Abstract
This paper presents the design and implementation of a low-power privacy-preserving device tracking system based on Internet of Things (IOT) technology. The system consists of low-power nodes and a set of dedicated beacons. Each tracking node broadcasts pseudonyms and encrypted versions of observed beacon identifiers over a Low-Power Wide-Area Network (LPWAN). Unlike most commercial systems, our solution ensures that the device owners are the only ones who can locate their devices. We present a detailed design and validate the result with a prototype implementation that considers power and energy consumption as well as side-channel attacks. Our implementation uses Physically Unclonable Function (PUF) technology for secure key-storage in an innovative way. We build and evaluate a complete demonstrator with off-the-shelf IoT nodes, Bluetooth Low Energy (BLE) beacons, and LoRa long distance communication (LPWAN). We validate the setup for a bicycle tracking application and also estimate the requirements for a low-cost ASIC node.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Estimote. https://estimote.com
Product Datasheet Energizer CR1620. http://data.energizer.com/pdfs/cr1620.pdf. Accessed 01 July 2017
The Things Network. https://thethingsnetwork.org
TrackR. https://thetrackr.com/bravo
A2235-H Stack-up Antenna SiRFstarIV Integrated Solution. Datasheet, Maestro (2012)
Proximity Beacon Specification. Specification, Apple (2015)
CC256x Dual-Mode Bluetooth Controller (Rev. E). Datasheet (2016)
SL3S1214 UCODE 7m Rev. 3.3. Datasheet, NXP Semiconductors (2016)
Alomair, B., Clark, A., Cuellar, J., Poovendran, R.: Scalable RFID systems: a privacy-preserving protocol with constant-time identification. IEEE Trans. Parallel Distrib. Syst. 23(8), 1536–1550 (2012)
Andreeva, E., et al.: COLM v1 (2016). https://competitions.cr.yp.to/round3/colmv1.pdf
Avoine, G.: Privacy Issues in RFID Banknote Protection Schemes. In: Quisquater, J.J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) 6th International Conference on Smart Card Research and Advanced Applications. IFIP International Federation for Information Processing, vol. 153, pp. 33–48. Springer, Boston (2004). https://doi.org/10.1007/1-4020-8147-2_3
Avoine, G.: Privacy challenges in RFID. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP -2011. LNCS, vol. 7122, pp. 1–8. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28879-1_1
Avoine, G., Beaujeant, A., Hernandez-Castro, J., Demay, L., Teuwen, P.: A survey of security and privacy issues in ePassport protocols. ACM Comput. Surv. 48(3), 47:1–47:37 (2016)
Avoine, G., Bingöl, M.A., Carpent, X., Yalcin, S.B.O.: Privacy-friendly authentication in RFID systems: on sublinear protocols based on symmetric-key cryptography. IEEE Trans. Mob. Comput. 12(10), 2037–2049 (2013)
Avoine, G., Coisel, I., Martin, T.: Untraceability model for RFID. IEEE Trans. Mob. Comput. 13(10), 2397–2405 (2014)
Avoine, G., Oechslin, P.: A scalable and provably secure hash-based RFID protocol. In: 3rd IEEE Conference on Pervasive Computing and Communications Workshops, pp. 110–114 (2005)
Avoine, G., Oechslin, P.: RFID traceability: a multilayer problem. In: Patrick, A.S., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005). https://doi.org/10.1007/11507840_14
Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a PUF-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 556–576. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_28
Lazos, L., Alomair, B., Poovendran, R.: Securing low-cost RFID systems: an unconditionally secure approach (2010)
Banik, S., et al.: Midori: a block cipher for low energy. In: 21st International Conference on Advances in Cryptology, pp. 411–436 (2015)
Becker, G.T.: Robust fuzzy extractors and helper data manipulation attacks revisited: theory vs practice. Cryptology ePrint Archive, Report 2017/493 (2017). http://eprint.iacr.org/2017/493
Bochem, A., Freeman, K., Schwarzmaier, M., Alfandi, O., Hogrefe, D.: A privacy-preserving and power-efficient bicycle tracking scheme for theft mitigation. In: 2nd IEEE International Conference on Smart Cities, pp. 1–4 (2016)
Borst, J.: Block Ciphers: Design, Analysis and Side-Channel Analysis. Ph.D. thesis, Katholieke Universiteit Leuven (2001). Bart Preneel and Joos Vandewalle (promotors)
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_9
Danev, B., Zanetti, D., Capkun, S.: On physical-layer identification of wireless devices. ACM Comput. Surv. 45(1), 6:1–6:29 (2012)
Delvaux, J.: Security Analysis of PUF-Based Key Generation and Entity Authentication. Ph.D. thesis, KU Leuven, June 2017
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: 13th USENIX Security Symposium, pp. 303–320 (2004)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Hassidim, A., Matias, Y., Yung, M., Ziv, A.: Ephemeral identifiers: mitigating tracking & spoofing threats BLE beacons (2016)
