Advertisement

User Privacy in RFID Networks

  • Dave Singelée
  • Stefaan Seys

Abstract

Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.

Keywords

Authentication Protocol User Privacy Kill Function Distance Bounding Protocol Legitimate Reader 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Avoine Gildas: Adversary Model for Radio Frequency Identification. In: LASEC Technical Report, 2005-001, Swiss Federal Institute of Technology (EPFL). 2005, 14 pages.Google Scholar
  2. Brands Stefan, Chaum David: Distance-Bounding Protocols. In: Advances in Cryptology – EURO-CRYPT 1993, Lecture Notes in Computer Science, LNCS 765, Springer-Verlag. 1994, p. 344-359.Google Scholar
  3. Dimitriou Tassos: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, IEEE Computer Society. 2005, p. 59-66.Google Scholar
  4. Engberg Stephan, Harning Morten Borup, Jensen Christian Damsgaard: Zero-knowledge Device Authentication: Privacy and Security Enhanced RFID Preserving Business Value and Consumer Convenience. In: Proceedings of the Second Annual Conference on Privacy, Security and Trust. 2004, p. 89-101.Google Scholar
  5. EPC global: Class 1 Generation 2 UHF Air Interface Protocol Standard version 1.2.0. In: http://www.epcglobalinc.org/home. 2008, 108 pages.
  6. Frumkin Dmitry, Shamir Adi. Untrusted-HB: Security Vulnerabilities of Trusted-HB. In: Proceedings of the 5th Workshop on RFID Security. 2009, p. 62-71.Google Scholar
  7. Hancke G.P, Kuhn M.G.: An RFID Distance Bounding Protocol. In: Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, IEEE Computer Society. 2005, p. 67-73.Google Scholar
  8. Henrici Dirk, Müller Paul: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Proceedings of the 2nd IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE Computer Society. 2004, p. 149-153.Google Scholar
  9. IBM: IBM Licenses Clipped Tag RFID Technology to Marnlen RFiD. In: http://www-03.ibm.com/press/us/en/pressrelease/20592.wss. 2006.
  10. Juels Ari, Rivest Ronald, Szydlo Michael: The blocker tag: selective blocking of RFID tags for consumer privacy. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, ACM. 2003, p. 103-111.Google Scholar
  11. Juels Ari, Syverson Paul, Bailey Daniel: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Proceedings of the 5th International Workshop on Privacy Enhancing Technologies, Lecture Notes in Computer Science, LNCS 3856, Springer-Verlag. 2005, p. 210-226.Google Scholar
  12. Juels Ari, Weis Stephen: Authenticating pervasive devices with human protocols. In: Advances in Cryptology – CRYPTO 2005, Lecture Notes in Computer Science, LNCS 3621, Springer-Verlag. 2005, p. 293-308.Google Scholar
  13. Juels Ari, Weis Stephen: Defining Strong Privacy for RFID. In: Proceedings of the 5th IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE Computer Society 2007, p. 342-347.Google Scholar
  14. Karjoth Günther, Moskowitz Paul: Disabling RFID tags with visible confirmation: clipped tags are silenced. In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, ACM. 2005, p. 27-30.Google Scholar
  15. Molnar David, Soppera Andrea, Wagner David: A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In: Proceedings of the 12th International Workshop on Selected Areas in Cryptography, Lecture Notes in Computer Science, LNCS 3897, Springer-Verlag. 2005, p. 276-290.Google Scholar
  16. Molnar David, Wagner David: Privacy and security in library RFID: Issues, practices, and architectures. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, ACM. 2004, p. 210-219.Google Scholar
  17. Rieback M., Crispo B., Tanenbaum A.: RFID Guardian: A batterypowered mobile device for RFID privacy management. In: Proceedings of the 10th Australasian Conference on Information Security and Privacy, Lecture Notes in Computer Science, LNCS 3574, Springer-Verlag. 2005, p. 184-194.Google Scholar
  18. Sadeghi A-R., Visconti I., WachtsmannC: Efficient RFID Security and Privacy with Anonymizers. In: Proceedings of the 5th Workshop on RFID Security. 2009, p. 153-172.Google Scholar
  19. Singelée Dave, Preneel Bart: Distance Bounding in Noisy Environments. In: Proceedings of the 4th European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, Lecture Notes in Computer Science, LNCS 4572, Springer-Verlag. 2007, p. 101-115.Google Scholar
  20. Song Boyeon, Mitchell Chris J.: RFID authentication protocol for low-cost tags. In: Proceedings of the 1 st ACM Conference on Wireless Network Security, ACM. 2008, p. 140-147.Google Scholar
  21. Spiekermann Sarah, Evdokimov Sergei: Critical RFID Privacy-Enhancing Technologies. In: IEEE Security and Privacy, Vol. 7, no. 2, IEEE Computer Society. 2009, p. 56-62.CrossRefGoogle Scholar
  22. Tsudik Gene: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Proceedings of the 4th IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE Computer Society. 2006, p. 640-643.Google Scholar
  23. Vaudenay Serge: On Privacy Models for RFID. In: Advances in Cryptology – ASIACRYPT 2007, Lecture Notes in Computer Science, LNCS 4833, Springer-Verlag. 2007, p. 68-87.Google Scholar
  24. Weis S., Sarma S., Rivest S., Engels D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Proceedings of the 1st International Conference on Security in Pervasive Computing, Lecture Notes in Computer Science, LNCS 2802, Springer-Verlag. 2003, p. 454-469.Google Scholar

Copyright information

© Vieweg+Teubner | GWV Fachverlage GmbH 2010

Authors and Affiliations

  • Dave Singelée
    • 1
  • Stefaan Seys
    • 2
  1. 1.ESAT – SCD – COSIC, Katholieke Universiteit Leuven – IBBTHeverlee-LeuvenBelgium
  2. 2.PricewaterhouseCoopers Enterprise AdvisorySint-Stevens-WoluweBelgium

Personalised recommendations