Privacy Protection privacy notions and metrics; privacy in RFID - - PowerPoint PPT Presentation

privacy protection
SMART_READER_LITE
LIVE PREVIEW

Privacy Protection privacy notions and metrics; privacy in RFID - - PowerPoint PPT Presentation

Aug 05, 2023 772 likes •1.12k views

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

slide-1
SLIDE 1

Security and Cooperation in Wireless Networks

Georg-August University Göttingen

Privacy Protection

privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks;

slide-2
SLIDE 2

Georg-August University Göttingen

Privacy Protection

Chapter outline

1 Important privacy related notions and metrics 2 Privacy in RFID systems 3 Location privacy in vehicular networks

2

slide-3
SLIDE 3

Georg-August University Göttingen

Privacy Protection

Privacy related notions

  • Anonymity: hiding the identity of the entity who performs a given action
  • Untraceability: making it difficult for an adversary to identify that a given

set of actions were performed by the same subject

  • Unlinkability: hiding information about the relationships between any

items (e.g. subjects, messages, actions, etc.):

– E.g. is a determined set of message senders and message receivers, the adversary may be still unable to relate senders to receivers

  • Unobservability: hiding the items themselves (e.g., hide the fact that a

message was sent at all)

  • Pseudonymity: making use of a pseudonym instead of the real identity

3

slide-4
SLIDE 4

Georg-August University Göttingen

Privacy Protection

Privacy metrics (1/2)

  • Anonymity set: a set of subjects that might have performed the
  • bserved action

– Is a good measure only if all the members of the set are equally likely to have performed the observed action

  • Entropy-based measure of anonymity:

.log where is the anonymity set is the probability (for the adversary) that the observed action has been performed by subject

x x x A x

p p A p x A

 

 

4

slide-5
SLIDE 5

Georg-August University Göttingen

Privacy Protection

Privacy metrics (2/2)

  • Entropy-based measure for unlinkability:

1 2

1 2 R 1 2

.log where and are the sets of items that the adversary wants to relate is the probability (for the adversary) that the real relationship between the elements in and in is ca

R R R I I

p p I I p I I

  

 

1 2

ptured by relation R I I  

5

slide-6
SLIDE 6

Georg-August University Göttingen

Privacy Protection

Outline

1 Important privacy related notions and metrics 2 Privacy in RFID systems 3 Location privacy in vehicular networks

6

slide-7
SLIDE 7

Georg-August University Göttingen

Privacy Protection

What is RFID?

  • RFID = Radio-Frequency Identification
  • RFID system elements

– RFID tag + RFID reader + back-end database

  • RFID tag = microchip + RF antenna

– microchip stores data (few hundred bits) – tags can be active

  • have their own battery  expensive

– or passive

  • powered up by the reader’s signal
  • reflect the RF signal of the reader modulated with stored data

7

RFID tag RFID reader back-end database tagged

  • bject

reading signal ID ID detailed

  • bject

information

slide-8
SLIDE 8

Georg-August University Göttingen

Privacy Protection

RFID privacy problems

  • RFID tags respond to reader’s query automatically, without

authenticating the reader  clandestine scanning of tags is a plausible threat

  • two particular problems:
  • 1. inventorying: a reader can silently determine what objects a person is

carrying

  • books
  • medicaments
  • banknotes
  • underwear
  • 2. tracking: set of readers

can determine where a given person is located

  • tags emit fixed unique identifiers
  • even if tags do not emit unique identifiers,

it is possible to track a person by tracking a constellation of a set of particular tags: in a given period of time, there may be a single person in a city wearing a specific type of shoes and wrist watch and carrying a specific book in a specific suitcase

8 watch: Casio book: Applied Cryptography shoes: Nike suitcase: Samsonite jeans: Lee Cooper

slide-9
SLIDE 9

Georg-August University Göttingen

Privacy Protection

RFID read ranges

  • nominal read range

– max distance at which a normally operating reader can reliably scan tags – e.g., ISO 14443 specifies 10 cm for contactless smart cards

  • rogue scanning range

– rogue reader can emit stronger signal and read tags from a larger distance than the nominal range – e.g., ISO 14443 cards can possibly be read from 50-100 cm

  • tag-to-reader eavesdropping range

– read-range limitations result from the requirement that the reader powers the tag – however, one reader can power the tag, while another one can monitor its emission (eavesdrop) – e.g., RFID enabled passports can be eavesdropped from a few meters

