1,077 research outputs found
RFID Authentification Protocols using Symmetric Cryptography
Radio Frequency IDentification (RFID) is emerging in a variety
of applications as an important technology for identifying and
tracking goods and assets. The spread of RFID technology,
however, also gives rise to significant user privacy and
security issues. One possible solution to these challenges is
the use of a privacy-enhancing cryptographic protocol to
protect RFID communications.
This thesis considers RFID authentication protocols that make
use of symmetric cryptography. We first identify the privacy,
security and performance requirements for RFID systems. We then
review recent related work, and assess the capabilities of
previously proposed protocols with respect to the identified
privacy, security and performance properties.
The thesis makes four main contributions. First, we introduce
server impersonation attacks as a novel security threat to RFID
protocols. RFID tag memory is generally not tamper-proof, since
tag costs must be kept low, and thus it is vulnerable to
compromise by physical attacks. We show that such attacks can
give rise to desynchronisation between server and tag in a
number of existing RFID authentication protocols. We also
describe possible countermeasures to this novel class of
attacks.
Second, we propose a new authentication protocol for RFID
systems that provides most of the identified privacy and
security features. The new protocol resists tag information
leakage, tag location tracking, replay attacks, denial of
service attacks and backward traceability. It is also more
resistant to forward traceability and server impersonation
attacks than previously proposed schemes. The scheme requires
less tag-side storage than existing protocols and requires only
a moderate level of tag-side computation.
Next, we survey the security requirements for RFID tag
ownership transfer. In some applications, the bearer of an RFID
tag might change, with corresponding changes required for the
RFID system infrastructure. We propose novel authentication
protocols for tag ownership and authorisation transfer. The
proposed protocols satisfy the requirements presented, and have
desirable performance characteristics.
Finally, we address the issue of scalability in anonymous RFID
authentication protocols. Many previously proposed protocols
suffer from scalability issues because they require a linear
search to identify or authenticate a tag. Some RFID protocols,
however, only require constant time for tag identification;
unfortunately, all previously proposed schemes of this type
have serious shortcomings. We propose a novel RFID pseudonym
protocol that takes constant time to authenticate a tag, and
meets the identified privacy, security and performance
requirements. The proposed scheme also supports tag delegation
and ownership transfer in an efficient way
Assessing the Competing Characteristics of Privacy and Safety within Vehicular Ad Hoc Networks
The introduction of Vehicle-to-Vehicle (V2V) communication has the promise of decreasing vehicle collisions, congestion, and emissions. However, this technology places safety and privacy at odds; an increase of safety applications will likely result in the decrease of consumer privacy. The National Highway Traffic Safety Administration (NHTSA) has proposed the Security Credential Management System (SCMS) as the back end infrastructure for maintaining, distributing, and revoking vehicle certificates attached to every Basic Safety Message (BSM). This Public Key Infrastructure (PKI) scheme is designed around the philosophy of maintaining user privacy through the separation of functions to prevent any one subcomponent from identifying users. However, because of the high precision of the data elements within each message this design cannot prevent large scale third-party BSM collection and pseudonym linking resulting in privacy loss. In addition, this philosophy creates an extraordinarily complex and heavily distributed system. In response to this difficulty, this thesis proposes a data ambiguity method to bridge privacy and safety within the context of interconnected vehicles. The objective in doing so is to preserve both Vehicle-to-Vehicle (V2V) safety applications and consumer privacy. A Vehicular Ad-Hoc Network (VANET) metric classification is introduced that explores five fundamental pillars of VANETs. These pillars (Safety, Privacy, Cost, Efficiency, Stability) are applied to four different systems: Non-V2V environment, the aforementioned SCMS, the group-pseudonym based Vehicle Based Security System (VBSS), and VBSS with Dithering (VBSS-D) which includes the data ambiguity method of dithering. By using these evaluation criteria, the advantages and disadvantages of bringing each system to fruition is showcased
Security in Internet of Things: networked smart objects.
Internet of Things (IoT) is an innovative paradigm approaching both industries and humans every-day life. It refers to the networked interconnection of every-day objects, which are equipped with ubiquitous intelligence. It not only aims at increasing the ubiquity of the Internet, but also at leading towards a highly distributed network of devices communicating with human beings as well as with other devices. Thanks to rapid advances in underlying technologies, IoT is opening valuable opportunities for a large number of novel applications, that promise to improve the quality of humans lives, facilitating the exchange of services.
