Covert channels in privacy-preserving identification systems

We examine covert channels in privacy-enhanced mobile identification devices where the devices uniquely identify themselves to an authorized verifier. Such devices (e.g. RFID tags) are increasingly commonplace in hospitals and many other environments. For privacy, the device outputs used for identification should "appear random" to any entity other than the verifier, and should not allow physical tracking of device bearers. Worryingly, there already exist privacy breaches for some devices [28] that allow adversaries to physically track users. Ideally, such devices should allow anyone to publicly determine that the device outputs are covert-channel free (CCF); we say that such devices are CCF-checkable. Our main result shows that there is a fundamental tension between identifier privacy and CCF-checkability; we show that the two properties cannot co-exist in a single system. We also develop a weaker privacy model where a continuous observer can correlate appearances of a given tag, but a sporadic observer cannot. We also construct a privacy-preserving tag identification scheme that is CCF-checkable and prove it secure under the weaker privacy model using a new complexity assumption. The main challenge addressed in our construction is the enforcement of public verifiability, which allows a user to verify covert-channel-freeness in her device without managing secret keys external to the device.

[1]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[2]  Abhi Shelat,et al.  Collusion-free protocols , 2005, STOC '05.

[3]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[4]  John Langford,et al.  Provably Secure Steganography , 2002, IEEE Transactions on Computers.

[5]  Simmons,et al.  The Subliminal Channel and Digital Signatures , 2022 .

[6]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[7]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[8]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[9]  Christian Cachin,et al.  An information-theoretic model for steganography , 1998, Inf. Comput..

[10]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[11]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[12]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[13]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[14]  Gustavus J. Simmons,et al.  Subliminal Communication is Easy Using the DSA , 1994, EUROCRYPT.

[15]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[16]  Moti Yung,et al.  Kleptography: Using Cryptography Against Cryptography , 1997, EUROCRYPT.

[17]  Markus Jakobsson,et al.  Tamper-Evident Digital Signature Protecting Certification Authorities Against Malware , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[18]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[19]  Moti Yung,et al.  The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone? , 1996, CRYPTO.

[20]  Tadayoshi Kohno,et al.  Devices That Tell On You: The Nike+iPod Sport Kit , 2006 .

[21]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[22]  A. Juels,et al.  The Security Implications of VeriChip Cloning , 2006 .

[23]  Ari Juels,et al.  RSA Key Generation with Verifiable Randomness , 2002, Public Key Cryptography.

[24]  David A. Wagner,et al.  Privacy for RFID through trusted computing , 2005, WPES '05.

[25]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[26]  Markus Jakobsson,et al.  Auditable Privacy: On Tamper-Evident Mix Networks , 2006, Financial Cryptography.

[27]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[28]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[29]  Eyal Kushilevitz,et al.  Exposure-Resilient Functions and All-or-Nothing Transforms , 2000, EUROCRYPT.

[30]  Daniel W. Engels,et al.  Radio Frequency Identification Systems , 2015 .