Title :
Physical Access Control for Captured RFID Data
Author :
Kriplean, Travis ; Welbourne, Evan ; Khoussainova, Nodira ; Rastogi, Vibhor ; Balazinska, Magdalena ; Borriello, Gaetano ; Kohno, Tadayoshi ; Suciu, Dan
Author_Institution :
Univ. of Washington, Seattle
Abstract :
To protect the privacy of RFID data after an authorized system captures it, this policy-based approach constrains the data users can access to system events that occurred when and where they were physically present. RFID security is a vibrant research area, with many protection mechanisms against unauthorized RFID cloning and reading attacks emerging. However, little work has yet addressed the complementary issue of protecting the privacy of RFID data after an authorized system has captured and stored it. We´ve investigated peer-to-peer privacy for personal RFID data through an access-control policy called Physical Access Control. PAC protects privacy by constraining the data a user can obtain from the system to those events that occurred when and where that user was physically present. While strictly limiting information disclosure, PAC also affords a database view that augments users´ memory of places, objects, and people. PAC is appropriate as a default level of access control because it models the physical boundaries in everyday life. Here, we focus on the privacy, utility, and security issues raised by its implementation in the RFID Ecosystem.
Keywords :
authorisation; data privacy; peer-to-peer computing; radiofrequency identification; RFID security; authorized system; captured RFID data; peer-to-peer privacy; physical access control policy; reading attacks; unauthorized RFID cloning; Access control; Cloning; Data privacy; Data security; Databases; Ecosystems; Information security; Peer to peer computing; Protection; Radiofrequency identification; RFID; data management; pervasive computing; privacy; security;
Journal_Title :
Pervasive Computing, IEEE
DOI :
10.1109/MPRV.2007.81
