Article

Covert channels in privacy-preserving identification systems

Authors:

Daniel V. Bailey,

Ari JuelsAuthors Info & Claims

CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

Pages 297 - 306

https://doi.org/10.1145/1315245.1315283

Published: 28 October 2007 Publication History

Abstract

We examine covert channels in privacy-enhanced mobile identification devices where the devices uniquely identify themselves to an authorized verifier. Such devices (e.g. RFID tags) are increasingly commonplace in hospitals and many other environments. For privacy, the device outputs used for identification should "appear random" to any entity other than the verifier, and should not allow physical tracking of device bearers. Worryingly, there already exist privacy breaches for some devices [28] that allow adversaries to physically track users. Ideally, such devices should allow anyone to publicly determine that the device outputs are covert-channel free (CCF); we say that such devices are CCF-checkable.

Our main result shows that there is a fundamental tension between identifier privacy and CCF-checkability; we show that the two properties cannot co-exist in a single system. We also develop a weaker privacy model where a continuous observer can correlate appearances of a given tag, but a sporadic observer cannot. We also construct a privacy-preserving tag identification scheme that is CCF-checkable and prove it secure under the weaker privacy model using a new complexity assumption. The main challenge addressed in our construction is the enforcement of public verifiability, which allows a user to verify covert-channel-freeness in her device without managing secret keys external to the device.

References

[1]

G. Ateniese, J. Camenisch, and B. de Medeiros. Untraceable RFID tags via insubvertible encryption. In Proceedings of ACM CCS 2005, pages 92--101, 2005.

Digital Library

[2]

G. Avoine. Security and privacy in RFID systems. Online bibliography. Referenced 2007 at http://lasecwww.epfl.ch/~gavoine/rfid.

[3]

G. Avoine and P. Oechslin. RFID traceability: A multilayer problem. In A. Patrick and M. Yung, editors, Proceedings of Financial Cryptography 2005, volume 3570 of LNCS, pages 125--140. Springer, 2005.

Digital Library

[4]

D. Boneh, E.-J. Goh, and K. Nissim. Evaluating 2-DNF formulas on ciphertexts. In J. Kilian, editor, Proceedings of the Theory of Cryptography Conference, volume 3378 of LNCS, pages 325--342, 2005.

Digital Library

[5]

C. Cachin. An information-theoretic model for steganography. In D. Aucsmith, editor, Proceedings of Information Hiding 1998, volume 1525 of LNCS, pages 306--318. Springer, 1998.

[6]

R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz,and A. Sahai. Exposure-resilient functions and all-or-nothing transforms. In B. Preneel, editor, Proceedings of Eurocrypt 2000, volume 1807 ofLNCS, pages 453--469. Springer, 2000.

[7]

J. Y. Choi, P. Golle, and M. Jakobsson. Auditable privacy: On tamper-evident mix networks. In G. D. Crescenzo and A. Rubin, editors, Proceedings of Financial Cryptography 2006, volume 4107 of LNCS, pages 126--141. Springer, 2006.

Digital Library

[8]

J. Y. Choi, P. Golle, and M. Jakobsson. Tamper-evident digital signatures: Protecting certification authorities against malware. In Proceedings of the Symposium on Dependable Autonomic and Secure Computing 2006, pages 37--44. IEEE, 2006.

Digital Library

[9]

P. Golle, M. Jakobsson, A. Juels, and P. Syverson. Universal re-encryption for mixnets. In T. Okamoto, editor, RSA Conference -Cryptographers' Track, volume 2964 of LNCS, pages 163--178, 2004.

[10]

J. Halamka, A. Juels, A. Stubblefield, and J. Westhues. The security implications of VeriChip cloning. Journal of the American Medical Informatics Association, 13(6):601--607, 2006.

[11]

N. Hopper, J. Langford, and L. von Ahn. Provably secure steganography. In M. Yung, editor, Proceedings of Crypto 2002, volume 2442 of LNCS, pages 77--92. Springer, 2002.

Digital Library

[12]

E. Inc. Class 1 generation 2 UHF air interface protocol standard version 1.0.9. Referenced 2007 at http://www.epcglobalinc.com/standards technology/EPCglobalClass-1Generation-2UHFRFIDProtocolV109.pdf.

[13]

A. Juels. Minimalist cryptography for RFID tags. In SCN '04, pages 149--164, 2004.

[14]

A. Juels. RFID security and privacy: A research survey. J-SAC, 24(2):381--394, February 2006.

Digital Library

[15]

A. Juels, S. Garfinkel, and R. Pappu. RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy, 3(3):34--43, May/June 2005.

Digital Library

[16]

A. Juels and J. Guajardo. RSA key generation with verifiable randomness. In D. Naccache and P. Paillier, editors, Proceedings of PKC 2002, volume 2274 of LNCS, pages 72--86. Springer, 2002.

Digital Library

[17]

A. Juels, R. Rivest, and M. Szydlo. The blockertag: Selective blocking of RFID tags for consumer privacy. In V. Atluri, editor, Proceedings of ACM CCS 2003, pages 103--111. ACM Press, 2003.

Digital Library

[18]

A. Juels, P. Syverson, and D. Bailey. High-power proxies for enhancing RFID privacy and utility. In G. Danezis and D. Martin, editors, Privacy Enhancing Technologies (PET), 2005.

Digital Library

[19]

A. Juels and S. Weis. Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137. Short abstract to appear in PerTec '07.

[20]

P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Proceedings of Crypto 1996, volume 1109 of LNCS, pages 104--113. Springer, 1996.

Digital Library

[21]

M. Lepinski, S. Micali, and A. Shelat. Collusion-free protocols. In H. Gabow and R. Fagin, editors, Proceedings of STOC 2005, pages 543--552. ACM, 2005.

Digital Library

[22]

D. Molnar, A. Soppera, and D. Wagner. Privacy for RFID through trusted computing (shortpaper). In S. D. C. di Vimercati and R. Dingledine, editors, Proceedings of WPES, 2005.

Digital Library

[23]

D. Molnar, A. Soppera, and D. Wagner. A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In B. Preneel and S. Tavares, editors, SAC '05, LNCS. Springer, 2005.

Digital Library

[24]

D. Molnar and D. Wagner. Privacy and security in library RFID: Issues, practices, and architectures. In B. Pfitzmann and P. McDaniel, editors, Proceedings of ACM CCS 2004, pages 210--219. ACM Press, 2004.

Digital Library

[25]

K. Nguyen. Elliptic curves and MRTDs. In Interfest Singapore, 2005. Slide presentation.

[26]

Y. Oren and A. Shamir. Power analysis of RFID tags, 2006. Referenced 2006 at http://www.wisdom.weizmann.ac.il/~yossio/rfid/.

[27]

M. Rieback, B. Crispo, and A. Tanenbaum. RFID Guardian: A battery-powered mobile device for RFID privacy management. In C. Boyd and J. M.González Nieto, editors, ACISP '05, volume 3574 of LNCS, pages 184--194. Springer, 2005.

Digital Library

[28]

S. Saponas, J. Lester, C. Hartung, and T. Kohno. Devices that tell on you: The Nike+iPod sportkit. Technical Report 2006-12-06, University of Washington, 2006.

[29]

S. Sarma. Towards the five-cent tag. Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center, 2001. Available from http://www.epcglobalinc.org.

[30]

S. E. Sarma, S. A. Weis, and D. Engels. Radio-frequency identification systems. In B. S. Kaliski Jr., Ç. K. Koç, and C. Paar, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES '02, volume 2523 of LNCS, pages 454--469. Springer, 2002.

[31]

G. Simmons. The prisoners' problem and the subliminal channel. In D. Chaum, editor, Proceedings of Crypto 1983, pages 51--67. Plenum Press, 1983.

[32]

G. Simmons. The subliminal channel and digital signatures. In T. Beth, N. Cot, and I. Ingemarsson, editors, Proceedings of Eurocrypt 1984, volume 0209 of LNCS, pages 364--378. Springer, 1984.

Digital Library

[33]

G. Simmons. Subliminal communication is easy using the DSA. In T. Helleseth, editor, Proceedings of Eurocrypt 1993, volume 765 of LNCS, pages 218--232. Springer, 1993.

Digital Library

[34]

A. Young and M. Yung. The dark side of black-box cryptography, or: Should we trust capstone? In N. Koblitz, editor, Proceedings of Crypto 1996, volume 1109 of LNCS. Springer, 1996.

Digital Library

[35]

A. Young and M. Yung. Kleptography: Using cryptography against cryptography. In W. Fumy, editor, Proceedings of Eurocrypt 1993, volume 1233 of LNCS. Springer, 1997.

