Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Let’s now move over and analyze what are the basic building blocks to formulate a public policy on RFID. The first basic building block is technical aspect of RFID, its limitations and its potential. The policy makers must take into account how complex technicality of RFID would effect the policy decisions and criteria while framing public policy on RFID. The second is self regulation by industry which can be mandatory or voluntary depending on the context which we will see later. The third would be bringing some fundamental ethical codes for all the parties concerned to follow. The fourth is bringing legislation mandated by law Fifth and sixth is Branding RFID and educating consumers. There had been negative connotations attached to RFID, exaggerated by print and film media. The consumers must be educated what exactly RFID is about and full scope of potentialities and limitations of the same.
  • There are three major building blocks for framing and public policy , first of them is technical. To make a comprehensive framework the policy makers must try to understand what kind of technical expertise does industry have which would constrain or help in framing the policy satisfying both customers and marketers. The existing technical solutions offered with each pros and cons are : kill tag, faraday cage, active jamming, smart RFID and selective disclosure of information.
  • The second building block is regulation, under regulation we have self regulation which again is bifurcated in two categories depending upon the public concern about privacy and their trust in institutions. High trust and low concern calls for Pure economic approach. Under a pure market approach, it is assumed that consumers prefer to do business with firms that have implemented strong privacy protections and avoid firms that have breached privacy. Since concern for RFID privacy is quite high its difficult to go for this approach. When concern for privacy is quire high and trust is quite low, then it calls for legislation . Legislation refers to the question of defining the appropriate rules, enforcement to when the rules are broken, and adjudication to whether or not a company has violated the privacy rules (Swire 1997). There are good and bad examples of everything from self-regulation to international legislation, and there are no magic bullets. And legislation needn’t mean new legislation – existing laws may provide adequate protection. In the US, the Federal Trade Commission has legal powers to enforce any policies companies publish to consumers, and FTC has used these powers against companies that breach their own privacy policies. In June, FTC took such action against a Californian retailer. This approach is sometimes called ‘co-regulation’: industry agrees it own rules, which are then enforced by government agencies. There are lots of regulatory options, therefore policy makers must go for the one that maximizes the use and benefits of the technology, minimizes the risk of abuse, and looks for the outcome that is in the best interests of the public and the nation. Legislative and Regulatory Solutions - laws should set up independent body capable of continually updating regulations. Constitutional Protection of Data Privacy - Constitutional right of due process protects an individual's liberty interest in privacy to control personal information
  • Respect confidentiality(1, 2 and 8) If the data repository owners or data vendors desires to forward or otherwise share with other agencies (both Government and non-Government) they must make sure it is permissible. If that is somehow impossible, they must strip off all personal and identifying information with the product item purchased by the consumer. Don't "flame" (Commandments 1,10) The data collected must not be edited and be in original format and spirit otherwise it may cause great harm to the customer about whom data is collected. The data delivered electronically is easy to transfer, replicate and modified than any other type of media with potential for long lasting effects. Don't be anonymous (Commandments 1,5,10) Data collectors and repository holders must use the services with proper authentication, unless whistleblowing or otherwise fear recrimination for telling the truth. They must tell when, where and how and for what purpose the data was collected while disseminating the data to third party Don't allow third party to access other’s data Gaining access to another's data is not justifiable unless expressly acting as their agent. Looking at someone's data and information without valid and authentic reasons would be made unlawful. Don't misrepresent or lie Given the issue of the lack of privacy with the data collected by using RFID, the potential exists for a misrepresentation or falsehood to revisit the sender. Follow government’s general guidelines (Commandment 7) The repository owners/managers must check to see if the service provider, or the data solicitor, has RFID privacy policy. If one in place, repository holders must know what is delineated. If not, they must follow the guidelines framed by law. Anything transmitted may be publicly aired if a privacy policy is not in effect. Consider presentation of message (Commandment 10) The repository owners must evaluate the content of data to be disseminated. They must be aware of cultural differences or other issues that may affect the recipient adversely.
