Categorizing RFID Privacy Threats with STRIDE

Craig Thompson

Outline

Title

Electrical and Electronic Engineering

Categorizing RFID Privacy Threats with STRIDE

Craig Thompson

Sign up for access to the world's latest research

checkGet notified about relevant papers

checkSave papers to use in your research

checkJoin the discussion with peers

checkTrack your impact

Abstract

Privacy threats by radio frequency identification (RFID) are categorized using the security-oriented STRIDE model. Categorizing the privacy threats with STRIDE identifies potential strategies for mitigating them. Preliminary results for preventing tracking using universal re-encryption are presented.

Pawel Rotter

IEEE Pervasive Computing, 2000

downloadDownload free PDF View PDFchevron_right

RFID Security and Privacy: A Research Survey

Khushal Khehra

— This article surveys recent technical research on the problems of privacy and security for RFID (Radio Frequency IDentification). RFID tags are small, wireless devices that help identify objects and people. Thanks to dropping cost, they are likely to proliferate into the billions in the next several years – and eventually into the trillions. RFID tags track objects in supply chains, and are working their way into the pockets, belongings and even the bodies of consumers. This survey examines approaches proposed by scientists for privacy protection and integrity assurance in RFID systems, and treats the social and technical context of their work. While geared toward the non-specialist, the survey may also serve as a reference for specialist readers. A condensed version of this survey will appear in the IEEE Journal on Selected Areas in Communication (J-SAC) in 2006.

downloadDownload free PDF View PDFchevron_right

RFID Privacy Models Revisited

Rei Safavi-naini

In Asiacrypt 2007, Vaudenay proposed a formal model addressing privacy in RFID, which separated privacy into eight classes. One important conclusion in the paper is the impossibility of achieving strong privacy in RFID. He also left an open question whether forward privacy without PKC is possible. In our paper, first we revisit the eight RFID privacy classes and simplify them into three classes that will address the same goal. Second, we show that strong privacy in RFID is achievable. Third, we answer the open question by pointing out the possibility to achieve forward privacy without PKC both within Vaudenay's model and in practice.

downloadDownload free PDF View PDFchevron_right

Confronting Security and Privacy Threats in Modern RFID Systems

Damith Ranasinghe

2006 Fortieth Asilomar Conference on Signals, Systems and Computers, 2006

downloadDownload free PDF View PDFchevron_right

Standards, Security & Privacy Issues about Radio Frequency Identification (RFID)

emre korkmaz

RFID Eurasia, 2007 1st Annual, 2007

There is no doubt that managing the flow of goods depends on monitoring the real flow in the physical world meanwhile in the digital world. Today automatic identification (auto-ID) technologies are used to close the gap between these two different environments by online updating of ...

downloadDownload free PDF View PDFchevron_right

Security and Privacy Issues of RFID

Harpreet bajaj

2007

As Radio Frequency Identification (RFID) technology becomes pervasive in our lives, literally woven into the fabric of our society, there exists the danger to personal privacy, loss of anonymity, and violation of location privacy to all individuals. Even cash, which offers true anonymity for consumers, may be threatened by RFID technology.

downloadDownload free PDF View PDFchevron_right

A New Framework for Privacy of RFID Path Authentication

Shaoying Cai

Lecture Notes in Computer Science, 2012

RFID-based path authentication enables supply chain managers to verify the exact path that a tag has taken. In this paper, we introduce a new oracle Move that models a tag's movement along a designed or an arbitrary path in a supply chain. With this oracle, we refine the existing security and privacy notions for RFID-based path authentication. In addition, we propose a new privacy notion, called path privacy, for RFID-based path authentication. Our privacy notion captures the privacy of both tag identity and path information in a single game. Compared to existing two-game based privacy notions, it is more rigorous, powerful, and concise. We also construct a new path authentication scheme. Our scheme does not require the entities in a supply chain to have any connection with each other except in the initial stage. It requires only 480 bits storage and no computational ability on each tag; thus it can be deployed on the standard EPCglobal Class 1 Generation 2 tags in the market.

downloadDownload free PDF View PDFchevron_right

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

Paul Mueller

Lecture Notes in Computer Science

This paper introduces shortly into the security and privacy issues of RFID systems and presents a simple approach to greatly enhance location privacy by changing traceable identifiers securely on every read attempt. The scheme gets by with only a single, unreliable message exchange. By employing one-way hash functions the scheme is safe from many security threats. It is intended for use in item identification but is useful in other applications as well.

