privacy protection
play

Privacy Protection privacy notions and metrics; privacy in RFID - PowerPoint PPT Presentation

Aug 05, 2023 •772 likes •1.12k views

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

  1. Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Göttingen

  2. Chapter outline 1 Important privacy related notions and metrics 2 Privacy in RFID systems 3 Location privacy in vehicular networks Privacy Protection Georg-August University Göttingen 2

  3. Privacy related notions Anonymity: hiding the identity of the entity who performs a given action  Untraceability: making it difficult for an adversary to identify that a given  set of actions were performed by the same subject Unlinkability: hiding information about the relationships between any  items (e.g. subjects, messages, actions, etc.): – E.g. is a determined set of message senders and message receivers, the adversary may be still unable to relate senders to receivers Unobservability: hiding the items themselves (e.g., hide the fact that a  message was sent at all) Pseudonymity: making use of a pseudonym instead of the real identity  Privacy Protection Georg-August University Göttingen 3

  4. Privacy metrics (1/2) Anonymity set: a set of subjects that might have performed the  observed action – Is a good measure only if all the members of the set are equally likely to have performed the observed action Entropy-based measure of anonymity:    p .log p x x   x A where A is the anonymity set p is the probability (for the adversary) x  that the observed action has been performed by subject x A Privacy Protection Georg-August University Göttingen 4

  5. Privacy metrics (2/2) Entropy-based measure for unlinkability:    p .log p R R    R I I 1 2 where I and I are the sets of items that the adversary wants to relate 1 2 p is the probability (for the adversary) that the real relationship R   between the elements in and in I I is ca ptured by relation R I I 1 2 1 2 Privacy Protection Georg-August University Göttingen 5

  6. Outline 1 Important privacy related notions and metrics 2 Privacy in RFID systems 3 Location privacy in vehicular networks Privacy Protection Georg-August University Göttingen 6

  7. What is RFID? RFID = Radio-Frequency Identification  RFID system elements  – RFID tag + RFID reader + back-end database RFID tag = microchip + RF antenna  – microchip stores data (few hundred bits) – tags can be active • have their own battery  expensive – or passive • powered up by the reader’s signal • reflect the RF signal of the reader modulated with stored data RFID reader RFID tag reading signal tagged back-end object ID database ID detailed object information Privacy Protection Georg-August University Göttingen 7

  8. RFID privacy problems RFID tags respond to reader’s query automatically, without  authenticating the reader  clandestine scanning of tags is a plausible threat two particular problems:  1. inventorying: a reader can silently determine what objects a person is carrying • books • medicaments • banknotes suitcase: • underwear Samsonite watch: Casio • … 2. tracking: set of readers jeans: Lee Cooper can determine where a given book: Applied person is located Cryptography • tags emit fixed unique identifiers • even if tags do not emit unique identifiers, it is possible to track a person by tracking a shoes: Nike constellation of a set of particular tags: in a given period of time, there may be a single person in a city wearing a specific type of shoes and wrist watch and carrying a specific book in a specific suitcase Privacy Protection Georg-August University Göttingen 8

  9. RFID read ranges nominal read range  – max distance at which a normally operating reader can reliably scan tags – e.g., ISO 14443 specifies 10 cm for contactless smart cards rogue scanning range  – rogue reader can emit stronger signal and read tags from a larger distance than the nominal range – e.g., ISO 14443 cards can possibly be read from 50-100 cm tag-to-reader eavesdropping range  – read-range limitations result from the requirement that the reader powers the tag – however, one reader can power the tag, while another one can monitor its emission (eavesdrop) – e.g., RFID enabled passports can be eavesdropped from a few meters reader-to-tag eavesdropping range  – readers transmit at much higher power than tags – readers can be eavesdropped form much further (kilometers?) – readers may reveal tag specific information Privacy Protection Georg-August University Göttingen 9

  10. Classification of privacy protection approaches  standard tags – “kill” command – “sleep” command – renaming – blocking – legislation  crypto enabled tags – synchronization approach – hash chain based approach – tree-approach Privacy Protection Georg-August University Göttingen 10

