RFID Privacy Using Spatially Distributed Shared Secrets

  • Marc Langheinrich
  • Remo Marti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4836)

Abstract

Many of today’s proposed RFID privacy schemes rely on the encryption of tag IDs with user-chosen keys. However, password management quickly becomes a bottleneck in such proposals, rendering them infeasible in situations where tagged items are repeatedly exchanged in informal (i.e., personal) situations, in particular outside industrial supply-chains or supermarket checkout lanes. An alternative to explicit access control management are RFID privacy systems that provides access to tag IDs over time, i.e., only after prolonged and detailed reading of an item. Such themes can minimize the risk of unwanted exposure through accidental read-outs, or offer protection during brief encounters with strangers. This paper describes a spatially distributed ID-disclosure scheme that uses a (potentially large) set of miniature RFID tags to distribute the true ID of an item across the entire product surface. We introduce the underlying mechanism of our spatially distributed RFID privacy system and report on initial performance results.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    EPCglobal: Class-1 generation-2 UHF RFID protocol for communications at 860 MHz–960 MHz, version 1.0.9. EPC radio-frequency identity protocols (2005), see http://www.epcglobalinc.org/standards/Class_1_Generation_2_UHF_Air_Interface_Protocol_Standard_Version_1.0.9.pdf
  2. 2.
    Karjoth, G., Moskowitz, P.A.: Disabling RFID tags with visible confirmation: clipped tags are silenced. In: Atluri, V., Capitani, D., di Vimercati, S., Dingledine, R. (eds.) WPES 2005. Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 27–30. ACM Press, Alexandria, VA (2005)CrossRefGoogle Scholar
  3. 3.
    Roduner, C., Langheinrich, M., Floerkemeier, C., Schwarzentrub, B.: Operating appliances with mobile phones – strengths and limits of a universal interaction device. In: Proceedings of Pervasive 2007, Toronto, Canada, May 13-16, 2007. LNCS, pp. 13–16. Springer, Heidelberg (2007)Google Scholar
  4. 4.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to privacy-friendly tags. In: Garfinkel, S., Rosenberg, B. (eds.) RFID: Applications, Security, and Privacy, Addison-Wesley, Reading (2005)Google Scholar
  6. 6.
    Henrici, D., Müller, P.: Tackling security and privacy issues in radio frequency identification devices. In: Ferscha, A., Mattern, F. (eds.) PERVASIVE 2004. LNCS, vol. 3001, pp. 219–224. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Juels, A.: RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) Proceedings of the 10th ACM Conference on Computer and Communication Security, pp. 103–111. ACM Press, Washington, D.C. (2003)CrossRefGoogle Scholar
  9. 9.
    Fishkin, K., Roy, S., Jiang, B.: Some methods for privacy in RFID communication. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, vol. 3313, pp. 42–53. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Langheinrich, M., Marti, R.: Practical minimalist cryptography for RFID privacy. Submitted for publication (2007), Available online at http://www.vs.inf.ethz.ch/publ/papers/shamirtags07.pdf
  11. 11.
    Shamir, A.: How to share a secret. Comm. of the ACM 22(11), 612–613 (1979)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Bohn, J., Mattern, F.: Super-distributed RFID tag infrastructures. In: Markopoulos, P., Eggen, B., Aarts, E., Crowley, J.L. (eds.) EUSAI 2004. LNCS, vol. 3295, pp. 1–12. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    EPCglobal: EPC tag data specification 1.1. EPCglobal Standard (2003)Google Scholar
  14. 14.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton, Florida (1996)Google Scholar
  15. 15.
    Chiu, S.L.: Fuzzy model identification based on cluster estimation. Journal of Intelligent and Fuzzy Systems 2(3), 267–278 (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Marc Langheinrich
    • 1
  • Remo Marti
    • 2
  1. 1.Inst. for Pervasive Computing, ETH Zurich, 8092 ZurichSwitzerland
  2. 2.Ergon Informatik AG, 8008 ZurichSwitzerland

Personalised recommendations