Abstract
RFID tags have very promising applications in many domains (retail, rental, surveillance, medicine to name a few). Unfortunately the use of these tags can have serious implications on the privacy of people carrying tagged items. Serious opposition from consumers has already thwarted several trials of this technology. The main fears associated with the tags is that they may allow other parties to covertly collect information about people or to trace them wherever they go. As long as these privacy issues remain unresolved, it will be impossible to reap the benefits of these new applications. Current solutions to privacy problems are typically limited to the application layer. RFID system have three layers, application, communication and physical. We demonstrate that privacy issues cannot be solved without looking at each layer separately. We also show that current solutions fail to address the multilayer aspect of privacy and as a result fail to protect it. For each layer we describe the main threats and give tentative solutions.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Auto-ID Labs, http://www.autoidlabs.org
Avoine, G.: Privacy issues in RFID banknote protection schemes. In: Smart Card Research and Advanced Applications – CARDIS, pp. 33–48. Kluwer, Dordrecht (2004)
Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communications Security – PerSec 2005, pp. 110–114. IEEE, Los Alamitos (2005)
Electronic Product Code Global Inc., http://www.epcglobalinc.org
EPC. Draft protocol specification for a 900 MHz class 0 radio frequency identification tag (February 2003), http://www.epcglobalinc.org
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Workshop on Pervasive Computing and Communications Security – PerSec 2004, pp. 149–153. IEEE, Los Alamitos (2004)
International Organization for Standardization, http://www.iso.org
ISO/IEC 18000. Automatic identification – radio frequency identification for item management – communications and interfaces, http://www.iso.org
ISO/IEC 18000-1. Information technology AIDC techniques – RFID for item management – air interface, part 1 – generic parameters for air interface communication for globally accepted frequencies, http://www.iso.org
ISO/IEC 18000-3. Information technology AIDC techniques – RFID for item management – air interface, part 3 – parameters for air interface communications at 13.56 MHz, http://www.iso.org
ISO/IEC 7498-1:1994. Information technology – open systems interconnection – basic reference model: The basic model (November 1994), http://www.iso.org
Juels, A.: “yoking-proofs” for RFID tags. In: Workshop on Pervasive Computing and Communications Security – PerSec 2004, pp. 138–143. IEEE, Los Alamitos (2004)
Juels, A., Rivest, R., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Conference on Computer and Communications Security – ACM CCS, pp. 103–111. ACM, New York (2003)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Conference on Computer and Communications Security – ACM CCS, pp. 210–219. ACM, New York (2004)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop, November 2003. MIT, MA (2003)
Philips. I-Code1 Label ICs protocol air interface (May 2002)
Saito, J., Ryou, J.-C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., et al. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)
Sarma, S., Weis, S., Engels, D.: RFID systems and security and privacy implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)
Toonstra, J., Kinsner, W.: Transient analysis and genetic algorithms for classification. In: IEEE WESCANEX 1995. Communications, Power, and Computing, vol. 2, pp. 432–437. IEEE, Los Alamitos (1995)
Weis, S.: Security and privacy in radio-frequency identification devices (master thesis) (May 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Avoine, G., Oechslin, P. (2005). RFID Traceability: A Multilayer Problem. In: Patrick, A.S., Yung, M. (eds) Financial Cryptography and Data Security. FC 2005. Lecture Notes in Computer Science, vol 3570. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11507840_14
Download citation
DOI: https://doi.org/10.1007/11507840_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26656-3
Online ISBN: 978-3-540-31680-0
eBook Packages: Computer ScienceComputer Science (R0)