Abstract
A basic radio-frequency identification (RFID) tag is a small and inexpensive microchip that emits a static identifier in response to a query from a nearby reader. Basic tags of the “smart-label” variety are likely to serve as a next-generation replacement for barcodes. This would introduce a strong potential for various forms of privacy infringement, such as invasive physical tracking and inventorying of individuals.
Researchers have proposed several types of external devices of moderate-to-high computational ability that interact with RFID devices with the aim of protecting user privacy. In this paper, we propose a new design principle for a personal RFID-privacy device. We refer to such a device as a REP (RFID Enhancer Proxy).
Briefly stated, a REP assumes the identities of tags and simulates them by proxy. By merit of its greater computing power, the REP can enforce more sophisticated privacy policies than those available in tags. (As a side benefit, it can also provide more flexible and reliable communications in RFID systems.) Previous, similar systems have been vulnerable to a serious attack, namely malicious exchange of data between RFID tags. An important contribution of our proposal is a technique that helps prevent this attack, even when tags do not have access-control features.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Danezis, G.: Personal communications (2003)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Fishkin, K.P., Roy, S., Jiang, B.: Some methods for privacy in RFID communication. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, vol. 3313, pp. 42–53. Springer, Heidelberg (2005)
Floerkemeier, C., Schneider, R., Langheinrich, M.: Scanning with a purpose – supporting the fair information principles in RFID protocols. In: Murakami, H., Nakashima, H., Tokuda, H., Yasumura, M. (eds.) UCS 2004. LNCS, vol. 3598, pp. 214–231. Springer, Heidelberg (2005), Available at: http://www.vs.inf.ethz.ch/publ/?author=floerkem
Garfinkel, S.: An RFID Bill of Rights. Technology Review, 35 (October 2002)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)
Juels, A.: Strengthening EPC tags against cloning (in submission, 2004), Referenced at: rfid-security.com
Juels, A.: ‘Yoking-proofs’ for RFID tags. In: PerCom Workshops 2004, pp. 138–143. IEEE Computer Society Press, Los Alamitos (2004)
Juels, A., Brainard, J.: Soft blocking: Flexible blocker tags on the cheap. In: De Capitani di Vimercati, S., Syverson, P. (eds.) Wireless Privacy in the Electronic Society (WPES 2004), pp. 1–8. ACM Press, New York (2004)
Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Atluri, V. (ed.) 8th ACM Conference on Computer and Communications Security, pp. 103–111. ACM Press, New York (2003)
Juels, A.: Minimalist Cryptography for RFID Tags. In: Blundo, C., Cimato, S. (eds.) Security in Communication Networks, pp. 149–164. Springer, Heidelberg (2004)
AutoID Labs. 860 MHz-960 Mhz class 1 radio frequency identification tag radio frequency and logical communication interface specification recommended standard, version 1.0.0. Technical Report MIT-AUTOID-WH-007, Auto-ID Labs (2002), Referenced in 2005 at: http://www.autoidlabs.com
McCullagh, D.: RFID tags: Big Brother in small packages. CNet, (January 13, 2003), Available at: http://news.com.com/2010-1069-980325.html
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Pfitzmann, B., McDaniel, P. (eds.) ACM CCS, pp. 210–219 (2004)
Nokia unveils RFID phone reader. RFID Journal (March 17, 2004), Available at: http://www.rfidjournal.com/article/view/834
Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Protocols using anonymous connections: Mobile applications. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 13–23. Springer, Heidelberg (1998), Available at: http://chacs.nrl.navy.mil/publications/CHACS/1997/
Sarma, S.E., Weis, S.A., Engels, D.W.: Radio-frequency identification systems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)
Sarma, S.E.: Towards the five-cent tag. Technical Report MIT-AUTOID-WH-2006, MIT Auto ID Center (2001), Available from: http://www.epcglobalinc.org
Stajano, F., Anderson, R.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–194. Springer, Heidelberg (2000)
Stanley, J.: Chip away at privacy: Library tracking system spawns Big Brother ire. San Francisco Chronicle (July 2, 2004)
Stapleton-Gray, R.: Would Macy’s scan Gimbels? competitive intelligence and RFID. Technical report, Stapleton-Gray & Associates, Inc. (2003), Available at: http://www.stapleton-gray.com/papers/ci-20031027.PDF
Takaragi, K., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An ultra small individual recognition security chip. IEEE Micro 21(6), 43–49 (2001)
Tanenbaum, A., Gaydadjiev, G., Crispo, B., Rieback, M., Stafylarakis, D., Zhang, C.: The RFID Guardian project, URL: http://www.cs.vu.nl/~melanie/rfid_guardian/people.html
Tuchinda, R.: Security and privacy in the intelligent room. Master’s thesis, MIT (May 15, 2002)
Weis, S.A., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Juels, A., Syverson, P., Bailey, D. (2006). High-Power Proxies for Enhancing RFID Privacy and Utility. In: Danezis, G., Martin, D. (eds) Privacy Enhancing Technologies. PET 2005. Lecture Notes in Computer Science, vol 3856. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767831_14
Download citation
DOI: https://doi.org/10.1007/11767831_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34745-3
Online ISBN: 978-3-540-34746-0
eBook Packages: Computer ScienceComputer Science (R0)