Personal and Ubiquitous Computing

, Volume 13, Issue 6, pp 413–421 | Cite as

A survey of RFID privacy approaches

Original Article

Abstract

A bewildering number of proposals have offered solutions to the privacy problems inherent in RFID communication. This article tries to give an overview of the currently discussed approaches and their attributes.

Keywords

RFID Privacy 

Notes

Acknowledgments

The feedback of the anonymous reviewers, as well as the many helpful comments from my co-editor Sarah Spiekermann, helped tremendously in the writing of this article.

References

  1. 1.
    Agrawal R, Kiernan J, Srikant R, Xu Y (2002) Hippocratic databases. In: Proceedings of the 28th international conference on very large databases (VLDB 2002). Morgan Kaufmann, Hong Kong, pp 143–154. http://www.vldb.org/conf/2002/S05P02.pdf.
  2. 2.
    Avoine G (2006) Bibliography on security and privacy in RFID systems. http://www.epfl.ch/~gavoine/rfid/
  3. 3.
    Avoine G, Dysli E, Oechslin P (2005) Reducing time complexity in RFID systems. In: Preneel B, Tavares S (eds) Selected areas in cryptography—SAC 2005, Kingston, ON, Canada, August 11–12, 2005. Revised Selected Papers. Lecture Notes in Computer Science, vol 3897. Springer, Heidelberg, pp 291–306Google Scholar
  4. 4.
    Batina L, Guajardo J, Kerins T, Mentens N, Tuyls P, Verbauwhede I (2006) An elliptic curve processor suitable for RFID-tags. Cryptology ePrint Archive, Report 2006/227. http://eprint.iacr.org/2006/227.pdf
  5. 5.
    Bertold O, Günther O, Spiekermann S (2005) RFID: Verbraucherängste und Verbraucherschutz. Wirtschaftsinformatik 47(6):422–430. http://edoc.hu-berlin.de/docviews/abstract.php?id=26367 Google Scholar
  6. 6.
    Buttyán L, Holczer T, Vajda I (2006) Optimal key-trees for tree-based private authentication. In: Tsudik G, Syverson P, Bertino E (eds) Privacy enhancing technologies—sixth international workshop, PET 2006, Cambridge, UK, 28–30 June 2006, Revised Selected Papers, Lecture Notes in Computer Science, vol 4258. Springer, Heidelberg, pp 332–350Google Scholar
  7. 7.
    Castelluccia C, Soos M (2007) Secret shuffling: a novel approach to RFID private identification. In: Conference on RFID security, Malaga, 11–13 July 2007. http://rfidsec07.etsit.uma.es/slides/papers/paper-45.pdf
  8. 8.
    Chien H-Y, Chen C-H (2007) Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Comput Standars Interfaces 29(2):254–259CrossRefMathSciNetGoogle Scholar
  9. 9.
    Data Protection Commissioners (2003) Resolution on radio frequency identification. In: 25th international conference of data Protection and Privacy Commissioners, November 2003. http://www.privacyconference2003.org/commissioners.asp.
  10. 10.
    Dimitriou T (2005) A lightweight RFID protocol to protect against traceability and cloning attacks. In: Conference on security and privacy for emerging areas in communication networks—SecureComm. Athens, Greece, September 2005. IEEEGoogle Scholar
  11. 11.
    Dimitriou T (2006) A secure and efficient RFID protocol that could make big brother (partially) obsolete. In: PERCOM ’06: proceedings of the fourth annual IEEE international conference on pervasive computing and communications (PERCOM’06). IEEE Computer Society, Washington, DC, pp 269–275Google Scholar
  12. 12.
    European Commission (EC) (2007) Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on radio frequency identification RFID in Europe: Steps towards a policy framework. COM/2007/0096 final, March 2007. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52007DC0096:EN:NOT
  13. 13.
    European Data Protection Supervisor (EDPS) (2007) Opinion of the European Data Protection Supervisor on the communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on radio frequency identification (RFID) in Europe: steps towards a policy framework COM(2007)96, December 2007. http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consulta tion/Opinions/2007/07-12-20_RFID_EN.pdf.
  14. 14.
    EPCglobal (2005) Class-1 generation-2 UHF RFID protocol for communications at 860 MHz–960 MHz, version 1.0.9. EPC radio-frequency identity protocols, January 2005. http://www.epcglobalinc.org/standards/Class_1_Generation_2_UHF_Air_Interface_Protocol_Standard_Version_1.0.9.pdf
