In the RFID Ecosystem Project

cribabsurdElectronics - Devices

Nov 27, 2013 (3 years and 4 months ago)

40 views

http://rfid.cs.washington.edu/

Privacy Research

In the RFID Ecosystem Project

Evan Welbourne


joint work with

Magdalena Balazinska, Gaetano Borriello, Tadayoshi Kohno, Dan Suciu

Nodira Khoussainova, Karl Koscher, Travis Kriplean, Julie Letchner, Vibhor Rastogi

University of Washington,

Dept. of Computer Science & Engineering





RFID CUSP Workshop

John’s Hopkins University, Baltimore

January 24, 2008

http://rfid.cs.washington.edu/

Defining Security & Privacy


Security:


Protection against unauthorized access, use, disclosure, disruption,
modification, or destruction




Privacy:

Privacy in the collection and sharing of data





Roughly two areas of concern:


1)

Security of reader
-
tag communication


2)

Security and privacy of collected RFID data

(
Rigorously defined and evaluated

)

(
Definition and evaluation depends on human perception/interpretation

)

http://rfid.cs.washington.edu/

Outline


Overview of the RFID Ecosystem



Organize privacy concerns



Recent focus: Peer
-
to
-
Peer privacy


Designing a default policy


Implementing the policy


Extensions for probabilistic data


Techniques for detecting and preventing violations

http://rfid.cs.washington.edu/

Today: Outside the Supply Chain


Subpoenas for EZ
-
Pass data



Insecurities in first version of e
-
Passport



Insecurities in first
-
generation RFID credit cards



Cloning RFID access control badge



Dutch transit card hack

http://rfid.cs.washington.edu/

Tomorrow: User
-
Centered RFID Systems


User
-
centered, pervasive RFID Applications


“How do I know if I am wearing a tag?”



“How do I know who can
see

me?”



“How can I control who can
see

me?”



“Who owns the data? Can I remove/edit my data?”



“What is the lifetime of the data?”

http://rfid.cs.washington.edu/

Laboratory

Everyday Life

From the Lab to the Real World

http://rfid.cs.washington.edu/


Create a microcosm of a world saturated with uniquely identifiable objects



100s of readers and antennas, 1000s of tags



Explore applications, systems, and social implications



Do it while there is still time to learn and adapt





Groups: Database, Security, Ubicomp, and others




Participants include:


RFID Ecosystem at UW CSE


Magdalena Balazinska


Yang Li


Nodira Khoussainova


Julie Letchner


Gaetano Borriello


Dan Suciu


Karl Koscher


Vibhor Rastogi


Tadayoshi Kohno



Travis Kriplean


Evan Welbourne


14 undergraduate researchers over the past 2 years

http://rfid.cs.washington.edu/


RFID Ecosystem Video

[ Show First RFID Ecosystem Demo Video ]


[
http://rfid.cs.washington.edu/

]

OR


[
http://www.youtube.com/watch?v=DxZzDMQ7D4A

]

http://rfid.cs.washington.edu/


RFID Ecosystem at UW CSE

http://rfid.cs.washington.edu/

Outline


Overview of the RFID Ecosystem



Organize privacy concerns



Recent focus: Peer
-
to
-
Peer privacy


Designing a default policy


Implementing the policy


Extensions for probabilistic data


Techniques for detecting and preventing violations

[Kriplean, Rastogi, Welbourne and others]

}

http://rfid.cs.washington.edu/


Modes of information disclosure:



Institutional


Organization collects, uses, and shares personal data


Addressed by contracts, federal law, corporate practice (e.g. FIPs)



Peer
-
to
-
Peer or “Mediated”


Peers and superiors access data through some authorized channel


Mediated by access control policies



Malicious


Personal data is compromised by unauthorized parties


Addressed by secure systems engineering

Organizing Privacy Concerns

http://rfid.cs.washington.edu/


Modes of information disclosure:



Institutional


Organization collects, uses, and shares personal data


Addressed by contracts, federal law, corporate practice (e.g. FIPS)



Peer
-
to
-
Peer or “Mediated”


Peers and superiors access data through some authorized channel


Mediated by access control policies



Malicious


Personal information is compromised by un authorized parties


Addresses by secure systems engineering

Organizing Privacy Concerns

http://rfid.cs.washington.edu/

A Key Problem in Peer
-
to
-
Peer Privacy


The Panopticon



Key problem:
asymmetric

visibility

Image credit:

Prison building at Presidio Modelo, Isla De Juventud, Cuba (Wikipedia)

http://rfid.cs.washington.edu/


Privacy vs. Utility:



What information to disclose by default?



