The basic feature of an RFID system is the automatic identification of items. In its simplest form, such identification can be binary, e.g., paid or not paid, useful for alerting. Modern tags allow hundreds of bits to be used for such an ID. There are four RFID use cases – alerting, monitoring, identification, and authentication – each can be subverted by a specific type of attack.

1. Authentication and Counterfeiting. Today, RFID-based smart-cards are already in widespread use as payment and travel systems, access control systems and most recently as national and international identification documents. In all cases, it is imperative that the authenticity of the RFID tag cannot be compromised. The widespread availability of writable or even reprogrammable tags means that the use of RFID alone does not offer enough protection from determined counterfeiters.

2.Identification and Sniffing. The core RFID privacy problem is that of unauthorized tag readout: with the help of wireless communication, third parties can in principle read the tags of personal items from large distances, and without any indication that such a readout is taking place. For example, we use RFID in travel documents, where a passport might disclose the citizenship of its bearer and thus allow the hacker to track its bearer. Clearly, this act of sniffing out the data on an RFID tag can only be prevented if tags disclose their identity only to authorized readers, i.e., those that are under the control of the item owner or another authorized party.

3.Monitoring and Tracking. It is important to realize that privacy can also be violated without actually identifying individual items. Once a specific tag or a set of tags can be associated with a particular person, the mere presence of this tag in a particular reader field already implies a location disclosure. And thus tags must either frequently update their ID in a non-predictable manner, or remain completely silent upon inquiries from illegitimate readers.

4.Alerting and Denial of Service. In its simplest form, an RFID tag simply announces its presence, e.g., to an anti-theft gate in a bookstore. Sold items get their embedded RFID tag killed at checkout so that only unpaid items will be detected. Current industry protocols already require compliant tags to offer a Kill-command that completely silences the tag once issued. Tag silencing offers significant privacy gains, yet it directly conflicts with many commercial security concerns, such as theft. A personal jamming device that prevents readers from “coming through” might work quite well.

II.Let’s classify the attacks which are possible to apply to RFID tags. We’ll divide them into 5 categories:

1. Physical Layer attacks. The physical layer in RFID communications is comprised of the physical interface and the RFID devices. This layer includes attacks that permanently or temporarily disable RFID tags as well as relay attacks. They are such attacks as Kill-command, passive interference, active jamming and relay attacks.

2. Network - Transport Layer attacks. This layer includes all the attacks that are based on the way the RFID systems are communicating and the way that data are transferred between the entities of an RFID network (tags, readers). It includes attacks on tags (cloning, spoofing), reader attacks (impersonation, eavesdropping) and network protocol attacks.

3.Application Layer attacks. This layer includes all the attacks that target information related to applications and the binding between users and RFID tags. Such attacks employ unauthorized tag reading, modification of tag data and attacks in the application middleware such as buffer overflows and malicious code injections.

4. Strategic Layer attacks. This layer includes attacks that target organization and business applications, taking advantage the careless design of infrastructures and applications. More specifically this layer includes competitive espionage, social engineering, privacy and targeted security threats.

5. Multilayer Attacks. A lot of attacks that target RFID communication are not confined to just a single layer. In this category attacks affect several layers including the physical, the network-transport, the application and the strategic layer. In particular this layer includes covert channels, denial of service, traffic analysis, crypto and side channel attacks.

Now we discuss possible ways to counter these attacks. In order to safeguard RFID systems against low-tech attacks such as permanently or temporarily disabling tags, traditional countermeasures should be used, such as increased physical security with guards, locked doors and cameras. Unauthorized use of KILL commands could be prevented, for example, with effective password management. For the protection against relay attacks possible approaches could be the encryption of the RFID communication or the addition of a second form of authentication such as a password or biometric information. However, this requirement definitely eliminates the convenience and advantages of RFID communication. Through appropriate data collection, it is possible to detect cloned RFID tags. Alternatively, cloning attacks can be mitigated via challenge response authentication protocols. These should also support robust anti-brute force mechanisms. In order to defend against passive eavesdropping attacks encryption mechanisms could be used to encrypt the RFID communication. Spoofing and impersonation could be combated by using authentication protocols or a second form of authentication such as one-time passwords, PINs or biometrics. Network protocol attacks could be countered by hardening all components that support RFID communication, using secure operating systems, disabling insecure and unused network protocols and configuring the protocols used with the least possible privileges. In order to defend against unauthorized tag reading and tag modification on the Application Layer, controlling access to RFID tags should be our focus. One approach proposed was the use of aluminum-lined wallets to protect RFID payment cards and e-passports against unauthorized reading. However since the sniffing of confidential data can nevertheless be performed at the time of actual use, the approach does not seem to be very effective. Encryption techniques, authentication protocols or access control lists may provide an alternative solution. More specifically, approaches based on symmetric key encryption, public key encryption, hash functions, mutual authentication or even non-cryptographic solutions such as pseudonyms, have been proposed. Attacks in Strategic Layer Attacks layer can be defended by using any of the countermeasures employed against attacks included in the other layers. More precisely, for privacy and targeted security threats a broad range of technical solutions have been proposed, including killing or temporarily silencing tags, blocking access to unauthorized readers, relabeling or clipping tags, using pseudonyms, distance measurement and encryption techniques. Covert channels attacks are difficult to detect and defend against. The owners and users of RFID tags have no knowledge that their tags have been compromised and that they are used for a covert channel attack. Foiling these attacks is an open research issue. However, a possible mechanism to combat them should focus on reducing the availability of memory resources in an RFID tag. Denial of Service attacks and traffic analysis are severe security threats in all types of networks including wired. While theoretically these types of attacks can be countered the scarce resources of RFID tags make their defense problematic and remain an open research issue. Crypto attacks can be eliminated through the employment of strong cryptographic algorithms following open cryptographic standards and using a key with sufficient length.

