Tutorials

RFIDsec 2011 is proud to offer a wide selection of hands-on and lecture-style tutorials. Full-day and half-day options exist. All tutorials will be taking place on Sunday, June 26, 2011 in the Computer Science Building on the campus of the University of Massachusetts Amherst. Lunch and coffee breaks are included. You may register for tutorials by clicking on the "Registration" link to the left.

• T1: Introduction to RFID Security & Privacy (CS Room 140)
• T2: The Physics of RFID (CS Room 140)
• T3: Hands-on Side Channel Attacks Against Smart Cards and Other Tokens
  (sponsored by Cryptography Research) (CS Room 142)
• T4: Hands-on Programming of Batteryless, RFID-Scale Computers with Sensors (CS Room 150)

 

Introduction to RFID Security & Privacy

  
When: Sunday 9am–12:30pm in CS Room 140
Instructor:Dr. Ari Juels, Ph.D.
Who should attend: Beginners who would like to learn more about how to mitigate the the security and privacy risks of RFID technology. Interested persons may include (1) engineers and researchers looking for a technical background on academic and industrial aspects of RFID security, and (2) technically savvy managers who seek to understand the risks and benefits of RFID technology. People who need to deploy an RFID system will learn about potential threats and pitfalls in RFID security and privacy.
Description: Producers of Radio Frequency IDentification (RFID) technology descrube a new world of automation and consumer convenience. Indeed, RFID surrounds us in many forms: supply chains, car keys, credit cards, subway fare passes, and even blood bags. Yet these new applications can result in unintentional privacy risks and security pitfalls. In this tutorial, participants will gain an understanding of (1) applications of secure RFID systems in public transportation, electronic payments, and access control; (2) cutting-edge cryptographic attacks on deployed RFID security systems; (3) and defenses to avoid security and privacy risks. Participants will also learn the basic properties of how RFID works from the perspective of someone who uses RFID products. After completing this tutorial, participants will better understand how to quantify and reduce the security and privacy risks of deploying RFID-based systems.

About the speaker:
Dr. Ari Juels is Chief Scientist of RSA, The Security Division of EMC, and Director of RSA Laboratories. He works to bring sparks of invention and insight from RSA's scientists and affiliates to the company at large and advises on the science behind RSA's technology strategy and vision. He joined RSA in 1996. Ari's dozens of research publications span a range of topics, including biometric security, RFID security and privacy, electronic voting, browser security, combinatorial optimization, and denial-of-service protection. Ari has served as the program chair or co-chair for a number of conferences and workshops, and is a frequent invited speaker at industry events. In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35. Computerworld honored him in its "40 Under 40" list in 2007. Ari received his B.A. in Latin Literature and Mathematics from Amherst College in 1991 and his Ph.D. in Computer Science from U.C. Berkeley in 1996.

The Physics of RFID

  
When: Sunday 1:30pm–5pm in CS Room 140
Instructors: Prof. Matt Reynolds, Ph.D., & Dr. Ravi Pappu, Ph.D.
Who should attend: Engineers looking to understand how RFID communication works at the physical layer of near-field and far-field communication. This is an intermediate level tutorial.
Description: Radio Frequency Identification (RFID) systems have been around for over 50 years, starting with the pioneering radar transponder work of the MIT Radiation Laboratory. Today, the acronym RFID typically refers to single chip, passive transponders operating at 125KHz, 13.56MHz, or UHF (915MHz) that are widely used for access control, electronic toll collection, automotive anti-theft, and other closed system applications. Recent interest has focused on supply chain management applications for RFID, where RFID tags are used to augment the bar code to provide a case- and item-level view into complex supply chains. This revolution is being aggressively driven by retailers such as Wal-Mart, consumer packaged goods manufacturers like Gillette, and the Department of Defense, all of which have complex supply chain systems that could be made more efficient by using RFID. This talk will provide a brief historical overview of the field, show some examples of the current state of the art in RFID, and then explain the basic physical principles of operation of a UHF RFID tag, using a working RFID system to show these concepts. Questions about RFID privacy will also be addressed.

