Preserving RFID data privacy

Radio Frequency IDentification (RFID), a technology for automatic object identification, has wide applications in many areas including manufacturing, healthcare, and transportation. Yet, the uniquely identifiable objects pose a privacy threat to individuals carrying the objects. Most previous work on privacy-preserving RFID technology, such as EPC re-encryption and killing tags, focused on the threats caused by the physical RFID tags in the data collection phase, but these techniques cannot address the privacy threats in the data publishing phase, when a large volume of RFID data is released to a third party. In this paper, we study the privacy threats caused by publishing RFID data. Even if the explicit identifying information, such as name and social security number, has been removed from the published RFID data, an adversary may identify a target victim's record or infer her sensitive value by matching a priori known visited locations and timestamps. RFID data by default is high-dimensional, so applying traditional anonymity model to RFID data suffers from the curse of high dimensionality, and would result in poor data usefulness. We define a new privacy model, develop an anonymization algorithm to address the special challenges on RFID data, and evaluate its performance in terms of data quality and efficiency.

[1]  Panos Kalnis,et al.  On the Anonymization of Sparse High-Dimensional Data , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[2]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[3]  Panos Kalnis,et al.  Anonymity in Unstructured Data , 2008 .

[4]  Benjamin C. M. Fung,et al.  Privacy-preserving data mashup , 2009, EDBT '09.

[5]  Benjamin C. M. Fung,et al.  Privacy-preserving data publishing for cluster analysis , 2009, Data Knowl. Eng..

[6]  Philip S. Yu,et al.  Anonymizing transaction databases for publication , 2008, KDD.

[7]  Benjamin C. M. Fung,et al.  Privacy protection for RFID data , 2009, SAC '09.

[8]  Marco Gruteser,et al.  USENIX Association , 1992 .

[9]  Adam Meyerson,et al.  On the complexity of optimal K-anonymity , 2004, PODS.

[10]  Benjamin C. M. Fung,et al.  Anonymizing sequential releases , 2006, KDD '06.

[11]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[12]  Yufei Tao,et al.  Personalized privacy preservation , 2006, Privacy-Preserving Data Mining.

[13]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[14]  Jiawei Han,et al.  Mining compressed commodity workflows from massive RFID data sets , 2006, CIKM '06.

[15]  Nikos Mamoulis,et al.  Privacy Preservation in the Publication of Trajectories , 2008, The Ninth International Conference on Mobile Data Management (mdm 2008).

[16]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[17]  Raymond Chi-Wing Wong,et al.  (α, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing , 2006, KDD '06.

[18]  Pierangela Samarati,et al.  Generalizing Data to Provide Anonymity when Disclosing Information , 1998, PODS 1998.

[19]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[20]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[21]  Francesco Bonchi,et al.  Never Walk Alone: Uncertainty for Anonymity in Moving Objects Databases , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[22]  Jian Pei,et al.  Anonymity for continuous data publishing , 2008, EDBT '08.

[23]  Charu C. Aggarwal,et al.  On k-Anonymity and the Curse of Dimensionality , 2005, VLDB.

[24]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[25]  David J. DeWitt,et al.  Incognito: efficient full-domain K-anonymity , 2005, SIGMOD '05.

[26]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[27]  Philip S. Yu,et al.  Anonymizing Classification Data for Privacy Preservation , 2007, IEEE Transactions on Knowledge and Data Engineering.

[28]  Philip S. Yu,et al.  Handicapping attacker's confidence: an alternative to k-anonymization , 2006, Knowledge and Information Systems.

[29]  Jian Pei,et al.  Publishing Sensitive Transactions for Itemset Utility , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[30]  Philip S. Yu,et al.  Top-down specialization for information and privacy preservation , 2005, 21st International Conference on Data Engineering (ICDE'05).