RFID and privacy: what consumers really want and fear

This article investigates the conflicting area of user benefits arising through item level radio frequency identification (RFID) tagging and a desire for privacy. It distinguishes between three approaches feasible to address consumer privacy concerns. One is to kill RFID tags at store exits. The second is to lock tags and have user unlock them if they want to initiate reader communication (user model). The third is to let the network access users’ RFID tags while adhering to a privacy protocol (network model). The perception and reactions of future users to these three privacy enhancing technologies (PETs) are compared in the present article and an attempt is made to understand the reasoning behind their preferences. The main conclusion is that users do not trust complex PETs as they are envisioned today. Instead, they prefer to kill RFID chips at store exits even if they appreciate after sales services. Enhancing trust through security and privacy ‘visibility’ as well as PET simplicity may be the road to take for PET engineers in UbiComp.     

A survey of computational location privacy

This is a literature survey of computational location privacy, meaning computation-based privacy mechanisms that treat location data as geometric information. This definition includes privacy-preserving algorithms like anonymity and obfuscation as well as privacy-breaking algorithms that exploit the geometric nature of the data. The survey omits non-computational techniques like manually inspecting geotagged photos, and it omits techniques like encryption or access control that treat location data as general symbols. The paper reviews studies of peoples’ attitudes about location privacy, computational threats on leaked location data, and computational countermeasures for mitigating these threats.     

一种新的无需服务器支持的RFID认证协议

近年来,各种基于无线射频识别(RFID)技术的物联网系统得到大量应用,如何保护用户的隐私和安全也随之变得越来越重要.在传输信息前进行认证是提高系统安全性的一个重要方法.现有的RFID认证协议大多需要一个中心服务器来保存该系统所有RFID标签的相关信息,但是这类协议在认证时读写器必须与服务器保持实时连接.很多覆盖区域比较大的物联网系统很难实现这种实时性,保证读写器与服务器之间通信的安全也需要额外的开销.针对这两个问题,提出了一种新的无需服务器支持的RFID认证协议,该协议实现方便,同时提供了很好的安全性和隐私性.通过分析可知,它可以抵御各种常见攻击.     

一种RFID系统中保护隐私安全的采集发布模型

射频识别RFID(Radio Frequency Identity)技术是一种非接触的自动识别技术,电子标签可以随身携带或者贴附在物体上,用户容易在不知不觉中被侵犯隐私。根据RFID系统中数据流的特点,提出了一种采集发布模型管理用户数据,允许用户定制数据偏好规则和数据请求规则,只有当两者匹配时,请求者才能授权获得数据。该模型具有开放性、可靠性和隐私安全等特点。     

A cross-layer framework for privacy enhancement in RFID systems

In this paper, we introduce a cross-layer framework for enhancing privacy in RFID systems. The framework relies on mechanisms in the physical (PHY) layer, as well as the medium access control (MAC) layer, to provide flexible protection over the unique identifiers of low-cost RFID tags. Such a framework prevents adversaries and malicious parties from tracking RFID tags through the monitoring of their unique identifiers. More specifically, our framework relies on masking of the identifier at the PHY layer, whereby bit-collisions are induced between the backscattered tag identifier and a protective mask, such that a legitimate reader can be allowed to recover the tag identifier but an illegitimate party would not be able to do so. To strengthen the level of protection provided by the bit-collision masking method, we present the randomized bit encoding scheme that is used in our framework. In addition, we also incorporate mechanisms in the MAC layer, and make use of cross-layer interactions between the MAC and the PHY layers to provide flexible privacy protection. This allows tags that do not require privacy protection to be read conveniently while allowing tags that need to be protected to stay protected.     

RFID security

Radio Frequency Identification (RFID) systems have become popular for automated identification and supply chain applications. This article describes the technical fundamentals of RFID systems and the associated standards. Specifically, we address the security and privacy aspects of this relatively new and heterogeneous radio technology. We discuss the related security requirements, the threats and the implemented mechanisms. Then the current security and privacy proposals and their enhancements are presented. Finally we discuss the role of this technology in Ubiquitous Computing.     

Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value

Radio Frequency IDentification (RFID ) system is a contactless automatic identification system using small, low-cost RFID tags. It enables recognition of the tag information via radio frequency communication, by attaching an RFID tag to an animate or inanimate object. Since an RFID system has the advantage of simultaneously recognizing massive amounts of information, it is expected to replace the bar-code system. The most important problem with an RFID system is that an adversary can access the tag information, which gives rise to privacy and forgery problems. This paper presents a hash-based mutual authentication protocol as a solution. The proposed protocol is designed to send a random number generated by a tag to a back-end server without disclosure. Moreover it substitutes a random number with a secret value, which is employed in a response message. The properties of the proposed protocol enable constant creation of distinct response messages without interferences from intended or meaningless requests generated by an adversary, while the secret value is not directly transmitted. Our proposed protocol make is difficult for an attacker to launch successful brute-force attacks against our approach.     

A survey on privacy inference attacks and defenses in cloud-based Deep Neural Network

Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.     