  • RFID

    1. 1. <ul><ul><li>&quot; Deployed naïvely, embedding of RFID tags in consumer items presents a serious danger to privacy.&quot; (Ari Juels) </li></ul></ul>RFID Security and Privacy 990916 임재현
    2. 2. Basic Building Blocks <ul><li>Integrated approach for framing RFID Public Policy : </li></ul><ul><ul><li>Technical </li></ul></ul><ul><ul><li>Industry Self-Regulation ( Mandatory vs. Voluntary) </li></ul></ul><ul><ul><li>Ethical approach </li></ul></ul><ul><ul><li>Legislation </li></ul></ul><ul><ul><li>Branding RFID and </li></ul></ul><ul><ul><li>Educating Consumers </li></ul></ul>Public Policy Education Technical Self Regulation Ethics Legislation Branding
    3. 3. Building Block - Technical <ul><li>The “Kill Tag&quot; approach </li></ul><ul><li>The Faraday Cage approach </li></ul><ul><li>The Active Jamming Approach </li></ul><ul><li>The Smart RFID Tag Approach </li></ul><ul><li>Selective disclosure of information </li></ul>
    4. 4. Building Block - The Regulation Approach <ul><li>Self Regulation </li></ul><ul><ul><li>Industry Legislation </li></ul></ul><ul><ul><li>Enforcement and </li></ul></ul><ul><ul><li>Adjudication </li></ul></ul><ul><li>A pure market approach </li></ul><ul><li>Legislation </li></ul>Existing Space Legislation by Law <ul><li>Self </li></ul><ul><li>Regulation </li></ul><ul><li>(Voluntary) </li></ul>Self Regulation (Mandatory) Laissez Faire Public Concern about Privacy Public Trust in Institutions
    5. 5. Building Block - Bringing Ethics <ul><li>Respect confidentiality </li></ul><ul><li>Don't &quot;flame&quot; </li></ul><ul><li>Don't be anonymous </li></ul><ul><li>Don't allow third party to access other’s data </li></ul><ul><li>Don't misrepresent or lie </li></ul><ul><li>Follow government’s general guidelines </li></ul><ul><li>Consider presentation of message </li></ul>
    6. 6. Technical approach to insure security and privacy
    7. 7. The capabilities of basic RFID tags <ul><li>No power </li></ul><ul><ul><li>Receives power from reader </li></ul></ul><ul><ul><li>Range a few meters </li></ul></ul><ul><li>Little memory </li></ul><ul><ul><li>Static 64-to-128-bit identifier in current ultra-cheap generation (five cents / unit) </li></ul></ul><ul><ul><li>Hundreds of bits soon </li></ul></ul><ul><li>Little computational power </li></ul><ul><ul><li>A few thousand gates </li></ul></ul><ul><ul><li>No cryptographic functions available </li></ul></ul><ul><ul><li>Static keys for read/write permission </li></ul></ul>
    8. 8. The Consumer-Privacy Problem
    9. 9. RFID tags will be everywhere … 500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist-party handbook Replacement hip medical part #459382
    10. 10. Simple approaches to consumer privacy Method 1: Place RFID-tags in protective mesh or foil Problem: makes locomotion difficult… perhaps useful for wallets
    11. 11. Simple approaches to consumer privacy Method 2: “ Kill” RFID tags Problem: RFID tags are much too useful…
    12. 12. Other possible uses <ul><li>More efficient mugging </li></ul><ul><li>Fairly easy tracking of people and transactions by anyone! </li></ul><ul><ul><li>Law-enforcement snooping capabilities made freely available </li></ul></ul>“ Just in case you want to know, she’s carrying 700 Euro…”
    13. 13. Ideas
    14. 14. First idea: distance inference <ul><li>Does the energy wave change with distance? </li></ul><ul><li>If so, can we infer distance from wave properties? </li></ul><ul><li>Can we do it robustly? </li></ul><ul><ul><li>RFID signal highly influenced by environment </li></ul></ul><ul><li>Three techniques presented </li></ul><ul><ul><li>1 largely negative result </li></ul></ul><ul><ul><li>1 open for investigation </li></ul></ul><ul><ul><li>1 initially positive result </li></ul></ul>
    15. 15. #1: Look at wave curvature
    16. 16. #2: Look at wave phase <ul><li>Need to compare amongst multiple tags. </li></ul><ul><li>Under investigation </li></ul>
    17. 17. #3: Look at noise <ul><li>Signal/noise goes down with propagation </li></ul><ul><li>Doesn’t require multiple tags </li></ul>
    18. 18. Spoofing <ul><li>Can’t the hostile reader just change its energy signature to match that of a nearby reader? </li></ul><ul><li>NO – you can’t have less than zero noise. You can spoof being farther (but why would you?) but not nearer than you really are. </li></ul><ul><li>Slight enhancement to tag circuitry: enforce maximum range, and/or report reads beyond that range </li></ul><ul><ul><li>And/or turn yourself into a “blocker tag” </li></ul></ul><ul><li>Requires no reader modification </li></ul><ul><li>Requires no protocol modification </li></ul><ul><li>But limited: distant interrogators may be OK, nearby may not be </li></ul>Assuming it works
