Security and Privacy of Radio Frequency Identification

Tanenbaum, A.S. [Promotor]Crispo, B. [Copromotor

Tracking RFID

RFID-Radio Frequency Identification-is a powerful enabling technology with a wide range of potential applications. Its proponents initially overhyped its capabilities and business case: RFID deployment is proceeding along a much slower and less predictable trajectory than was initially thought. Nonetheless, in the end it is plausible that we will find ourselves moving in the direction of a world with pervasive RFID: a world in which objects\u27 wireless self-identification will become much more nearly routine, and networked devices will routinely collect and process the resulting information. RFID-equipped goods and documents present privacy threats: they may reveal information about themselves, and hence about the people carrying them, wirelessly to people whom the subjects might not have chosen to inform. That information leakage follows individuals, and reveals how they move through space. Not only does the profile that RFID technology helps construct contain information about where the subject is and has been, but RFID signifiers travel with the subject in the physical world, conveying information to devices that otherwise would not recognize it and that can take actions based on that information. RFID implementations, thus, can present three related privacy threats, which this article categorizes as surveillance, profiling, and action. RFID privacy consequences will differ in different implementations. It would be a mistake to conclude that an RFID implementation will pose no meaningful privacy threat because a tag does not directly store personally identifiable information, instead containing only a pointer to information contained in a separate database. Aside from any privacy threats presented by the database proprietor, privacy threats from third parties will depend on the extent to which those third parties can buy, barter, or otherwise gain database access. Where a tag neither points to nor carries personal identifying information, the extent of the privacy threat will depend in part on the degree to which data collectors will be able to link tag numbers with personally identifying information. Yet as profiling accelerates in the modem world, aided by the automatic, networked collection of information, information compiled by one data collector will increasingly be available to others as well; linking persistent identifiers to personally identifying information may turn out to be easy. Nor are sophisticated access controls and other cryptographic protections a complete answer to RFID privacy threats. The cost of those protections will make them impractical for many applications, though, and even with more sophisticated technology, security problems will remain. This article suggests appropriate government and regulatory responses to two important categories of RFID implementation. It concludes with a way of looking at, and an agenda for further research on, wireless identification technology more generally

RFID technology as sustaining or disruptive innovation: Applications in the healthcare industry

Abstract In this paper we use the implementation of radio frequency identification (RFID) in various sectors of the healthcare industry as an illustration and application of how academics and managers may assess the potential for new technologies to be sustaining or disruptive to an organization. We review RFID technology, summarize literature related to disruptive innovation, develop a qualitative framework that examines the sustaining and disruptive potential of RFID, and discuss examples of healthcare applications within the context of this framework

Ethical implication of emerging technologies

Titre de l'écran-titre (visionné le 3 mai 2007

Transiently Powered Computers

Demand for compact, easily deployable, energy-efficient computers has driven the development of general-purpose transiently powered computers (TPCs) that lack both batteries and wired power, operating exclusively on energy harvested from their surroundings. TPCs\u27 dependence solely on transient, harvested power offers several important design-time benefits. For example, omitting batteries saves board space and weight while obviating the need to make devices physically accessible for maintenance. However, transient power may provide an unpredictable supply of energy that makes operation difficult. A predictable energy supply is a key abstraction underlying most electronic designs. TPCs discard this abstraction in favor of opportunistic computation that takes advantage of available resources. A crucial question is how should a software-controlled computing device operate if it depends completely on external entities for power and other resources? The question poses challenges for computation, communication, storage, and other aspects of TPC design. The main idea of this work is that software techniques can make energy harvesting a practicable form of power supply for electronic devices. Its overarching goal is to facilitate the design and operation of usable TPCs. This thesis poses a set of challenges that are fundamental to TPCs, then pairs these challenges with approaches that use software techniques to address them. To address the challenge of computing steadily on harvested power, it describes Mementos, an energy-aware state-checkpointing system for TPCs. To address the dependence of opportunistic RF-harvesting TPCs on potentially untrustworthy RFID readers, it describes CCCP, a protocol and system for safely outsourcing data storage to RFID readers that may attempt to tamper with data. Additionally, it describes a simulator that facilitates experimentation with the TPC model, and a prototype computational RFID that implements the TPC model. To show that TPCs can improve existing electronic devices, this thesis describes applications of TPCs to implantable medical devices (IMDs), a challenging design space in which some battery-constrained devices completely lack protection against radio-based attacks. TPCs can provide security and privacy benefits to IMDs by, for instance, cryptographically authenticating other devices that want to communicate with the IMD before allowing the IMD to use any of its battery power. This thesis describes a simplified IMD that lacks its own radio, saving precious battery energy and therefore size. The simplified IMD instead depends on an RFID-scale TPC for all of its communication functions. TPCs are a natural area of exploration for future electronic design, given the parallel trends of energy harvesting and miniaturization. This work aims to establish and evaluate basic principles by which TPCs can operate

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Development of secured algorithm to enhance the privacy and security template of biometric technology

A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Mathematical and Computer Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyThe security of information and personal privacy are the growing concerns in today’s human life worldwide. The storage of biometric data in the database has raised the prospect of compromising the database leading to grave risks and misuse of the person’s privacy such as growth in terrorism and identity fraud. When a person’s biometric data stored is revealed, their security and privacy are being compromised. This research described a detailed evaluation on several outbreaks and threats associated with the biometric technology. It analyzed the user’s fear and intimidations to the biometric technology alongside the protection steps for securing the biometric data template in the database. It is known that, when somebody’s biometric data template is compromised from the database that consequently might indicate proof of identity robbery of that person. Mixed method to compute and articulate the results as well as a new tactic of encryption-decryption algorithm with a design pattern of Model View Template (MVT) are used for securing the biometric data template in the database. The model managed information logically, the view indicated the visualization of the data, and the template directed the data migration into pattern object. Factors influencing fear of biometric technology such as an exposer of personal information, improper data transfer, and data misuse are found. Strong knowledge of the ideal technology like the private skills of the biometric technology, data secrecy and perceived helpfulness are established. The fears and attacks along the technology like a counterfeit of documents and brute-force attack are known. The designed algorithm based on the cryptographic module of the Fernet keys instance are utilized. The Fernet keys are combined to generate a multiFernet key, integrated with biometric data to produce two encrypted files (byte and text file). These files are incorporated with Twilio message and firmly stored in the database. The storage database has security measures that guard against an impostor’s attack. The database system can block the attacker from unauthorized access. Thus, significantly increased individual data privacy and integrity

RFID Technology in Intelligent Tracking Systems in Construction Waste Logistics Using Optimisation Techniques

Construction waste disposal is an urgent issue for protecting our environment. This paper proposes a waste management system and illustrates the work process using plasterboard waste as an example, which creates a hazardous gas when land filled with household waste, and for which the recycling rate is less than 10% in the UK. The proposed system integrates RFID technology, Rule-Based Reasoning, Ant Colony optimization and knowledge technology for auditing and tracking plasterboard waste, guiding the operation staff, arranging vehicles, schedule planning, and also provides evidence to verify its disposal. It h relies on RFID equipment for collecting logistical data and uses digital imaging equipment to give further evidence; the reasoning core in the third layer is responsible for generating schedules and route plans and guidance, and the last layer delivers the result to inform users. The paper firstly introduces the current plasterboard disposal situation and addresses the logistical problem that is now the main barrier to a higher recycling rate, followed by discussion of the proposed system in terms of both system level structure and process structure. And finally, an example scenario will be given to illustrate the system’s utilization