Improvement of the RFID authentication scheme based on quadratic residues

RFID, with its capability of remote automatic identification, is taking the place of barcodes and becoming the new generation of electronic tags. However, information transmitted through the air is vulnerable to eavesdropping, interception, or modification due to its radio transmission nature; the prevalence of RFID has greatly increased security and privacy concerns. In 2008, Chen et al. proposed an RFID authentication scheme which can enhance security and privacy by using hash functions and quadratic residues. However, their scheme was found to be vulnerable to impersonation attacks. This study further demonstrates that their scheme does not provide location privacy and suffers from replay attacks. An improved scheme is also proposed which can prevent possible attacks and be applied in environments requiring a high level of security.     

RFID系统中安全和隐私问题的研究

射频识别（RFID）技术的应用将给零售、物流等产业带来革命性的变化,但同时出现的安全和隐私问题却极大地限制了其使用的范围,如何在RFID系统中保证安全、维护个人隐私成为业界讨论的热点问题。在分析四种常见解决方案的基础上,阐明了各自的优缺点,探讨了在RFID系统中解决安全和隐私问题所面临的挑战,并指出了其发展的方向。     

集成RFID的智能建筑系统研究

RFID技术是近年来业界关注的热点，被认为是21世纪最重要的技术之一。本文结合普适计算环境发展的趋势，提出了集成RFID的智能建筑系统原型和模块设计，并对RFID在智能建筑系统中的安全及隐私性设计进行了详细论述。     

RFID系统隐私安全问题研究综述

随着物联网事业的飞速发展,RFID技术做为物联网最底层的感知技术也得到飞速的发展。但是由于RFID系统开放式的应用环境以及设备的特殊性和局限性,使得RFID系统面临许多隐私安全问题。对RFID系统进行概述,并且对现有的RFID安全协议和安全模型进行综述和评价,并给出RFID系统隐私保护今后的研究方向。     

基于RFID和Android的林木调查系统

以林木调查为例,介绍了将RFID技术应用于林业调查比传统工作模式的优势,列举了其在林业调查中的部分业务应用。同时基于RFID技术和Android技术,介绍了林木调查系统的总体设计,并以资源清查中的一类调查为例,重点介绍了Android终端数据采集软件的设计及功能实现方法,文章最后总结了林木调查系统在林业上的应用范围以及RFID技术与Android技术在林业上的应用发展前景。     

一种改进的基于标签部分ID的RFID密钥无线生成算法

针对无线射频识别系统存在的初始密钥易泄露的安全问题,提出了一种基于标签部分ID的RFID密钥无线生成算法。在标签与读写器认证之前,通过标签部分ID与读写器生成的随机数进行异或运算生成共享密钥。安全性分析表明,该算法能够有效地抵抗重放攻击、中间人攻击和去同步化攻击等主动攻击及被动攻击,具有安全性高、成本低的优点。     

基于Hash链的RFID隐私增强标签研究

无线射频识别（RFID)作为一种新型的自动识别技术在供应链与零售业中得到了广泛的应用。然而由于RFID标签强大的追踪能力,RFID的广泛应用也势必给消费者带来新的隐私威胁问题。在构造RFID方案时有几个技术关键点,尤其重要的是消费者隐私与标签信息的安全问题。低成本是另外一个关键。针对这些问题,讨论并阐明了RFID系统的需求与限制,分析了现有的一些相关的RFID方案的特性与问题。最后提出了一种简单的采用低成本的Hash链机制的安全模式标签来增强消费者隐私。     

基于策略的移动RFID隐私安全问题研究

隐私安全问题是移动RFID众多安全问题中最重要的问题之一.对移动RFID的隐私安全问题进行研究,并提出一个基于策略的移动RFID隐私保护系统,该系统通过建立和管理应用服务的隐私保护策略,并根据标签的隐私策略对信息进行访问控制,确保隐私安全.     

A survey on privacy issues and solutions for Voice-controlled Digital Assistants

With the development and increasing deployment of smart home devices, voice control supports comfortable end user interactions. However, potential end users may refuse to use Voice-controlled Digital Assistants (VCDAs) because of privacy concerns. To address these concerns, some manufacturers provide limited privacy-preserving mechanisms for end users; however, these mechanisms are seldom used. We herein provide an analysis of privacy threats resulting from the utilization of VCDAs. We further analyze how existing solutions address these threats considering the principles of the European General Data Protection Regulation (GDPR). Based on our analysis, we propose directions for future research and suggest countermeasures for better privacy protection.     

On a new formal proof model for RFID location privacy

We discuss a recently proposed formal proof model for RFID location privacy. We show that protocols which intuitively and in several other models are considered not to be location private, are provably location private in this model. Conversely, we also show that protocols which obviously are location private, are not considered location private in this model.Specifically, we prove a protocol in which every tag transmits the same constant message to not be location private in the proposed model. Then we prove a protocol in which a tag's identity is transmitted in clear text to be weakly location private in the model.     

Vulnerabilities in Chen and Deng's RFID mutual authentication and privacy protection protocol

As incorporation of RFID (Radio Frequency IDentification) tags in a wide variety of applications increase, there is a need to ensure the security and privacy of the entity to which these tags are attached. Not surprisingly, this is a very active area as attested by the large number of related published research literature. Recently, the journal engineering applications of artificial intelligence published a paper by Chen and Deng (2009) where the authors propose a mutual authentication protocol for RFID. This protocol has fundamental flaws that can be readily taken advantage by a resourceful adversary. We identify and discuss these vulnerabilities and point out the characteristics of this protocol that exposes it to these vulnerabilities.