Covert channels in privacy-preserving identification systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Covert channels in privacy-preserving identification systems

Full text

Pdf (282 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 14th ACM conference on Computer and communications security table of contents

Alexandria, Virginia, USA

SESSION: Side and covert channels detection table of contents

Pages: 297 - 306

Year of Publication: 2007

ISBN:978-1-59593-703-2

Authors

Daniel V. Bailey	RSA Laboratories, Bedford
Dan Boneh	Stanford University, Palo Alto, CA
Eu-Jin Goh	Stanford University, Palo Alto, CA
Ari Juels	RSA Laboratories, Bedford

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 14, Downloads (12 Months): 170, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1315245.1315283 What is a DOI?

ABSTRACT

We examine covert channels in privacy-enhanced mobile identification devices where the devices uniquely identify themselves to an authorized verifier. Such devices (e.g. RFID tags) are increasingly commonplace in hospitals and many other environments. For privacy, the device outputs used for identification should "appear random" to any entity other than the verifier, and should not allow physical tracking of device bearers. Worryingly, there already exist privacy breaches for some devices [28] that allow adversaries to physically track users. Ideally, such devices should allow anyone to publicly determine that the device outputs are covert-channel free (CCF); we say that such devices are CCF-checkable.

Our main result shows that there is a fundamental tension between identifier privacy and CCF-checkability; we show that the two properties cannot co-exist in a single system. We also develop a weaker privacy model where a continuous observer can correlate appearances of a given tag, but a sporadic observer cannot. We also construct a privacy-preserving tag identification scheme that is CCF-checkable and prove it secure under the weaker privacy model using a new complexity assumption. The main challenge addressed in our construction is the enforcement of public verifiability, which allows a user to verify covert-channel-freeness in her device without managing secret keys external to the device.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Giuseppe Ateniese , Jan Camenisch , Breno de Medeiros, Untraceable RFID tags via insubvertible encryption, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA [doi>10.1145/1102120.1102134]
	2	G. Avoine. Security and privacy in RFID systems. Online bibliography. Referenced 2007 at http://lasecwww.epfl.ch/~gavoine/rfid.
	3	G. Avoine and P. Oechslin. RFID traceability: A multilayer problem. In A. Patrick and M. Yung, editors, Proceedings of Financial Cryptography 2005, volume 3570 of LNCS, pages 125--140. Springer, 2005.
	4	D. Boneh, E.-J. Goh, and K. Nissim. Evaluating 2-DNF formulas on ciphertexts. In J. Kilian, editor, Proceedings of the Theory of Cryptography Conference, volume 3378 of LNCS, pages 325--342, 2005.
	5	Christian Cachin, An Information-Theoretic Model for Steganography, Proceedings of the Second International Workshop on Information Hiding, p.306-318, April 14-17, 1998
	6	R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz,and A. Sahai. Exposure-resilient functions and all-or-nothing transforms. In B. Preneel, editor, Proceedings of Eurocrypt 2000, volume 1807 ofLNCS, pages 453--469. Springer, 2000.
	7	J. Y. Choi, P. Golle, and M. Jakobsson. Auditable privacy: On tamper-evident mix networks. In G. D. Crescenzo and A. Rubin, editors, Proceedings of Financial Cryptography 2006, volume 4107 of LNCS, pages 126--141. Springer, 2006.
	8	Jong Youl Choi , Philippe Golle , Markus Jakobsson, Tamper-Evident Digital Signature Protecting Certification Authorities Against Malware, Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing, p.37-44, September 29-October 01, 2006 [doi>10.1109/DASC.2006.46]
	9	P. Golle, M. Jakobsson, A. Juels, and P. Syverson. Universal re-encryption for mixnets. In T. Okamoto, editor, RSA Conference -Cryptographers' Track, volume 2964 of LNCS, pages 163--178, 2004.
