Call for Papers
Papers and Slides
Invited Speakers
Travel Info
About Leuven
Social Events

Preliminary Program:

  Tue, 2009-06-30 Wed, 2009-07-01 Thu, 2009-07-02 Fri, 2009-07-03
8.30   8:45 Welcome    
9:00   Protocols 1 - Talk 1 New Applications - Talk 1 BRIDGE event
9:30   Protocols 1 - Talk 2 New Applications - Talk 2  
10:00   Coffee break Coffee break  
10:30   Invited: Sarah Spiekermann Invited: Marc Vauclair  
11:30   Privacy 1 - Talk 1 HW for RFID - Talk 1  
12:00   Privacy 1 - Talk 2 HW for RFID - Talk 2  
12:30   Lunch Lunch  
13:00 ECRYPT2 Workshop      
14:00   Invited: Peter van Rossum Invited: Rene Struik  
15:00   Coffee break Coffee break  
15:30   Attacks - Talk 1 Privacy 2 - Talk 3  
16:00   Attacks - Talk 2 Privacy 2 - Talk 4  
16:30   Attacks - Talk 3 Protocols 2 - Talk 3  
17:00   Attacks - Talk 4 Protocols 2 - Talk 4  
18:30 RFIDSec09 Welcome reception      
19:30   Banquet    


Reviewed Talks:

Session Paper Title Presented by
Protocols 1 - Talk 1 The Ff-Family of Protocols for RFID-Privacy and Authentication Erik-Oliver Blass
Protocols 1 - Talk 2 Coupon Recalculation for the Schnorr and GPS Identification Scheme: A Performance Evaluation Christoph Nagl
Privacy 1 - Talk 1 When Compromised Readers Meet RFID Tania Martin
Privacy 1 - Talk 2 Modeling Privacy for Off-line RFID Systems Flavio D. Garcia
Attacks - Talk 1 Un-Trusted-HB: Security Vulnerabilities of Trusted-HB Adi Shamir
Attacks - Talk 2 The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime Nicolas T. Courtois
Attacks - Talk 3 Weaknesses in Two Recent Lightweight RFID Authentication Protocols Pedro Peris-Lopez
Attacks - Talk 4 New Methods for Cost-Effective Side-Channel Attacks on Cryptographic RFIDs David Oswald
New Applications - Talk 1 Practical Experiences with NFC Security on mobile Phones Gauthier Van Damme
New Applications - Talk 2 Pathchecker: an RFID Application for Tracing Products in Suply-Chains Khaled Ouafi
HW for RFID - Talk 1 Hyperelliptic curve processor for RFID tags Junfeng Fan
HW for RFID - Talk 2 We Can Remember It for You Wholesale: Implications of Data Remanence on the Use of RAM for True Random Number Generation on RFID Tags Jonathan Voris
Privacy 2 - Talk 3 Efficient RFID Security and Privacy with Anonymizers Christian Wachsmann
Privacy 2 - Talk 4 Using HB Family of Protocols for Privacy-Preserving Authentication of RFID Tags in a Population Jonathan Voris
Protocols 2 - Talk 3 A Flyweight RFID Authentication Protocol Jorge Munilla
Protocols 2 - Talk 4 Semi-Destructive Privacy in RFID Systems Paolo D'Arco


Invited Talks:

Sarah Spiekermann

Sarah Spiekermann is a senior researcher and faculty member at Humboldt University Berlin (Germany) since 2003 and Adjunct Professor of Information Systems at the Heinz School  of Public Policy and Management at Carnegie Mellon University (USA) since May 2008. From 2004 to 2008 she was director of the Berlin Research Centre on Internet Economics conducting research on the impacts of information technology on markets. She co-led the technology assessment study on Ubiquitous Computing for the German Ministry of Research and Education and has published over 50 articles in the area of electronic privacy, security and RFID, personalization and user interaction in E-Commerce and M-Commerce as well as knowledge managment. Sarah regularly serves as a senior reviewer for the EU Commission and is associate editor of the European Journal of Information Systems.

