Skip to main content

A Privacy-Preserving Device Tracking System Using a Low-Power Wide-Area Network

  • Conference paper
  • First Online:
Cryptology and Network Security (CANS 2017)

Abstract

This paper presents the design and implementation of a low-power privacy-preserving device tracking system based on Internet of Things (IOT) technology. The system consists of low-power nodes and a set of dedicated beacons. Each tracking node broadcasts pseudonyms and encrypted versions of observed beacon identifiers over a Low-Power Wide-Area Network (LPWAN). Unlike most commercial systems, our solution ensures that the device owners are the only ones who can locate their devices. We present a detailed design and validate the result with a prototype implementation that considers power and energy consumption as well as side-channel attacks. Our implementation uses Physically Unclonable Function (PUF) technology for secure key-storage in an innovative way. We build and evaluate a complete demonstrator with off-the-shelf IoT nodes, Bluetooth Low Energy (BLE) beacons, and LoRa long distance communication (LPWAN). We validate the setup for a bicycle tracking application and also estimate the requirements for a low-cost ASIC node.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://forum.pycom.io/topic/1022/root-causes-of-high-deep-sleep-current.

References

  1. Bolt. https://github.com/boltdb/bolt

  2. Estimote. https://estimote.com

  3. Product Datasheet Energizer CR1620. http://data.energizer.com/pdfs/cr1620.pdf. Accessed 01 July 2017

  4. RAPID7. https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities

  5. The Things Network. https://thethingsnetwork.org

  6. Tile. https://www.thetileapp.com

  7. TrackR. https://thetrackr.com/bravo

  8. A2235-H Stack-up Antenna SiRFstarIV Integrated Solution. Datasheet, Maestro (2012)

    Google Scholar 

  9. Proximity Beacon Specification. Specification, Apple (2015)

    Google Scholar 

  10. CC256x Dual-Mode Bluetooth Controller (Rev. E). Datasheet (2016)

    Google Scholar 

  11. SL3S1214 UCODE 7m Rev. 3.3. Datasheet, NXP Semiconductors (2016)

    Google Scholar 

  12. Alomair, B., Clark, A., Cuellar, J., Poovendran, R.: Scalable RFID systems: a privacy-preserving protocol with constant-time identification. IEEE Trans. Parallel Distrib. Syst. 23(8), 1536–1550 (2012)

    Article  Google Scholar 

  13. Andreeva, E., et al.: COLM v1 (2016). https://competitions.cr.yp.to/round3/colmv1.pdf

  14. Avoine, G.: Privacy Issues in RFID Banknote Protection Schemes. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) 6th International Conference on Smart Card Research and Advanced Applications. IFIP International Federation for Information Processing, vol. 153, pp. 33–48. Springer, Boston (2004). https://doi.org/10.1007/1-4020-8147-2_3

    Chapter  Google Scholar 

  15. Avoine, G.: Privacy challenges in RFID. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP -2011. LNCS, vol. 7122, pp. 1–8. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28879-1_1

    Chapter  Google Scholar 

  16. Avoine, G., Beaujeant, A., Hernandez-Castro, J., Demay, L., Teuwen, P.: A survey of security and privacy issues in ePassport protocols. ACM Comput. Surv. 48(3), 47:1–47:37 (2016)

    Article  Google Scholar 

  17. Avoine, G., Bingöl, M.A., Carpent, X., Yalcin, S.B.O.: Privacy-friendly authentication in RFID systems: on sublinear protocols based on symmetric-key cryptography. IEEE Trans. Mob. Comput. 12(10), 2037–2049 (2013)

    Article  Google Scholar 

  18. Avoine, G., Coisel, I., Martin, T.: Untraceability model for RFID. IEEE Trans. Mob. Comput. 13(10), 2397–2405 (2014)

    Article  Google Scholar 

  19. Avoine, G., Oechslin, P.: A scalable and provably secure hash-based RFID protocol. In: 3rd IEEE Conference on Pervasive Computing and Communications Workshops, pp. 110–114 (2005)