  15. 15.
    EPCglobal (2006) EPC tag data specification 1.3. EPCglobal Standard, March 2006. http://www.epcglobalinc.org/standards/ EPCglobal_Tag_Data_Standard_TDS_Version_1.3.pdf.
  16. 16.
    European Union (2007) European policy outlook RFID (draft version). Working document, German Federal Ministry of Economics and Technology, June 2007. http://www.nextgenerationmedia.de/Nextgenerationmedia/Navigation/en/rfid-conference.html.
  17. 17.
    Fabian B, Günther O, Spiekermann S (2005) Security analysis of the object name service for RFID. In: Proceedings of the first international workshop on security, privacy and trust in pervasive and ubiquitous computing, SecPerU 2005, in conjunction with IEEE ICPS'05, Santorini, Greece, July 14, 2005. http://cgi.di.uoa.gr/~spu2005/
  18. 18.
    Feldhofer M, Dominikus S, Wolkerstorfer J (2004) Strong authentication for RFID systems using the AES algorithm. In: Joye M, Quisquater J-J (eds) Workshop on cryptographic hardware and embedded systems—CHES 2004, 6th international workshop, Cambridge, MA, USA, August 11–13, 2004. Proceedings. Lecture Notes in Computer Science, vol 3156. Springer, Heidelberg, pp 357–370Google Scholar
  19. 19.
    Fishkin K, Roy S, Jiang B (2005) Some methods for privacy in RFID communication. In: Castelluccia C, Hartenstein H, Paar C, Westhoff D (eds) Security in ad-hoc and sensor networks—first European workshop, ESAS 2004, Heidelberg, Germany, 6 August 2004, Revised Selected Papers, Lecture Notes in Computer Science, vol 3313. Springer, Heidelberg, pp 42–53Google Scholar
  20. 20.
    Floerkemeier C, Schneider R, Langheinrich M (2005) Scanning with a purpose—supporting the fair information principles in RFID protocols. In: Murakami H, Nakashima H, Tokuda H, Yasumura M (eds) Ubiquitous computing systems—second international symposium, UCS Tokyo, Japan, 8–9 November 2004, Revised Selected Papers, Lecture Notes in Computer Science, vol 3598. Springer, Heidelberg, pp 214–231Google Scholar
  21. 21.
    Garfinkel S (2004) RFID rights. Technol Rev 107(9). http://www.technologyreview.com/articles/04/11/wo_garfinkel110304.asp?p=1.
  22. 22.
    Garfinkel S, Rosenberg B (eds) (2005) RFID: applications, security, and privacy. Addison-Wesley, ReadingGoogle Scholar
  23. 23.
    Henrici D, Müller P (2004) Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Lau F, Lei H (eds) Proceedings of the second IEEE annual conference on pervasive computing and communications workshops. Orlando, FL, USA, March 2004. IEEE Computer Society, pp 149–153. http://ieeexplore.ieee.org/xpl/tocresult.jsp?isNumber=28557&page=2
  24. 24.
    Heydt-Benjamin TS, Bailey DV, Fu K, Juels A, OHare T (2007) Vulnerabilities in first-generation RFID-enabled credit cards. In: Dietrich S, Dhamija R (eds) Financial cryptography and data security. 11th International Conference, FC 2007, and 1st international workshop on usable security, USEC 2007, Scarborough, Trinidad and Tobago, 12–16 February 2007. Revised Selected Papers, Lecture Notes in Computer Science, vol 4886. Springer, Heidelberg, pp 2–14. The full version of this paper appears as UMass Amherst CS TR-2006-055. See http://www.rfid-cusp.org for the latest version. http://www.springerlink.com/content/e7324164535up092/.
  25. 25.
    Inoue S, Yasuura H (2003) RFID privacy using user-controllable uniqueness. In: Proceedings of the RFID privacy workshop, MIT Press, Cambridge. http://www.rfidprivacy.us/2003/papers/sozo_inoue.pdf.
  26. 26.
    Juels A (2004) Minimalist cryptography for RFID tags. In: Blundo C (ed) Security of communication networks (SCN), Amalfi, Italy, September 2004. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/minimalist/M inimalist.pdf.
  27. 27.
    Juels A (2005) RFID privacy: a tecnical primer for the non-technical reader. In: Strandburg K, Raicu DS (eds) Privacy and technologies of identity: a cross-disciplinary conversation. Springer, Heidelberg. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/rfid_privacy/DePaul23Feb05Draft.pdf.
  28. 28.
