Abstract
Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Avoine Gildas: Adversary Model for Radio Frequency Identification. In: LASEC Technical Report, 2005-001, Swiss Federal Institute of Technology (EPFL). 2005, 14 pages.
Brands Stefan, Chaum David: Distance-Bounding Protocols. In: Advances in Cryptology – EURO-CRYPT 1993, Lecture Notes in Computer Science, LNCS 765, Springer-Verlag. 1994, p. 344-359.
Dimitriou Tassos: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, IEEE Computer Society. 2005, p. 59-66.
Engberg Stephan, Harning Morten Borup, Jensen Christian Damsgaard: Zero-knowledge Device Authentication: Privacy and Security Enhanced RFID Preserving Business Value and Consumer Convenience. In: Proceedings of the Second Annual Conference on Privacy, Security and Trust. 2004, p. 89-101.
EPC global: Class 1 Generation 2 UHF Air Interface Protocol Standard version 1.2.0. In: http://www.epcglobalinc.org/home. 2008, 108 pages.
Frumkin Dmitry, Shamir Adi. Untrusted-HB: Security Vulnerabilities of Trusted-HB. In: Proceedings of the 5th Workshop on RFID Security. 2009, p. 62-71.
Hancke G.P, Kuhn M.G.: An RFID Distance Bounding Protocol. In: Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, IEEE Computer Society. 2005, p. 67-73.
Henrici Dirk, Müller Paul: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Proceedings of the 2nd IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE Computer Society. 2004, p. 149-153.
IBM: IBM Licenses Clipped Tag RFID Technology to Marnlen RFiD. In: http://www-03.ibm.com/press/us/en/pressrelease/20592.wss. 2006.
Juels Ari, Rivest Ronald, Szydlo Michael: The blocker tag: selective blocking of RFID tags for consumer privacy. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, ACM. 2003, p. 103-111.
Juels Ari, Syverson Paul, Bailey Daniel: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Proceedings of the 5th International Workshop on Privacy Enhancing Technologies, Lecture Notes in Computer Science, LNCS 3856, Springer-Verlag. 2005, p. 210-226.
Juels Ari, Weis Stephen: Authenticating pervasive devices with human protocols. In: Advances in Cryptology – CRYPTO 2005, Lecture Notes in Computer Science, LNCS 3621, Springer-Verlag. 2005, p. 293-308.
Juels Ari, Weis Stephen: Defining Strong Privacy for RFID. In: Proceedings of the 5th IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE Computer Society 2007, p. 342-347.
Karjoth Günther, Moskowitz Paul: Disabling RFID tags with visible confirmation: clipped tags are silenced. In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, ACM. 2005, p. 27-30.
Molnar David, Soppera Andrea, Wagner David: A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In: Proceedings of the 12th International Workshop on Selected Areas in Cryptography, Lecture Notes in Computer Science, LNCS 3897, Springer-Verlag. 2005, p. 276-290.
Molnar David, Wagner David: Privacy and security in library RFID: Issues, practices, and architectures. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, ACM. 2004, p. 210-219.
Rieback M., Crispo B., Tanenbaum A.: RFID Guardian: A batterypowered mobile device for RFID privacy management. In: Proceedings of the 10th Australasian Conference on Information Security and Privacy, Lecture Notes in Computer Science, LNCS 3574, Springer-Verlag. 2005, p. 184-194.
Sadeghi A-R., Visconti I., WachtsmannC: Efficient RFID Security and Privacy with Anonymizers. In: Proceedings of the 5th Workshop on RFID Security. 2009, p. 153-172.
Singelée Dave, Preneel Bart: Distance Bounding in Noisy Environments. In: Proceedings of the 4th European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, Lecture Notes in Computer Science, LNCS 4572, Springer-Verlag. 2007, p. 101-115.
Song Boyeon, Mitchell Chris J.: RFID authentication protocol for low-cost tags. In: Proceedings of the 1 st ACM Conference on Wireless Network Security, ACM. 2008, p. 140-147.
Spiekermann Sarah, Evdokimov Sergei: Critical RFID Privacy-Enhancing Technologies. In: IEEE Security and Privacy, Vol. 7, no. 2, IEEE Computer Society. 2009, p. 56-62.
Tsudik Gene: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: Proceedings of the 4th IEEE International Conference on Pervasive Computing and Communications Workshops, IEEE Computer Society. 2006, p. 640-643.
Vaudenay Serge: On Privacy Models for RFID. In: Advances in Cryptology – ASIACRYPT 2007, Lecture Notes in Computer Science, LNCS 4833, Springer-Verlag. 2007, p. 68-87.
Weis S., Sarma S., Rivest S., Engels D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Proceedings of the 1st International Conference on Security in Pervasive Computing, Lecture Notes in Computer Science, LNCS 2802, Springer-Verlag. 2003, p. 454-469.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2010 Vieweg+Teubner | GWV Fachverlage GmbH
About this chapter
Cite this chapter
Singelée, D., Seys, S. (2010). User Privacy in RFID Networks. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2009 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9363-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9363-5_20
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0958-2
Online ISBN: 978-3-8348-9363-5
eBook Packages: Computer ScienceComputer Science (R0)