Before joining academia Mrs. Spiekermann worked as a strategy consultant for A.T. Kearney (1997-2000) and from 2002 to 2003 led the EMEA Business Intelligence for Openwave Systems. She received a Ph.D. in Information Systems from Humboldt University in 2001, a master of business from the European School of Management (ESCP-EAP) in 1997 and a Master of Science degree from Aston University (Birmingham, UK) in 1998.

Abstract of the talk:

A Privacy Impact Assement for RFID - A Proposal

In May 2009 the EU Commission published its 'Recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification'. Here it is described that retailers seeking to implement RFID need to run through Privacy Impact Assessments (PIA) that will determine how to handle RFID vis-a-vis customers. Sarah's talk will deal with 3 questions:
1) What are consumers afraid of?
2) PIA: When is privacy technically undermined by RFID? - A systematic approach for analysis
3) How can privacy be protected with RFID: Shortfalls of the Recommendation


Peter van Rossum

Short Bio: To be updated.
Abstract of the talk:

Mifare Classic Troubles:

The Mifare Classic RFID tag is by far the most widely used contactless smart card. It is typically deployed in access control systems and in public transport payment systems (such as the London Oyster Card and the Dutch OV-chipcard). Although its manufacturer used to boast that it featured "field-proven cryptography", last year's research has shown the security features of the Classic to be virtually inexistant; the cryptography has been called "Kindergarten cryptography" by a leading expert in the field.

In this talk we'll see what is wrong with this tag and we'll also discusss how it is possible that this tag is (still) so widely used.

Marc Vauclair

After obtaining a Master in electrical engineering  in 1983 (Université Libre de Bruxelles, Belgium), Marc Vauclair was employed  for  8 years in the Philips Research Laboratory Brussels (artificial intelligence, deductive databases, formal languages, Prolog, cryptography...). Afterwards, he worked during 4 years as a freelance building CD-i authoring tools, consulting in the security domain, translating the first edition of "Applied

Cryptography" book (Bruce Schneier) from English to French and writing device drivers for various Unix variants. In 1995, he joined the security and cryptography team of the Philips Development Laboratory in Brussels for 3 years where he held the job of security expert. Afterwards, he was transferred to the Philips Digital Systems Laboratories Leuven to take on a job as DSP developer and system architect for security and DRM (Digital Rights Management) systems. He joined in 2006, NXP Semiconductors as Security System Architect and as Technology Manager for Security Applications.

Abstract of the talk:

MIFARE Plus and Privacy Preserving Technologies:

Privacy preserving technologies are and will be key to the adoption of wireless tokens (like public transportation tickets, access control badges…). NXP MIFARE Plus is the latest addition to the MIFARE family of contactless technologies used in transport networks and access management. MIFARE Plus meets high security standards but also provides unique privacy preserving features that helps building systems that prevent individuals from being identified and tracked without their consent.

Rene Struik

René Struik has been with Certicom Research since 2001. René's main work focuses on "ubiquitous security". His main interests include efficient cryptography, security and trust lifecycle management aspects of highly constrained environments (such as sensor and control networks), and "security and ease of use". René is a frequent contributor to standards for wireless constrained networks, such as IEEE 802.15, ZigBee, and ISA SP100.11a, and industrial security consultant. René holds a M.Sc. degree in Computer Science and a Ph.D. degree in Mathematics, both from Eindhoven University of Technology, The Netherlands.

Abstract of the talk:

Sensor Security: A Kaleidoscopic View:

We discuss several security and cryptographic topics relevant to general sensor networks. We discuss how a security architectural design could be tailored towards achieving design objectives, such as low overall implementation cost, adaptability towards different trust models underlying network operations, and support for semi-automatic lifecycle management with minimum human intervention, scalability, survivability, mobility, and topology changes. We argue that, to be useful, the security approach should hide security details from the user, thus allowing ease of device and network setup and flexibility of trust lifecycle management. We give some examples, using deployment scenarios discussed within the IEEE 802.15.4, ZigBee, and ISA SP100 community. Finally, we point towards directions for further research.

Program and general chair:
Lejla Batina
Kasteelpark Arenberg 10, Belgium