Friday, November 27, 2009

Ph.D. defense of Mikko Lehtonen

Yesterday Mikko Lehtonen successfully defended his Ph.D. thesis about applying low-cost RFID against anti-counterfeiting. He derived from related research of security systems that a security budget should rather be invested in the continuity of checks than achieving a close to 100% detection rate - a way of good-enough security. Additionally, he presented three technical measures, namely TID [1]. synchronized secretes [2], and probability-based trace reasoning [3], that provided also milestones on a roadmap describing a migration path for introducing technical measures against anti-counterfeiting.
The consecutive discussion with Elgar Fleisch and Friedemann Mattern focussed much on the validity of the assumption of detection may supercede protection and was questioned by the example of credit-cards coming with security chips lately.

Despite his nervousness Mikko was brave enough to embedded a "surprise" slide explaining the two prevention strategies of protection and deterence - some may call it embarrassing, others just finnish humor...

[1] Lehtonen, M., Ruhanen, A., Michahelles, F., Fleisch, E.: Serialized TID Numbers – A Headache or a Blessing for RFID Crackers? In 2009 IEEE International Conference on RFID, Orlando, Florida, April 27-28, 2009, pp. 233 - 240.
[2] Lehtonen, M., Ostojic, D., Ilic, A., Michahelles, F., : Securing RFID Systems by Detecting Tag Cloning. In proceedings of H. Tokuda et al. (Eds.): 7th International Conference, Pervasive 2009, Nara, Japan, May 11-14, 2009. LNCS 5538, pp. 291–308.
[3] Lehtonen, M., Michahelles, F., Fleisch, E.: How to Detect Cloned Tags in a Reliable Way from Incomplete RFID Traces. In 2009 IEEE International Conference on RFID, Orlando, Florida, April 27-28, 2009, pp. 257 - 264.

No comments: