Presentations from the Security & Blockchain Track at the Connections Summit, co-hosted by AIM, NFC Forum, and RAIN on March 7th, 2018. The Connections Summit was a one-day event featuring a series of speaker-led sessions that focused on how NFC, RFID, and AIDC make the world more connected. The full agenda included keynote presentations, panels, and IoT, Retail & Smart Products, Security & Blockchain, Healthcare, and Market Opportunities tracks. For additional details see: https://nfc-forum.org/events/connections-summit/

1. Security & Blockchain Track
March 7, 2018

2. Integrity of Things:
Exploring NFC and Blockchain
Ajit Kulkarni
VP of Product, Chronicled
Stephane Ardiley; Director
Product Management, Identiv

3. Global Supply Chains are inefficient and riddled with
issues.

4. Counterfeiting alone is a global $2Tn problem.

5. What is Blockchain?

6. Blockchain for Supply Chain: How it Works

7. High Value Products: Secure Sealing
Cryptoseal

8. Temp Sensitive Products: Cold Chain
Logistics
TempLogger

9. Introducing Temperature Logger
Cloud Service
• Label management, configuration,
and temperature profiles
• Collects and stores records in
database
• Cloud-based analytics and
remediation Integrity check of
temperature records
Mobile App
• Tag activation and setup
• Online/offline option
• Local analytics with graph
• Android-based app available via
Google Play
• Compatible with Moto X, Nexus,
LGE, Samsung (S5 and up), and Sony
Ericsson Xperia
Label
• Low-cost, self-adhesive
• Precise temperature sensor
• Digital storage
• Flexible battery
• NFC-enabled

10. Smart Sensor Label
• Small credit card-sized NFC label for temperature data logging
• Thin, flexible battery
• Temperature: -30 to 50˚C (-22 to 122 ˚F)
• Battery life: Up to 8 months
• Log capacity: >10,000 (can exceed 30,000)
• Configurable logging interval
• NXP NHS3100 with embedded accurate temperature sensor
• Protected temperature records (target CFR21 part 11)
• ISO/IEC 17025 temperature calibration procedure
• Programmable software/firmware to support additional use cases,
i.e. alarm setup, record only extreme temperatures, etc.
Developed by:

11. Trusted IoT & Smart Supply Chain
Solutions

12. A Peer-to-Peer Approach to Digital Key
Sharing for Vehicle Access & Control
Tony Rosati
Director of IOT Security, ESCRYPT

13. Agenda
• Motivation for Digital Key Sharing
• Architecture
• Security Model
• Security Analysis
• Future Work

14. Smartphone Access Control & Key
Sharing
• No need to
manage physical
keys
• Desire/Need to use
the Smartphone
• Vehicle sharing
• Security alerts
• Control/Status

15. Car Sharing Growth
• Cars are increasingly too
costly to own in the urban
environment
• Cars sit unused most of the
time
• Many new services:
• BMW Drivenow,
• Avis: Zip Car,
• Daimler: Car2Go,
• Uber,
• Lyft

16. Smartphone/Vehicle Integration
Vehicle Access
• NFC and/or Bluetooth
• Security of the smartphone?
Enable
• Wireless Charging
Bluetooth Handoff
• Vehicle personalization

17. Consumers Expect a Seamless User
Experience

18. Connected Car Consortium Model

19. ESCRYPT CycurACCESS Architecture
• Leverage Public Key Infrastructure (PKI)
• Enables efficient digital key sharing
• Issue Identity Certificates
• Massively scalable
• Leverage Mobile Platform Security
• Secure Boot
• Secure Key Store (hardware level attestation)
• Sandboxing
• Code Signing
Key Sharing Server
Owner
Smartphone
Friend
Smartphone
Certificate Authority
Cellular/
WiFi
NFC/BLE
TSM

20. Proving Identity
• Certificate Authority provides a root of trust
• Identity certificates are issued to each user
and each vehicle
• Vehicle certificates issued in production
• User Certificates issued at registration
• Entities in the system can now verify each
other’s identity securely and efficiently
• Verification can be performed offline

21. Establishing Ownership
• Each vehicle is assigned a random Ownership
Code during manufacture
• The owner and the vehicle exchange
certificates & a challenge to prove identity
• The owner sends the Ownership Code to the
vehicle to prove ownership
• If valid, vehicle stores new owner certificate for
future use
• Vehicle generates and forwards signed
“proof” to KSS via the owner to confirm new
ownership
Ownership Code
12345678901234
56789012345678
90121234123
1231245124343
Ownership Code
12345678901234
56789012345678
90121234123
1231245124343
Key Sharing Server
(KSS)

22. Gaining Access
• To unlock the vehicle, the
owner and vehicle begin by
exchanging certificates & a
challenge to prove identity
• The vehicle verifies the identity
against stored owner
certificate. If so, access is
granted
Owner

23. Key Sharing
• Owner creates and signs Sharing Permission
containing Vehicle ID, serial number of
friend’s Identity certificate and any
restrictions
• Owner forwards Sharing Permission to the
friend via the KSS or P2P
• Note that the KSS does not have to be
involved in this process
Key Sharing Server
Owner Friend

24. Shared Access
• To unlock the vehicle, the friend and vehicle begin by
exchanging certificates & a challenge to prove identity
• The friend sends the Sharing Permission to the vehicle
• The vehicle verifies that the following is true of the Permission:
• Issued for this vehicle
• Issued to the friend
• Signed by the owner
• No restrictions are violated
• If checks pass, access is granted
Friend

25. Car Sharing Service
• All vehicles are owned by the service
• All valid members are issued permissions
• The vehicle verifies that the following is true of the Permission:
• Issued for this vehicle
• Issued to the member
• Signed by the service
• No restrictions are violated
• If checks pass, access is granted
• How do we revoke bad actors?
Members
Key Sharing Server

26. Revoke a Permission
• To revoke a Permission, the owner generates a
signed revocation request and forwards to the
KSS
• If valid, the KSS generates a revocation
notification and forwards to the friend’s device
• Friend’s device deletes the affected Permission
Key Sharing Server
Owner Friend

27. Dealing with Cheaters
• What if the friend is
dishonest?
• Friend takes their device
offline to prevent the
Permission from being deleted
• How does a car know that a
permission is revoked?
• What can be done to
mitigate this?
• Three ideas:
• Next time the owner unlocks the
vehicle, a list of recently revoked
Permissions can be transferred to the
vehicle
• Permissions could require a periodic
authorization from the KSS to remain
valid. (Say every 24 hours)
• A connected car receives revocations
directly

28. Security Analysis/Threat Model
• Based on the work of
Symeonidis et al.
• Main Features
• Private keys are never
transported & stored in SE
• KSS compromise cant be used
to gain or share access
• Most operations are performed
offline which limits the attack
surface (ie Denial-of-Service)
Key Sharing Server
Owner
Smartphone
Friend
Smartphone
Certificate Authority
Cellular/
WiFi
NFC/BLE

29. Relay Attack
• Mitigation Strategies
• Easy
• User based preference
• Smartphone screen off
• Hard
• RF Finger Print
• Distance Bounding
• Brands and Chaum 1994 – smart cards
• Gambs et al 2016 – smartphones
• Can detect adversary constantly > 1.5ms relay
Vehicle Owner Attacker 1 Attacker 2

30. Conclusion & Future Work
• A new approach digital Key Sharing
• Using well-known PKI & modern smartphone security
• Most operations are done offline to limit the attack surface
• Futures
• Hardware level Key Attastation
• Relay Attack Countermeasures
• Thank you
• tony.rosati@escrypt.com