  • reader-to-tag eavesdropping range

– readers transmit at much higher power than tags – readers can be eavesdropped form much further (kilometers?) – readers may reveal tag specific information

9

slide-10
SLIDE 10

Georg-August University Göttingen

Privacy Protection

Classification of privacy protection approaches

  • standard tags

– “kill” command – “sleep” command – renaming – blocking – legislation

  • crypto enabled tags

– synchronization approach – hash chain based approach – tree-approach

10

slide-11
SLIDE 11

Georg-August University Göttingen

Privacy Protection

Dead tags tell no tales

  • idea: permanently disable tags with a special “kill” command
  • advantages:

– simple – effective

  • disadvantages:

– eliminates all post-purchase benefits of RFID for the consumer and for society

  • no return of items without receipt
  • no smart house-hold appliances

– cannot be applied in some applications

  • library
  • e-passports
  • banknotes
  • ...
  • similar approaches:

– put RFID tags into price tags or packaging which are removed and discarded

11

slide-12
SLIDE 12

Georg-August University Göttingen

Privacy Protection

“Sleep” command

  • idea:

– instead of killing the tag put it in sleep mode – tag can be re-activated if needed

  • advantages:

– simple – effective

  • disadvantages:

– difficult to manage in practice

  • tag re-activation must be password protected
  • how the consumers will manage hundreds of passwords for their tags?
  • passwords can be printed on tags, but then they need to be scanned
  • ptically or typed in by the consumer

12

slide-13
SLIDE 13

Georg-August University Göttingen

Privacy Protection

Renaming

  • idea:

– get rid of fixed names (identifiers) – use random pseudonyms and change them frequently

  • requirements:

– only authorized readers should be able to determine the real identifier behind a pseudonym – authorized readers would be able to refresh the list of pseudonyms in a tag – The tag rotates the pseudonym list and uses a new tag each time being read

  • a possible implementation

– pseudonym = {R|ID}K

  • R is a random number
  • K is a key shared by all authorized readers

– authorized readers can decrypt pseudonyms and determine real ID – for unauthorized readers, pseudonyms look like random bit strings

13

slide-14
SLIDE 14

Georg-August University Göttingen

Privacy Protection

Renaming

  • potential problems

– if someone can eavesdrop during the renaming operation, then she may be able to link the new pseudonym to the old one – An adversary can rapidly query the tag several times until all pseudonyms are emitted --> tag tracked until the next refresh operation

  • Solution: limited bandwidth at the tags (by hardware means)

– no reader authentication  rogue reader can overwrite pseudonyms in tags (tags will be erroneously identified by authorized readers)

14

slide-15
SLIDE 15

Georg-August University Göttingen

Privacy Protection

Blocking

  • Uses a mechanism which is designed for determining present tags:
  • binary tree walking

– a mechanism to determine which tags are present (singulation procedure) – IDs are leaves of a binary tree – reader performs a depth first search in the tree as follows

  • reader asks for the next bit of the ID starting with a given prefix
  • if every tag’s ID starts with that prefix, then no collision will occur, and the reader can extend

the prefix with the response

  • if there’s a collision, then the reader recurses on both possible extensions of the prefix
  • Example: 3 tags are present with IDs 001, 100 and 101

reader: prefix “-” ? tags: collision reader: prefix “0” ? tags: 0 reader: prefix “00” ? tags: 1 reader: prefix “1” ? tags: 0 reader: prefix “10” ? tags: collision

15

  • 1

00 01 10 11 000 010 100 110 001 011 101 111 100 101 001

Note: real tag sizes are much larger (e.g., 96 bits for EPC)

slide-16
SLIDE 16

Georg-August University Göttingen

Privacy Protection

  • blocker tag: simulates a collision upon each request of the reader to

force it to go through the whole tree and to stall as the tree is usually very big

  • Privacy protection solution using binary tree walking mechanism:

– The user can carry the blocker with her to prevent scanning and tracking of her tags and can deactivate the blocker when its tags need to be read, e.g. returning an item to a shop

