Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Soft blocking: flexible blocker tags on the cheap
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Open-Source Applications of TCPA Hardware
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Flexible OS support and applications for trusted computing
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Scanning with a purpose: supporting the fair information principles in RFID protocols
UCS'04 Proceedings of the Second international conference on Ubiquitous Computing Systems
Covert channels in privacy-preserving identification systems
Proceedings of the 14th ACM conference on Computer and communications security
Location privacy based on trusted computing and secure logging
Proceedings of the 4th international conference on Security and privacy in communication netowrks
A survey of RFID privacy approaches
Personal and Ubiquitous Computing
Privacy implications of context-aware services
Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE
Wake up or fall asleep-value implication of trusted computing
Information Technology and Management
An agent based back-end RFID tag management system
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Shoehorning security into the EPC tag standard
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Hi-index | 0.00 |
Radio Frequency Identification (RFID) technology raises significant privacy issues because it enables tracking of items and people possibly without their knowledge or consent. One of the biggest challenges for RFID technology is to provide privacy protection without raising tag production and management cost. We introduce a new architecture that uses trusted computing primitives to solve this problem. Our design splits the RFID reader into three software modules: a Reader Core with basic functionality, a Policy Engine that controls the use of RFID-derived data, and a Consumer Agent that performs privacy audits on the RFID reader and exports audit results to third party auditors. Readers use remote attestation to prove they are running a specific Reader Core, Policy Engine, and Consumer Agent. As a result, remote attestation allows concerned individuals to verify that RFID readers comply with privacy regulations, while also allowing the reader owner to verify that the reader has not been compromised.Furthermore, industry standards bodies have suggested several mechanisms to protect privacy in which authorized readers use a shared secret to authenticate themselves to the tag. These standards have not fully addressed issues of key management. First, how is the shared secret securely provided to the legitimate reader? Second, how do we guarantee that the reader will comply with a specific privacy policy? We show how, with remote attestation, the key-issuing authority can demand such a proof before releasing shared secrets to the reader. We also show how sealed storage can protect secrets even if the reader is compromised. Finally, we sketch how our design could be implemented today using existing RFID reader hardware.