Cited By

Chawla KRobins G(2013)Addressing Covert Channel Attacks in RFID-Enabled Supply ChainsAdvanced Security and Privacy for RFID Technologies10.4018/978-1-4666-3685-9.ch011(176-190)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-3685-9.ch011
Cheng Zhao Dawei Jin Gang Chen Wenning Hao Lei Song Min Zhao (2013)Intelligent traffic service based on cloud computing2013 IEEE 4th International Conference on Software Engineering and Service Science10.1109/ICSESS.2013.6615313(313-316)Online publication date: May-2013
https://doi.org/10.1109/ICSESS.2013.6615313
Wang ZZhang XChen Z(2012)RapdosProceedings of the 2012 Fourth International Conference on Computational and Information Sciences10.1109/ICCIS.2012.215(1042-1045)Online publication date: 17-Aug-2012
https://dl.acm.org/doi/10.1109/ICCIS.2012.215
Show More Cited By

Index Terms

Covert channels in privacy-preserving identification systems
1. Security and privacy
  1. Network security

Recommendations

A hybrid approach for privacy-preserving RFID tags

Recently, there have been a considerable amount of works for privacy-preserving RFID tags. However, most existing schemes have a common, inherent problem in the fact that in order to identify only one single tag they require a linear computational ...
On two RFID privacy notions and their relations

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on ...
Scalable RFID Systems: A Privacy-Preserving Protocol with Constant-Time Identification

In RFID literature, most “privacy-preserving” protocols require the reader to search all tags in the system in order to identify a single tag. In another class of protocols, the search complexity is reduced to be logarithmic in the number of tags, but ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

October 2007

628 pages

ISBN:9781595937032

DOI:10.1145/1315245

General Chair:
Peng Ning
NC State University, USA
,
Program Chairs:
Sabrina De Capitani di Vimercati
University of Milan, Italy
,
Paul Syverson
Naval Research Laboratory, USA

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS07

Sponsor:

CCS07: 14th ACM Conference on Computer and Communications Security 2007

November 2 - October 31, 2007

Virginia, Alexandria, USA

Acceptance Rates

CCS '07 Paper Acceptance Rate 55 of 302 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
864
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chawla KRobins G(2013)Addressing Covert Channel Attacks in RFID-Enabled Supply ChainsAdvanced Security and Privacy for RFID Technologies10.4018/978-1-4666-3685-9.ch011(176-190)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-3685-9.ch011
Cheng Zhao Dawei Jin Gang Chen Wenning Hao Lei Song Min Zhao (2013)Intelligent traffic service based on cloud computing2013 IEEE 4th International Conference on Software Engineering and Service Science10.1109/ICSESS.2013.6615313(313-316)Online publication date: May-2013
https://doi.org/10.1109/ICSESS.2013.6615313
Wang ZZhang XChen Z(2012)RapdosProceedings of the 2012 Fourth International Conference on Computational and Information Sciences10.1109/ICCIS.2012.215(1042-1045)Online publication date: 17-Aug-2012
https://dl.acm.org/doi/10.1109/ICCIS.2012.215
Wang ZXin WXu ZChen Z(2012)A Secure RFID Communication Protocol Based on Simplified DESProceedings of the 2012 International Conference on Information Technology and Software Engineering10.1007/978-3-642-34528-9_37(351-357)Online publication date: 6-Nov-2012
https://doi.org/10.1007/978-3-642-34528-9_37
Calhoun TCao XLi YBeyah R(2012)An 802.11 MAC layer covert channelWireless Communications & Mobile Computing10.1002/wcm.96912:5(393-405)Online publication date: 1-Apr-2012
https://dl.acm.org/doi/10.1002/wcm.969
Wang XLuo JYang MLing Z(2011)A potential HTTP-based application-level attack against TorFuture Generation Computer Systems10.1016/j.future.2010.04.00727:1(67-77)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.1016/j.future.2010.04.007
Yu WZhang NFu XBettati RZhao W(2010)Localization Attacks to Internet Threat Monitors: Modeling and CountermeasuresIEEE Transactions on Computers10.1109/TC.2010.8859:12(1655-1668)Online publication date: Dec-2010
https://doi.org/10.1109/TC.2010.88
Calhoun TNewman RBeyah R(2009)Authentication in 802.11 LANs using a covert side channelProceedings of the 2009 IEEE international conference on Communications10.5555/1817271.1817464(1034-1039)Online publication date: 14-Jun-2009
https://dl.acm.org/doi/10.5555/1817271.1817464
Ling ZLuo JYu WFu XXuan DJia WAl-Shaer EJha SKeromytis A(2009)A new cell counter based attack against torProceedings of the 16th ACM conference on Computer and communications security10.1145/1653662.1653732(578-589)Online publication date: 9-Nov-2009
https://dl.acm.org/doi/10.1145/1653662.1653732
Yu WWang XFu XXuan DZhao W(2009)An Invisible Localization Attack to Internet Threat MonitorsIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2008.25520:11(1611-1625)Online publication date: 1-Nov-2009
https://dl.acm.org/doi/10.1109/TPDS.2008.255
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents