Locating Agents in RFID Architectures

The use of software agents can create an “intelligent” interface between users’ preferences and the back‐end systems. Agents are now able to interact and communicate with each other, forming a virtual community and feeding back the user with suggestions. Innovative systems related to Asset Tracking, Inventory and Shelving architectures are more often involving advanced communication techniques (e.g., RFID); these systems are responsible for user authentication and objects verification. RFID systems could have jamming situations where many objects are moving at the same time and in the same direction. Moreover, other disadvantages have also been observed, such as hindering further implementations, privacy and security issues problems, in addition to the system’s disruptive behavior in case of crowd checkouts (e.g., Supermarket and Airports). Addressing these disadvantages, this paper proposes a possible integration between a Multi‐Agent framework and an RFID‐based application (back‐end). This integration would allow objects (such as passports or goods) with RFID tags to better check‐out through airports or supermarket gates that contain RFID‐readers

Privacy analysis of forward and backward untraceable RFID authentication schemes

In this paper, we analyze the rst known provably secure RFID authentication schemes that are designed to provide forward untraceability and backward untraceability: the L-K and S-M schemes. We show how to trace tags in the L-K scheme without needing to corrupt tags. We also show that if a standard cryptographic pseudorandom bit generator (PRBG) is used in the S-M scheme, then the scheme may fail to provide forward untraceability and backward untraceability. To achieve the desired untraceability features, we show that the S-M scheme can use a robust PRBG which provides forward security and backward security. We also note that the backward security is stronger than necessary for the backward untraceability of the S-M scheme

Cryptanalysis of a new ultralightweight RFID authentication protocol—SASI

Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low computational effort required for tags, in view that most tags are passive devices that derive power from an RFID reader’s signals. Along this vein, a class of ultralightweight RFID authentication protocols has been designed, which uses only the most basic bitwise and arithmetic operations like exclusive- OR, OR, addition, rotation, and so forth. In this paper, we analyze the security of the SASI protocol, a recently proposed ultralightweight RFID protocol with better claimed security than earlier protocols. We show that SASI does not achieve resistance to tracking, which is one of its design objectives

Large-scale Biometrics Deployment in Europe: Identifying Challenges and Threats

With large-scale biometrics deployment in the EU still in its infancy and with stakeholders racing to position themselves in view of the lucrative market that is forecasted, a study to identify challenges and threats that need to be dealt with was launched. This is the result: a report on Biometrics large-scale Deployment in Europe. The report tackles three main issues namely, the status, security / privacy and testing / certification processes. A survey was launched so as to help reveal the actual status of Biometrics large-scale Deployment initiatives in EU. The main outcome of the survey was that an open dissemination of implementation results policy is needed mainly on deployment plans, strategies, barriers and best practices. The security/ privacy challenges study identified a number of issues, the most important of which were related to proportionality and compliance to the existing regulatory framework while at the same time it revealed an important number of related actions aiming at ensuring both data security and privacy. The aim of the Bio Testing Europe study was double: to identify and collect comparable and certified results under different technologies, vendors and environments situations and to feed in this information to animate discussion among the members of a European network which would enhance the European testing and certification capacity. The study presents an integrated picture of the identified issues as well as a number of recommendations. With some of the systems that are being implemented involving millions of individuals as target users it is important for policy makers to adopt some of the options presented so as to address the identified through the study challengesJRC.J.4-Information Societ

Privacy of Recent RFID Authentication Protocols

Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tag’s identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols

The State of the Electronic Identity Market: Technologies, Infrastructure, Services and Policies

Authenticating onto systems, connecting to mobile networks and providing identity data to access services is common ground for most EU citizens, however what is disruptive is that digital technologies fundamentally alter and upset the ways identity is managed, by people, companies and governments. Technological progress in cryptography, identity systems design, smart card design and mobile phone authentication have been developed as a convenient and reliable answer to the need for authentication. Yet, these advances ar enot sufficient to satisfy the needs across people's many spheres of activity: work, leisure, health, social activities nor have they been used to enable cross-border service implementation in the Single Digital Market, or to ensure trust in cross border eCommerce. The study findings assert that the potentially great added value of eID technologies in enabling the Digital Economy has not yet been fulfilled, and fresh efforts are needed to build identification and authentication systems that people can live with, trust and use. The study finds that usability, minimum disclosure and portability, essential features of future systems, are at the margin of the market and cross-country, cross-sector eID systems for business and public service are only in their infancy. This report joins up the dots, and provides significant exploratory evidence of the potential of eID for the Single Digital Market. A clear understanding of this market is crucial for policy action on identification and authentication, eSignature and interoperability.JRC.DDG.J.4-Information Societ