4,101 research outputs found

    Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

    Get PDF
    It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

    Tracking RFID

    Get PDF
    RFID-Radio Frequency Identification-is a powerful enabling technology with a wide range of potential applications. Its proponents initially overhyped its capabilities and business case: RFID deployment is proceeding along a much slower and less predictable trajectory than was initially thought. Nonetheless, in the end it is plausible that we will find ourselves moving in the direction of a world with pervasive RFID: a world in which objects\u27 wireless self-identification will become much more nearly routine, and networked devices will routinely collect and process the resulting information. RFID-equipped goods and documents present privacy threats: they may reveal information about themselves, and hence about the people carrying them, wirelessly to people whom the subjects might not have chosen to inform. That information leakage follows individuals, and reveals how they move through space. Not only does the profile that RFID technology helps construct contain information about where the subject is and has been, but RFID signifiers travel with the subject in the physical world, conveying information to devices that otherwise would not recognize it and that can take actions based on that information. RFID implementations, thus, can present three related privacy threats, which this article categorizes as surveillance, profiling, and action. RFID privacy consequences will differ in different implementations. It would be a mistake to conclude that an RFID implementation will pose no meaningful privacy threat because a tag does not directly store personally identifiable information, instead containing only a pointer to information contained in a separate database. Aside from any privacy threats presented by the database proprietor, privacy threats from third parties will depend on the extent to which those third parties can buy, barter, or otherwise gain database access. Where a tag neither points to nor carries personal identifying information, the extent of the privacy threat will depend in part on the degree to which data collectors will be able to link tag numbers with personally identifying information. Yet as profiling accelerates in the modem world, aided by the automatic, networked collection of information, information compiled by one data collector will increasingly be available to others as well; linking persistent identifiers to personally identifying information may turn out to be easy. Nor are sophisticated access controls and other cryptographic protections a complete answer to RFID privacy threats. The cost of those protections will make them impractical for many applications, though, and even with more sophisticated technology, security problems will remain. This article suggests appropriate government and regulatory responses to two important categories of RFID implementation. It concludes with a way of looking at, and an agenda for further research on, wireless identification technology more generally

    Large-scale Biometrics Deployment in Europe: Identifying Challenges and Threats

    Get PDF
    With large-scale biometrics deployment in the EU still in its infancy and with stakeholders racing to position themselves in view of the lucrative market that is forecasted, a study to identify challenges and threats that need to be dealt with was launched. This is the result: a report on Biometrics large-scale Deployment in Europe. The report tackles three main issues namely, the status, security / privacy and testing / certification processes. A survey was launched so as to help reveal the actual status of Biometrics large-scale Deployment initiatives in EU. The main outcome of the survey was that an open dissemination of implementation results policy is needed mainly on deployment plans, strategies, barriers and best practices. The security/ privacy challenges study identified a number of issues, the most important of which were related to proportionality and compliance to the existing regulatory framework while at the same time it revealed an important number of related actions aiming at ensuring both data security and privacy. The aim of the Bio Testing Europe study was double: to identify and collect comparable and certified results under different technologies, vendors and environments situations and to feed in this information to animate discussion among the members of a European network which would enhance the European testing and certification capacity. The study presents an integrated picture of the identified issues as well as a number of recommendations. With some of the systems that are being implemented involving millions of individuals as target users it is important for policy makers to adopt some of the options presented so as to address the identified through the study challengesJRC.J.4-Information Societ

    The Electronic Passport and the Future of Government-Issued RFID-Based Identification

    Get PDF
    Passports and other identification documents may be enhanced using recent advancements in technology. Various national and international bodies are pursuing machine-readable approaches with biometric information. In particular, the international civil aviation organization (ICAO) has adopted standards whereby passports can store biometric identifiers. Countries that participate in the visa waiver program (VWP) began issuing electronic passports in 2006. However, the selection of technologies remains questionable due to privacy and security concerns. This paper examines policy regarding these electronic approaches and developments toward electronic data storage and transmission. Radio-frequency identification (RFID) devices for electronic passports and other existing identity documents are discussed

    Formal verification and access control approach of an IoT protocol

    Get PDF
    Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2017.Protocolos de Segurança estão na nossa rotina diária e exemplos distosão compras utilizando o cartão de crédito, eleição eletrônica, redes sem fio e etc. O primeiro objetivo deste trabalho é a verificação formal dos aspectos de segurança de um protocolo voltado para Wireless Sensor Networks (WSN). O Trustful Space-Time Protocol (TSTP) engloba a maioria das características necessárias para aplicações WSN como por exemplo controle de acesso, roteamento geográfico de pacotes, estimativa de localização, relógio precisamente sincronizado, canais de comunicação segura e um esquema de distribuição de chaves entre o gateway e os sensores. Após a análise formal do protocolo de distribuição de chaves do TSTP usando Proverif, nós encontramos duas falhas de segurança: uma relacionada ao componente de sincronização de tempo e outra relacionada ao método mac-then-encrypt empregado. Com as falhas encontradas nós propómos uma versão melhorada do protocolo de distribuição de chaves. O segundo objetivo é criar um esquema de controle de acesso sensível ao contexto para dispositivos Internet de Coisas(IoC) usando TSTP como canal de comunicação. O esquema da política foi projetado para um cenário Smart Campus e seu contexto. Aproveitamos os recursos do TSTP para adicionar dados de tempo e espaço como contexto para o nosso modelo. Após o desenho do modelo de política, descrevemos seu modelo simbólico e fizemos uma análise formal para ter certeza de que os valores das propriedades de contexto não foram adulterados.Abstract : Security protocols are included in our every day routine. A few examplesare credit card purchases, e-voting, wireless networks, etc. Thefirst goal of this dissertation is the formal verification of the securityaspects of a cross-layer, application-oriented communication protocolfor Wireless Sensor Networks (WSN). The Trustful Space-Time Protocol(TSTP) encompasses a majority of features recurrently needed byWSN applications like medium access control, geographic routing, locationestimation, precise time synchronization, secure communicationchannels and a key distribution scheme between sensors and the sink.After the security protocol analysis of TSTP?s key distribution protocolusing ProVerif we were able to find two security flaws: one related tothe time synchronization component and another being a bad approachrelated to a mac-then-encrypt method employed. With our findingswe propose an improved version of the key distribution protocol. Thesecond goal is to create a context-aware access control scheme for Internetof Things(IoT) devices using TSTP as a communication channel.The policy?s scheme was designed for a Smart Campus scenario andits context. We take advantage of TSTP?s features to add time andspace data as context for our model too. After the design of the policymodel, we described its symbolic model and we did a formal analysisto be sure that the context properties values were not tampered
    corecore