Henrici, D., Götze, J., Müller, P.: A hash-based pseudonymization infrastructure for RFID systems. In: 2nd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, pp. 22–27 (2006)
Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops, pp. 149–153 (2004)
Henrici, D., Müller, P.: Providing security and privacy in RFID systems using triggered hash chains. In: 6th Annual IEEE International Conference on Pervasive Computing and Communications, pp. 50–59 (2008)
Information - Automatic identification and data capture techniques - QR Code barcode symbology specification. Standard, International Organization for Standardization, vol. 2 (2015)
Juels, A., Pappu, R.: Squealing euros: privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45126-6_8
Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: selective blocking of RFID tags for consumer privacy. In: 10th ACM Conference on Computer and Communications Security, pp. 103–111 (2003)
Kang, H., Hori, Y., Katashita, T., Hagiwara, M., Iwamura, K.: Cryptographic key generation from PUF data using efficient fuzzy extractors. In: 16th International Conference on Advanced Communication Technology, pp. 23–26. IEEE, February 2014
Karakoyunlu, D., Sunar, B.: Differential template attacks on PUF enabled cryptographic devices. In: 2nd Workshop on Information Forensics and Security (WIFS 2010), pp. 1–6. IEEE, December 2010
Kocher, P.: Leak-resistant Cryptographic Indexed Key Update (2003). US Patent 6,539,092
Koeberl, P., Maes, R., Rožić, V., van der Leest, V., Van der Sluis, E., Verbauwhede, I.: Experimental evaluation of physically unclonable functions in 65 nm CMOS. In: 38th European Conference on Solid-State Circuits, pp. 486–489, September 2012
Layman, P.A., Chaudhry, S., Norman, J.G., Thomson, J.R.: Electronic fingerprinting of semiconductor integrated circuits, May 2004. US Patent 6738294
Medwed, M., Petit, C., Regazzoni, F., Renauld, M., Standaert, F.-X.: Fresh Re-keying II: securing multiple parties against side-channel and fault attacks. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 115–132. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_8
Medwed, M., Standaert, F.-X., Großschädl, J., Regazzoni, F.: Fresh Re-keying: security against side-channel and fault attacks for low-cost devices. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 279–296. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12678-9_17
Merli, D., Stumpf, F., Sigl, G.: Protecting PUF error correction by codeword masking. Cryptology ePrint Archive, Report 2013/334 (2013). http://eprint.iacr.org/2013/334
Molnar, D., Wagner, D.A.: Privacy and security in library RFID: issues, practices, and architectures. In: 11th ACM Conference on Computer and Communications Security, pp. 210–219 (2004)
Pycom. LoPy. https://www.pycom.io/product/lopy/
Ristenpart, T., Maganis, G., Krishnamurthy, A., Kohno, T.: Privacy-preserving location tracking of lost or stolen devices: cryptographic techniques and replacing trusted third parties with DHTs. In: 17th USENIX Security Symposium, pp. 275–290 (2008)
Saito, J., Ryou, J.-C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30121-9_84
Sharma, V., Cosemans, S., Ashouie, M., Huisken, J., Catthoor, F., Dehaene, W.: Ultra low-energy SRAM design for smart ubiquitous sensors. IEEE Micro 32(5), 10–24 (2012)
Spiekermann, S., Berthold, O.: Maintaining privacy in RFID-enabled environments. In: Robinson, P., Vogt, H., Wagealla, W. (eds.) Privacy, Security and Trust within the Context of Pervasive Computing. The International Series in Engineering and Computer Science, vol. 380, pp. 137–146. Springer, Boston (2005). https://doi.org/10.1007/0-387-23462-4_15
van der Leest, V., Preneel, B., van der Sluis, E.: Soft decision error correction for compact memory-based PUFs using a single enrollment. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 268–282. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_16
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-39881-3_18
Acknowledgements
We would like to thank the anonymous reviewers for their feedback, as well as Patrick Tague for acting as our shepherd. This work is the result of collaborative research partially funded by the Attached Institute of ETRI. It was also supported in part by the KU Leuven Research Council through C16/15/058, the European Union’s Horizon 2020 research and innovation programme under grant agreements No 644052 HECTOR and No 644371 WITDOM, ERC Advanced Grant 695305. Pieter Maene is an SB PhD fellow at Research Foundation - Flanders (FWO).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Ashur, T. et al. (2018). A Privacy-Preserving Device Tracking System Using a Low-Power Wide-Area Network. In: Capkun, S., Chow, S. (eds) Cryptology and Network Security. CANS 2017. Lecture Notes in Computer Science(), vol 11261. Springer, Cham. https://doi.org/10.1007/978-3-030-02641-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-02641-7_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02640-0
Online ISBN: 978-3-030-02641-7
eBook Packages: Computer ScienceComputer Science (R0)