    19. 19. Second idea: tiered revelation <ul><li>Can we go “Beyond the kill switch”? </li></ul><ul><li>“ The problem with radio frequency ID is that it’s clear how retailers and manufacturers might benefit from attaching smart tags to their products, but it’s utterly unclear how this helps consumers.” (Technology review, 3 Nov 2003) </li></ul><ul><li>Look at scenarios which provide post-purchase direct benefit to consumers </li></ul>
    20. 20. How this works <ul><li>Reader specifies which level it wants </li></ul><ul><li>Tag specifies level of security, and/or amount of energy needed </li></ul><ul><li>Reader proceeds at that level of security </li></ul><ul><li>Respond if and only if get energy and security required </li></ul><ul><li>Only energy increases – rough and simple distance requirement </li></ul><ul><li>Only security increases – as existing protocols </li></ul><ul><li>Both increase – interesting combination to explore </li></ul>Assuming it works <ul><li>Requires changes to readers </li></ul><ul><li>Requires changes to tags </li></ul><ul><li>Requires changes to protocol </li></ul><ul><li>But buys you a much more robust, extensible functionality </li></ul>
    21. 21. Third approach [Juels ’03] : Minimalist cryptography <ul><li>Standard, e.g., Internet “adversarial” model </li></ul><ul><ul><li>System components simultaneously accessible by adversary </li></ul></ul><ul><ul><li>Adversary may interact in unlimited way </li></ul></ul>
    22. 22. Minimalist cryptography <ul><li>RFID adversarial model is different: </li></ul><ul><ul><li>Adversary with full system access can easily break it </li></ul></ul><ul><ul><ul><li>Without cryptography, tags cannot survive attack! </li></ul></ul></ul><ul><ul><li>In real world, adversary must have physical proximity to tags to interact with them </li></ul></ul>
    23. 23. Pseudonym rotation <ul><li>Set of cryptographically unlinkable pseudonyms computed externally by trusted verifier </li></ul><ul><li>Pseudonyms stored on tag </li></ul><ul><ul><ul><li>Limited storage means at most, e.g., 10 pseudonyms </li></ul></ul></ul><ul><li>Tag cycles through pseudonyms </li></ul>“ 74AB8” “ MMW91” = ?
    24. 24. Are several pseudonyms enough? <ul><li>Strengthen restriction on adversarial queries using “throttling” </li></ul><ul><ul><li>Tag enforces pattern of query delays </li></ul></ul><ul><li>Pseudonym refresh </li></ul><ul><ul><li>Valid reader provides new pseudonyms </li></ul></ul><ul><ul><li>Pseudonyms must be protected against eavesdropping and tampering using encryption, but tags cannot do standard cryptography! </li></ul></ul><ul><ul><li>Pseudonyms encrypted using special interleaving of one-time pads </li></ul></ul><ul><li>Getting good model is difficult </li></ul>
    25. 25. Fourth Approach [Juels, Rivest, & Szydlo ‘03]: The “Blocker” Tag
    26. 26. “ Blocker” Tag Blocker simulates all (billions of) possible tag serial numbers!! 1,2,3, …, 2023 pairs of sneakers and… (reading fails)…
    27. 27. Application of pseudonyms and blockers <ul><li>Privacy isn’t just a consumer issue! </li></ul><ul><ul><li>RFID tags make industrial espionage easier in supply chains </li></ul></ul><ul><li>Pseudonym management good for supply chains </li></ul><ul><li>Pseudonym management helps provide anti-cloning </li></ul><ul><li>Blocker most appropriate for privacy protection for consumers </li></ul>
    28. 28. Final remarks <ul><li>Contrast dystopian visions with physical reality of RFID tags: </li></ul><ul><ul><li>Manufacturers struggling with reliability, e.g., UHF tags hard to read near human body! </li></ul></ul><ul><li>RFID tags vs. mobile phones </li></ul><ul><ul><li>Infrastructure ownership </li></ul></ul><ul><ul><li>Nature of information leakage </li></ul></ul><ul><ul><li>Control of on/off </li></ul></ul><ul><ul><li>RFID tags like physical cookies </li></ul></ul><ul><li>Spectrum of RFID devices </li></ul><ul><ul><li>$0.05 vs. $1.00 </li></ul></ul><ul><li>Legislation and technology most effective in concert </li></ul><ul><li>Privacy is just one of many RFID-related security issues! </li></ul><ul><ul><li>As “Extended Internet”, RFID represents extension of traditional security perimeter </li></ul></ul>
    29. 29. Reference <ul><li>RFID, Privacy and the Public Policy Void , Beth Givens, Privacy Rights Clearinghouse </li></ul><ul><li>RFID Privacy Using User-Controllable Uniqueness< Sozo Inoue and Hiroto Yasuura, Kyushu University </li></ul><ul><li>Interaction of RFID Technology and Public Policy , Rakesh Kumar, Wipro Technologies </li></ul><ul><li>Cryptographic Approach to a Privacy Friendly Tag Miyako Ohkubo, Koutarou Suzuki and Shingo Kinoshita, NTT Laboratories </li></ul><ul><li>Enhancing RFID Privacy through Antenna Energy Analysis Kenneth P. Fishkin, Intel and Sumit Roy, University of Washington </li></ul><ul><li>RFID Tags: Privacy and Security without Cryptography Ari Juels, RSA Laboratories </li></ul>