6,719 research outputs found
The RFID PIA – developed by industry, agreed by regulators
This chapter discusses the privacy impact assessment (PIA) framework endorsed
by the European Commission on February 11th, 2011. This PIA, the first to receive the
Commission's endorsement, was developed to deal with privacy challenges associated with
the deployment of radio frequency identification (RFID) technology, a key building block of
the Internet of Things. The goal of this chapter is to present the methodology and key
constructs of the RFID PIA Framework in more detail than was possible in the official text.
RFID operators can use this article as a support document when they conduct PIAs and need
to interpret the PIA Framework. The chapter begins with a history of why and how the PIA
Framework for RFID came about. It then proceeds with a description of the endorsed PIA
process for RFID applications and explains in detail how this process is supposed to function.
It provides examples discussed during the development of the PIA Framework. These
examples reflect the rationale behind and evolution of the text's methods and definitions. The
chapter also provides insight into the stakeholder debates and compromises that have
important implications for PIAs in general.Series: Working Papers on Information Systems, Information Business and Operation
Cryptanalysis of two mutual authentication protocols for low-cost RFID
Radio Frequency Identification (RFID) is appearing as a favorite technology
for automated identification, which can be widely applied to many applications
such as e-passport, supply chain management and ticketing. However, researchers
have found many security and privacy problems along RFID technology. In recent
years, many researchers are interested in RFID authentication protocols and
their security flaws. In this paper, we analyze two of the newest RFID
authentication protocols which proposed by Fu et al. and Li et al. from several
security viewpoints. We present different attacks such as desynchronization
attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed
and Parallel system
AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems
Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique
AnonPri: A Secure Anonymous Private Authentication Protocol for RFID Systems
Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users\u27 privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags share a number of key components. Another technique is to perform group-based authentication that improves the tradeoff between scalability and privacy by dividing the tags into a number of groups. This novel authentication scheme ensures privacy of the tags. However, the level of privacy provided by the scheme decreases as more and more tags are compromised. To address this issue, in this paper, we propose a group based anonymous private authentication protocol (AnonPri) that provides higher level of privacy than the above mentioned group based scheme and achieves better efficiency (in terms of providing privacy) than the approaches that prompt the reader to perform an exhaustive search. Our protocol guarantees that the adversary cannot link the tag responses even if she can learn the identifier of the tags. Our evaluation results demonstrates that the level of privacy provided by AnonPri is higher than that of the group based authentication technique
A Privacy Preserving Framework for RFID Based Healthcare Systems
RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a nutshell, this technology has not really seen its true potential in healthcare industry since privacy concerns raised by the tag bearers are not properly addressed by existing identification techniques. There are two major types of privacy preservation techniques that are required in an RFID based healthcare system—(1) a privacy preserving authentication protocol is required while sensing RFID tags for different identification and monitoring purposes, and (2) a privacy preserving access control mechanism is required to restrict unauthorized access of private information while providing healthcare services using the tag ID. In this paper, we propose a framework (PriSens-HSAC) that makes an effort to address the above mentioned two privacy issues. To the best of our knowledge, it is the first framework to provide increased privacy in RFID based healthcare systems, using RFID authentication along with access control technique
In Things We Trust? Towards trustability in the Internet of Things
This essay discusses the main privacy, security and trustability issues with
the Internet of Things
Practical Schemes For Privacy & Security Enhanced RFID
Proper privacy protection in RFID systems is important. However, many of the
schemes known are impractical, either because they use hash functions instead
of the more hardware efficient symmetric encryption schemes as a efficient
cryptographic primitive, or because they incur a rather costly key search time
penalty at the reader. Moreover, they do not allow for dynamic, fine-grained
access control to the tag that cater for more complex usage scenarios.
In this paper we investigate such scenarios, and propose a model and
corresponding privacy friendly protocols for efficient and fine-grained
management of access permissions to tags. In particular we propose an efficient
mutual authentication protocol between a tag and a reader that achieves a
reasonable level of privacy, using only symmetric key cryptography on the tag,
while not requiring a costly key-search algorithm at the reader side. Moreover,
our protocol is able to recover from stolen readers.Comment: 18 page
- …