Who to disclose information to by default?



How to support applications
and

preserve privacy?



How to detect and prevent violations?

A Key Problem in Peer
-
to
-
Peer Privacy

Image:

Paul G. Allen Center for Computer Science & Engineering, Seattle, WA

http://rfid.cs.washington.edu/

Default Policy: Physical Access Control


“Socially appropriate access control”
-

Kriplean



Concept:


Each user has a personal data store (or personal
view

of the data)



Store contains events that occurred when and where the user was
physically

present



Requirements:


Each user carries a personal tag


Line
-
of
-
sight information between each pair of antennas is known and static



Key points:


Provides symmetric visibility


Models sense of sight


Enables applications which augment user’s memory

http://rfid.cs.washington.edu/

sightings

timestamp

sightings

timestamp

sightings

timestamp

Time:

0

’s data store

’s data store

’s data store

1

1

1

1

0

0

0

2

2

2

2

http://rfid.cs.washington.edu/

Implementing PAC with RFID


Tag Read Event (TRE):


(tag id, antenna id, timestamp)



Mutual Visibility:


When 2 TREs instantaneously share an unobstructed line
-
of
-
sight




Practical Definition of Mutual Visibility:


1) TREs occur within some time window
Δ

of each other


2a)
TREs are read by the same antenna



or


2b) The reading antennas are considered mutually visible

http://rfid.cs.washington.edu/

Challenge: Inaccurate Model


Some problems with model:


360
°

vision


Perfect observations in complex/crowded situations


Perfect, everlasting memory




Second two could be dealt with…

http://rfid.cs.washington.edu/

Challenge: Imperfect Deployment


The physics of a real RFID deployment may not match up



Antenna read
-
range may not be clearly defined


In our deployment it works out… [Kriplean, Welbourne, et al. 2007]


But

RFID is noisy and uncertain



Data is really probabilistic!


Microbenchmarks



Δ

= 1 sec, mv = geometry



Colocations per second




Few false positives




Most colocations detected

http://rfid.cs.washington.edu/

-

antenna

Challenge: Uncertain Data

?

?

?

?

?

?

?

?

?

?

?

?

?

?


Uncertainty in data: Where did Alice go?

-

Alice


Each possible location is assigned a probability

?

?

?

http://rfid.cs.washington.edu/

Assigning Probabilities: Particle Filter


[Particle Filter Movie]



Assigns a probability to each location



Incorporates prior knowledge:


Sensor model


Motion Model


Past behavior

[Letchner, Balazinska]

http://rfid.cs.washington.edu/


Reveal partial information in uncertain context



Perturb p`
s

= p
s

+ noise(p
c
)



Return p`
s
instead of p
s



Compromises soundness


Answers returned may be wrong


Justifiable as system is itself uncertain!


Degree of confidence in answer also returned

(Re)defining PAC: Data Perturbation

?

?

?

?


Let Pr(
context
) = p
c


Let Pr(
secret
) = p
s


Semantics:


p
c

= 1


reveal
p
s


p
c

= 0


deny query


0 <
p
c

< 1


then what??

[Rastogi, Suciu]

http://rfid.cs.washington.edu/


-
0.5 <= noise(pc) <= 0.5

p
c

= 0.5

p
c

= 0

Noise Function

[Rastogi, Suciu]

http://rfid.cs.washington.edu/


Ex: Alice slips her personal tag into Bob’s brief case


Ex: Bob tapes his tag to Alice’s office door



Detection methods:


Detect / report / investigate anomalous behavior:


Two users suddenly together
everywhere


User stays in one place for an unusually long time


“Calm” reports of another user’s presence


Ambient display shows how many users are present



Prevention methods:


Require “personal tag” to be present in order to make a query


Add value to “personal tag”, e.g. use a phone instead of a tag

Challenge: “Misplaced Tags”

http://rfid.cs.washington.edu/


User
-
level controls:


Authorize access using other context (e.g. during a scheduled meeting)


Access control w/shared social knowledge: Facebook plugin [Toomim]


An economic model for pricing queries



Other policies:


Authorize access using other context (e.g. during a scheduled meeting)


Access according to user settings



Prevention:


“Proactive privacy”


device
teaches

users about their privacy settings

Some Extensions

http://rfid.cs.washington.edu/

Thank you!





Thanks!

Questions?