Article

Privacy for RFID through trusted computing

Authors:

Andrea Soppera,

David WagnerAuthors Info & Claims

WPES '05: Proceedings of the 2005 ACM workshop on Privacy in the electronic society

Pages 31 - 34

https://doi.org/10.1145/1102199.1102206

Published: 07 November 2005 Publication History

Abstract

Radio Frequency Identification (RFID) technology raises significant privacy issues because it enables tracking of items and people possibly without their knowledge or consent. One of the biggest challenges for RFID technology is to provide privacy protection without raising tag production and management cost. We introduce a new architecture that uses trusted computing primitives to solve this problem. Our design splits the RFID reader into three software modules: a Reader Core with basic functionality, a Policy Engine that controls the use of RFID-derived data, and a Consumer Agent that performs privacy audits on the RFID reader and exports audit results to third party auditors. Readers use remote attestation to prove they are running a specific Reader Core, Policy Engine, and Consumer Agent. As a result, remote attestation allows concerned individuals to verify that RFID readers comply with privacy regulations, while also allowing the reader owner to verify that the reader has not been compromised.Furthermore, industry standards bodies have suggested several mechanisms to protect privacy in which authorized readers use a shared secret to authenticate themselves to the tag. These standards have not fully addressed issues of key management. First, how is the shared secret securely provided to the legitimate reader? Second, how do we guarantee that the reader will comply with a specific privacy policy? We show how, with remote attestation, the key-issuing authority can demand such a proof before releasing shared secrets to the reader. We also show how sealed storage can protect secrets even if the reader is compromised. Finally, we sketch how our design could be implemented today using existing RFID reader hardware.

References

[1]

D. Chaum and T. Pedersen. Wallets databases with observers. In CRYPTO 1992, 1992.

Digital Library

[2]

Martin Feldhofer, Sandra Dominikus, and Johannes Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In CHES, 2004.

[3]

Christian Floerkemeier, Roland Schneider, and Marc Langheinrich. Scanning with a purpose - supporting the fair information principles in RFID protocols. In Hitomi Murakami, Hideyuki Nakashima, Hideyuki Tokuda, and Michiaki Yasumura, editors, Ubiquitious Computing Systems. Revised Selected Papers from the 2nd International Symposium on Ubiquitous Computing Systems (UCS 2004), November 8-9, 2004, Tokyo, Japan, volume 3598 of Lecture Notes in Computer Science, Berlin, Germany, June 2005. Springer-Verlag.

Digital Library

[4]

T. Garfinkel, M. Rosenblum, and D. Boneh. Flexible OS support and applications for trusted computing. In HotOS-IX, 2003.

Digital Library

[5]

Trusted Computing Group. Trusted computing platform module specification v1.1, 2005.

[6]

Ed Hardy. Intel unveils next-generation XScale processors, 2004. http://www.brighthand.com/article/Intel_Unveils_PXA270_XScale_Processors.

[7]

IBM. IBM Trusted Linux, 2005. http://www.research.ibm.com/gsal/tcpa/.

[8]

Ari Juels. A bit of privacy, 2005. http://www.rfidjournal. com/article/articleview/1536/1/133/.

[9]

Ari Juels and J. Brainard. Soft blocking: Flexible blocker tags on the cheap. In WPES 2004, 2004.

Digital Library

[10]

G. Karjoth, M. Schunter, and E. Van Herreweghen. Translating privacy policies into privacy promises - how to promise what you can keep. In Workshop on Policies for Distributed Systems and Networks, 2003.

Digital Library

[11]

C. Karlof, Y. Li, and E. Ong. Using trustworthy computing to enhance privacy, 2002. http://www.cs.berkeley.edu/~daw/teaching/cs261-f02/reports/karlof.ps.

[12]

J. Marchesini, S.W. Smith, O. Wild, J. Stabiner, and A. Barsamian. Open-source applications of TCPA hardware. In Applied Computer Security Applications Conference, 2004.

Digital Library

[13]

H. Maruyama, F. Seliger, N. Nagaratnam, T. Ebringer, S. Munetoh, S. Yoshihama, and T. Nakamura. Trusted platform on demand, 2004. IBM Research Report RT0564.

[14]

M. Nakamura, T. Mishina, and S. Munetoh. Integrity validation infrastructure for RFID edge controllers. In SCIS2005, 2005. In Japanese.

[15]

Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita. Cryptographic approach to a privacy friendly tag. In RFID Privacy Workshop, MIT, 2003.

[16]

Desktop Pipeline. Intel introduces new business, home platforms, 2005. May 26, 2005. http://www.desktoppipeline.com/163701495.

[17]

Security ProNews. Embedded systems designers to see trusted computing components in action, 2004. http://securitypronews.com/articles/security/ spn-23-20040908EmbeddedSys%temsDesignerstoSeeTrustedComputingComponentsinAction.html.

[18]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Usenix Security, 2004.

