Maintaining Privacy in RFID Enabled Environments
Abstract
The presence of RFID technology in every-day life is expected to become a reality in the near future. Yet, as RFID tags enter consumer households and threaten to identify their owners’ belongings, whereabouts and habits concerns arise about the maintenance of privacy. People are afraid of being’ scanned’ or tracked with the help of a technology that is invisible to them and not under their control. To address this consumer concern standardization bodies such as the Auto-ID Center have proposed to integrate a kill functionality into RFID tags. The present article argues that killing tags at the store exit is, however, not a viable long-term strategy to ensure default privacy. Too many business models and services are already in the pipeline to use RFID functionality after a purchase has taken place. Economic interest and consumer benefits risk undermining widespread tag killing. As a response to this dilemma we propose a simple disable/enable mechanism. Our suggestion is to disable all tags by default as part of the shopping check-out process and provide consumers with a password that enables them to re-enable their objects’ tags if needed.
Keywords
RFID Privacy Enhancing Technologies PrivacyPreview
Unable to display preview. Download preview PDF.
References
- [1]Auto-ID Center. Technical memo-physical mark-up language update, p.5, 2002.Google Scholar
- [2]S. Clauß and M. Köhntopp. Identity management and its support of multilateral security. Computer Networks, (37):205–219, 2001.CrossRefGoogle Scholar
- [3]Ivan Bjerre Damgård. Collision free hash functions and public key signature schemes. In Eurocrypt’ 87, volume 304 of LNCS, pages 203–216. Springer-Verlag, 1988.MATHGoogle Scholar
- [4]FoeBuD e.V. Positionspapier über den Gebrauch von RFID auf und in Konsumgütern, Presseerklärung. http://www.foebud.org/texte/aktion/rfid/positions-papier.pdf, 2003.Google Scholar
- [5]EPC Global. Specifications for 900 MHz Class 0 RFID Tags, page 15. http://www.epcglobalinc.org/standards_technology/Secure/v1.0/UHF-class0.pdf, 2003.Google Scholar
- [6]EPC Global. Version 1.0 Specifications for RFID Tags. http://www.epcglobalinc.org/standards_technology/specifications.html, 2003.Google Scholar
- [7]A. Juels. Privacy and Authentication in Low-Cost RFID Tags. Submission to RFID Privacy Workshop @ MIT, 2003.Google Scholar
- [8]Shingo Kinosita, Fumitaka Hoshino, Tomoyuki Komuro, Akiko Fujimura, and Miyako Ohkubo. Nonidentifiable Anonymous-ID Scheme for RFID Privacy Protection. To appear in CSS 2003 in Japanese, 2003.Google Scholar
- [9]Meg McGinity. RFID: Is This Game of Tag Fair Play? Communications of the ACM, 47(1):15, 2004.CrossRefGoogle Scholar
- [10]Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita. Cryptographic Approach to “Privacy-Friendly” Tags. Submission to RFID Privacy Workshop @ MIT, 2003.Google Scholar
- [11]Gregory J. Pottie. Privacy in the Global E-Village. Communications of the ACM, 47(2):21, 2004.CrossRefGoogle Scholar
- [12]Peter Schüler. Dem Verbraucher eine Wahl schaffen-Risiken der RFID-Technik aus Bürgersicht. c’t, (9), 2004.Google Scholar
- [13]C. E. Shannon. Communication Theory of Secrecy Systems. The Bell System Technical Journal, 28(4):656–715, 1949.MathSciNetGoogle Scholar
- [14]S. Spiekermann and U. Jannasch. RFID in the retail outlet: implications for marketing and privacy. IWI Working Paper, 2004.Google Scholar
- [15]S. Weis. Security and Privacy in Radio-Frequency Identification Devices. PhD thesis, Massachusetts Institute of Technology (MIT), 2003.Google Scholar