    Google Scholar 

  20. Avoine, G., Oechslin, P.: RFID traceability: a multilayer problem. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005). https://doi.org/10.1007/11507840_14

    Chapter  Google Scholar 

  21. Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a PUF-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 556–576. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_28

    Chapter  Google Scholar 

  22. Lazos, L., Alomair, B., Poovendran, R.: Securing low-cost RFID systems: an unconditionally secure approach (2010)

    Google Scholar 

  23. Banik, S., et al.: Midori: a block cipher for low energy. In: 21st International Conference on Advances in Cryptology, pp. 411–436 (2015)

    Chapter  Google Scholar 

  24. Becker, G.T.: Robust fuzzy extractors and helper data manipulation attacks revisited: theory vs practice. Cryptology ePrint Archive, Report 2017/493 (2017). http://eprint.iacr.org/2017/493

  25. Bochem, A., Freeman, K., Schwarzmaier, M., Alfandi, O., Hogrefe, D.: A privacy-preserving and power-efficient bicycle tracking scheme for theft mitigation. In: 2nd IEEE International Conference on Smart Cities, pp. 1–4 (2016)

    Google Scholar 

  26. Borst, J.: Block Ciphers: Design, Analysis and Side-Channel Analysis. Ph.D. thesis, Katholieke Universiteit Leuven (2001). Bart Preneel and Joos Vandewalle (promotors)

    Google Scholar 

  27. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_9

    Chapter  Google Scholar 

  28. Danev, B., Zanetti, D., Capkun, S.: On physical-layer identification of wireless devices. ACM Comput. Surv. 45(1), 6:1–6:29 (2012)

    Article  Google Scholar 

  29. Delvaux, J.: Security Analysis of PUF-Based Key Generation and Entity Authentication. Ph.D. thesis, KU Leuven, June 2017

    Google Scholar 

  30. Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: 13th USENIX Security Symposium, pp. 303–320 (2004)

    Google Scholar 

  31. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)

    Article  MathSciNet  Google Scholar 

  32. Hassidim, A., Matias, Y., Yung, M., Ziv, A.: Ephemeral identifiers: mitigating tracking & spoofing threats BLE beacons (2016)

    Google Scholar 

  33. Henrici, D., Götze, J., Müller, P.: A hash-based pseudonymization infrastructure for RFID systems. In: 2nd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, pp. 22–27 (2006)

    Google Scholar 

  34. Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops, pp. 149–153 (2004)

    Google Scholar 

  35. Henrici, D., Müller, P.: Providing security and privacy in RFID systems using triggered hash chains. In: 6th Annual IEEE International Conference on Pervasive Computing and Communications, pp. 50–59 (2008)

    Google Scholar 

  36. Information - Automatic identification and data capture techniques - QR Code barcode symbology specification. Standard, International Organization for Standardization, vol. 2 (2015)

    Google Scholar 

  37. Juels, A., Pappu, R.: Squealing euros: privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45126-6_8

    Chapter  Google Scholar 

  38. Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: selective blocking of RFID tags for consumer privacy. In: 10th ACM Conference on Computer and Communications Security, pp. 103–111 (2003)

    Google Scholar 

  39. Kang, H., Hori, Y., Katashita, T., Hagiwara, M., Iwamura, K.: Cryptographic key generation from PUF data using efficient fuzzy extractors. In: 16th International Conference on Advanced Communication Technology, pp. 23–26. IEEE, February 2014

    Google Scholar 

  40. Karakoyunlu, D., Sunar, B.: Differential template attacks on PUF enabled cryptographic devices. In: 2nd Workshop on Information Forensics and Security (WIFS 2010), pp. 1–6. IEEE, December 2010