  • Problem: blocks reading all tags nearby even by legitimate readers

16

Blocking

slide-17
SLIDE 17

Georg-August University Göttingen

Privacy Protection

Blocking

  • Solution:
  • tree is divided into two zones

– privacy zone: all IDs starting with 1

  • Tags can be sent between two zones by appropriately setting the leading bit of their IDs
  • upon purchase of a product, its tag is transferred into the privacy zone by setting the leading

bit

  • the blocker tag simulates a collision when the prefix in the reader’s query starts with 1
  • when the blocker tag is present, all IDs in the privacy zone will appear to be present for the

reader

  • when the blocker tag is not present, everything works normally
  • Clearly, a reader that transfers tags from one zone to another must be authenticated

17

  • 1

00 01 10 11 000 010 100 110 001 011 101 111 privacy zone transfer to the privacy zone upon purchase

slide-18
SLIDE 18

Georg-August University Göttingen

Privacy Protection

Crypto enabled tags

  • assume that tags can perform some crypto operations

 tags can compute their own pseudonyms !

  • a solution that doesn’t scale:

– next pseudonym = {ID,R}K

  • R is a random number generated by the tag (ensures that pseudonyms

look random and they are different)

  • ID is the real identifier
  • K is a key shared by the tag to the readers

– the reader tries all possible keys until it finds the right one (Some

redundancy in the encrypted message is required to let the reader realize it used the right key)

– if there are many tags, then the verification may be too slow

18

slide-19
SLIDE 19

Georg-August University Göttingen

Privacy Protection

Synchronization approach

  • c is a counter, K is a key shared by the tag and the reader
  • peration of tag:

– when queried by the reader, the tag responds with its current pseudonym p = EK(c) and then increments the counter

  • peration of the reader:

– reader must know approximate current counter value – for each tag, it maintains a table with the most likely current counters and corresponding pseudonyms (c+1, p1)…(c+d, pd) – when a tag responds with a pseudonym p, it looks up p in any of its tables, identifies the tag, and updates the table corresponding to the tag

19

c c+1 c+2 c+3 … p0 p1 p2 p3 EK EK EK EK

slide-20
SLIDE 20

Georg-August University Göttingen

Privacy Protection

Hash-chain based approach

  • H and G are one-way functions (e.g., hash functions)
  • operation of the tag:

– current state is si – when queried the tag responds with the current pseudonym pi = G(si) and computes its new state si+1 = H(si)

  • operation of the reader is similar to the previous approach
  • one-wayness of H ensures forward secrecy :

– even if a disposed tag is broken and its current state is determined, previous states (and pseudonyms) cannot be computed

20

s1 s2 s3 s4 … p1 p2 p3 p4 H H H H G G G G

slide-21
SLIDE 21

Georg-August University Göttingen

Privacy Protection

The tree-based approach

  • Each leave represents a tag and a key is assigned to each edge
  • A tag sends all of its keys from highest to lowest level in the tree
  • For each level the reader searches through keys only in that level

below the already identified key previous-level key

  • After identifying all the keys the tag can be identified by the reader

21

reader k1 k11 k 111

k1, k11, k111

R

E(k1, R’ | R), E(k11, R’ | R), E(k111, R’ | R)

try all these keys until one of them works k1, k11, k111  tag ID

tag

slide-22
SLIDE 22

Georg-August University Göttingen

Privacy Protection

Optimal key-trees

  • if tags get compromised, then the level of privacy provided to other tags

decreases:

– E.g. if the leftmost leave of the tree is compromised: k1, k11, k111 are revealed to the adversary – Later on, by observing the transactions of any non-compromised tag, the adversary can recognize the use of some compromised keys – P0: contains the compromised tag; P1: contains tags whose parent is the same as the compromised tag and not in P0; P2: contains tags whose grandparent is the same as the compromised tag and not in P0 or P1; etc.

  • tags in different partitions can be distinguished
  • tags in a given partition (Pi) are indistinguishable

22

k1 k11 k 111 P 0 P1 P 2 P 3

slide-23
SLIDE 23

Georg-August University Göttingen

Privacy Protection

– Consider a l level tree with b branches at each level – To measure privacy, one can calculate the expected anonymity set size of a randomly selected tag (or the average size of the anonymity set of non- compromised tags) – where N is the total number of tags, Pi is partition i – this can be normalized to N to obtain a metric value between 0 and 1:

23

k1 k11 k 111 P 0 P1 P 2 P 3

slide-24
SLIDE 24

Georg-August University Göttingen

Privacy Protection

Normalized Average Anonymity Set Size (NAASS) (3/3)

  • computing NAASS for regular trees (same branching factor at each level)

when a single tag is compromised:

24

slide-25
SLIDE 25

Georg-August University Göttingen

Privacy Protection

Outline

1 Important privacy related notions and metrics 2 Privacy in RFID systems 3 Location privacy in vehicular networks

25

slide-26
SLIDE 26

Georg-August University Göttingen

Privacy Protection

The location privacy problem and a solution

  • vehicles continuously broadcast heart beat messages,

containing their ID, position, speed, etc.

  • tracking the physical location of vehicles is easy just by

eavesdropping on the wireless channel

  • one possible solution is to change the vehicle identifier, or in
  • ther words, to use pseudonyms

26

slide-27
SLIDE 27

Georg-August University Göttingen

Privacy Protection

Adversary model

  • changing pseudonyms is ineffective against a global

eavesdropper

  • hence, the adversary is assumed to be able to monitor the

communications only at a limited number of places and in a limited range

27

A, GPS position, speed, direction predicted position at the time of the next heart beat B, GPS position, speed, direction

slide-28
SLIDE 28

Georg-August University Göttingen

Privacy Protection

The mix zone concept

  • A mix network is a store-and-forward networks containing mix

nodes

  • A mix node collects n messages and forwards them all at the same

time, and then does the same to the next n messages so on.

  • So an observer can not easily determine which outgoing message

belongs to which incoming message.

  • In our case, the adversary can not easily say which vehicle in the

unmonitored area belongs to which one entering it

– unmonitored area functions as a mix zone

  • we assume that the vehicles change pseudonyms frequently so

that each vehicle changes pseudonym while in the mix zone

  • note that the vehicles do not know where the mix zone is

28

slide-29
SLIDE 29

Georg-August University Göttingen

Privacy Protection

Example of mix zone

29

  • Example: the mix zone has 3 gates; gate 2 is far away from gates 1 and 3
  • the adversary observes vehicles 1 and 2 entered gates 1 and 2 and after a

short time a vehicle exited the mix zone at gate 3

  • If the distance between gates 2 and 3 is so large that it is impossible to go

from 2 to 3 in such a short time, then the adversary can link the vehicle entered at gate 1 to the one exited at gate 3 (no privacy is provided by the mix zone in this case)

slide-30
SLIDE 30

Georg-August University Göttingen

Privacy Protection

Model of the mix zone

  • time is divided into discrete steps
  • pij = Pr{ exiting at j | entering at i }
  • Dij is a random variable (delay) that represents the time that

elapses between entering at i and exiting at j

  • dij(t) = Pr{ Dij = t }
  • Pr{ exiting at j at t | entering at i at t } = pij dij(t-t)

30

dij(t) t

slide-31
SLIDE 31

Georg-August University Göttingen

Privacy Protection

Observations

  • the adversary can observe the points (ni, xi) and the times (ti, ti) of enter and

exit events (Ni, Xi)

  • by assumption, the nodes change pseudonyms inside the mix zone  there’s no

easy way to determine which exit event corresponds to which enter event

  • each possible mapping between exit and enter events is represented by a

permutation p of {1, 2, …, k}: mp = (N1 ~ Xp[1], N2 ~ Xp[2], …, Nk ~ Xp[k]) where p[i] is the i-th element of the permutation

  • we want to determine Pr{ mp | (N, X) }

31

t

n1 n2 nk x1 x2 xk

t2 tk

t1 tk N1 N2 Nk X1 X2 Xk

t1 = 0

slide-32
SLIDE 32

Georg-August University Göttingen

Privacy Protection

Computing the level of privacy

32

where mπ is the mapping described by the permutation π

where pij is a cell of the matrix P of size nxn, where n is the number of gates of the mix zone and dij(t) describes the probability distribution of the delay when crossing the mix zone from gate i to gate j , (i.e. dij(t) is the probability of having delay t for an object who enters at gate i And exits from gate j).

slide-33
SLIDE 33

Georg-August University Göttingen

Privacy Protection

Summary

  • Privacy problems and solutions in RFID:

– Privacy problems: clandestine reading and eavesdropping – Low-cost RFID tags:

  • resource constrained
  • any privacy protecting solution must be carefully designed and
  • ptimized
  • Location privacy in vehicular networks:

– Adversary model: monitored zones and unmonitored zones – The level of location privacy can be quantified using an entropy based metric

33