	10	J. Halamka, A. Juels, A. Stubblefield, and J. Westhues. The security implications of VeriChip cloning. Journal of the American Medical Informatics Association, 13(6):601--607, 2006.
	11	Nicholas J. Hopper , John Langford , Luis von Ahn, Provably Secure Steganography, Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, p.77-92, August 18-22, 2002
	12	E. Inc. Class 1 generation 2 UHF air interface protocol standard version 1.0.9. Referenced 2007 at http://www.epcglobalinc.com/standards technology/EPCglobalClass-1Generation-2UHFRFIDProtocolV109.pdf.
	13	A. Juels. Minimalist cryptography for RFID tags. In SCN '04, pages 149--164, 2004.
	14	A. Juels. RFID security and privacy: A research survey. J-SAC, 24(2):381--394, February 2006.
	15	Simson L. Garfinkel , Ari Juels , Ravi Pappu, RFID Privacy: An Overview of Problems and Proposed Solutions, IEEE Security and Privacy, v.3 n.3, p.34-43, May 2005 [doi>10.1109/MSP.2005.78]
	16	Ari Juels , Jorge Guajardo, RSA Key Generation with Verifiable Randomness, Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography, p.357-374, February 12-14, 2002
	17	Ari Juels , Ronald L. Rivest , Michael Szydlo, The blocker tag: selective blocking of RFID tags for consumer privacy, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948126]
	18	A. Juels, P. Syverson, and D. Bailey. High-power proxies for enhancing RFID privacy and utility. In G. Danezis and D. Martin, editors, Privacy Enhancing Technologies (PET), 2005.
	19	A. Juels and S. Weis. Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137. Short abstract to appear in PerTec '07.
	20	Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.104-113, August 18-22, 1996
	21	Matt Lepinksi , Silvio Micali , abhi shelat, Collusion-free protocols, Proceedings of the thirty-seventh annual ACM symposium on Theory of computing, May 22-24, 2005, Baltimore, MD, USA [doi>10.1145/1060590.1060671]
	22	David Molnar , Andrea Soppera , David Wagner, Privacy for RFID through trusted computing, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA [doi>10.1145/1102199.1102206]
	23	D. Molnar, A. Soppera, and D. Wagner. A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In B. Preneel and S. Tavares, editors, SAC '05, LNCS. Springer, 2005.
	24	David Molnar , David Wagner, Privacy and security in library RFID: issues, practices, and architectures, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA [doi>10.1145/1030083.1030112]
	25	K. Nguyen. Elliptic curves and MRTDs. In Interfest Singapore, 2005. Slide presentation.
	26	Y. Oren and A. Shamir. Power analysis of RFID tags, 2006. Referenced 2006 at http://www.wisdom.weizmann.ac.il/~yossio/rfid/.
	27	M. Rieback, B. Crispo, and A. Tanenbaum. RFID Guardian: A battery-powered mobile device for RFID privacy management. In C. Boyd and J. M.González Nieto, editors, ACISP '05, volume 3574 of LNCS, pages 184--194. Springer, 2005.
	28	S. Saponas, J. Lester, C. Hartung, and T. Kohno. Devices that tell on you: The Nike+iPod sportkit. Technical Report 2006-12-06, University of Washington, 2006.
	29	S. Sarma. Towards the five-cent tag. Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center, 2001. Available from http://www.epcglobalinc.org.
	30	S. E. Sarma, S. A. Weis, and D. Engels. Radio-frequency identification systems. In B. S. Kaliski Jr., Ç. K. Koç, and C. Paar, editors, Workshop on Cryptographic Hardware and Embedded Systems - CHES '02, volume 2523 of LNCS, pages 454--469. Springer, 2002.
	31	G. Simmons. The prisoners' problem and the subliminal channel. In D. Chaum, editor, Proceedings of Crypto 1983, pages 51--67. Plenum Press, 1983.
	32	G J Simmons, The subliminal channel and digital signatures, Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques, p.364-378, December 1985, Paris, France
	33	Gustavus J. Simmons, Subliminal communication is easy using the DSA, Workshop on the theory and application of cryptographic techniques on Advances in cryptology, p.218-232, January 1994, Lofthus, Norway
	34	Adam Young , Moti Yung, The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone?, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.89-103, August 18-22, 1996
	35	A. Young and M. Yung. Kleptography: Using cryptography against cryptography. In W. Fumy, editor, Proceedings of Eurocrypt 1993, volume 1233 of LNCS. Springer, 1997.