Privacy and security in library RFID

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Privacy and security in library RFID: issues, practices, and architectures

Full text

Pdf (241 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 11th ACM conference on Computer and communications security table of contents

Washington DC, USA

SESSION: Privacy table of contents

Pages: 210 - 219

Year of Publication: 2004

ISBN:1-58113-961-6

Authors

David Molnar	University of California at Berkeley
David Wagner	University of California at Berkeley

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 79, Downloads (12 Months): 807, Citation Count: 33

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1030083.1030112 What is a DOI?

ABSTRACT

We expose privacy issues related to Radio Frequency Identification (RFID) in libraries, describe current deployments, and suggest novel architectures for library RFID. Libraries are a fast growing application of RFID; the technology promises to relieve repetitive strain injury, speed patron self-checkout, and make possible comprehensive inventory. Unlike supply-chain RFID, library RFID requires item-level tagging, thereby raising immediate patron privacy issues. Current conventional wisdom suggests that privacy risks are negligible unless an adversary has access to library databases. We show this is not the case. In addition, we identify private authentication as a key technical issue: how can a reader and tag that share a secret efficiently authenticate each other without revealing their identities to an adversary? Previous solutions to this problem require reader work linear in the number of tags. We give a general scheme for building private authentication with work logarithmic in the number of tags, given a scheme with linear work as a sub protocol. This scheme may be of independent interest beyond RFID applications. We also give a simple scheme that provides security against a passive eavesdropper using XOR alone, without pseudo-random functions or other heavy crypto operations.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	3M. eTattler newsletter, January 2004. http://cms. 3m.com/cms/US/en/0-257/kkruuFX/viewimage.jhtml.
	2	Martin Abadi and Cedric Fournet. Hiding names: Private authentication in the applied pi calculus. In Software Security Theories and Systems. Mext-NSF-JSPS International Symposium (ISSS'02), pages 317--338. Springer-Verlag, 2003.
	3	Richard Boss. Library RFID technology. Library Technology Reports, Nov/Dec 2003.
	4	Vinod Chachra and Daniel McPherson. Personal privacy and use of RFID technology in libraries, October 2003. http://www.vtls.com/documents/privacy.pdf.
	5	EPCGlobal Consortium. EPC 868-915Mhz tag Class 1 candidate recommendation, 2004. http://www.epcglobalinc.org/standards_technology/Secure/v1.0/UHF-class1%.pdf.
	6	EPCGlobal Consortium. EPC 900Mhz tag Class 0 standard, 2004. http://www.epcglobalinc.org/standards_technology/Secure/v1.0/UHF-class0%.pdf.
	7	EPCGlobal Consortium. EPC ISM Band 13.56MHz Class 1 candidate recommendation, 2004. http://www.epcglobalinc.org/standards_technology/Secure/v1.0/HF-Class1.%pdf.
	8	FBI Counterterrorism Division. FBI intelligence memo no. 102, December 2002. http://cryptome.quintessenz.org/mirror/fbi-almanacs.htm.
	9	Charles Doyle. Libraries and the USA PATRIOT act, 2003.
	10	Phillips Electronics. ICode SLI data sheet, 2004. http://www.semiconductors.philips.com/acrobat/other/identification/sl2i%cs20-fact-sheet.pdf.
	11	Klaus Finkenzeller. RFID Handbook. John Wiley and Sons, 2003.
	12	Kenneth Fishkin and Sumit Roy. Enhancing RFID privacy through antenna energy analysis. In MIT RFID Privacy Workshop, 2003. http://www.rfidprivacy.org/papers/fishkin.pdf.
	13	Simson Garnkel. Adapting fair information practices to low cost RFID systems. In Privacy in Ubiquitous Computing Workshop, 2002. http://www.simson.net/clips/academic/2000_Ubicomp_RFID.pdf.
	14	Craig Gentry and Zulkar Ramzan. Personal communication, 2004.
	15	Lukas Grunwalds. Rf-dump, 2004.
	16	D. Harkins and D. Carrel. Internet key exchange rfc 2409, 1998. http://www.faqs.org/rfcs/rfc2409.html.
	17	Sozo Inoue and Hiroto Yasuura. RFID privacy using user-controllable uniqueness. In RFID Privacy Workshop, MIT, 2003. http: //www.rfidprivacy.org/papers/sozo_inoue.pdf.
	18	ISO/IEC JTC 1/SC 31/WG 4. Information technology AIDC techniques - RFID for item management Part 3: - Parameters for air interface communications at 13.56 MHz, 2004. Version N681R.

