Stability of synchronous queued RFID networks

Queued Radio Frequency Identification (RFID) networks arise naturally in many applications, where tags are grouped into batches, and each batch must be processed before the next reading job starts. In these cases, the system must be able to handle all incoming jobs, keeping the queue backlogs bounded. This property is called stability. Besides, in RFID networks, it is common that some readers cannot operate at the same time, due to mutual interferences. This fact reduces the maximum traffic that readers can process since they have to share the channel. Synchronous networks share the channel using a TDMA approach. The goal of this work is to analytically determine whether a synchronous queued RFID network attains stable operation under a given incoming traffic. Stability depends on the service rate, which is characterized in this paper using an exact numerical method based on a recursive analytical approach, overcoming the limitations of previous works, which were based on simplifications. We also address different flow optimization problems, such as computing the maximum joint traffic that a network can process stably, selecting the minimal number of readers to process a given total load, or determining the optimal timeslot duration, which are novel in the RFID literature.This work was supported by the Project AIM, (AEI/FEDER, EU) under Grant TEC2016-76465-C2-1-R

Contributions to privacy protection for ubiquitous computing

El desenvolupament de noves tecnologies ha introduït el concepte de Computació Ubiqua, a on els objectes que ens envolten poden tenir processadors integrats i establir la comunicació amb altres sistemes, amb la finalitat d'oferir serveis personalitzats per ajudar-nos amb les nostres tasques habituals. No obstant això, a causa de que és possible tenir ordinadors en gairebé qualsevol lloc o objecte, això ha obert noves discussions sobre temes tals com la privadesa i la seguretat, considerats des de diferents punts de vista, com el desenvolupaments jurídics, socials, econòmics i tecnològics, amb una importància cada vegada major al món actual. En aquesta tesi discutim i analitzem algunes de les principals qüestions de seguretat i privadesa a les tecnologies actuals, tals com a telèfons intel·ligents, dispositius RFID o ciutats intel·ligents, i proposem alguns protocols per fer front a aquests temes garantint la privadesa dels usuaris a tot moment.El desarrollo de nuevas tecnologías ha introducido el concepto de Computación Ubicua , en donde los objetos que nos rodean pueden tener procesadores integrados y establecer la comunicación con otros sistemas, con el fin de ofrecer servicios personalizados para ayudarnos con nuestras tareas habituales. Sin embargo, debido a que es posible tener ordenadores en casi cualquier lugar u objeto, esto ha abierto nuevas discusiones sobre temas tales como la privacidad y la seguridad, considerado desde diferentes puntos de vista, como el desarrollos jurídicos, sociales, económicos y tecnológicos, con una importancia cada vez mayor en el mundo actual. En esta tesis discutimos y analizamos algunas de las principales cuestiones de seguridad y privacidad en las tecnologías actuales, tales como teléfonos inteligentes, dispositivos RFID o ciudades inteligentes, y proponemos algunos protocolos para hacer frente a estos temas garantizando la privacidad de los usuarios en todo momento.The development of new technologies has introduced the concept of Ubiquitous Computing, whereby the objects around us can have an embedded computer and establish communications with each other, in order to provide personalized services to assist with our tasks. However, because it is possible to have computers almost anywhere and within any object, this has opened up new discussions on issues such as privacy and security, considered from many different views, such as the legal, social, economic and technological development perspectives, all taking an increasingly significant importance in today’s world. In this dissertation we discuss and analyze some of the main privacy and security issues in current technologies, such as smartphones, RFIDs or smart cities, and we propose some protocols in order to face these issues guarantying users' privacy anytime

Trusted and Privacy-preserving Embedded Systems: Advances in Design, Analysis and Application of Lightweight Privacy-preserving Authentication and Physical Security Primitives

