an engineer with the cryptography group at the information security department of Siemens Corporate Technology in Munich. He is responsible for the department's side channel evaluation lab. His research interests include security for RFID tags, side channel analysis, and security for wireless sensor networks. |
Holger Bock
|
Holger Bock received his Diplom Ingenieur (corresponding to Master) degree in electrical engineering at the Graz University of Technology in 1994. From 1991 to 1998 he has been working on concepts, software and hardware development, especially on VLSI-Design for cryptographic coprocessors for smart cards (DES, ECC) at the Institute for Applied Information Processing and Communications Technologies (IAIK). In December 1998 he joined the team at Infineon's development centre in Graz as a core competence for security. Since beginning of 2001 he had been a member of the technology & innovations methodology team at Infineon's business group Chipcard & Security ICs, focussing on secure, especially DPA resistant, design methodologies for cryptographic hardware. In October 2006 he has become responsible for worldwide funding management for Infineon's business group Chipcard. |
| Abstract of the talk: |
A Milestone Towards RIFD Products Offering Asymmetric Authentication Based on Elliptic Curve Cryptography:
After years of discussion whether asymmetric cryptography would be feasible for RFID tags or not, we present a major breakthrough towards RFID products incorporating asymmetric authentication. For the challenge-response protocol applied the response is calculated by performing an elliptic curve point multiplication using a random number based challenge and the tag's secret key. The design is resistant against side channel attacks such as timing, simple power, differential power, and fault attacks. Some side channel countermeasures depend on random numbers which are provided by a synthesizable true random number generator. The ISO 15693/18000-3 Mode 1 compliant RFID tag we present is based on a concept developed by Siemens Corporate Technology published earlier this year. It incorporates Infineon's energy efficient 163 bit ECC engine with single clock cycle addition and 41 clock cycles 4 bit parallel multiplication for the field operands. The energy spent during the ECC calculation is less than our target of 10 µJ and the overall area of the tag's silicon is smaller than 0.8 mm² in a 220 nm RFID technology. For early verification and host software development we designed an FPGA-based emulation and test setup including an RF front end. At this time first samples of our ECC RFID chip are being manufactured. |
|
|
| |
| Nai-Wei Lo
|
Nai-Wei Lo received his B.S. degree in engineering science from the National Cheng-Kung University , Tainan , Taiwan , in 1988, and the M.S. and Ph.D. degrees in computer science and electrical engineering from the State University of New York at Stony Brook , New York , in 1992 and 1998, respectively. From 1998 to 2000, he worked as a software consultant at AT&T Network Services Division in Middletown , New Jersey , and was responsible for the system architecture design of web based integrated business solution systems. In 2000, he joined Lucent Technologies as a technical staff member in ONG group to develop intelligent network management applications for world-wide Telecom companies. In 2003, he returned to Taiwan and joined the National Taiwan University of Science and Technology (NTUST). He is currently an assistant professor in Department of Information Management, a research member in TaiWan Information Security Center (TWISC), a research member of RFID resources center in NTUST and a member of the IEEE communications society. His research interests include RFID applications and security, wireless network routing and security, Web technology, and fault tolerance. |
| Abstract of the talk: |
RFID Authentication: Design and Challenge:
RFID authentication is the necessary function for novel RFID application systems to combat potential security threats and comply with certain system-specific identification requirements. Since the hardware resource, system requirement, and system environment are different for a RFID system in various existing application scenarios and future perspectives of new applications, it is a practical and interesting challenge to design RFID authentication protocols that properly fit into different application environments and provide security stronghold for the target RFID systems at the same time. In this presentation, I will introduce identified security threats to RFID system, the possible countermeasure mechanisms to malicious attacks, authentication design consideration, and challenges to overcome in the future. |
|
|
| |
|
Thomas Eisenbarth
|
Thomas Eisenbarth is a Ph.D. candidate at the Department of Electrical
Engineering at Ruhr University Bochum. He works as a research assistant
with the embedded security group of the Horst Goertz Institute for
IT-Security. His research interests include efficient implementation of cryptographic algorithms, and physical security. Thomas Eisenbarth studied electrical engineering and computer science at Ruhr-Universitaet Bochum and Technical University of Navarra. Contact him at eisenbarth@crypto.rub.de .
|
| Abstract of the talk: |
Open Sesame! How Secure are RFID Access Control Systems?
Remote keyless entry systems are widely used for access control purposes
such as car anti-theft systems or garage door openers. The probably most popular system for many applications relies on the KeeLoq algorithm.
A new attack that combine side-channel cryptanalysis with specific properties of the KeeLoq algorithm will be presented. The attack allows for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. Once knowing the manufacturer key a remote control can be replicated from a distance, just by eavesdropping at most two messages. This key-cloning without physical access to the device has serious real-world security implications and shows that physical attacks need to be considered when designing security for RFID systems. |
|
|
| |
|
|
| |
|
|
| |
|
|
|