About the speakers:
Matt Reynolds is an Assistant Professor in the Department of Electrical and Computer Engineering at Duke University. He is also co-founder of the RFID systems firm ThingMagic, Inc. (acquired by Trimble Navigation) and energy conservation firm Zensi (acquired by Belkin). His research interests include RFID, energy efficiency at the physical layer of wireless communication, and the physics of sensing and actuation. He has 7 issued and over 15 patents pending before the USPTO. He holds a Ph.D. from the MIT Media Lab, where he was a Motorola Fellow, as well as S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT. He is a Senior Member of the IEEE and a member of the IEEE Microwave Theory and Techniques Society.
Ravi Pappu is the VP of the Advanced Development Group at ThingMagic, a division of Trimble Navigation. Ravi's group is tasked with developing cutting-edge systems based on ThingMagic's portfolio of RFID products and solving challenging RFID system optimization problems for ThingMagic customers. Among other projects, he led the design and implementation of the Tool Link system in collaboration with Ford Motor Company and DeWalt. He received his Ph.D. from MIT for the invention of physical one-way functions. While at MIT, he co-created the first dynamic holographic video system with haptic interaction. He has published 25 papers and is a named inventor on 12 US and international patents. Ravi is one of Technology Review's TR100 innovators and also received the Carl T. Humphrey Memorial Award for Contributions to the Engineering Profession from Villanova University.
News: NY Times

Hands-on Side Channel Attacks against Smart Cards and Other Tokens

  
When: Sunday 9am–5pm in CS Room 142
Instructors: David Oswald & Timo Kasper
Who should attend: Engineers who must protect secret keys and other information stored on RFID tags, contactless cards, and smart cards from side channel analysis. This is an advanced tutorial.
Description: Led by Timo Kasper and David Oswald from Ruhr-Univ., Bochum, Germany. Participants will receive a full day of lectures and hands-on exercises with a microcontroller-based smartcard and USB-based scopes. Participants will learn about the basics of side-channels attacks, possible countermeasures, and tools for analysis of devices of interest to the RFID industry. By the end of the tutorial, participants will be able to perform a Differential Power Analysis to recover the secret key of a cipher that is highly secure from the mathematical perspective.

About the speakers:
David Oswald has a degree in IT-Security and is presently a PhD student at the Chair for Embedded Security, Ruhr-University Bochum. His main field of research is the practical security analysis of embedded systems, e.g., commercially employed RFID smartcards. The focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection.
Timo Kasper is an assistant researcher at the Embedded Security group headed by Christof Paar. He has studied electrical engineering and information technology at the Ruhr-University Bochum (Germany) and the University of Sheffield (UK), and became a graduate engineer in 2006. His field of research covers the security of embedded systems such as smartcards, RFID and wireless technology, including side-channel cryptanalysis and system-level attacks such as relay attacks. His numerous publications focus on wireless embedded systems and demonstrate security vulnerabilites of real-world applications by breaking widespread access control (KeeLoq, Crypto 2008) and payment systems (Financial Crypto 2010).

This tutorial is generously sponsored by Cryptography Research.

Hands-on Programming of Batteryless, RFID-Scale Computers with Sensors

   Part 1

   Part 2
When: Sunday 9am–5pm in CS Room 150
Instructors: Shane Clark (Lead), Hong Zhang, Ben Ransford, Mastooreh Salajegheh
Who should attend: Engineers who want to use sensors, computation, or radio communication in places where batteries are difficult to maintain. This is an intermediate tutorial.
Description: In this full-day tutorial, participants will learn how to create programs for an emerging class of batteryless devices that behave like RFID tags but function like von Neumann computing architectures. Participants will receive lectures and hands-on exercises with the UMass Moo device, which may be purchased after the tutorial. The syllabus includes getting started with the Moo, learning about the physical development environment, exercises in writing effective programs, backscatter radio communication, and special tools such as Mementos and Half-Wits

About the speakers:
Shane Clark, Hong Zhang, Ben Ransford, and Mastooreh Salajegheh are research assistants in the Security and Privacy Research Lab in the Department of Computer Science at UMass Amherst. Their work aims to make programming more natural for RFID-scale computers that must remain low-power and secure.