Due to the increasingly wider deployment of RFID systems, their security is more critical than ever. In this paper, we tried to discover some structure within the universe of possible attacks that can affect such systems. By considering the point of attack, its systemic effects and countermeasures jointly, we can obtain a more coherent view of the threats and what must be done to counter them. In this paper, we classified attacks based on the layer that each is taking place and we discussed possible countermeasures that can be used to combat these attacks. We discriminated them to attacks deployed in the physical layer, the application layer, the strategic layer and multilayer attacks. Finally, we point out for which attacks further research is necessary in order to achieve adequate defense against them.

MODULE 2. PRESENTATIONS

UNIT 1. THE BEGINNING OF THE PRESENTATION

1. Presentation technique and preparation

What makes a good presentation?

Recommendations for giving effective presentation :

1. Have a simple clear structure (a beginning, a middle and an end).

2. Consider the audience.

3. Choose visuals to support the presentation.

4. Use PowerPoint.

5. Make informal presentation.

6. Deal with nerves.

7. Show enthusiasm on the subject and be sincere; speak about things that you very strongly believe in and something that you really, really enjoy doing.

8. Consider the physical aspects: appearance, gesture, eye contact (80% of the time).

9. Write out some or all of the presentation.

10. Practice it.

11. Check all the language, make sure there’re no mistakes on the visuals.

1. The audience

The audience is the most important consideration in preparing a presentation.

Why the audience is so important? – A speaker needs to hold the audience’s attention – or the talk is a failure.

When you plan the presentation, think about the audience. Are they professionals or nonprofessionals? Providers or users? Your purpose and audience mix determine the tone and focus of the presentation.

Task 1. Read the comments from the audience who are listing to a presentation at an international conference. What caused the problem in each case?

1. “What on earth is he talking about?” “I have no idea!”

2. “Hey, Sarah! Wake up! He’s finished!”

3. “Read that! I can’t read that! I’d need a pair of binoculars!”

4. “Speak up! I can’t hear a thing!”

5. “Summarize four main points? I only noticed one! Have I been asleep?”

Possible explanations:

1. Technical level of talk is too high.

2. The talk is boring, too long, or delivered monotonously.

3. The visual is too small.

4. The speaker is talking too quietly.

5. The structure of the talk was not clear.

1. Visual aids: general principles

Three warnings about using visual aids:

1. You are central to the presentation. The visual aid needs you, your interpretation, your explanation and your conviction.

2. They must support what speaker says and not replace the spoken information.

3. It is also not enough to read text from a visual aid.

Key recommendations for how to use visual supports in a presentation:

1. Write clearly (print).

2. Check equipment in advance.

3. Use media which suit the room and audience size.

4. First visual should give the title of talk.

5. Second should show structure of talk – main headings.

6. Keep text to minimum – never just read text from visuals.

7. Do not use too many visuals – guide is one visual per two minutes.

8. Use pauses – give audience time to comprehend picture.

9. Never show a visual until you want to talk about it.

10. Remove visual once finished talking about it.

11. Turn off equipment not in use.

12. Always check the English in your visual supports.

13. Do not turn your back on the audience.

Language Checklist. Introducing a visual:

I’d like to show you … / Have a look at this …/This (graph) shows / represents …/ Here we can see …/ Let’s look at this …/ Here you see the trend in …

There is no one way and the best presenters have a different approach depending on the topic, the audience, etc.

1. Structure (I). The Introduction

It is important to give information on the structure of the talk. This helps the audience to follow the talk and clearly states what will be included.

We are going to focus on the main parts of any presentation:

1. The Introduction

2. The main body

3. The end

Introduction

I