Presentation is loading. Please wait.

Presentation is loading. Please wait.

RFID Privacy Using User-controllable Uniqueness Sozo INOUE, Hiroto YASUURA System LSI Research Center, Grad. Sch. Information Science & Electrical Engineering,

Published byAron Craig Modified over 9 years ago

Similar presentations

Presentation on theme: "RFID Privacy Using User-controllable Uniqueness Sozo INOUE, Hiroto YASUURA System LSI Research Center, Grad. Sch. Information Science & Electrical Engineering,"— Presentation transcript:

1 RFID Privacy Using User-controllable Uniqueness Sozo INOUE, Hiroto YASUURA System LSI Research Center, Grad. Sch. Information Science & Electrical Engineering, Kyushu Univ., Japan

2 2 New! Suppose: Ad.: Super RFID chips protect complete privacy! ……..Really? How can we believe? → the Visibility of Privacy Protection!

3 3 How? Visibility? Fully-automatic approach is not appropriate. How to 1: –Users can have something to do in a way they can trust. How to 2: –Physical “ key ” device to control the privacy. e.g. Blocker tags

4 4 The Digitally Named World Unique nouns to any products by RFID tags: Semiconductor technology Correspondence between name (virtual) and entity (real) : RF and Network technology Automatic updates of the states, locations : Database technology Traceable World : Efficiency (easy retrieval) and Security (no counterfeit) RFID tags (with ID s) DB Real World Wireless Communicat ion Readers The Network Virtual World

5 5 Privacy on Objects? Usually, no privacy on objects themselves. However, privacy occurs when an object and a user are related. This can be occur without RFIDs.

6 6 Relationship between RFIDs & Users 1.The virtual world: e.g. –Amazon.com relates a book ID and its consumer in the Customer database 2.The real world: e.g. Objects located in a private room. A book ID is detected by a ticket gate where the user is. Customer DB OwnerRFID

7 7 Relationship between Objects & RFIDs 1.If we have open relationship like EPC code, pessimistic 2.Even without the open relationship, Repeated reads expand the privacy of the real word.  Linkable A ticket gate can know where the object was located. Savant, ONS,PML… RFIDBook

8 8 Cryptography is powerful, but, … Too costly, and too automatic Is there a solution without cryptography?

9 9 A Hint: Exam. Result (in Japan)

10 10 Lessons Do not encrypt IDs, but, Localize the ID: making IDs be defined by users Our approach –1 st : Localize the ID on rewritable memory –2 nd : Localize the ID using physically separated RFID tags

11 11 1 st Approach 110110010 ・・・・ ROM Rewritable Public-ID mode : 110110010 ・・・・ 001010 ・・・・ ROM Rewritable Private-ID mode : Combination of ROM and rewritable memory on an RFID tag globally unique ID on the ROM localized ID on the rewritable memory (EEPROM, FRAM) Users cannot access the ROM when a private ID is set.

12 12 1 st Approach Public-ID mode : –Any users can identify the product. Private-ID mode : –The owner decides the private ID value. Only the owner can identify, and can relate the private ID and the public ID. Avoids Linkability by visibly changing the private ID. Low cost than implementing crypto. Production Distribution, Retail User Services 110110010 ・・・・ Public mode 110110010 ・・・・ Public mode Recycle 110110010 ・・・・ 001010 ・・・・ Private mode 110110010 ・・・・ 111010 ・・・・ Memory update

13 13 2 nd Approach To a Consumer 101101001……101 Globally Unique ID Class IDPure ID Option 1: Option 2: …101 101101001… To a Consumer 011010… User-defined Class ID (Rewritable) …101 011010… User-defined Class ID (Rewritable) Killed Class ID: the field related the object type. Pure ID: the field to identify the object in the type.

14 14 2 nd Approach The owner can identify, Other users cannot, from user-defined Class ID and Pure ID. The users who can see the object may identify: on-site identification –A repairer can know the product type (sometimes from the barcode) and identify from the Pure ID. Privacy is protected by default (without the owners ’ labor) –Object cannot be identified only by Pure ID. Privacy is visible by physically-separated RFID tags. No more special RFID tags.

15 15 IDs Conflict Future solution: Location + ID= unique. If not (seldom, if ever), you have to check on site. –Distinguish by looking, and change the ID manually.

16 16 Compared to Crypto. Approach 1 st Approach2 nd ApproachCrypto. Approach Anonymity on site Anonymity from remote Visibility of Privacy ID Manipulation Secure Rewrite Secure Rewrite Linkability Secure Rewrite ID Conflicts Cost

17 17 Concluding Summary 1.The Visibility of Privacy Protection 2.ID Localization Approach 1.Combination of ROM and Rewritable memory 2.Physical-ID Separation Not necessarily cryptographic. Visible to the owner and Low Cost. 3.Future Work: System level solution for ID conflicts: Technology for Semi-AUTO-ID: e.g. Location + ID = Unique 2 nd approach: how to associate a Class RFID and a Pure RFID when there are multiple ones in a range?

Download ppt "RFID Privacy Using User-controllable Uniqueness Sozo INOUE, Hiroto YASUURA System LSI Research Center, Grad. Sch. Information Science & Electrical Engineering,"

Similar presentations

RFID Access Control System March, 2003 Softrónica.

RFID Access Control System March, 2003 Softrónica.
RFID IN UNIVERSITY OF JAMMU RFID is used in libraries primarily to automate the book handling process including checkout, inventory maintenance, and check-in.

RFID IN UNIVERSITY OF JAMMU RFID is used in libraries primarily to automate the book handling process including checkout, inventory maintenance, and check-in.
RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
preventing counterfeit …

preventing counterfeit …
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
SCORINGPETS The world’s first and only universal tag traceback system Developed by ScoringSystem, Inc www.ScoringPets.com.

SCORINGPETS The world’s first and only universal tag traceback system Developed by ScoringSystem, Inc
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
RFID-based Logistics Information Service with Semantic Web DaeWon Park and HyukChul Kwon 2005.08.27.

RFID-based Logistics Information Service with Semantic Web DaeWon Park and HyukChul Kwon
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
RFIDs and the Future Logistic System Dr. Hayden So Department of Electrical and Electronic Engineering 17 Sep, 2008.

RFIDs and the Future Logistic System Dr. Hayden So Department of Electrical and Electronic Engineering 17 Sep, 2008.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
RFID Security and Privacy Part 2: security example.

RFID Security and Privacy Part 2: security example.
Radio-Frequency Identification (RFID) Andrew Bowdle MD, PhD Professor of Anesthesiology and Pharmaceutics Chief of the Division of Cardiothoracic Anesthesiology.

Radio-Frequency Identification (RFID) Andrew Bowdle MD, PhD Professor of Anesthesiology and Pharmaceutics Chief of the Division of Cardiothoracic Anesthesiology.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.

Similar presentations

Ads by Google