privacy challenges in rfid systems
play

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, - PowerPoint PPT Presentation

Sep 29, 2022 •7 likes •177 views

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland http://www.inf.ethz.ch/~langhein/ joint work with Chris Floerkemeier and Roland Schneider The Ubicomp Vision DIMACS WUPSS The most profound technologies are

  1. Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland http://www.inf.ethz.ch/~langhein/ joint work with Chris Floerkemeier and Roland Schneider

  2. The Ubicomp Vision DIMACS WUPSS „ The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.“ Mark Weiser (1952 – 1999), Xerox PARC � The computer as an everyday tool � Networking all things � Embedding computers into intuitive UI’s July 8, 2004 Slide 2

  3. Data Collection in Ubicomp DIMACS WUPSS � High Potential for… – Unprecedented collection size – Unprecedented collection detail – Large public unawareness What? How? Coll. Scale Everywhere, Anytime Coll. Manner Unobtrusive, Invisible Data Types Detailed, Mundane, Close-Up & Personal Motivation Everything is Important (Context!) Accessibility Machine-to-Machine Interactions July 8, 2004 Slide 3

  4. Radio Frequency Identification DIMACS WUPSS � “Barcode++” – Stores (potentially very detailed) IDs – Provides link between real and virtual � Unobtrusive – Tags can be read without line-of-sight – Tags need no batteries (reader provides power) � Efficient – Dozens of tags can be read in seconds � Cheap – Price range: 5-10 Cents July 8, 2004 Slide 4

  5. RFID Privacy DIMACS WUPSS � Ubiquitous Technology? – WalMart, US DoD, Benetton, Metro, … � Ubiquitous Reading? – Anything, anytime, anywhere? � Public Concern (measured by Google*) July 2004 RFID 2,340,000 RFID and privacy 1,060,000 (45%) * Original numbers by Ravi Pappu, RFID Privacy Workshop @ MIT: November 15, 2003 July 8, 2004 Slide 5

  6. Current Solutions DIMACS WUPSS � Tag Deactivation (Kill Tag) – Cumbersome – Expensive training / equipment – Prevents post point-of-sales applications � Communication Block (Blocker Tag) NCR Kill Kiosk (Prototype) – Unreliable – Interferes with 3rd party tags � Access Control (Hash Locks) h Product ID, Serial Number, … ID – Expensive chip design h = hash(ID) h – Impractical key management ( h, ID) July 8, 2004 Slide 6

  7. Threat Models DIMACS WUPSS � What are We Trying to Protect? – Secret surveillance networks? unlikely (expensive, unreliable) unlikely (expensive, unreliable) – Pickpockets and burglars? impractical (expensive, unreliable) impractical (expensive, unreliable) – Staying in control of ubiquitous! (everywhere, anytime, unnoticed) ubiquitous! (everywhere, anytime, unnoticed) personal data flows! � Goal: Transparency Protocols – Use machines to monitor plethora of interactions – Support for privacy laws & regulation (see P3P) � RFID Approach – Embed support for the Fair Information Principles in RFID-protocols (reader-to-tag communication) July 8, 2004 Slide 7

  8. RFID FIP-Support DIMACS WUPSS Principle Support through… Collection Limitation Tag Selection Mask Consent Watchdog-Tag (optional) Data Quality n/a (with „privacy-aware database/PawDB“) Purpose Specification Purpose Declaration, Collection Type Use Limitation n/a (Leveraging from Purpose Specification) Security Safeguards Encryption/Authentication (?) Openness Reader-Policy ID Participation n/a (using PawDB) Accountability Reader-Policy ID Fair Information Practices, OECD 1980 July 8, 2004 Slide 8

  9. Collection Limitation DIMACS WUPSS � Targeted Read Commands – Smart shelf only reads razorblades Power- off – Smart checkout reads only store items In RF field � Selection Mask (e.g., “*.E32B*.*”) Ready unselected – Only selected tags reply Unselect Select – Requires hierarchical IDs (e.g., EPC) Selected Inventory Select Select Init_round_all N N N command Reader Modified Reset Read Process in Tag 1 Inventoried Response ISO 18000 Part 6 Tag 2 Response Selected Tag 3 Individual access Response N Next Slot Tag 4 (read/write) Time July 8, 2004 Slide 9

  10. Openness DIMACS WUPSS Init Protocol SUID Round Collection CRC-5 RPID Purpose CRC-16 round extension flag size type all 1 bit 6 bits 1 bit 3 bits 5 bits 96 bits 16 bits 2 bits 16 bits � Init_Round Command in ISO 18000 Part 6 – Begins read-round (Aloha-based anti-collision) – Contains anti-collision protocol parameters � 130 Bits „Privacy-Header“ Extension July 8, 2004 Slide 10

  11. ReaderPolicyID DIMACS WUPSS Init Protocol SUID Round Collection CRC-5 RPID Purpose CRC-16 round extension flag size type all 1 bit 6 bits 1 bit 3 bits 5 bits 96 bits 16 bits 2 bits 16 bits Data Header Policy Reader Collector 8 bits 28 bit 24 bits 36 bits 5F.4A886EC.8EC947.24A68E4F6 � All read-request uniquely identified – Data collector, reader, and policy identifiable – Format follows EPC standard (allows code reuse) July 8, 2004 Slide 11

  12. Collection Type DIMACS WUPSS Init Protocol SUID Round Collection CRC-5 RPID Purpose CRC-16 round extension flag size type all 1 bit 6 bits 1 bit 3 bits 5 bits 96 bits 16 bits 2 bits 16 bits 1) Anonymous Monitoring 1) Anonymous Monitoring 2) Local Identification 2) Local Identification 3) Item Tracking 3) Item Tracking 4) Person Tracking 4) Person Tracking Declaration of Intent Declaration of Intent � Typical RFID usage w/o identification – personally identifiable data is collected but only used anonymously (needs audits) July 8, 2004 Slide 12

  13. Purpose Specification DIMACS WUPSS 10) Legal 1) Access Control 11) Payment 2) Anti-Counterfeiting 12) Profiling 3) Anti-Theft a. Ad-Hoc Tailoring 4) Asset Management b. Pseudo Analysis 5) Contact c. Pseudo Decision 6) Current d. Individual Analysis 7) Development e. Individual Decision 13) Repairs & Returns 8) Emergency Services 14) Other Purpose 9) Inventory July 8, 2004 Slide 13

  14. Transparency: Watchdog Tag DIMACS WUPSS July 8, 2004 Slide 14

  15. Feasibility? DIMACS WUPSS � Extending Reader Devices – Software-update – Integrates with enterprise solutions (“Privacy-DB”) � Extending Tags – Needs protocol-level standardization (EPC, P3P, …) – No new hardware (program logic only) – Good performance (only about 1% loss in speed) � Reliability? – No tag configuration necessary – “Reliable” like a public announcement (poster, etc) • can be ignored by consumer, but lacking it can be noticed July 8, 2004 Slide 15

  16. Summary DIMACS WUPSS � Ubicomp brings privacy challenges – Large-scale, unnoticed data collections – RFID-technology most prominent example � Current RFID privacy solutions fall short – Too complicated, expensive � Proposal: Put Transparency into RFID – Readers identify themselves, purpose, etc… – Support for laws & regulations July 8, 2004 Slide 16

  17. For more information… DIMACS WUPSS � Ch. Flörkemeier, R. Schneider, M. Langheinrich, Scanning with a Purpose – Supporting the Fair Information Principles in RFID Protocols. Submitted for publication � M. Langheinrich, A Privacy Awareness System for Ubiquitous Computing Environments . Proceedings of Ubicomp 2002 � M. Langheinrich, Die Privatsphäre im Ubiquitous Computing – Datenschutzaspekte der RFID-Technologie . Appears in 2004 (German) http://www.vs.inf.ethz.ch/publ/ July 8, 2004 Slide 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides
A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010 Outline Introduction. Model of RFID Systems. Adaptive Completeness and Mutual Authentication. zk-Privacy: Formulation, Clarifications

456 views • 35 slides
Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of Information Systems y Singapore Management University 2010/12/6 1 Introduction RFID tags are low-cost electronic devices, from which

547 views • 17 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on RFID Technology Concepts, Applications, Challenges in the Eleventh International Conference on Enterprise Information Systems 6 10 May

552 views • 37 slides
A Privacy-Restoring Mechanism for Offline RFID Systems Gildas Avoine Iwen Coisel Tania Martin

A Privacy-Restoring Mechanism for Offline RFID Systems Gildas Avoine Iwen Coisel Tania Martin

A Privacy-Restoring Mechanism for Offline RFID Systems Gildas Avoine Iwen Coisel Tania Martin Universit e catholique de Louvain Belgium April 16, 2012 [WiSec12, Tucson, AZ, USA] Goal of our Paper Authentication protocol that

1.08k views • 43 slides
RFID Privacy: from Transportation Payment Systems to Implantable Medical Devices Wayne Burleson

RFID Privacy: from Transportation Payment Systems to Implantable Medical Devices Wayne Burleson

RFID Privacy: from Transportation Payment Systems to Implantable Medical Devices Wayne Burleson University of Massachusetts Amherst burleson@ecs.umass.edu AMD Research Boston wayne.burleson@amd.com This material is based upon work supported

663 views • 63 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

934 views • 64 slides
29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity is on Marc Langheinrich Institute for Pervasive Computing a par with nuclear weapons. Dr. Katherine Albrecht Katherine Albrecht,

315 views • 4 slides
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest Mike Szydlo MIT CSAIL RSA Laboratories RSA Laboratories What is a R adio- F requency Id entification (RFID) tag? In terms of appearance Chip

678 views • 26 slides
Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

T Labs Usability Colloquium June 25, 2007 Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland C.A.S.P.I.A.N. Consumers against supermarket privacy invasions and

451 views • 25 slides
Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Simone Fischer-Hbner Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues (LBS, RFID,...) IV. European Privacy Legislation/ Directives I. Definition Warren & Brandeis 1890 The right to

694 views • 30 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei Wang, Dong Jiang, Lijun Chen 01 Background 02 System design 03 Evaluation 04 Conclusion What is RFID? 01 Background RFID System Antenna

567 views • 34 slides
Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

PhD Private Defense, November 23rd, 2005 Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL, Lausanne, Switzerland COLE POLYTECHNIQUE FDRALE DE LAUSANNE Presentation Outline Fair Exchange

602 views • 46 slides
An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M. Valls, C. Roig, F. Gin e and J.M. Miret Escola Polit` ecnica Superior. Universitat de Lleida. { santi,magda,roig,sisco,miret } @eps.udl.es

417 views • 12 slides
MIS 2101/2901 Exam 3 Review Michelle Purnama Diamond Peer 2 Exam Format 25 Multiple Choice

MIS 2101/2901 Exam 3 Review Michelle Purnama Diamond Peer 2 Exam Format 25 Multiple Choice

MIS 2101/2901 Exam 3 Review Michelle Purnama Diamond Peer 2 Exam Format 25 Multiple Choice Questions 5 from assigned readings 10 from assigned videos & lectures 10 from Mini-Case Topics: SCM, CRM, Platforms, Cloud Computing,

646 views • 33 slides
En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to Nan

En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to Nan

D IPARTIMENTO DI I NGEGNERIA INFORMATICA AUTOMATICA E GESTIONALE A NTONIO R UBERTI Master Degree Programme in Management gement Engin ineer erin ing En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to

379 views • 36 slides
draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr http://perso.telecom-paristech.fr/~urien/hiprfid/ http://www.telecom-paristech.fr 1 /11 Pascal URIEN, IETF 79 th , Tuesday 9 th November 2010, Beijing, China What

373 views • 11 slides
Privacy What it is How were losing it in the digital age How it can be protected Saturday, 3

Privacy What it is How were losing it in the digital age How it can be protected Saturday, 3

Privacy What it is How were losing it in the digital age How it can be protected Saturday, 3 December 2011 Saturday, 3 December 2011 Privacy is Not a New Concept 1 b. The state or condition of being alone, undisturbed, or free from

593 views • 22 slides

More recommend