RFID中的安全隐私问题及策略分析

本文简要介绍了射频识别技术(RFID)及其应用范围.通过对射频识别技术在应用中存在的安全隐患及隐私问题的原因分析,提出了解决这些问题的一些对策及方法.指出在RFID技术规范最后确定之前应充分考虑解决安全隐患及隐私问题的策略,以促进RFID技术健康化发展.     

A holistic approach examining RFID design for security and privacy

This paper adopts a holistic approach to Radio Frequency Identification (RFID) security that considers security and privacy under resource constraints concurrently. In this context, a practical realisation of a secure passive (battery-less) RFID tag is presented. The tag consists of an off the shelf front end combined with a bespoke 0.18 μm Application Specific Integrated Circuit (ASIC) assembled as a -sized prototype. The ASIC integrates the authors’ ultra low power novel Advanced Encryption Standard (AES) design together with a novel random number generator and a novel protocol, which provides both security and privacy. The analysis presented shows a security of 64-bits against many attack methods. Both modelled and measured power results are presented. The measured average core power consumed during continuous normal operation is 1.36 μW.     

Preserving security and privacy

At the "Computers, Freedom, and Privacy (CFP) Conference held in Berkeley, California, the spotlight was on the twin weights of national security and personal liberty - with technology the fulcrum on which all turns. It highlights included sessions devoted to the new international cybercrime treaty, a global crusade to spread technology to underdeveloped nations, laws meant to block illegal sites at the IP-address level, and wiretapping voice-over-IP (VoIP) communications.     

RFID security

Radio Frequency Identification (RFID) systems have become popular for automated identification and supply chain applications. This article describes the technical fundamentals of RFID systems and the associated standards. Specifically, we address the security and privacy aspects of this relatively new and heterogeneous radio technology. We discuss the related security requirements, the threats and the implemented mechanisms. Then the current security and privacy proposals and their enhancements are presented. Finally we discuss the role of this technology in Ubiquitous Computing.     

Unbalanced states violates RFID privacy

Designing privacy preserving authentication protocols for massively deployed Radio Frequency IDentification (RFID) systems is a real world challenge that have drawn significant attention from RFID community. This interest yields considerable amount of proposals targeting to overcome the main bottleneck (i.e. the exhaustive search over the list of all tag entries) which appears in the back-end database for large-scale RFID tag deployments. A class of these proposals contains RFID protocols where the server authenticates the tag in a negligible constant/sub-linear time for a more frequent normal state and needs a linear search in a rare abnormal states. In this study, however, we show that such protocols having unbalanced states are subject to side-channel attacks and do not preserve the RFID privacy. To illustrate this brutal security flaw, we conduct our analysis on different RFID protocols.     

A survey of RFID privacy approaches

A bewildering number of proposals have offered solutions to the privacy problems inherent in RFID communication. This article tries to give an overview of the currently discussed approaches and their attributes.

Addressing new security and privacy challenges

Now that Y2K is behind us, IT professionals have been tempted to rest on their laurels particularly because the economic recession has significantly slowed spending on IT equipment and services. However, the tragic events of 11 September and a series of serious worms and denial-of-service attacks should serve as an urgent wake-up call that society is indeed vulnerable to threats against critical infrastructure. These critical systems include those for telecommunications, transportation, energy, banking and finance, government, and emergency services systems vital to the world's normal functioning and well being. Incapacitating any one or multiple portions of these infrastructures could compromise economies and public safety     

RFID中间件及安全解决方案

伴随着RFID技术的流行,RFID中间件在完成数据的遴选、时间过滤和管理方面起着非常重要的作用,但中间件只提供业务接口,很难自行提升安全性能。该文作者设计了一款灵活的RFID中间件,除了实现和完善基本的RFID中间件功能外,还针对当前RFID安全威胁,提供了灵活的安全架构。安全架构整体和每一模块都是集中管理的,为安全性能的提高提供了极大的便利,同时隐藏了复杂性,保证了系统和标签数据的安全。     

Striking a balance between security and privacy

The Smart Card Alliance has published a White Paper on Secure Personal Identification Systems. The authors, drawn from industry suppliers and users, discuss the policy issues that face governments worldwide.     

The security and privacy of smart vehicles

Road safety, traffic management, and driver convenience continue to improve, in large part thanks to appropriate usage of information technology. But this evolution has deep implications for security and privacy, which the research community has overlooked so far.     

Biometric recognition: security and privacy concerns

Biometrics offers greater security and convenience than traditional methods of personal recognition. In some applications, biometrics can replace or supplement the existing technology. In others, it is the only viable approach. But how secure is biometrics? And what are the privacy implications?.     

Integrating security and privacy in software development

As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). The approach can be applied in two directions forward and backward, for developing new software systems or re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an application in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code, and design the target architecture to be used for guiding privacy-oriented system re-engineering.

     

The evolution of RFID security

As RFID technology progresses, security and privacy threats also evolve. By examining RFID's history, we can learn from past mistakes, rediscover successful solutions, and inspire future research.     

一种轻量级RFID安全协议

在分析了几种现有的典型RFID安全协议的特点和缺陷的基础上,提出了一种轻量级的RFID安全协议,该协议将一次性密码本与询问一应答机制相结合,实现了安全高效的读取访问控制,最后建立该协议的理想化模型,利用BAN逻辑对该协议进行了形式化分析,在理论上证明其安全性.     

基于Hash链的RFID隐私增强标签研究

无线射频识别（RFID)作为一种新型的自动识别技术在供应链与零售业中得到了广泛的应用。然而由于RFID标签强大的追踪能力,RFID的广泛应用也势必给消费者带来新的隐私威胁问题。在构造RFID方案时有几个技术关键点,尤其重要的是消费者隐私与标签信息的安全问题。低成本是另外一个关键。针对这些问题,讨论并阐明了RFID系统的需求与限制,分析了现有的一些相关的RFID方案的特性与问题。最后提出了一种简单的采用低成本的Hash链机制的安全模式标签来增强消费者隐私。     

Managing information privacy: developing a context for security and privacy standards convergence

Information privacy is much broader than data security. It's about the collection, processing, use, and protection of personal information. Essentially, business processes, IT systems, and compliance controls must support the full set of requirements embodied in these principles and expressed in relevant laws and policies. Implementation choices, including automation level and security control selection, become business and business-risk decisions. To institute such principles, businesses should understand the critical need for policy-driven security and privacy compliance in developing the right business processes and overall technical architecture.     

RFID and privacy: what consumers really want and fear

This article investigates the conflicting area of user benefits arising through item level radio frequency identification (RFID) tagging and a desire for privacy. It distinguishes between three approaches feasible to address consumer privacy concerns. One is to kill RFID tags at store exits. The second is to lock tags and have user unlock them if they want to initiate reader communication (user model). The third is to let the network access users’ RFID tags while adhering to a privacy protocol (network model). The perception and reactions of future users to these three privacy enhancing technologies (PETs) are compared in the present article and an attempt is made to understand the reasoning behind their preferences. The main conclusion is that users do not trust complex PETs as they are envisioned today. Instead, they prefer to kill RFID chips at store exits even if they appreciate after sales services. Enhancing trust through security and privacy ‘visibility’ as well as PET simplicity may be the road to take for PET engineers in UbiComp.