Digital Library

Cited By

Mubarak MManan JYahya S(2014)An Implementation of a Unified Security, Trust and Privacy (STP) Framework for Future Integrated RFID SystemFuture Data and Security Engineering10.1007/978-3-319-12778-1_10(122-135)Online publication date: 2014
https://doi.org/10.1007/978-3-319-12778-1_10
Stanzione SPuntin DIannaccone G(2011)CMOS Silicon Physical Unclonable Functions Based on Intrinsic Process VariabilityIEEE Journal of Solid-State Circuits10.1109/JSSC.2011.212065046:6(1456-1463)Online publication date: Jun-2011
https://doi.org/10.1109/JSSC.2011.2120650
Mubarak MManan JYahya S(2011)A critical review on RFID system towards security, trust, and privacy (STP)2011 IEEE 7th International Colloquium on Signal Processing and its Applications10.1109/CSPA.2011.5759839(39-44)Online publication date: Mar-2011
https://doi.org/10.1109/CSPA.2011.5759839
Show More Cited By

Index Terms

Privacy for RFID through trusted computing
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

On two RFID privacy notions and their relations

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on ...
Impossibility results for RFID privacy notions
Transactions on computational science XI

RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...
RFID privacy: relation between two notions, minimal condition, and efficient construction
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '05: Proceedings of the 2005 ACM workshop on Privacy in the electronic society

November 2005

116 pages

ISBN:1595932283

DOI:10.1145/1102199

General Chair:
Vijay Atluri
Rutgers University
,
Program Chairs:
Sabrina De Capitani di Vimercati
Università degli Studi di Milano, Italy
,
Roger Dingledine
The Free Haven Project

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS05

Sponsor:

CCS05: 12th ACM Conference on Computer and Communications Security 2005

November 7, 2005

VA, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
1,755
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mubarak MManan JYahya S(2014)An Implementation of a Unified Security, Trust and Privacy (STP) Framework for Future Integrated RFID SystemFuture Data and Security Engineering10.1007/978-3-319-12778-1_10(122-135)Online publication date: 2014
https://doi.org/10.1007/978-3-319-12778-1_10
Stanzione SPuntin DIannaccone G(2011)CMOS Silicon Physical Unclonable Functions Based on Intrinsic Process VariabilityIEEE Journal of Solid-State Circuits10.1109/JSSC.2011.212065046:6(1456-1463)Online publication date: Jun-2011
https://doi.org/10.1109/JSSC.2011.2120650
Mubarak MManan JYahya S(2011)A critical review on RFID system towards security, trust, and privacy (STP)2011 IEEE 7th International Colloquium on Signal Processing and its Applications10.1109/CSPA.2011.5759839(39-44)Online publication date: Mar-2011
https://doi.org/10.1109/CSPA.2011.5759839
Rekleitis ERizomiliotis PGritzalis S(2011)How to protect security and privacy in the IoT: a policy‐based RFID tag management protocolSecurity and Communication Networks10.1002/sec.4007:12(2669-2683)Online publication date: 9-Dec-2011
https://doi.org/10.1002/sec.400
Rekleitis ERizomiliotis PGritzalis S(2010)An agent based back-end RFID tag management systemProceedings of the 7th international conference on Trust, privacy and security in digital business10.5555/1894888.1894908(165-176)Online publication date: 30-Aug-2010
https://dl.acm.org/doi/10.5555/1894888.1894908
Burbridge TSoppera A(2010)Supply chain control using a RFID proxy re-signature scheme2010 IEEE International Conference on RFID (IEEE RFID 2010)10.1109/RFID.2010.5467250(29-36)Online publication date: Apr-2010
https://doi.org/10.1109/RFID.2010.5467250
Mubarak MManan JYahya S(2010)The System Integrity Verification for Trusted RFID ProtocolProceedings of the 2010 Seventh International Conference on Information Technology: New Generations10.1109/ITNG.2010.72(743-747)Online publication date: 12-Apr-2010
https://dl.acm.org/doi/10.1109/ITNG.2010.72
Hutter MToegl R(2010)A Trusted Platform Module for Near Field CommunicationProceedings of the 2010 Fifth International Conference on Systems and Networks Communications10.1109/ICSNC.2010.27(136-141)Online publication date: 22-Aug-2010
https://dl.acm.org/doi/10.1109/ICSNC.2010.27
Rekleitis ERizomiliotis PGritzalis S(2010)An Agent Based Back-End RFID Tag Management SystemTrust, Privacy and Security in Digital Business10.1007/978-3-642-15152-1_15(165-176)Online publication date: 2010
https://doi.org/10.1007/978-3-642-15152-1_15
Yang YZhou JDeng RBao F(2010)Better security enforcement in trusted computing enabled heterogeneous wireless sensor networksSecurity and Communication Networks10.1002/sec.1794:1(11-22)Online publication date: 29-Dec-2010
https://doi.org/10.1002/sec.179
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents