Privacy Enhanced security Architecture for RFID Labels
IntroductionRadio Frequency Identification (RFID) is a technology based on wireless communication between a transponder and a reader to remotely identify an object to which the transponder is attached. The transponder (the RFID tag), consists of a small chip with an antenna. It is foreseen that this technology will replace e.g. the widespread bar code, which is currently used to identify objects, and that it will enable a whole range of new applications, from logistics to security Indeed, a new paradigm, the internet of things, has been coined to describe the connection between the physical and virtual world enabled by these inexpensive communication means.
The problemRFIDs not only introduce new business models, but also new threats. Privacy is at stake if the movements of a person can be traced because he is wearing clothes identifiable through RFID tags. A breach of confidentiality may occur because an eavesdropper can tune in on the communications between a tag and a reader. Furthermore, the integrity of an RFID-based system may be compromised because RFID tags may be spoofed or due to a, so-called, man-in-the-middle attack. Recent research even indicates that (fake) RFID tags can be used to spread computer viruses. Lower-end tags, typically priced at a few cents each, have no batteries and very limited processing, storage and communication capacity. Because standard approaches to ensure security and privacy require rather powerful processors, these approaches are not directly applicable to the RFID setting. The development and deployment of light-weight cryptographic algorithms and dedicated security protocols is mandatory for the success of RFID-based systems. Furthermore, it is well-known that the design of security controls is an error-prone activity. Therefore, security solutions for RFID systems must be validated before deployment. Formal verification has proved to be an essential tool in the verification of security protocols, because with informal reasoning it is hard to consider all possible actions that an adversary may perform to breach security. The challenge is to develop formal models specifically tailored to the characteristics of RFID-based systems.
Project goalSummarizing, the goal of the PEARL project is to develop practical security controls for RFID-based systems, and a corresponding assessment methodology. The PEARL project addresses these two topics in two strongly connected themes. Theme A concerns the design of security and privacy controls and theme B concerns the assessment of the security and privacy properties of an RFID system. Both themes involve the development of novel methods and models, which will be validated through the interaction with our industrial partners. Due to resource constraints a roaming agent faces a dilemma between legitimate use and hostile tracking. Therefore, the first challenge concerns the modeling of privacy properties in this setting. A sound engineering of a privacy respecting architecture requires a formal definition of the involved privacy notions. Such a formalisation precisely documents the requested privacy properties and lays the ground for further analysis and certification. A formal model of the involved privacy properties will be based on an analysis of the problem domain and a literature study.
The second research challenge is to develop new privacy enhancing protocols for the extremely resource constrained RFID environment, where in principle only hashes or custom encryption routines are available. Several problems need to be solved. For one thing, RFID tags should implement a simple yet reliable access control mechanism to limit access to authorised parties only. Current RFID tags respond predictably when queried by a transceiver, enabling invasive tracking opportunities, that have to be prevented. The so called "blocker tags" provide only a primitive solution to the privacy problem, useless for many applications in the ambient world that require RFIDs to be continuously present.
The third research challenge is to shape a context in which the user
can check the privacy policies enforced by the RFID-based application.
To tackle this, first we have to investigate which sort of privacy
policies can be deployed given the kind of hardware. Secondly,
we need to design new specific privacy languages and to investigate
the possibility of automatically checking when two policies are
The fourth challenge concerns securing the integration of RFID tags
and the backoffice applications that will support them. To this end we
need to design and verify new secure protocols for data access.
This will lead to a combination of two research fields,
namely cryptography and datamining.
Contact informationFor further information please contact:
phone: +31 53 4891195
Last Version - $Revision: 47 $ / $Date: 2008-02-16 22:28:19 +0100 (Sat, 16 Feb 2008) $ Maintained by Jaap-Henk Hoepman Email: