• DocumentCode
    924358
  • Title

    Physical Access Control for Captured RFID Data

  • Author

    Kriplean, Travis ; Welbourne, Evan ; Khoussainova, Nodira ; Rastogi, Vibhor ; Balazinska, Magdalena ; Borriello, Gaetano ; Kohno, Tadayoshi ; Suciu, Dan

  • Author_Institution
    Univ. of Washington, Seattle
  • Volume
    6
  • Issue
    4
  • fYear
    2007
  • Firstpage
    48
  • Lastpage
    55
  • Abstract
    To protect the privacy of RFID data after an authorized system captures it, this policy-based approach constrains the data users can access to system events that occurred when and where they were physically present. RFID security is a vibrant research area, with many protection mechanisms against unauthorized RFID cloning and reading attacks emerging. However, little work has yet addressed the complementary issue of protecting the privacy of RFID data after an authorized system has captured and stored it. We´ve investigated peer-to-peer privacy for personal RFID data through an access-control policy called Physical Access Control. PAC protects privacy by constraining the data a user can obtain from the system to those events that occurred when and where that user was physically present. While strictly limiting information disclosure, PAC also affords a database view that augments users´ memory of places, objects, and people. PAC is appropriate as a default level of access control because it models the physical boundaries in everyday life. Here, we focus on the privacy, utility, and security issues raised by its implementation in the RFID Ecosystem.
  • Keywords
    authorisation; data privacy; peer-to-peer computing; radiofrequency identification; RFID security; authorized system; captured RFID data; peer-to-peer privacy; physical access control policy; reading attacks; unauthorized RFID cloning; Access control; Cloning; Data privacy; Data security; Databases; Ecosystems; Information security; Peer to peer computing; Protection; Radiofrequency identification; RFID; data management; pervasive computing; privacy; security;
  • fLanguage
    English
  • Journal_Title
    Pervasive Computing, IEEE
  • Publisher
    ieee
  • ISSN
    1536-1268
  • Type

    jour

  • DOI
    10.1109/MPRV.2007.81
  • Filename
    4343898