1 / 10

RFID Privacy: Ownership & Access

RFID Privacy: Ownership & Access. Andrea Soppera andrea.2.soppera@bt.com. CENTS Retreat 12-January-2005. RFID Tags. RFID Tag. Reader. Database. Radio Frequency Identification Tags listen for radio query and transmit their unique ID code.

lacey
Télécharger la présentation

RFID Privacy: Ownership & Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFID Privacy: Ownership & Access Andrea Soppera andrea.2.soppera@bt.com CENTS Retreat12-January-2005

  2. RFID Tags RFID Tag Reader Database Radio Frequency Identification Tags listen for radio query and transmit their unique ID code. Tags are passive and powered through the electromagnetic field of the reader. RFID Tag RFID Tag RFID Tag Reader RFID Tag RFID Tag

  3. RFID Privacy The release of a static identifier leads to privacy issues: • Leakage of personal or inventory information • Traceability of the tag Privacy ...is the claim of individuals... to determine for themselves when, how, and to what extent information about them is communicated to others... Our aim is to control how RFID information can flow (or be restricted) across different domains of ownership and access. 1967 by Alan F. Westin in “Privacy and Freedom “

  4. Kill Commands • Privacy can be crudely achieved by killing the tag. But: • Loss of functionality. The tag cannot be used later. • Only one shared ID domain. Everyone can read all of the time. • Application such as library, video rental or supply chain with rotating inventory cannot afford to kill the tags. Port Authority Transport Services Consumer Recycling Customs Manufacture Wholesale 2nd hand sales Retail Tag Killed

  5. Recoding • When the tag changes hands the tag is recoded • The new ID is linked to the original ID of the tag in the database(s) • Drawback: requires an online architecture and reader/tag that supports read/write operation • Synchronisation across multiple owners/readers is complex • Changing pseudonym at change of ownership may not be sufficient

  6. Pseudonyms Change of ownership would require recoding Problems of scalability (searching of pseudonym space) and resilience (loss of synchronisation) The tag output changes at each reading operation and is un-linkable by unauthorized readers. • Tag stores in memory a random identifier Si • H and G are hash functions Ohkubo, Suzuki, and Kinoshita

  7. Our Approach • Tag identifier is associated with Zroot • Pseudonyms are generated from the leaves • Sequences of pseudonyms generated by intermediate nodes Zroot Level 4 Right Left Level 3 Z0 Z1 Right Left Right Left Z00 Z01 Z10 Z11 Level 2 Right Right Right Right Left Left Left Left Z000 Z001 Z010 Z011 Z100 Z101 Z110 Z111 Level 1 Z01 provides access to “two” leaves Z1 provides access to “four” leaves

  8. Hierarchical Delegation Delegate Local Access S0 Reader ‘A’ RFID Tag X := F(S000) S0 S0 Output is generated from tree leaves Authorization Role S000 S1 Sroot Reader ‘B’ RFID Tag X := F(S100) S1 S1 Reader has access to limited number of output S100 Authorization Role knows the tree that identifies the tag Authorisation request

  9. Solving Privacy in RFID tags We propose a solution that allows transfer of ownership and delegation of access without re-keying the tag • The reader access expires after a designated number of read operations. • Disclosure of intermediate nodes can provide synchronization information • Complexity Properties: • O(N) Reader complexity to access the tag • O(N) Authorization role complexity to delegate tag access

  10. Privacy is improved, but we can do better • We may be able to improve complexity further by layering the tag information to achieve O(log(N)) • Need to perform security analysis and attack modelling • Require development of capability on the tag to store state and compute one-way functions Acknowledgements: David Wagner, David Molnar (UCB), Trevor Burbridge, Bob Briscoe (BT)

More Related