CITED BY 33

	Yasunobu Nohara , Sozo Inoue , Kensuke Baba , Hiroto Yasuura, Quantitative evaluation of unlinkable ID matching schemes, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA
	Giuseppe Ateniese , Jan Camenisch , Breno de Medeiros, Untraceable RFID tags via insubvertible encryption, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Ari Juels, Strengthening EPC tags against cloning, Proceedings of the 4th ACM workshop on Wireless security, September 02-02, 2005, Cologne, Germany
	Sindhu Karthikeyan , Mikhail Nesterenko, RFID security without extensive cryptography, Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks, November 07-07, 2005, Alexandria, VA, USA
	Günter Karjoth , Paul A. Moskowitz, Disabling RFID tags with visible confirmation: clipped tags are silenced, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA
	T. Scott Saponas , Jonathan Lester , Carl Hartung , Sameer Agarwal , Tadayoshi Kohno, Devices that tell on you: privacy trends in consumer ubiquitous computing, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
	Boyeon Song , Chris J. Mitchell, RFID authentication protocol for low-cost tags, Proceedings of the first ACM conference on Wireless network security, March 31-April 02, 2008, Alexandria, VA, USA
	Alex K. Jones , Raymond Hoare , Swapna Dontharaju , Shenchih Tung , Ralph Sprang , Joshua Fazekas , James T. Cain , Marlin H. Mickle, An automated, FPGA-based reconfigurable, low-power RFID tag, Microprocessors & Microsystems, v.31 n.2, p.116-134, March, 2007
	Hung-Yu Chien , Che-Hao Chen, Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards, Computer Standards & Interfaces, v.29 n.2, p.254-259, February, 2007
	Yingjiu Li , Xuhua Ding, Protecting RFID communications in supply chains, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Amelia Masters , Katina Michael, Lend me your arms: The use and implications of humancentric RFID, Electronic Commerce Research and Applications, v.6 n.1, p.29-39, January, 2007
	Xiaolan Zhang , Brian King, An anti-counterfeiting RFID privacy protection protocol, Journal of Computer Science and Technology, v.22 n.3, p.438-448, May 2007
	A. Soppera , T. Burbridge, Wireless identification -- privacy and security, BT Technology Journal, v.23 n.4, p.54-64, October 2005
	Hung-Yu Chien, SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity, IEEE Transactions on Dependable and Secure Computing, v.4 n.4, p.337-340, October 2007
	Yalin Chen , Jue-Sam Chou , Hung-Min Sun, A novel mutual authentication scheme based on quadratic residues for RFID systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.12, p.2373-2380, August, 2008
	Radu-Ioan Paise , Serge Vaudenay, Mutual authentication in RFID: security and privacy, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
	Daniel V. Bailey , Dan Boneh , Eu-Jin Goh , Ari Juels, Covert channels in privacy-preserving identification systems, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Swapna Dontharaju , Shenchih Tung , James T. Cain , Leonid Mats , Marlin H. Mickle , Alex K. Jones, A design automation and power estimation flow for RFID systems, ACM Transactions on Design Automation of Electronic Systems (TODAES), v.14 n.1, p.1-31, January 2009
	Leonid Bolotnyy , Gabriel Robins, Multi-tag RFID systems, International Journal of Internet Protocol Technology, v.2 n.3/4, p.218-231, December 2007
	Alex K. Jones , Swapna Dontharaju , Shenchih Tung , Leo Mats , Peter J. Hawrylak , Raymond R. Hoare , James T. Cain , Marlin H. Mickle, Radio frequency identification prototyping, ACM Transactions on Design Automation of Electronic Systems (TODAES), v.13 n.2, p.1-22, April 2008
	Alexei Czeskis , Karl Koscher , Joshua R. Smith , Tadayoshi Kohno, RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	N. W. Lo , Kuo-Hui Yeh , Chan Yeob Yeun, New mutual agreement protocol to secure mobile RFID-enabled devices, Information Security Tech. Report, v.13 n.3, p.151-157, August, 2008
	Tassos Dimitriou, rfidDOT: RFID delegation and ownership transfer made simple, Proceedings of the 4th international conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey
	Selim Volkan Kaya , Erkay Savaş , Albert Levi , Özgür Erçetin, Public key cryptography based privacy preserving multi-context RFID infrastructure, Ad Hoc Networks, v.7 n.1, p.136-152, January, 2009
	Bo Sun , Yang Xiao , Chung Chih Li , Hsiao-Hwa Chen , T. Andrew Yang, Security co-existence of wireless sensor networks and RFID for pervasive computing, Computer Communications, v.31 n.18, p.4294-4303, December, 2008
	Pedro Peris-Lopez , Julio Cesar Hernandez-Castro , Juan M. Estevez-Tapiador , Arturo Ribagorda, LAMED - A PRNG for EPC Class-1 Generation-2 RFID specification, Computer Standards & Interfaces, v.31 n.1, p.88-97, January, 2009
	Yang Cui , Kazukuni Kobara , Kanta Matsuura , Hideki Imai, Lightweight Privacy-Preserving Authentication Protocols Secure against Active Attack in an Asymmetric Way, IEICE - Transactions on Information and Systems, v.E91-D n.5, p.1457-1465, May 2008
	Shaoying Cai , Yingjiu Li , Tieyan Li , Robert H. Deng, Attacks and improvements to an RIFD mutual authentication protocol and its extensions, Proceedings of the second ACM conference on Wireless network security, March 16-19, 2009, Zurich, Switzerland
	Julien Bringer , Hervé Chabanne , Thomas Icart, Efficient zero-knowledge identification schemes which respect privacy, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
	Angela Repanovici , Mihai Turcanu , Luciana Cristea , Mihaela Baritz , Ioana Moisil, Smart library: RFID implementation in libraries, Proceedings of the 8th WSEAS international conference on Artificial intelligence, knowledge engineering and data bases, p.523-526, February 21-23, 2009, Cambridge, UK
	Alex X. Liu , LeRoy A. Bailey, PAP: A privacy and authentication protocol for passive RFID tags, Computer Communications, v.32 n.7-10, p.1194-1199, May, 2009
	Marc Langheinrich, A survey of RFID privacy approaches, Personal and Ubiquitous Computing, v.13 n.6, p.413-421, August 2009
	Santi Martínez , Magda Valls , Concepció Roig , Josep M. Miret , Francesc Giné, A secure elliptic curve-based RFID protocol, Journal of Computer Science and Technology, v.24 n.2, p.309-318, March 2009