Personal Privacy Protection within Pervasive RFID Environments

Recent advancements in location tracking technologies have increased the threat to an individual\u27s personal privacy. Radio frequency identification (RFID) technology allows for the identification and potentially continuous tracking of an object or individual, without obtaining the individual\u27s consent or even awareness that the tracking is taking place. Although many positive applications for RFID technology exist, for example in the commercial sector and law enforcement, the potential for abuse in the collection and use of personal information through this technology also exists. Location data linked to other types of personal information allows not only the detection of past spatial travel and activity patterns, but also inferences regarding past and future behavior and preferences. Legislative and technological solutions to deal with the increased privacy threat raised by this and similar tracking technologies have been proposed. Such approaches in isolation have significant limitations. This thesis hypothesizes that an approach may be developed with high potential for sufficiently protecting individual privacy in the use of RFID technologies while also strongly supporting marketplace uses of such tags. The research develops and investigates the limits of approaches that might be us,ed to protect privacy in pervasive RFID surveillance environments. The conclusion is ultimately reached that an approach facilitating individual control over the linking of unique RFID tag ID numbers to personal identity implemented though a combination of legal controls and technological capabilities would be a highly desirable option in balancing the interests of both the commercial sector and the information privacy interests of individuals. The specific model developed is responsive to the core ethical principle of autonomy of the individual and as such is also intended to be more responsive to the needs of individual consumers. The technological approach proposed integrated with enabling privacy legislation and private contract law to enable interactive alteration of privacy preferences should result in marketplace solutions acceptable to both potential commercial users and those being tracked

Personal Privacy Protection within Pervasive RFID Environments

Recent advancements in location tracking technologies have increased the threat to an individual\u27s personal privacy. Radio frequency identification (RFID) technology allows for the identification and potentially continuous tracking of an object or individual, without obtaining the individual\u27s consent or even awareness that the tracking is taking place. Although many positive applications for RFID technology exist, for example in the commercial sector and law enforcement, the potential for abuse in the collection and use of personal information through this technology also exists. Location data linked to other types of personal information allows not only the detection of past spatial travel and activity patterns, but also inferences regarding past and future behavior and preferences. Legislative and technological solutions to deal with the increased privacy threat raised by this and similar tracking technologies have been proposed. Such approaches in isolation have significant limitations. This thesis hypothesizes that an approach may be developed with high potential for sufficiently protecting individual privacy in the use of RFID technologies while also strongly supporting marketplace uses of such tags. The research develops and investigates the limits of approaches that might be us,ed to protect privacy in pervasive RFID surveillance environments. The conclusion is ultimately reached that an approach facilitating individual control over the linking of unique RFID tag ID numbers to personal identity implemented though a combination of legal controls and technological capabilities would be a highly desirable option in balancing the interests of both the commercial sector and the information privacy interests of individuals. The specific model developed is responsive to the core ethical principle of autonomy of the individual and as such is also intended to be more responsive to the needs of individual consumers. The technological approach proposed integrated with enabling privacy legislation and private contract law to enable interactive alteration of privacy preferences should result in marketplace solutions acceptable to both potential commercial users and those being tracked

A Taxonomy of Security Threats and Solutions for RFID Systems

RFID (Radio Frequency Identification) is a method of wireless data collection technology that uses RFID tags or transponders to electronically store and retrieve data. RFID tags are quickly replacing barcodes as the “identification system of choice” [1]. Since RFID devices are electronic devices, they can be hacked into by an outsider, and their data can be accessed or modified without the user knowing. New threats to RFID-enabled systems are always on the horizon. A systematic classification should be used to categorize these threats to help reduce confusion. This paper will look at the problem of security threats towards RFID systems, and provide a taxonomy for these threats

ALGSICS - Combining physics and cryptography to enhance security and privacy in RFID systems

In this paper, we introduce several new mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. Our aim is to provide solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus, enhance the privacy friendliness of the technology "almost" for free. Our proposals, for example, make use of environmental information (presence of light temperature, humidity, etc.) to disable or enable the RFID tag. A second possibility that we explore is the use of delays in revealing a secret key used to later establish a secure communication channel. We also introduce the idea of a "sticky tag," which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we review previous works that use physical principles to provide security and privacy in RFID systems

Privacy & authentication in extreme low power wireless devices: RFID and µ-sensors

Authentication and Privacy are important concerns in current low power wireless devices like RFID and µ-sensors. µ-sensors are low power devices which have been identified as being useful in variety of domains including battlefield and perimeter defense etc. Radio-Frequency Identification (RFID) is a technology for automated identification of objects and people. An RFID device frequently called RFID tag is a small microchip device that holds limited amount of data and transmits the same over the various frequency ranges. An RFID tag is typically attached to an item and contain identification information like serial numbers unique to that item. RFID tags are recently being used in several application areas like inventory management, medicines and security systems etc. Since sensors are deployed in an unattended hostile environment, they are vulnerable to various kinds of attacks. An adversary can pose insider or outsider attacks into the network with the goal of both deceiving the base station and depleting the resources of the relaying nodes. Authentication schemes are implemented that will enable base station to detect any false data transmission. RFIDs, on the other hand pose two main security concerns for users: clandestine tracking and inventorying. RFID tags respond to reader interrogation without alerting their owners or bearers. Thus, where read range permits clandestine scanning of tags is a plausible threat. Security requirements in both of these low power devices are comprised of authentication, integrity, privacy and anti-playback. The recipient of the message needs to be able to unequivocally assure that the message came from its stated source. Similarly, the recipient needs to be assured that the message was not altered in transit and that it is not an earlier message being re-played in order to veil the current environment. Finally, all communications needs to be kept private such that eavesdroppers cannot intercept study and analyze, and devise countermeasures to circumvent the purposes of the sensor network. This thesis implements authentication schemes in µ-sensors that will detect false injection of data into the communication path of the base station and sensors. In addition to that this thesis focuses on an application of RFIDs deployed in library application. Discusses the privacy and authentication issues in RFID tags particularly in the library domain. Describes an authentication scheme implementation to handle these vulnerabilities