Radio Frequency Identification (RFID) technology raises significant privacy issues because it enables tracking of items and people possibly without their knowledge or consent. One of the biggest challenges for RFID technology is to provide privacy protection without raising tag production and management cost. We introduce a new architecture that uses trusted computing primitives to solve this problem. Our design splits the RFID reader into three software modules: a Reader Core with basic functionality, a Policy Engine that controls the use of RFID-derived data, and a Consumer Agent that performs privacy audits on the RFID reader and exports audit results to third party auditors. Readers use remote attestation to prove they are running a specific Reader Core, Policy Engine, and Consumer Agent. As a result, remote attestation allows concerned individuals to verify that RFID readers comply with privacy regulations, while also allowing the reader owner to verify that the reader has not been compromised.Furthermore, industry standards bodies have suggested several mechanisms to protect privacy in which authorized readers use a shared secret to authenticate themselves to the tag. These standards have not fully addressed issues of key management. First, how is the shared secret securely provided to the legitimate reader? Second, how do we guarantee that the reader will comply with a specific privacy policy? We show how, with remote attestation, the key-issuing authority can demand such a proof before releasing shared secrets to the reader. We also show how sealed storage can protect secrets even if the reader is compromised. Finally, we sketch how our design could be implemented today using existing RFID reader hardware.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	David Chaum , Torben P. Pedersen, Wallet Databases with Observers, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.89-105, August 16-20, 1992
	2	Martin Feldhofer, Sandra Dominikus, and Johannes Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In CHES, 2004.
	3	Christian Floerkemeier, Roland Schneider, and Marc Langheinrich. Scanning with a purpose - supporting the fair information principles in RFID protocols. In Hitomi Murakami, Hideyuki Nakashima, Hideyuki Tokuda, and Michiaki Yasumura, editors, Ubiquitious Computing Systems. Revised Selected Papers from the 2nd International Symposium on Ubiquitous Computing Systems (UCS 2004), November 8-9, 2004, Tokyo, Japan, volume 3598 of Lecture Notes in Computer Science, Berlin, Germany, June 2005. Springer-Verlag.
	4	T. Garfinkel, M. Rosenblum, and D. Boneh. Flexible OS support and applications for trusted computing. In HotOS-IX, 2003.
	5	Trusted Computing Group. Trusted computing platform module specification v1.1, 2005.
	6	Ed Hardy. Intel unveils next-generation XScale processors, 2004. http://www.brighthand.com/article/Intel_Unveils_PXA270_XScale_Processors.
	7	IBM. IBM Trusted Linux, 2005. http://www.research.ibm.com/gsal/tcpa/.
	8	Ari Juels. A bit of privacy, 2005. http://www.rfidjournal. com/article/articleview/1536/1/133/.
	9	Ari Juels , John Brainard, Soft blocking: flexible blocker tags on the cheap, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, October 28-28, 2004, Washington DC, USA  [doi>10.1145/1029179.1029181]
	10	Günter Karjoth , Matthias Schunter , Els Van Herreweghen, Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.135, June 04-06, 2003
	11	C. Karlof, Y. Li, and E. Ong. Using trustworthy computing to enhance privacy, 2002. http://www.cs.berkeley.edu/~daw/teaching/cs261-f02/reports/karlof.ps.
	12	John Marchesini , Sean W. Smith , Omen Wild , Josh Stabiner , Alex Barsamian, Open-Source Applications of TCPA Hardware, Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), p.294-303, December 06-10, 2004  [doi>10.1109/CSAC.2004.25]
	13	H. Maruyama, F. Seliger, N. Nagaratnam, T. Ebringer, S. Munetoh, S. Yoshihama, and T. Nakamura. Trusted platform on demand, 2004. IBM Research Report RT0564.
	14	M. Nakamura, T. Mishina, and S. Munetoh. Integrity validation infrastructure for RFID edge controllers. In SCIS2005, 2005. In Japanese.
	15	Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita. Cryptographic approach to a privacy friendly tag. In RFID Privacy Workshop, MIT, 2003.
	16	Desktop Pipeline. Intel introduces new business, home platforms, 2005. May 26, 2005. http://www.desktoppipeline.com/163701495.
	17	Security ProNews. Embedded systems designers to see trusted computing components in action, 2004. http://securitypronews.com/articles/security/ spn-23-20040908EmbeddedSys%temsDesignerstoSeeTrustedComputingComponentsinAction.html.
	18	R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Usenix Security, 2004.