1

I have the question below, I did question 1 and 2. I am failing to understand question 3.

You have been asked to participate in developing the requirements for RFID-based identification card for students, faculty and affiliates at a university.

  • First, list five to ten different uses of the card.
  • Second, from that list of uses, detail what data the card needs to broadcast to receivers that will accomplish those uses.
  • Third, identify uses that could be made of that data by rogue receivers surreptitiously planted around the university campus. Which rogue accesses threaten personal privacy? In what ways? What is the degree of harm?

My solution so far is as follows:

RFID-based identification card can be used:

  1. To check in and out of the university gates. Data needed by the card to accomplish this usage is: student name, student number and student photo.
  2. To track attendance and prevent unauthorized entry. Data needed by the card to accomplish this usage is: student name, student number, lesson name, date and time.
  3. To borrow books at the library. Data needed by the card to accomplish this usage is: student name, student number.
  4. To buy food at cafeterias. Data needed by the card to accomplish this usage is: student name, student number, amount available.
  5. To sign in and out of the university photocopying machines. Data needed by the card to accomplish this usage is: student username and password.

Please help with the following: Third, identify uses that could be made of that data by rogue receivers surreptitiously planted around the university campus. Which rogue accesses threaten personal privacy? In what ways? What is the degree of harm?

WhiteWinterWolf
  • 19,292
  • 4
  • 61
  • 110
Siduduzo Godfrey Manqele
  • 180
  • 1
  • 7
  • There is a big issue in this (theoretical) RFID system. On a correctly designed system, the cards should authenticate the reader before transmitting personally identifying info, and identification should be done by the card signing some data with its private key, to prevent card cloning. – André Borie Sep 05 '15 at 14:43
  • 1
    @AndréBorie: This is, as per my understanding, a school project and not a real-life project. I suppose that the ultimate goal is indeed to make the students understand why cheap passive RFID tags can be sufficient in some use-cases, and why some other use-cases would need more costly but more secure systems, and which criterion can be used to make the most sensible decision. However, I agree that there is no point transmitting a personal name where an ID would be sufficient... – WhiteWinterWolf Sep 05 '15 at 15:00

2 Answers2

2

If someone puts a rogue receivers at the library, according your scheme he would get the student name and number. All this seems public or near-public information.

On the other side, still following your scheme, the same rogue receiver put near the photocopying machine will record the student logins and passwords, allowing an attacker to impersonate them on the network and, among other things, access their data. A far worse situation.

Putting the same receiver in the cafeteria would record student name, number and remaining amount. Sure, it would be a personal information leakage, there might be gossips about how much one has on his card compared to another, but there should be no real threat since the information regarding the remaining amount may not be usable somewhere else, as opposed to the credentials seen previously.

As you can see, these situations lead to very different consequences. The goal of the exercise seems to be to let you sense that: according to your scheme which data would be recorded, is this data secret / personal, and does it present an supplementary threat over the simple information leakage.

WhiteWinterWolf
  • 19,292
  • 4
  • 61
  • 110
  • @siduduzomanqele: You're welcome :). – WhiteWinterWolf Sep 06 '15 at 13:22
  • If all the data required for a transaction is broadcast at the cafeteria level, that implies a bad actor could clone the card and cause direct monetary damage to a student (albeit limited to spending at the cafeteria), not just that they'd learn the remaining balance. – user8675309 Nov 01 '18 at 17:11
0

In addition of retrieving the Personal Information embedded on each card, and that continuously tracking your location (given enough sensors) is a harm to your privacy…

To check in and out of the university gates. Data needed by the card to accomplish this usage is: student name, student number and student photo.

I would be able to obtain when you enter and exit, with which people (why did you return to the campus with that girl in the middle of the night? I see you are always hanging around with these guys in my blacklist…)

To track attendance and prevent unauthorized entry. Data needed by the card to accomplish this usage is: student name, student number, lesson name, date and time.

Who would track attendance? The card or the card reader? What are you going to do when the room for a lesson is changed at last hour?

I would simply keep in the card a list of lesson ids you are allowed to attend, and then have the reader check that now one of those lessons is 'active' (but note that in the real world there will be a lot of fun when the reader fails to update its list of lessons).

PS: Is it not allowed to attend as an unregistered student in this campus?

To borrow books at the library. Data needed by the card to accomplish this usage is: student name, student number.

I could determine when you go to the library and, with a little correlation with the catalog, which books you take, which can reveal a lot about your ideology. I could clone the card to take books impersonating you.

To buy food at cafeterias. Data needed by the card to accomplish this usage is: student name, student number, amount available.

Are you updating the amount in the card after each expense? Expect lots of students messing with the cards for getting free food (changing the amount values, or reverting to an image made before an expenditure).

To sign in and out of the university photocopying machines. Data needed by the card to accomplish this usage is: student username and password.

I will be able to steal that data and use the photocopy machines impersonating you. Since you are using that same password for your gmail, facebook and twitter, I will be able to access there, too.

Never store a password like that, unless what we are talking about is a random "password" that is never reused.

Ángel
  • 18,824
  • 3
  • 28
  • 65