downloadDownload free PDF View PDFchevron_right

Privacy and data protection in emerging RFID-applications

Olli Pitkänen

… HIIT, Helsinki University of Technology and …, 2007

downloadDownload free PDF View PDFchevron_right

Privacy and Personal Information Protection in RFID Systems

Yasunobu Nohara

Applications, Technology, Security, and Privacy, 2008

downloadDownload free PDF View PDFchevron_right

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

References (12)

REFERENCES
Sarma, S. A history of the EPC. RFID: Applications, Security, and Privacy. Garfinkel, S., and Rosenberg, B., Eds. Addison-Wesley, Upper Saddle River, NJ, 2006, 37-55.
Perrin, S. RFID and global privacy policy. RFID: Applications, Security, and Privacy. Garfinkel, S., and Rosenberg, B., Eds. Addison-Wesley, Upper Saddle River, NJ, 2006, 57-81.
Thompson, C. Everything is alive. IEEE Internet Computing, (Jan./Feb. 2004).
Weinberg, J.. RFID, privacy, and regulation. RFID: Applications, Security, and Privacy. Garfinkel, S., and Rosenberg, B., Eds. Addison-Wesley, Upper Saddle River, NJ, 2006, 83-97.
Chaudhry, N., Thompson, D. R., and Thompson, C. RFID Technical Tutorial and Threat Modeling, ver. 1.0. Technical Report, CSCE Dept., University of Arkansas, Fayetteville, Arkansas, 2005. Available: http://csce.uark.edu/~drt/rfid
Thompson, D. R., Chaudhry, N., and Thompson, C. W. RFID security threat model. In Proceedings Acxiom Laboratory for Applied Research (ALAR) Conf. Conway, Arkansas, Mar. 3, 2006.
Karthikeyan, S., and Nesterenko, M. RFID security without expensive cryptography. In Proceedings ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN).
Alexandria, VA, Nov. 2005, 63-67.
Howard, M., and LeBlanc, D. Writing Secure Code, 2nd ed. Microsoft Press, Redmond, WA, 2003.
Langheinrich, M. Privacy by design-Principles of privacy- aware ubiquitous systems. In Proceedings Ubicomp. Atlanta, GA, Oct. 2001.
Golle, P., Jakosbsson, M, Juels, A., and Syverson, P. Universal re-encryption for mixnets. Lecture Notes in Computer Science, (2004), 163-178.

Related papers

Cataloging RFID Privacy and Security

pablo guerrero

2006

Due to recommendations from government agencies such as the U.S. Department of Defense or the Food and Drug Administration, mandates from private sector companies such as WalMart, Metro or Tesco, and even visions such as that of the Internet of Things, Radio Frequency Identification (RFID) technologies have gained great thrust. The widespread realization of existing and envisioned applications, however, requires researchers, developers and adopters to carefully consider the way these technologies will be applied. In this paper we inspect the current research on two quality attributes that greatly impact all actors of the RFID ecosystem: privacy and security. In order to ensure an appropriate quality of service, these aspects are tackled throughout the protocol stack linking tags and readers. We explore different mechanisms and catalog them in each of these layers, discerning the attacks faced and providing technical insight on the proposed alternatives.

downloadDownload free PDF View PDFchevron_right

Rfid Technology, Privacy and Security Udc 65.011.56

Stevan Stankovski

2010

Every day, people interact directly with a Radio Frequency Identification (RFID) device (tag), buying a product or accessing some desired place. The tag can then be interrogated via radio waves by an RFID reader to return a small amount of information, such as an identification code or personal data. Also, the RFID technology is very useful for supplying chain management, item tracking and other areas. At the same time, the RFID technology raises privacy and security issues. For example, applying RFID tags to individual items raises the possibility that the movement of these items can be tracked, or that individuals can be scanned to learn what items they carry. Many other examples can be named to illustrate problems arising from undesired uses of the RFID data. This paper presents some issues that can be very helpful for overcoming the above mentioned problems.

downloadDownload free PDF View PDFchevron_right

User Privacy in RFID Networks

Dave Singelee, Stefaan Seys

ISSE 2009 Securing Electronic Business Processes, 2010

Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.