    Google Scholar 

  41. Kocher, P.: Leak-resistant Cryptographic Indexed Key Update (2003). US Patent 6,539,092

    Google Scholar 

  42. Koeberl, P., Maes, R., Rožić, V., van der Leest, V., Van der Sluis, E., Verbauwhede, I.: Experimental evaluation of physically unclonable functions in 65 nm CMOS. In: 38th European Conference on Solid-State Circuits, pp. 486–489, September 2012

    Google Scholar 

  43. Layman, P.A., Chaudhry, S., Norman, J.G., Thomson, J.R.: Electronic fingerprinting of semiconductor integrated circuits, May 2004. US Patent 6738294

    Google Scholar 

  44. Medwed, M., Petit, C., Regazzoni, F., Renauld, M., Standaert, F.-X.: Fresh Re-keying II: securing multiple parties against side-channel and fault attacks. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 115–132. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_8

    Chapter  Google Scholar 

  45. Medwed, M., Standaert, F.-X., Großschädl, J., Regazzoni, F.: Fresh Re-keying: security against side-channel and fault attacks for low-cost devices. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 279–296. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12678-9_17

    Chapter  Google Scholar 

  46. Merli, D., Stumpf, F., Sigl, G.: Protecting PUF error correction by codeword masking. Cryptology ePrint Archive, Report 2013/334 (2013). http://eprint.iacr.org/2013/334

  47. Molnar, D., Wagner, D.A.: Privacy and security in library RFID: issues, practices, and architectures. In: 11th ACM Conference on Computer and Communications Security, pp. 210–219 (2004)

    Google Scholar 

  48. Pycom. LoPy. https://www.pycom.io/product/lopy/

  49. Ristenpart, T., Maganis, G., Krishnamurthy, A., Kohno, T.: Privacy-preserving location tracking of lost or stolen devices: cryptographic techniques and replacing trusted third parties with DHTs. In: 17th USENIX Security Symposium, pp. 275–290 (2008)

    Google Scholar 

  50. Saito, J., Ryou, J.-C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30121-9_84

    Chapter  Google Scholar 

  51. Sharma, V., Cosemans, S., Ashouie, M., Huisken, J., Catthoor, F., Dehaene, W.: Ultra low-energy SRAM design for smart ubiquitous sensors. IEEE Micro 32(5), 10–24 (2012)

    Article  Google Scholar 

  52. Spiekermann, S., Berthold, O.: Maintaining privacy in RFID-enabled environments. In: Robinson, P., Vogt, H., Wagealla, W. (eds.) Privacy, Security and Trust within the Context of Pervasive Computing. The International Series in Engineering and Computer Science, vol. 380, pp. 137–146. Springer, Boston (2005). https://doi.org/10.1007/0-387-23462-4_15

    Chapter  Google Scholar 

  53. van der Leest, V., Preneel, B., van der Sluis, E.: Soft decision error correction for compact memory-based PUFs using a single enrollment. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 268–282. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_16

    Chapter  Google Scholar 

  54. Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-39881-3_18

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank the anonymous reviewers for their feedback, as well as Patrick Tague for acting as our shepherd. This work is the result of collaborative research partially funded by the Attached Institute of ETRI. It was also supported in part by the KU Leuven Research Council through C16/15/058, the European Union’s Horizon 2020 research and innovation programme under grant agreements No 644052 HECTOR and No 644371 WITDOM, ERC Advanced Grant 695305. Pieter Maene is an SB PhD fellow at Research Foundation - Flanders (FWO).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Pieter Maene .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ashur, T. et al. (2018). A Privacy-Preserving Device Tracking System Using a Low-Power Wide-Area Network. In: Capkun, S., Chow, S. (eds) Cryptology and Network Security. CANS 2017. Lecture Notes in Computer Science(), vol 11261. Springer, Cham. https://doi.org/10.1007/978-3-030-02641-7_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02641-7_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02640-0

  • Online ISBN: 978-3-030-02641-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics