RFID Security pp 229-254 | Cite as

Dynamic Privacy Protection for Mobile RFID Service

  • Namje Park
  • Dongho Won


Recently, mobile RFID has been studied actively as a primary technology in computing environments. The mobile RFID service is defined as a special type of mobile service using RFID tag packaging objects and RFID readers attached to mobile RFID terminals. While the mobile RFID system has many advantages, it may make new intrusions to the user’s privacy. We propose the policy-based dynamic privacy protection framework leveraging globally mobile RFIDs. In this paper, we describe privacy infringements for the mobile RFID service environment and requirements for personal privacy protection, and develop privacy protection service based on a user privacy policy. The proposed framework provides a means for securing the stability of mobile RFID services by suggesting personal privacy-policy-based access control for personalized tags. This means a technical solution to privacy protection for the mobile RFID service system.


Privacy Protection Electronic Product Code Wireless Application Protocol Application Program Interface Function Privacy Protection System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Chapter 10-References

  1. 1.
    An Y., Oh S. (2005) RFID System for User's Privacy Protection. 2005 Asia-Pacific Conference on Communications, Perth, Western Australia, 3–5 October 2005Google Scholar
  2. 2.
    Avoine G., Oechslin P. (2005). RFID traceability: A multilayer problem. In Andrew Patrick and Moti Yung, editors, Financial Cryptography - FC'05. Lecture Notes in Computer Science, vol. 3570, Springer, Berlin, pp. 125–140Google Scholar
  3. 3.
    Chae J., Oh S. (2005) Information Report on Mobile RFID in Korea. ISO/IEC JTC1/SC 31/WG4 N0922, Information Paper, ISO/IEC JTC1 SC31 WG4 SG 5Google Scholar
  4. 4.
    Choi D., Kim H., Chung K. (2007) Proposed Draft of X.rfidsec-1: Privacy Protection Frame-work for Networked RFID Services. ITU-T, COM17C107E, Q9/17, Contribution 107, GenevaGoogle Scholar
  5. 5.
    Chug B. et al. (2005) Proposal for the Study on a Security Framework for Mobile RFID Applications as a New Work Item on Mobile Security. ITU-T, COM17D116E, Q9/17, Contribution 116, GenevaGoogle Scholar
  6. 6.
    Finkenzeller K. (2003) RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, Wiley, New YorkGoogle Scholar
  7. 7.
    Garfinkel S., Rosenberg B. (2005) RFID: Applications, Security, and Privacy, Addison-Wesley, Reading, MAGoogle Scholar
  8. 8.
    Garfinkel S., Juels A., Pappu R. (2005) RFID Privacy: An Overview of Problems and Proposed Solutions. IEEE Security and Privacy 3(3): 34–43CrossRefGoogle Scholar
  9. 9.
    ITU-T TSAG (2005) A Proposed New Work Item on Object/ID AssociationsGoogle Scholar
  10. 10.
    ITU-T TSAG RFID CG Deliverable (2006) Review Report of Identification Based Business Models and Service ScenariosGoogle Scholar
  11. 11.
    Kim Y., Koshizuka N. (2006) Review report of Standardization Issues on Network Aspects of Identification Including RFID. ITU-T, Paper TD315Google Scholar
  12. 12.
    Kim Y., Lee J., Yoo S., Kim H. (2006) A Network Reference Model for B2C RFID Applications. Proceedings of ICACT 2006Google Scholar
  13. 13.
    Konidala D.M., Kim K. (2006) Mobile RFID Security Issues. Proceeding of Symposium on Cryptography and Information SecurityGoogle Scholar
  14. 14.
    Kwak J., Rhee K., Oh S., Kim S., Won D. (2005) RFID System with Fairness within the Framework of Security and Privacy. Lecture Notes in Computer Science, vol. 3813, Springer, Berlin, pp. 142–152Google Scholar
  15. 15.
    Lee J., Kim H. (2006) RFID Code Structure and Tag Data Structure for Mobile RFID Services in Korea. Proceedings of ICACT 2006Google Scholar
  16. 16.
    Lee H., Kim J. (2006) Privacy Threats and Issues in Mobile RFID, Proceedings of the First International Conference on Availability, Reliability and Security, vol. 1Google Scholar
  17. 17.
    Lee B., Kim H., Chung K. (2006) The design of dynamic authorization model for user centric service in mobile environment, Proceedings of ICACT 2006, vo1. 3, pp. 20–22Google Scholar
  18. 18.