downloadDownload free PDF View PDFchevron_right

Privacy Enhancing Technologies for RFID - A Critical State-of-the-Art Report

Sergei Evdokimov

2000

Radio Frequency Identification (RFID) is a technology that allows for automatic and remote identification of objects and is currently discussed as one of the most important technical enablers of Pervasive Computing, boosting economic processes and home computing applications. However, as far as privacy is concerned RFID is still in its 'kindershoes'. A public outcry as to the privacy and security

downloadDownload free PDF View PDFchevron_right

RFID security and privacy concerns

Anup Kumar

Proceedings of the 5th ACM workshop on Wireless security - WiSe '06, 2006

Abstract: - Radio Frequency Identification (RFID) technology is emerging as an important tool with applications in a variety of fields. The major concern regarding RFID is the ubiquitous nature of its deployment that extends far beyond the capabilities of any of the tools available ...

downloadDownload free PDF View PDFchevron_right

A holistic approach to RFID security and privacy

Evangelos Rekleitis

2010

RFID technology constitutes an important part of what has become known as the IoT; i.e accessible and interconnected machines and everyday objects that form a dynamic and complex environment. In order to be able to secure the IoT in a cost-efficient manner we need to build security and privacy into the design of its components. Thus, in this paper, we first introduce the use of security and privacy policies that can offer fine granularity and context-aware information control in RFID systems, and with this in mind, we propose a novel secure and privacy preserving tag management protocol to implement such policies. The new protocol has a modular design in order to support all the basic management operations (tag authentication, delegation and ownership transfer), while imposing minimal hardware and computational requirements on the tag side.

downloadDownload free PDF View PDFchevron_right

RFID Systems and Security and Privacy Implications

Sanjay E. Sarma

Cryptographic Hardware and Embedded Systems - CHES 2002, 2003

The Auto-ID Center is developing low-cost radio frequency identification (RFID) based systems with the initial application as next generation bar-codes. We describe RFID technology, summarize our approach and our research, and most importantly, describe the research opportunities in RFID for experts in cryptography and information security. The common theme in low-cost RFID systems is that computation resources are very limited, and all aspects of the RFID system are connected to each other. Understanding these connections and the resulting design trade-offs is an important prerequisite to effectively answering the challenges of security and privacy in low-cost RFID systems.

downloadDownload free PDF View PDFchevron_right

Privacy and Security Aspects of RFID Tags

Dong-Her Shih

2005

RFID has recently received a lot of attention as an augmentation technology in manufacturing, SCM and retail inventory control. However, widespread deployment of RFID tags may create new threats to security and privacy of individuals and organizations. This paper gives an overview of all types of RFID privacy and security problems and its countermeasures.

downloadDownload free PDF View PDFchevron_right

Classification of RFID Threats based on Security Principles

Aikaterini Mitrokotsa

engr.sjsu.edu

RFID technology is an area currently undergoing active development. An issue, which has received a lot of attention, is the security risks that arise due to the inherent vulnerabilities of RFID technology. Most of this attention, however, has focused on related privacy issues. The goal of this chapter is to present a more global overview of RFID threats. This can not only help experts perform risk analyses of RFID systems but also increase awareness and understanding of RFID security issues for non-experts. We use clearly defined and widely accepted concepts from both the RFID area and classical risk analysis to structure this overview.

downloadDownload free PDF View PDFchevron_right

Privacy protection for RFID data

Benjamin C. M. Fung

Proceedings of the 2009 ACM symposium on Applied Computing, 2009

Radio Frequency IDentification (RFID) is a technology of automatic object identification. Retailers and manufacturers have created compelling business cases for deploying RFID in their supply chains. Yet, the uniquely identifiable objects pose a privacy threat to individuals. In this paper, we study the privacy threats caused by publishing RFID data. Even if the explicit identifying information, such as name and social security number, has been removed from the published RFID data, an adversary may identify a target victim's record or infer her sensitive value by matching a priori known visited locations and timestamps. RFID data by default is high-dimensional and sparse, so applying traditional K-anonymity to RFID data suffers from the curse of high dimensionality, and would result in poor data usefulness. We define a new privacy model, develop an anonymization algorithm to accommodate special challenges on RFID data, and evaluate its performance in terms of data quality, efficiency, and scalability. To the best of our knowledge, this is the first work on anonymizing high-dimensional RFID data.

downloadDownload free PDF View PDFchevron_right

Categorizing RFID Privacy Threats with STRIDE

Sign up for access to the world's latest research

Abstract

Related papers

References (12)

Related papers

Related topics