Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- D7.2: Descriptive analysis and inventory of profiling practices.
- D7.3: Report on Actual and Possible Profiling Techniques in the Field of Ambient Intelligence.
- D7.4: Implications of profiling practices on democracy.
- D7.6 Workshop on AmI, Profiling and RFID.
- D7.7: RFID, Profiling, and AmI.
- D7.8: Workshop on Ambient Law.
- D7.9: A Vision of Ambient Law.
- D7.10: Multidisciplinary literature selection, with Wiki discussion forum on Profiling, AmI, RFID, Biometrics and Identity.
- D7.11: Kick-off Workshop on biometric behavioural profiling and Transparency Enhancing Technologies.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D7.7: RFID, Profiling, and AmI
Another aspect that has been an issue for debate is the security of RFID systems* when used autonomously or integrated in a larger AmI environment. The target of IT security management is to establish the required level of:
Confidentiality of the (sub-) system,
Availability and
Integrity of the processed data in any operational phase.
The security of RFID systems* is dependant on:
The effectiveness of technical security measures for all components of RFID systems* and
The organisational security of all organisations and individuals that use the RFID system* or take part in it (knowingly, not knowingly or unobserved).
While the manipulation of databases using especially programmed RFID tags* has already been exploited (Rieback 2006), we do not know of scenarios, where a reader* manipulates already programmed RFID tags* (technical security of already issued RFID tags* seems to be sufficient with respect to this type of attack). But many other, traditional attacks directed to any other component, such as the readers* (for example denial of service) or the networking infrastructure for the data transport (for example man-in-the-middle-attacks*), have to be dealt with when building up security concepts for RFID systems* as well. Organisational measures will always be difficult to implement, as relevant parts of the RFID systems* are physically open accessible (e.g. RFID tags*, readers*, wireless networks) and effective control of the behaviour of all persons passing by will mostly be impossible. Technical security measures will become increasingly important, as they can be implemented and controlled centrally much more easily.
Another security-aspect of RFID systems* will gain increasing importance when integrating RFID systems* in AmI-systems. As those systems interconnect with supporting services and a number of technical systems behind this, these supporting systems will affect the security of the AmI- and the RFID systems* as well. It is likely that these supporting systems will be operated by different service providers, so there is no central control from the perspective of security over the AmI- and RFID system*. To establish multilateral security in interconnected systems according to ISO/EIC 27001, all participating parties need among others:
Co-ordinated security concepts,
Mutual contracts to ensure the implementation and
Appropriate mutual audit schemes.
In any case, the establishment of information security in an AmI-environment using RFID systems* will be no trivial task, due to the technical and organisational complexity. This will affect professional operators of AmI-systems like in a shopping mall as well as persons operating a smart home.
Denis Royer | 8 / 43 |