    MIC (Ministry of Information and Communication) of Korea (2005) RFID Privacy Protection Guideline. MIC Report Paper 2005Google Scholar
  19. 19.
    Mobile RFID Forum of Korea (2005) WIPI C API Standard for Mobile RFID Reader. Standard PaperGoogle Scholar
  20. 20.
    Mobile RFID Forum of Korea (2005) WIPI Network APIs for Mobile RFID Services. Standard PaperGoogle Scholar
  21. 21.
    Mobile RFID Forum of Korea (2005) Mobile RFID Code Structure and Tag Data Structure for Mobile RFID Services. Standard Paper, http://www.mrf.or.kr
  22. 22.
    Mobile RFID Forum of Korea (2005) Access Right Management API Standard for Secure Mobile RFID Reader, MRFS-4–03. Standard Paper. http://www.mrf.or.kr
  23. 23.
    Mobile RFID Forum of Korea (2005) HAL API Standard for RFID Reader of Mobile Phone, Standard PaperGoogle Scholar
  24. 24.
    Mobile RFID Forum of Korea(2005) WIPI API for Mobile RFID Reader Device, Standard PaperGoogle Scholar
  25. 25.
    Nokia. RFID Phones - Nokia Mobile RFID Kit, http://europe.nokia.com/nokia
  26. 26.
    Ohkubo M., Suzuki K., Kinoshita S. (2003) Cryptographic Approach to ‘Privacy-Friendly' Tags. RFID Privacy Workshop 2003Google Scholar
  27. 27.
    Park W., Lee B. (2004) Proposal for Participating in the Correspondence Group on RFID in ITU-T. Information Paper. ASTAP ForumGoogle Scholar
  28. 28.
    Park B., Lee S., Youm H. (2006) A Proposal for Personal Identifier Management Framework on the Internet. ITU-T, COM17-D165Google Scholar
  29. 29.
    Park N., Kwak J., Kim S., Won D., Kim H. (2006) WIPI Mobile Platform with Secure Service for Mobile RFID Network Environment. Lecture Notes in Computer Science, vol. 3842, Springer, Berlin, pp. 741–748Google Scholar
  30. 30.
    Park N., Kim S., Won D., Kim H. (2006) Security Analysis and Implementation leveraging Globally Networked Mobile RFIDs. Lecture Notes in Computer Science, vol. 4217, Springer, Berlin, pp. 494–505Google Scholar
  31. 31.
    Sakurai Y., Kim H. (2006) Report for Business Models and Service Scenarios for Network Aspects of Identification (Including RFID). ITU-T, TSAG TD 314Google Scholar
  32. 32.
    Sarma S.E., Weis S.A., Engels D.W. (2002) RFID Systems, Security and Privacy Implications. Technical Report MIT-AUTOID-WH-014, AutoID Center, MIT, Cambridge, MAGoogle Scholar
  33. 33.
    Shepard S. (2005) RFID: Radio Frequency Identification. McGraw-Hill, New York, NYGoogle Scholar
  34. 34.
    Son M., Lee Y., Pyo C. (2006) Design and Implementation of Mobile RFID Technology in the CDMA Networks, Proceedings of ICACT 2006Google Scholar
  35. 35.
    Strandburg K.J., Raicu D.S.(2005) Privacy and Technologies of Identity: A Cross-Disciplinary Conversation, Springer, BerlinGoogle Scholar
  36. 36.
    Sullivan L. (2004) Middleware Enables RFID Tests. Information Week, No. 991Google Scholar
  37. 37.
    Thornton F. et al. (2006) RFID Security, Syngress, Rockland, MAGoogle Scholar
  38. 38.
    Tsuji T., Kouno S., Noguchi J., Iguchi M., Misu N., Kawamura M. (2004) Asset management solution based on RFID. NEC Journal of Advanced Technology 1(3): 188–193Google Scholar
  39. 39.
    Tsukada M., Narita A. (2006) Development Models of Network Aspects of Identification Systems (Including RFID) (NID) and Proposal on Approach for the Standardization. ITU-T, JCA-NID Document 2006-I-014Google Scholar
  40. 40.
    Weis S. et al. (2003) Security and Privacy Aspects of Low-Cost Radio Frequency identification Systems. First International Conference on Security in Pervasive Computing (SPC) 2003Google Scholar
  41. 41.
    Weis S.A., Sarma S.E., Rivest R.L., Engels D.W. (2003) Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. Proceedings of First International Conference on Security in Pervasive Computing (SPC 2003)Google Scholar
  42. 42.
    Yoo S. (2005) Mobile RFID Activities in Korea. Contribution Paper of the APT Standardization ProgramGoogle Scholar
  43. 43.
    Yutaka Y., Nakao K. (2002) A Study of Privacy Information Handling on Sensor Information Network. Technical Report of IEICEGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Namje Park
    • 1
  • Dongho Won
  1. 1.Electronics and Telecommunications Research Institute (ETRI)DaejeonKorea

Personalised recommendations