{"id":11036,"date":"2016-12-26T07:59:16","date_gmt":"2016-12-26T07:59:16","guid":{"rendered":"http:\/\/revoscience.com\/en\/?p=11036"},"modified":"2016-12-26T07:59:16","modified_gmt":"2016-12-26T07:59:16","slug":"hack-proofing-devices","status":"publish","type":"post","link":"https:\/\/www.revoscience.com\/en\/hack-proofing-devices\/","title":{"rendered":"Hack-proofing our devices"},"content":{"rendered":"

Researcher from Singapore Management University is building better safeguards into the everyday technologies of radio-frequency identification (RFID) and mobile phones.<\/strong><\/em><\/span><\/p>\n

\"\"
Associate Professor Li Yingjiu
Credit : Cyril Ng<\/figcaption><\/figure>\n

SMU Office of Research & Tech Transfer \u2013 Radio-frequency identification (RFID) tags have become almost ubiquitous \u2013 look carefully, and you\u2019ll notice them in passports, credit cards, library books, office access passes, and even pet cats.<\/span><\/p>\n

The technology, which allows fast, automated identification of physical objects, is also a staple for many industries \u2013 factories and warehouses use it to track inventory and manage supply chains, pharmaceutical companies deploy it to track drugs, and courier services use it to tag deliveries. But what would happen if RFID technology were compromised?<\/span><\/p>\n

\u201cA security breach in RFID applications would leak valuable information about physical objects to unauthorised parties,\u201d says Li Yingjiu, Associate Professor at the Singapore Management University (SMU) School of Information Systems. Professor Li, an expert on RFID security and privacy, as well as other aspects of mobile security, is endeavouring to build better safeguards into the technology.<\/span><\/p>\n

Improving RFID security protocols<\/span><\/p>\n

Because RFID tags work by broadcasting information to electronic RFID readers, security breaches can occur if hackers eavesdrop on this conversation, and manage to gain access to or tamper with information.<\/span><\/p>\n

The consequences of such an attack could be serious, says Professor Li. \u201cIn the context of supply chain management, for example, this means industrial espionage may obtain sensitive information about inventory levels, trading volumes, trading partners, and even business plans,\u201d he explains.<\/span><\/p>\n

To protect communications between tags and readers, Professor Li and his team are designing and testing new RFID protocols with enhanced security features, such as those in 2010 study, \u201cAchieving high security and efficiency in RFID-tagged supply chains\u201d, published in the International Journal of Applied Cryptography. These strategies include making the protocol\u2019s output unpredictable, making two tags indistinguishable to the hacker, and preventing hackers from obtaining useful information even if they manage to interact with the tags.<\/span><\/p>\n

In addition, there are many instances where sharing of RFID information \u2013 between suppliers and retailers, for example, or between various components of an Internet of Things \u2013 would have obvious benefits, says Professor Li. But without appropriate security controls, however, most companies would be reluctant to make valuable data readily available. To address this problem, Professor Li\u2019s team is also designing improved access control mechanisms that protect RFID information when it is shared on the internet.<\/span><\/p>\n

Stress-testing smartphone security<\/span><\/p>\n

We in fact carry RFID around in our pockets \u2013 mobile payment systems such as Apple Pay and Google Wallet use a specialised form of the technology. Given our increasing reliance on smartphones for everyday functions \u2013 banking transactions and contactless payments, for example \u2013 mobile security has become an area of critical importance.<\/span><\/p>\n

Professor Li is particularly adept at sniffing out potential vulnerabilities in smartphone operating systems. In 2012, his team identified a number of attacks which hackers could use to target Apple iPhones. The code to launch these attacks \u2013 which included passcode cracking, interference with or control of telephony functionality, and sending tweets without the user\u2019s permission \u2013 could be embedded within third-party apps that were available in the iTunes store.<\/span><\/p>\n