Radio Frequency Identification (RFID) enables RFID readers to perform fully automatic wireless identification of objects labeled with RFID tags and is widely deployed to many applications, such as access control, electronic tickets and payment as well as electronic passports. This prevalence of RFID technology introduces various risks, in particular concerning the privacy of its users and holders. Despite the privacy risk, classical threats to authentication and identification systems must be considered to prevent the adversary from impersonating or copying (cloning) a tag. This thesis summarizes the state of the art in secure and privacy-preserving authentication for RFID tags with a particular focus on solutions based on Physically Unclonable Functions (PUFs). It presents advancements in the design, analysis and evaluation of secure and privacy-preserving authentication protocols for RFID systems and PUFs. Formalizing the security and privacy requirements on RFID systems is essential for the design of provably secure and privacy-preserving RFID protocols. However, existing RFID security and privacy models in the literature are often incomparable and in part do not reflect the capabilities of real-world adversaries. We investigate subtle issues such as tag corruption aspects that lead to the impossibility of achieving both mutual authentication and any reasonable notion of privacy in one of the most comprehensive security and privacy models, which is the basis of many subsequent works. Our results led to the refinement of this privacy model and were considered in subsequent works on privacy-preserving RFID systems. A promising approach to enhance the privacy in RFID systems without lifting the computational requirements on the tags are anonymizers. These are special devices that take off the computational workload from the tags. While existing anonymizer-based protocols are subject to impersonation and denial-of-service attacks, existing RFID security and privacy models do not include anonymizers. We present the first security and privacy framework for anonymizer-enabled RFID systems and two privacy-preserving RFID authentication schemes using anonymizers. Both schemes achieve several appealing features that were not simultaneously achieved by any previous proposal. The first protocol is very efficient for all involved entities, achieves privacy under tag corruption. It is secure against impersonation attacks and forgeries even if the adversary can corrupt the anonymizers. The second scheme provides for the first time anonymity and untraceability of tags against readers as well as secure tag authentication against collisions of malicious readers and anonymizers using tags that cannot perform public-key cryptography (i.e., modular exponentiations). The RFID tags commonly used in practice are cost-efficient tokens without expensive hardware protection mechanisms. Physically Unclonable Functions (PUFs) promise to provide an effective security mechanism for RFID tags to protect against basic hardware attacks. However, existing PUF-based RFID authentication schemes are not scalable, allow only for a limited number of authentications and are subject to replay, denial-of-service and emulation attacks. We present two scalable PUF-based authentication schemes that overcome these problems. The first protocol supports tag and reader authentication, is resistant to emulation attacks and highly scalable. The second protocol uses a PUF-based key storage and addresses an open question on the feasibility of destructive privacy, i.e., the privacy of tags that are destroyed during tag corruption. The security of PUFs relies on assumptions on physical properties and is still under investigation. PUF evaluation results in the literature are difficult to compare due to varying test conditions and different analysis methods. We present the first large-scale security analysis of ASIC implementations of the five most popular electronic PUF types, including Arbiter, Ring Oscillator, SRAM, Flip-Flop and Latch PUFs. We present a new PUF evaluation methodology that allows a more precise assessment of the unpredictability properties than previous approaches and we quantify the most important properties of PUFs for their use in cryptographic schemes. PUFs have been proposed for various applications, including anti-counterfeiting and authentication schemes. However, only rudimentary PUF security models exist, limiting the confidence in the security claims of PUF-based security mechanisms. We present a formal security framework for PUF-based primitives, which has been used in subsequent works to capture the properties of image-based PUFs and in the design of anti-counterfeiting mechanisms and physical hash functions

No Direction Home: Will the Law Keep Pace With Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery

Increasingly, public and private employers are utilizing human tracking devices to monitor employee movement and conduct. Due to the propensity of American labor law to give greater weight toemployer property interests over most employee privacy expectations, there are currently few limitations on the use of human tracking in employment. The scope and nature of current legal principles regarding individual privacy are not sufficient to respond to the rapid development and use of human tracking technology. The academic use of the phrase “geoslavery” to describe the abusive use of such technology underscores its power. This article examines the use of such technology under current federal and state law and suggests potential means for developing greater legal protections against the abusive use of the technology and the intrusion into personal privacy