Your SlideShare is downloading. ×
0
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Slides
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Slides

503

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
503
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. RFID Middleware University of Houston Bauer College of Business Spring 2007 Source: Forrester, 2004; www.rfidvirus.org
  • 2. Definition
    • Middleware: Software that connects two disparate applications, allowing them to communicate with each other and to exchange data (Laudon & Laudon, 2002)
  • 3. Underlying Drivers of RFID Middleware
    • Standards
    • Integration
  • 4. EPCglobal Network
    • Set of global technical standards aimed at enabling automatic and instant identification of items in the supply chain and sharing the information throughout the supply chain
    • The EPCglobal NetworkTM consists of five fundamental elements:
      • ID System (EPC Tags and Readers),
      • Electronic Product Code (EPC)
      • Object Name Service (ONS)
      • Physical Markup Language (PML)
      • Savant
      • (http://www.csis.hku.hk/~clwang/RFID/rfid-main2004.htm)
  • 5. Savant
    • Middleware developed by Auto-ID to provide interface between RFID reader and databases
    • Sits between tag readers and enterprise applications to manage the vast amount of information retrieved from the tags
    • Manages and moves information in a way that does not overload existing networks
    • Has a hierarchical architecture that directs the flow of data by gathering, storing, and acting on information and communicating with other Savants
    • Lower level Savants process, filter and direct information to the higher level ones and, consequently, massive flow of information and network traffic is reduced
  • 6.  
  • 7.  
  • 8. Types of RFID Vendors
    • RFID Pure Plays – offer products that integrate with RFID readers, filter and aggregate data, and may incorporate some business rules
      • ConnectTerra
      • GlobeRanger
      • OATSystems
      • RF Code
  • 9. Types of RFID Vendors
    • Integration Specialists – add RFID features like reader coordination and edge-tier filtering go to their existing integration technology
      • webMethods
      • TIBCO
      • Ascential Software
  • 10. Types of RFID Vendors
    • Application Vendors – offer software ranging from RFID-enabled applications for warehouse and asset management to more robust RFID middleware solutions for reader coordination, data filtering, and business logic capabilities
      • Povia Software
      • Manhattan Associates
      • RedPrairie
      • SAP
  • 11. Types of RFID Vendors
    • Platform Giants – extend their existing platforms and middleware to accommodate RFID
      • Sun Microsystems
      • IBM
      • Oracle
      • Microsoft
  • 12. Middleware Functionality
    • Reader and device management: RFID middleware should allow users to configure, monitor, deploy, and issue commands directly to readers through a common interface.
    • Data management. Once RFID middleware captures EPC data from readers, it must be able to intelligently filter and route it to the appropriate destinations. This capability should include both low-level logic like filtering out duplicate reads and more complex algorithms like content-based routing
  • 13. Middleware Functionality
    • Application integration. RFID middleware solutions should provide the messaging, routing, and connectivity features required to reliably integrate RFID data into existing SCM, ERP, WMS, or CRM systems
    • Partner integration. Some of the most promising benefits of RFID will come from sharing RFID data with partners to improve collaborative processes like demand forecasting and vendor-managed inventory
  • 14. Middleware Functionality
    • Process management and application development: Instead of just routing RFID data to business applications, sophisticated RFID middleware platforms will actually orchestrate RFID-related end-to-end processes that touch multiple applications and/or enterprises, like inventory replenishment. Key process management and composite application development features include workflow, role management, process automation, and UI development tools.
  • 15. Middleware Functionality
    • Packaged RFID content. RFID middleware platforms that include packaged routing logic, product data schemas, and integration with typical RFID-related applications and processes like shipping, receiving, and asset tracking are major assets
    • Architecture scalability and administration. This means that RFID middleware platforms must include features for dynamically balancing processing loads across multiple servers and automatically rerouting data upon server failure. These features should span all tiers of the architecture — even the edge devices
  • 16.  
  • 17. Forrester Research Conclusions
    • Manhattan Associates, OAT, and SAP lead with strong mandate solutions
    • Pure plays like GlobeRanger and ConnecTerra also offer viable solutions for early adopters. But unlike OATSystems, these vendor offer “pure” middleware solutions that provide strong reader integration capabilities and APIs for publishing RFID data to back-end applications and typically incorporate less packaged application logic like EPC track-and-trace tools.
  • 18. Forrester Research Conclusions
    • Both Savi Technology and RF Code have specialty capabilities and experience with active RFID tags
    • Most platform and integration vendors lack generally available products
  • 19. Single-Tier RFID Middleware Architecture
  • 20. Multitier RFID Middleware Architecture
  • 21. RFID Middleware
    • Sun
    • SAP
    • Microsoft
    • Oracle
  • 22. Sun’s RFID Software Architecture
  • 23. Sun’s Event Manager
  • 24. Sun’s Information Server
  • 25. SAP
  • 26.
    • Threats to RFID Middleware
    • (Source: www.rfidvirus.org)
  • 27. Why RFID systems are vulnerable to attacks
    • Lots of source code
    • Generic protocols
    • Back-end databases
    • High-value data
    • False sense of security
  • 28. RFID-Based Exploits
    • Buffer Overflows
      • The life of a buffer overflow begins when an attacker inputs data either directly (i.e. via user input) or indirectly (i.e. via environment variables).
      • This input data is deliberately longer then the allocated end of a buffer in memory, so it overwrites whatever else happened to be there.
      • Since program control data is often located in the memory areas adjacent to data buffers, the buffer overflow can cause the program to execute arbitrary code
  • 29. RFID-Based Exploits
    • Buffer Overflows
      • RFID tags are limited to 1024 bits or less
      • Commands like 'write multiple blocks' from ISO-15693 can allow a resource-poor RFID tag to repeatedly send the same data block, with the net result of filling up an application-level buffer
      • Meticulous formatting of the repeatedly sent data
      • An attacker can also use contactless smart cards, which have a larger amount of available storage space
      • An attacker can really blow RFID middleware's buffers away, by using a resource rich actively-powered RFID tag simulating device, like the RFID Guardian
  • 30. RFID-Based Exploits
    • Code Insertion
      • Malicious code can be injected into an application by an attacker, using any number of scripting languages including VBScript, CGI, Java, JavaScript, and Perl
  • 31. RFID-Based Exploits
    • SQL injection
      • SQL injection is a type of code insertion attack that tricks a database into running SQL code that was not intended.
      • Attackers have several objectives:
        • They might want to enumerate (map out) the database structure. Then, the attackers might want to retrieve unauthorized data, or make equally unauthorized modifications or deletions.
        • Databases also sometimes allow DB administrators to execute system commands. A system command can be used to attack the system
  • 32. RFID-Based Worms
    • Worm is a program that self-propagates across a network, exploiting security flaws in widely-used services
    • A worm is distinguishable from a virus in that a worm does not require any user activity to propagate
    • Worms usually have a payload , which performs activities ranging from deleting files, to sending information via email, to installing software patches
    • One of the most common payloads for a worm is to install a “backdoor” in the infected computer, which grants hackers easy return access to that computer system in the future.
  • 33. RFID-Based Viruses
    • One can develop RFID based viruses using SQL language
    • The SQL data can be transmitted to a system via an RFID tag
  • 34. Conclusion
    • What is middleware
    • EPC Global
    • Savant
    • Vendors
    • Functionality
    • Architecture
    • Threats

×