    Juels A (2005) Strengthening EPC tags against cloning. In: WiSe ’05: Proceedings of the fourth ACM workshop on wireless security. ACM Press, New York, pp 67–76Google Scholar
  29. 29.
    Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf Google Scholar
  30. 30.
    Juels A, Brainard J (2004) Soft blocking: flexible blocker tags on the cheap. In: De Capitani di Vimercati S, Syverson P (eds) Workshop on Privacy in the Electronic Society—WPES. ACM Press, Washington, DC, pp 1–7Google Scholar
  31. 31.
    Juels A, Pappu R, Parno B (2008) Unidirectional key distribution across time and space with applications to RFID security. Cryptology ePrint Archive, Report 2008/044. http://eprint.iacr.org/cgi-bin/cite.pl?entry=2008/044
  32. 32.
    Juels A, Rivest RL, Szydlo M (2003) The blocker tag: selective blocking of RFID tags for consumer privacy. In: Jajodia S, Atluri V, Jaeger T (eds) Proceedings of the tenth ACM conference on computer and communication security. ACM Press, Washington, DC, pp 103–111. http://portal.acm.org/citation.cfm?id=948126&coll=Portal
  33. 33.
    Juels A, Weis S (2005) Authenticating pervasive devices with human protocols. In: Shoup V (ed) Advances in cryptology—CRYPTO’05, Lecture Notes in Computer Science, IACR, vol 3126. Springer, Santa Barbara, pp 293–308Google Scholar
  34. 34.
    Karjoth G, Moskowitz PA (2005) Disabling RFID tags with visible confirmation: clipped tags are silenced. In: Atluri V, De Capitani di Vimercati S, Dingledine R (eds) Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society (WPES 2005). ACM Press, Alexandria, pp 27–30Google Scholar
  35. 35.
    Karthikeyan S, Nesterenko M (2005) RFID security without extensive cryptography. In: Workshop on security of ad hoc and sensor networks—SASN’05. ACM, ACM Press, Alexandria, pp 63–67Google Scholar
  36. 36.
    Kobsa A, Schreck J (2003) Privacy through pseudonymity in user-adaptive systems. ACM Trans Internet Technol 3(2):149–183CrossRefGoogle Scholar
  37. 37.
    Kriplean T, Welbourne E, Khoussainova N, Rastogi V, Balazinska M, Borriello G, Kohno T, Suciu D (2007) Physical access control for captured RFID data. IEEE Pervasive Comput 6(4):48–55CrossRefGoogle Scholar
  38. 38.
    Langheinrich M (2007) RFID and privacy. In: Petkovic M, Jonker W (eds) Security, privacy, and trust in modern data management. Springer, Heidelberg, pp 433–450CrossRefGoogle Scholar
  39. 39.
    Langheinrich M, Marti R (2007) Practical minimalist cryptography for RFID privacy. IEEE Syst J 1(2):115–128. http://www.vs.inf.ethz.ch/publ/papers/shamirtags07.pdf.Google Scholar
  40. 40.
    Lu L, Han J, Hu L, Liu Y, Ni LM (2007) Dynamic key-updating: privacy-preserving authentication for RFID systems. In: Porta TL, Mutka M, Pinhanez C, Steenkiste P (eds) Proceedings of the fifth annual IEEE international conference on pervasive computing and communications (PerCom ’07), 19–23 March. IEEE Press, White Plains, pp 13–22Google Scholar
  41. 41.
    Mara J (2003) Euro scheme makes money talk. Wired News, 9 July 2003. http://www.wired.com/news/privacy/0,1848,59565,00.html.
  42. 42.
    Molnar D, Soppera A, Wagner D (2005) Privacy for RFID through trusted computing. In: WPES ’05: proceedings of the 2005 ACM workshop on privacy in the electronic society. ACM Press, New York, pp 31–34Google Scholar
  43. 43.
    Molnar D, Soppera A, Wagner D (2005) A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel B, Tavares S (eds) Selected areas in cryptography—SAC 2005, Lecture Notes in Computer Science, vol 3897. Springer, Kingston, pp 276–290Google Scholar
  44. 44.
    Molnar D, Wagner D (2004) Privacy and security in library RFID: issues, practices, and architectures. In: Pfitzmann B, Liu P (eds) Conference on computer and communications security—ACM CCS. ACM Press, Washington, DC, pp 210–219Google Scholar
  45. 45.
    Ohkubo M, Suzuki K, Kinoshita S (2005) Cryptographic approach to “privacy-friendly” tags. In: Garfinkel S, Rosenberg B (eds) RFID: applications, security, and privacy. Addison-Wesley, Reading. http://www.rfidprivacy.us/2003/papers/ohkubo.pdf.
  46. 46.
    Osaka K, Takagi T, Yamazaki K, Takahashi O (2006) An efficient and secure RFID security method with ownership transfer. In: Cheung Y-M, Wang Y, Liu H (eds) Computational intelligence and security, 2006 international conference on (CIS’06), vol 2. IEEE Press, Piscataway, pp 1090–1095. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4076126
  47. 47.
    Rieback M, Crispo B, Tanenbaum A (2005) RFID guardian: a battery-powered mobile device for RFID privacy management. In: Boyd C, González Nieto JM (eds) Australasian conference on information security and privacy—ACISP’05, Brisbane, Australia, July 4–6, 2005. Proceedings. Lecture Notes in Computer Science, vol 3574. Springer, Heidelberg, pp 184–194Google Scholar
  48. 48.
    Rieback M, Crispo B, Tanenbaum A (2007) Keep on blockin’ in the free world: personal access control for low-cost RFID tags. In: Christianson B, Crispo B, MalcolmJA, Roe M (eds) Security protocols, 13th international workshop, Cambridge, UK, 20–22 April 2005. Revised Selected Papers, Lecture Notes in Computer Science, vol 4631. Springer, Heidelberg, pp 51–59. http://www.springerlink.com/content/92407245x4432q17/.
  49. 49.
    Rieback MR, Crispo B, Tanenbaum AS (2006) The evolution of RFID security. IEEE Pervasive Comput 05(1):62–69CrossRefGoogle Scholar
  50. 50.
    Shamir A (1979) How to share a secret. Comm ACM 22(11):612–613MATHCrossRefMathSciNetGoogle Scholar
  51. 51.
    Spiekermann S (2008) RFID and privacy—what consumers really want and fear. Personal Ubiquitous Comput. Special issue on Privacy in Ubiquitous Computing. doi:10.1007/s00779-008-0213-4
  52. 52.
    Spiekermann S, Berthold O (2005) Maintaining privacy in RFID enabled environments—proposal for a disable-model. In: Robinson P, Vogt H, Wagealla W (eds) Privacy, security and trust within the context of pervasive computing, Springer International Series in Engineering and Computer Science, vol 780. Springer Science and Business Meida Inc., New York, pp 137–146. http://www.springerlink.com/content/w8w447l70541w075/.
  53. 53.
    Staake T, Thiesse F, Fleisch E (2005) Extending the EPC network—the potential of RFID in anti-counterfeiting. In: Proceedings of the 2005 ACM symposium on applied computing. ACM Press, New York, pp 1607–1612Google Scholar
  54. 54.
    Swedberg C (2006) Marnlen makes privacy-friendly tags for retail items. RFID J. See http://www.rfidjournal.com/article/articleprint/2803/-1/1/. November 2006
  55. 55.
    Tsudik G (2007) A family of dunces: trivial RFID identification and authentication protocols. In: Borisov N, Golle P (eds) Privacy enhancing technologies. Seventh international symposium, PET 2007 Ottawa, Canada, 20–22 June 2007, Revised Selected Papers, Lecture Notes in Computer Science, vol 4776. Springer, Heidelberg, pp 45–61. http://www.springerlink.com/content/d67454h576847p42/
  56. 56.
    Tuyls P, Batina L (2006) RFID-tags for anti-counterfeiting. In: Pointcheval D (ed) Topics in cryptology—CT-RSA 2006—the cryptographers’ track at the RSA conference 2006, San Jose, USA, 13–17 February 2005, Proceedings, Lecture Notes in Computer Science, vol 3860. Springer, Heidelberg, pp 115–131. http://www.cosic.esat.kuleuven.be/publications/article-621.pdf.
  57. 57.
    Want R (2006) An introduction to RFID technology. IEEE Pervasive Comput 5(1):25–33CrossRefGoogle Scholar
  58. 58.
    Weis SA, Sarma SE, Rivest RL, Engels DW (2003) Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter D, Müller G, Stephan W, Ullmann M (eds) Security in pervasive computing—first international conference, Boppard, Germany, 12–14 March 2003, Revised Papers, Lecture Notes in Computer Science, vol 2802. Springer, Heidelberg, pp 201–212. http://www.springerlink.com/openurl.asp?genre=issue&issn=0302-9743&volume=2802.
  59. 59.
    Westhues J, Hacking the prox card. In: Garfinkel S, Rosenberg B (eds) RFID: applications, security, and privacy. Addison-Wesley, Reading, pp 291–300Google Scholar
  60. 60.
    Westin AF (1967) Privacy and freedom. Atheneum, New YorkGoogle Scholar

Copyright information

© Springer-Verlag London Limited 2008

Authors and Affiliations

  1. 1.Faculty of InformaticsUniversity of Lugano (USI)LuganoSwitzerland

Personalised recommendations