  11. Dead tags tell no tales idea: permanently disable tags with a special “kill” command  advantages:  – simple – effective disadvantages:  – eliminates all post-purchase benefits of RFID for the consumer and for society • no return of items without receipt • no smart house-hold appliances • … – cannot be applied in some applications • library • e-passports • banknotes • ... similar approaches:  – put RFID tags into price tags or packaging which are removed and discarded Privacy Protection Georg-August University Göttingen 11

  12. “Sleep” command  idea: – instead of killing the tag put it in sleep mode – tag can be re-activated if needed  advantages: – simple – effective  disadvantages: – difficult to manage in practice • tag re-activation must be password protected • how the consumers will manage hundreds of passwords for their tags? • passwords can be printed on tags, but then they need to be scanned optically or typed in by the consumer Privacy Protection Georg-August University Göttingen 12

  13. Renaming idea:  – get rid of fixed names (identifiers) – use random pseudonyms and change them frequently requirements:  – only authorized readers should be able to determine the real identifier behind a pseudonym – authorized readers would be able to refresh the list of pseudonyms in a tag – The tag rotates the pseudonym list and uses a new tag each time being read a possible implementation  – pseudonym = {R|ID} K • R is a random number • K is a key shared by all authorized readers – authorized readers can decrypt pseudonyms and determine real ID – for unauthorized readers, pseudonyms look like random bit strings Privacy Protection Georg-August University Göttingen 13

  14. Renaming  potential problems – if someone can eavesdrop during the renaming operation, then she may be able to link the new pseudonym to the old one – An adversary can rapidly query the tag several times until all pseudonyms are emitted --> tag tracked until the next refresh operation • Solution: limited bandwidth at the tags (by hardware means) – no reader authentication  rogue reader can overwrite pseudonyms in tags (tags will be erroneously identified by authorized readers) Privacy Protection Georg-August University Göttingen 14

  15. Blocking Uses a mechanism which is designed for determining present tags:  binary tree walking  – a mechanism to determine which tags are present (singulation procedure) – IDs are leaves of a binary tree – reader performs a depth first search in the tree as follows • reader asks for the next bit of the ID starting with a given prefix • if every tag’s ID starts with that prefix, then no collision will occur, and the reader can extend the prefix with the response • if there’s a collision, then the reader recurses on both possible extensions of the prefix • Example: 3 tags are present with IDs 001, 100 and 101 reader: prefix “ - ” ? - tags: collision reader: prefix “0” ? 0 1 tags: 0 reader: prefix “00” ? 001 tags: 1 reader: prefix “1” ? 00 01 10 11 tags: 0 reader: prefix “10” ? 000 010 100 110 001 011 101 111 100 tags: collision 101 Note: real tag sizes are much larger (e.g., 96 bits for EPC) Privacy Protection Georg-August University Göttingen 15

  16. Blocking blocker tag: simulates a collision upon each request of the reader to  force it to go through the whole tree and to stall as the tree is usually very big Privacy protection solution using binary tree walking mechanism:  – The user can carry the blocker with her to prevent scanning and tracking of her tags and can deactivate the blocker when its tags need to be read, e.g. returning an item to a shop Problem: blocks reading all tags nearby even by legitimate readers  Privacy Protection Georg-August University Göttingen 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

International Workshop on Spatial and Temporal Modeling from Statistical, Machine Learning and Engineering perspectives:STM2016 23 July 2016 Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy Protection

1.35k views • 79 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service Automotive Industry Privacy Principles Nov. 12, 2014 Auto Alliance and Global Automakers come together to create a set of privacy principles

419 views • 20 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection Defending Privacy Empowerment Protection Transparency Firms must always Informed consent secure personal data Consumer law Empowerment Protection

543 views • 10 slides
Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Introduction Syntax Semantics Example Outlook Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection Schleswig-Holstein 26th of July 2010 www.ietf.org/id/draft-koenig-privicons-00.txt Ulrich

225 views • 10 slides
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY BYLAW PARK BOARD COMMITTEE MEETING May 16,

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY BYLAW PARK BOARD COMMITTEE MEETING May 16,

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY BYLAW PARK BOARD COMMITTEE MEETING May 16, 2016 OVERVIEW: Freedom of Information and Protection of Privacy 1. Legislation Freedom of Information and Protection of Privacy Act (FIPPA) ;

379 views • 17 slides
Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

551 views • 29 slides
Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Beneficial ownership transparency, Title Page privacy and data protection 23 October Presented by Tom Walker tom@theengineroom.org @thomwithoutanh Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

702 views • 13 slides
Audit Mechanisms for Privacy Protection in Healthcare Environments Anupam Datta Joint work with

Audit Mechanisms for Privacy Protection in Healthcare Environments Anupam Datta Joint work with

Audit Mechanisms for Privacy Protection in Healthcare Environments Anupam Datta Joint work with Jeremiah Blocki, Nicolas Christin and Arunesh Sinha Carnegie Mellon University Position } Audit mechanisms are essential for privacy protection

337 views • 7 slides
RESTifying WS-* Services A Case Study in RFID (Radio Frequency IDentification) Dominique Guinard

RESTifying WS-* Services A Case Study in RFID (Radio Frequency IDentification) Dominique Guinard

RESTifying WS-* Services A Case Study in RFID (Radio Frequency IDentification) Dominique Guinard SAP Research & ETH Zurich Mathias Mueller University of Fribourg 167 Todays Menu 1. Background: > The global RFID network in a

325 views • 19 slides
Other Contract Government Property Related Clauses IND 105 Lesson 9 Other Contract Government

Other Contract Government Property Related Clauses IND 105 Lesson 9 Other Contract Government

Other Contract Government Property Related Clauses IND 105 Lesson 9 Other Contract Government Property and Related Clauses TLO 9 - Given a Government contract with other property related FAR and DFARS clauses, identify their applicability to

537 views • 52 slides
The intelligent container: 80 courses of studies, many of them are bachelor- or master

The intelligent container: 80 courses of studies, many of them are bachelor- or master

RFID Academic Convocation: Smart Containers Slide 1 Slide 2 University of Bremen May, 1 st 06 May, 1 st 06 Reiner Jedermann, Adam Sklorz, Walter Lang, Institute for Microsensors, - Founded in 1971 Actuators and -Systems (IMSAS), University

817 views • 12 slides
Information System Components and Devices 2110213 Information System Organization Natawut

Information System Components and Devices 2110213 Information System Organization Natawut

Information System Components and Devices 2110213 Information System Organization Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University IS Components Natawut Nupairoj, Ph.D. 1 Logical View Feedback Control

169 views • 14 slides
Managing Service Inventory NKFUST Reasons to Hold Inventory Inventory Models News

Managing Service Inventory NKFUST Reasons to Hold Inventory Inventory Models News

ShinMing Guo Managing Service Inventory NKFUST Reasons to Hold Inventory Inventory Models News Vendor Problem ABC Classification Who Cares About a Surplus? In North America, the loss from overstocks in the region is estimated

404 views • 18 slides
Policy and Technology Drivers in Policy and Technology Drivers in the Internet of Things the

Policy and Technology Drivers in Policy and Technology Drivers in the Internet of Things the

Policy and Technology Drivers in Policy and Technology Drivers in the Internet of Things the Internet of Things Grald Santucci Head of Unit Networked enterprise & Radio Frequency Identification (RFID) Internet of Things 2008, Zurich

732 views • 28 slides
Dr Joseph O. Ugwu Dept of Civil Engineering, The University of Hong Kong Seminar: Recent

Dr Joseph O. Ugwu Dept of Civil Engineering, The University of Hong Kong Seminar: Recent

ICT for Collaborative Working in Project Management Dr Joseph O. Ugwu Dept of Civil Engineering, The University of Hong Kong Seminar: Recent Developments in Project Management in HKSAR Friday 12 May 2006 1 Outline Part 1: ICT

230 views • 19 slides
International Nuclear and Nuclear Disaster Radiological Event Scale Major Accident Chernobyl

International Nuclear and Nuclear Disaster Radiological Event Scale Major Accident Chernobyl

International Nuclear and Nuclear Disaster Radiological Event Scale Major Accident Chernobyl Nuclear Accident (1986) Major release of radioactive material with widespread (5,200 PBq) health and environmental effects (requiring

425 views • 5 slides

More recommend