Radio Frequency Identification (RFID) technology raises significant privacy issues because it enables tracking of items and people possibly without their knowledge or consent. One of the biggest challenges for RFID technology is to provide privacy protection without raising tag production and management cost. We introduce a new architecture that uses trusted computing primitives to solve this problem. Our design splits the RFID reader into three software modules: a Reader Core with basic functionality, a Policy Engine that controls the use of RFID-derived data, and a Consumer Agent that performs privacy audits on the RFID reader and exports audit results to third party auditors. Readers use remote attestation to prove they are running a specific Reader Core, Policy Engine, and Consumer Agent. As a result, remote attestation allows concerned individuals to verify that RFID readers comply with privacy regulations, while also allowing the reader owner to verify that the reader has not been compromised.Furthermore, industry standards bodies have suggested several mechanisms to protect privacy in which authorized readers use a shared secret to authenticate themselves to the tag. These standards have not fully addressed issues of key management. First, how is the shared secret securely provided to the legitimate reader? Second, how do we guarantee that the reader will comply with a specific privacy policy? We show how, with remote attestation, the key-issuing authority can demand such a proof before releasing shared secrets to the reader. We also show how sealed storage can protect secrets even if the reader is compromised. Finally, we sketch how our design could be implemented today using existing RFID reader hardware.
[1]
Günter Karjoth,et al.
Translating privacy practices into privacy promises - how to promise what you can keep
,
2003,
Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.
[2]
Sandra Dominikus,et al.
Strong Authentication for RFID Systems Using the AES Algorithm
,
2004,
CHES.
[3]
Ari Juels,et al.
Soft blocking: flexible blocker tags on the cheap
,
2004,
WPES '04.
[4]
Tal Garfinkel,et al.
Flexible OS Support and Applications for Trusted Computing
,
2003,
HotOS.
[5]
Koutarou Suzuki,et al.
Cryptographic Approach to “Privacy-Friendly” Tags
,
2003
.
[6]
Trent Jaeger,et al.
Design and Implementation of a TCG-based Integrity Measurement Architecture
,
2004,
USENIX Security Symposium.
[7]
Marc Langheinrich,et al.
Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols
,
2004,
UCS.
[8]
David Chaum,et al.
Wallet Databases with Observers
,
1992,
CRYPTO.
[9]
Sean W. Smith,et al.
Open-source applications of TCPA hardware
,
2004,
20th Annual Computer Security Applications Conference.