Upload File

rfid and privacy rfid security: theory and practice lorentz center, 26-28 march 2008

  • Home
  • Documents
  • RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008
22
RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Upload: solomon-scott

Post on 01-Jan-2016

224 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

RFID and privacy

RFID Security: theory and practice

Lorentz Center, 26-28 March 2008

Page 2: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Introduction

• College Bescherming Persoonsgegevens (the Dutch data protection authority)

• Rina Steenkamp ([email protected])

Page 3: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Understanding privacy implications of new technologies

A data protectionperspective

A technical perspective

An ‘application’perspective

Page 4: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

A technical perspective (1)

Tag interpretation

Immediate response

RFID technology

Page 5: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

A technical perspective (2)

Tag interpretation

Data accumulation

Delayed response

Database technology

Page 6: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Data mining / data sharing

A technical perspective (3)

Tag interpretation

Data accumulation

Shared databases

Response may be out of context

Page 7: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

A data protection perspective (1)

Tag interpretation

Doesn’t necessarily involve personal

data…

… though it may trigger the creation of personal data…

… and there might be other privacy

implications as well.

Page 8: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

A data protection perspective (2)

Tag interpretation

Data accumulation

Identifier

Personal data

Page 9: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

A privacy perspective (3)

Tag interpretation

Data accumulation

Data mining / data sharing

Identifier

Personal data

Page 10: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

An ‘application’ perspective (1)

Tag interpretation

Page 11: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

An ‘application’ perspective (2)

Tag interpretation

Page 12: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

An ‘application’ perspective (3)

Tag interpretation

…card-carrying communist…

…works at animal testing lab…

…expensive watch…

…’gold’ credit card…

Profiling based on combination of tags… … combination of tags

may identify the individual…

… and some tags might say the darndest things.

Page 13: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

… and some tags might say the darndest things.

…combination of tags may the individual…

Profiling based on combination of tags…

An ‘application’ perspective (4)

Tag interpretation

…card-carrying communist…

…works at animal testing lab…

…expensive watch…

…’gold’ credit card…For this scenario to become a reality, we

need…

…tiny tags that can be read at fairly long

distances……embedded in objects

that people have on their person…

…with understandable tag content…

…that is being read and interpreted.

Page 14: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

An ‘application’ perspective (5)

Tag interpretation

Data accumulationIdentifier

Digital identity

Page 15: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

An ‘application’ perspective (6)

Tag interpretation

Identifier

Unique product identifier

Data accumulation

Page 16: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

An ‘application’ perspective (7)

Tag interpretation

Data accumulation

Data mining / data sharing

Will

Ability

Sense of urgency

Legal obligation

Expectation of profit

StandardsInteroperability

Funding

Page 17: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Risks

Tag interpretation

Data accumulation

Data mining / data sharing

Hidden / unwanted tags

Hidden / unwanted reading

Excessive collection and processing of personal data

Scope creep

Unfair treatment

Page 18: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Risk mitigation

Tag interpretation

Data accumulation

Data mining / data sharing

Keep it in proportion – and beware of scope creep

Show and tell

Allow to delete, disable, destroy

Think before you tag

Think before you link

Page 19: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Legal safeguards (1)

Keep it in proportion

Show and tell

Allow to delete, disable, destroy

Think before you tag

Think before you link

Individual participation

Collection limitation

Use limitation Purpose specification

Openness

Page 20: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Legal safeguards (2)

Individual participation

Collection limitation

Use limitation Purpose specification

Openness AccountabilityData qualitySecurity

Page 21: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

RFID and privacy on the WWW

http://ec.europa.eu/information_society/policy/rfid/index_en.htm

http://www.dutchdpa.nl/

http://www.cbpweb.nl/

http://www.nvvir.nl/ http://www.ecp.nl

http://www.rathenau.nl

Page 22: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

Questions? Concerns? Etc.


Modelling Privacy for Off-line RFID Systems

Low-Cost RFID Systems: Confronting Security and Privacy

Personal Privacy Protection within Pervasive RFID Environments

RFID: Security and Privacy for Five-Cent Computers

Security, RFID and Consumers - Lorentz Center Schermer.pdf · Security, RFID and Consumers RFID Security, Theory and Practice mr. dr. Bart Schermer RFID Platform Nederland . About

Practical Schemes For Privacy & Security Enhanced RFID

RFID and Privacy Dan White RFID Technical Evangelist Engineering & Development Retail Solutions Division

Item-Level RFID and Consumer Privacy

RFID: Customer Contracts, Privacy, and the Law...RFID regulation • FTC stated that privacy is linked to database security • Companies using RFID to collect and augment personal

Privacy-Preserving RFID Systems: Model and Constructions · her. This leads to the notion of “privacy-preserving” authentication. Several models for privacy preserving RFID authentication

Security and privacy in RFID systems

RFID Tags: The Costs – Price and Privacy

RFID Tags: Privacy and Security without Cryptography Ari Juels [email protected] RFID-Privacy Workshop at MIT 15 November 2003

RFID Privacy - wess-workshop.org · Privacy is Hot! RFID Privacy in the last 7 years Two exciting apps: • Transportation Payments • Implantable Medical Devices The Future

REACT: An RFID-based privacy-preserving children tracking ...bbcr.uwaterloo.ca/~rxlu/paper/CN-REACT.pdf · REACT: An RFID-based privacy-preserving children tracking scheme for large

Privacy Issues in RFID Banknote Protection Schemes

New Directions in Detection, Security and Privacy for RFID

Wireless Location Privacy: Angriffspotential durch RFID und Gegenmaßnahmen

Privacy in Library RFID Attacks and Proposals

Preserving Privacy and Utility in RFID Data Publishing

Access and privacy control enforcement in RFID … · Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the Fosstrak platform Wiem

RFID and Privacy - Taneem Ibrahim

RFID AND YOUR PRIVACY— Myths and Facts · PDF fileRFID AND YOUR PRIVACY— Myths and Facts. ... The return on investment (ROI) RFID ... Table 1: Common RFID Myths and Facts Myth

Security and Privacy in RFID Applications

RFID Privacy

Corporate Privacy and Information Technology: the Case of RFID

RFID Privacy & Security Issues

Privacy Preserving Payments on Computational RFID Devices with

Feasible Privacy for Lightweight RFID Systems

RFID Security and Privacy

RFID Systems and Security and Privacy Implications

A Study on RFID Privacy Mechanism

RFID and Privacy

Privacy Protection for RFID Data

Information confinement, privacy, and security in RFID systemsswing07/schedule/DPM.pdfInformation confinement, privacy, and security in RFID systems (To appear at ESORICS ’07) Roberto