You are here: Resources > FIDIS Deliverables > HighTechID > D12.3: A Holistic Privacy Framework for RFID Applications > 
Blocking  Title:
CONTROLLING THE VOLUNTARY COMMITMENT
 A first approach

 

Controlling the voluntary commitment

In order to provide the user with trustworthy information whether a reader adheres to defined privacy policies, proposes a trusted computing concept. A reader is split into three parts: the core, a policy engine and a consumer agent. The core should be small enough so that the integrity measures of trusted computing are feasible, i.e. secure booting, secure operating system etc. The policy engine should enforce privacy policies. The consumer agent eventual should allow individuals or organisations like privacy commissioners to monitor the activities of the RFID reader in order to detect any privacy breach. Furthermore, remote attestation in combination with the core should enable checks if a certain policy engine is trustworthy. The remote attestation can be used by concerned individuals to ensure that a reader runs a certain reader core, policy engine and consumer agent. Thus, privacy regulations can be controlled and the owner of the reader can furthermore check if the reader has been compromised.

The reader core, which is a so called “sealed storage”, can store secrets needed for a secure authentication or communication between reader and tag. The secret is secure even if the reader is controlled by an attacker. Thereby, confidentiality of transmitted data between an RFID tag and a reader can be ensured.  

This concept has a couple of drawbacks. First of all, trusted computing is a quite new concept, and it is not evident that it can really provide the promised security like not revealing stored secrets when being compromised. Then, the introduction of the consumer agent is not reasonable: either one believes in the trustworthiness of trusted computing, then the consumer agent is redundant. Or one does not believe in trusted computing, adequately one cannot trust in the consumer agent either, since it could be compromised, too! Moreover, having the CA implies additional risks to privacy as the reader’s logs are transferred to some external (potential untrustworthy) third party.  

 

 

Blocking  fidis-wp12-d12.3_Holistic_Privacy_Framework_for_RFID_Applications.sxw  A first approach
34 / 38