In this scenario, security represents a crucial aspect to be addressed, due to the high level of heterogeneity of the involved devices and to the sensibility of the managed information. Moreover, a system architecture should be established, before the IoT is fully operable in an efficient, scalable and interoperable manner.
The main goal of this PhD thesis concerns the design and the implementation of a secure and distributed middleware platform tailored to IoT application domains. The effectiveness of the proposed solution is evaluated by means of a prototype and real case studies
Security and Privacy of Radio Frequency Identification
Tanenbaum, A.S. [Promotor]Crispo, B. [Copromotor
No Direction Home: Will the Law Keep Pace With Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery
Increasingly, public and private employers are utilizing human tracking devices to monitor employee movement and conduct. Due to the propensity of American labor law to give greater weight toemployer property interests over most employee privacy expectations, there are currently few limitations on the use of human tracking in employment. The scope and nature of current legal principles regarding individual privacy are not sufficient to respond to the rapid development and use of human tracking technology. The academic use of the phrase âgeoslaveryâ to describe the abusive use of such technology underscores its power. This article examines the use of such technology under current federal and state law and suggests potential means for developing greater legal protections against the abusive use of the technology and the intrusion into personal privacy
No Direction Home: Will the Law Keep Pace With Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery
Increasingly, public and private employers are utilizing human tracking devices to monitor employee movement and conduct. Due to the propensity of American labor law to give greater weight toemployer property interests over most employee privacy expectations, there are currently few limitations on the use of human tracking in employment. The scope and nature of current legal principles regarding individual privacy are not sufficient to respond to the rapid development and use of human tracking technology. The academic use of the phrase âgeoslaveryâ to describe the abusive use of such technology underscores its power. This article examines the use of such technology under current federal and state law and suggests potential means for developing greater legal protections against the abusive use of the technology and the intrusion into personal privacy
Protecting Privacy in Indian Schools: Regulating AI-based Technologies' Design, Development and Deployment
Education is one of the priority areas for the Indian government, where Artificial Intelligence (AI) technologies are touted to bring digital transformation. Several Indian states have also started deploying facial recognition-enabled CCTV cameras, emotion recognition technologies, fingerprint scanners, and Radio frequency identification tags in their schools to provide personalised recommendations, ensure student security, and predict the drop-out rate of students but also provide 360-degree information of a student. Further, Integrating Aadhaar (digital identity card that works on biometric data) across AI technologies and learning and management systems (LMS) renders schools a âpanopticonâ.
Certain technologies or systems like Aadhaar, CCTV cameras, GPS Systems, RFID tags, and learning management systems are used primarily for continuous data collection, storage, and retention purposes. Though they cannot be termed AI technologies per se, they are fundamental for designing and developing AI systems like facial, fingerprint, and emotion recognition technologies. The large amount of student data collected speedily through the former technologies is used to create an algorithm for the latter-stated AI systems. Once algorithms are processed using machine learning (ML) techniques, they learn correlations between multiple datasets predicting each studentâs identity, decisions, grades, learning growth, tendency to drop out, and other behavioural characteristics. Such autonomous and repetitive collection, processing, storage, and retention of student data without effective data protection legislation endangers student privacy.
The algorithmic predictions by AI technologies are an avatar of the data fed into the system. An AI technology is as good as the person collecting the data, processing it for a relevant and valuable output, and regularly evaluating the inputs going inside an AI model. An AI model can produce inaccurate predictions if the person overlooks any relevant data. However, the state, school administrations and parentsâ belief in AI technologies as a panacea to student security and educational development overlooks the context in which âdata practicesâ are conducted. A right to privacy in an AI age is inextricably connected to data practices where data gets âcookedâ. Thus, data protection legislation operating without understanding and regulating such data practices will remain ineffective in safeguarding privacy.
The thesis undergoes interdisciplinary research that enables a better understanding of the interplay of data practices of AI technologies with social practices of an Indian school, which the present Indian data protection legislation overlooks, endangering studentsâ privacy from designing and developing to deploying stages of an AI model. The thesis recommends the Indian legislature frame better legislation equipped for the AI/ML age and the Indian judiciary on evaluating the legality and reasonability of designing, developing, and deploying such technologies in schools
- âŠ