Security and Privacy for RFID

	E-Passports		Members of the RFID group are studying privacy and security issues in the current implementations of e-passports. Recent results: We have conducted a security analysis of the BAC (Italian version) protocol that shows that it is possible to gain un-authorized access to an Italian e-passport. Transferability issues are discussed in a recent research paper accepted for publication at ESORICS 2008. In this paper, among other things, it is shown that the current proposal for Chip Authentication is transferable and this constitutes a serious threat to the privacy of passport holders.
	What is RFID ?		Radio-frequency identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is an object that can be attached to or incorporated into a product, animal, or person for the purpose of identification using radio waves. Chip-based RFID tags contain silicon chips and antennas. Passive tags require no internal power source, whereas active tags require a power source. (Wikepdia).
	Security and Privacy		RFID technology introduces new challenging security problems. Moreover privacy issues are nowadays a central danger for the Cyberspace. Our group is working on the main streams of these new challenging scenarios. Security and Privacy issues for RFID (and wireless sensor networks) have been recently discussed by a member of our team at the Joint FET-EATCS Workshop on Pervasive Adaptation. See the slides of our presentation. A research consortium active in Security and Privacy for RFID: RFID CUSP.

	Events:	Ahmad-Reza Sadeghi, Ivan Visconti, Christian Wachsmann: User Privacy in Transport Systems Based on RFID E-Tickets. In Workshop on Privacy in Location-Based Applications (PILBA 2008). October 9, 2008, Malaga, Spain. Carlo Blundo, Giuseppe Persiano, Ahmad-Reza Sadeghi, Ivan Visconti: Improved Security Notions and Protocols for Non-Transferable Identification . In proceedings of the 13th European Symposium on Research in Computer Security (ESORICS 2008). October 6 - 8, 2008, Malaga, Spain. Lecture Notes in Computer Science, vol. 5283, Pages ???-???, Springer-Verlag. Carlo Blundo, Giuseppe Persiano, Ahmad-Reza Sadeghi, Ivan Visconti: Resettable and Non-Transferable Chip Authentication for E-Passports. In Workshop on RFID Security (RFIDSec 2008). July 9 - 11, 2008, Budapest, Hungary. Carlo Blundo, Giuseppe Persiano, Ahmad-Reza Sadeghi, Ivan Visconti: Identification Protocols Revisited - Episode I: E-Passports. In Secure Component and System Identification (SECSI 2008). March 17 - 18, 2008, Berlin, Germany. An interview (in Spanish) with Carlo Blundo and Ivan Visconti about RFID security and privacy issues.
	Research Group Members:		Vincenzo Auletta Carlo Blundo Emiliano De Cristofaro Giuseppe Persiano Ivan Visconti ...and more...
	Support:		This research is part of the work of the members of the group in the European Network of Excellence ECRYPT, the European Integrated Project AEOLUS the Specific Targeted Research Project (STREP) FRONTS supported by the European Community and managed by Giuseppe Persiano and the Integrated Project of relevant interest "RFID per la tracciabilità di merci e persone" and "Progetto ex-60%" supported by University of Salerno and managed respectively by Carlo Blundo and Vincenzo Auletta.
	Related Courses Taught by the Group:		Elementi di Crittografia Moderna (Introduction to Modern Crypto) Sicurezza su Reti (Network Security) Strumenti di Crittografia per la Sicurezza dell'Informazione - SCSI (Cryptographic Tools for Information Security) Laboratorio di Crittografia e Sicurezza dell'Informazione - Lab. CSI (Applied Cryptography and Information Security) Protocolli Crittografici (Cryptographic Protocols)