The team reported their findings to Apple\u2019s security team, and the company plugged these loopholes when its new operating system was released the following year. They also wrote up their findings in the 2013 article, \u201cLaunching generic attacks on iOS with approved third-party applications\u201d, which was published in the Proceedings of Applied Cryptography and Network Security: 11th International Conference, ACNS 2013.<\/span><\/p>\n

More recently, Professor Li\u2019s team also reported Android framework vulnerabilities and potential attacks to Google, which went on to acknowledge the SMU group\u2019s findings in its security bulletins. The team has also developed a set of smartphone vulnerability analysis tools in collaboration with Chinese telco Huawei; two patents arising from this project were evaluated as \u201cpotentially high value\u201d by the company.<\/span><\/p>\n

\u201cWe see the opportunities to work with industry in this area because it is important for smartphone manufacturers to make their products better in terms of security,\u201d says Professor Li.<\/span><\/p>\n

Bridging the gap between academia and industry<\/span><\/p>\n

There are many situations in which data owners may not fully trust service providers \u2013 when we store data in cloud services, or exchange it over secure messaging systems, for example. In collaboration with Professor Robert Deng, also at the SMU School of Information Systems, Professor Li is now working to develop new solutions for attribute-based encryption \u2013 a form of encryption that gives data owners better control over who can access their data.<\/span><\/p>\n

The pair\u2019s solutions, says Professor Li, which they shared in an article, \u201cFully secure key-policy attribute-based encryption with constant-size ciphertexts and fast decryption\u201d, for ASIA CCS\u201914: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, have many applications in real-world scenarios.<\/span><\/p>\n

Despite its promise, however, getting this research out into the market is still proving to be a challenge. \u201cWhile we can prove in theory and using proof-of-concept prototypes that our solution is better than the existing solutions in terms of security and flexibility, it is still difficult to convince the industry to adopt it without developing it into a final product,\u201d Professor Li points out.<\/span><\/p>\n

Indeed, one of the data security field\u2019s biggest challenges is the widening gap between academia and industry, he says. While people in industry are familiar with the market, they are mostly isolated from cutting-edge research; conversely, academics pay too much attention to research and not enough to understanding the market.<\/span><\/p>\n

\u201cThe future of data security, in my vision, is how to narrow the gap and bridge the two communities, which have completely different incentives and evaluation criteria,\u201d says Professor Li. On his part, he adds, he is keen to explore ways to increase the industrial impact of his research.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Radio-frequency identification (RFID) tags have become almost ubiquitous \u2013 look carefully, and you\u2019ll notice them in passports, credit cards, library books, office access passes, and even pet cats.<\/p>\n","protected":false},"author":6,"featured_media":11037,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,17,28],"tags":[],"class_list":["post-11036","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-other","category-research","category-techbiz"],"featured_image_urls":{"full":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",900,600,false],"thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2-150x150.jpg",150,150,true],"medium":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2-768x512.jpg",750,500,true],"large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",750,500,false],"1536x1536":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",900,600,false],"2048x2048":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",900,600,false],"ultp_layout_landscape_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",900,600,false],"ultp_layout_landscape":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",855,570,false],"ultp_layout_portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",600,400,false],"ultp_layout_square":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",600,400,false],"newspaper-x-single-post":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",735,490,false],"newspaper-x-recent-post-big":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",540,360,false],"newspaper-x-recent-post-list-image":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",95,63,false],"web-stories-poster-portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",640,427,false],"web-stories-publisher-logo":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",96,64,false],"web-stories-thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/12\/4117-2.jpg",150,100,false]},"author_info":{"info":["Amrita Tuladhar"]},"category_info":"Other<\/a> Research<\/a> Tech<\/a>","tag_info":"Tech","comment_count":"0","_links":{"self":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/11036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/comments?post=11036"}],"version-history":[{"count":0,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/11036\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media\/11037"}],"wp:attachment":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media?parent=11036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/categories?post=11036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/tags?post=11036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}