Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
 |
Title: A FIRST APPROACH |
 |
One of the basic security paradigms which should be applied in the context of RFID as well as it is applied in many other domains is the paradigm of multilateral security . According to this paradigm, each party, entity or stakeholder of a system has its own security goals and does not per se trust the other parties concerned. Hence the conflicting interests require a negotiation to find a compromise which could be accepted by each party.
Applied to RFID this means that the conflicting interests of costumers, producers, retailers etc. have to taken into account then developing PETs for RFID. Moreover at least the design of the three main components should not rely on the assumption that the other components are trustworthy and secure. Instead, when designing the whole RFID system, each component should be treated as potential insecure. If this would lead to impossibility of developing the RFID application, meaning that certain components need to fulfil certain security properties than all the underlying assumptions have to be explicitly named.
The said could be exemplified using Scenario S1. Here the backend system implicitly assumed that the RFID tag is secure, i.e. the data stored on the RFID tag could not be manipulated. Clearly there is no reason for this kind of trustworthiness and security assumption especially because there are no mechanisms implemented which ensure this kind of manipulation protection. If the system would have be designed with the “trust no-one” presumption in mind and would have explicitly named any assumptions which violates this, one would easily detect the missing mechanisms to protect the backend against malicious or manipulated RFID tags or readers.
Based on the principles mentioned above and the general ideas of multilateral security in , a checklist was proposed with which PETs for RFID can be evaluated. The content of this checklist is as follows:
The Privacy Enhancing Technology (PET) concept …
C1: enforces making sparing use of data? | C12: does not interfere with active protection measures? |
C2: makes privacy the default? | C13: avoids creation and use of central database(s)? |
C3: transfers control to citizens? | C14: avoids creation and use of databases at all? |
C4: sends tags to a secure mode automatically? | C15: enables functionality after point-of-sale in a secure way? |
C5: can prove that automatic activation of secure mode always works? | C16: can be achieved without changing RFID physical technology? |
C6: prevents eavesdropping of tag-reader communication? | C17: does not make tags much more expensive? |
C7: protects citizens from producer? | C18: does not make tags more expensive? |
C8: protects citizens from retailer? | C19: does not introduce additional threats to privacy? |
C9: protection includes in-store problem? | C20: introduces additional benefits for privacy? |
C10: protects tag in secure mode against presence-spotting? | C21: provides benefits for the retailer? |
C11: does not require citizens to take active protection measures? |
|
| |
   |
|
| 35 / 38 |
