RFID Privacy Through Dispersion

Posted by Ravi Pappu on Fri, Feb 15, 2008 @ 11:49 AM

Tags: RFID Privacy, RFID, Supply Chain, RFID tags

Ari Juels, Bryan Parno, and I have been working on an approach to solving the key management problem in passive RFID systems. The results of the work are now in peer review, and a preprint is available here.

The key idea (no pun intended!) is to encrypt the tag IDs using a secret key and put shares of the secret key in the RFID tags themselves such that an entity with RF access to a sufficient number of tags (i.e., shares) is able to recover the key and decrypt the tags. An adversary without access to a sufficient number of tags is not able to glean any information about the key or interpret the tag ID (i.e., privacy protection).

This approach works because supply chains possess some interesting properties. First, tags start out in large collections which get smaller over time until there are only a small number on the store shelf and an even smaller number with the consumer. Second, larger collections of tags are usually located in physically secure areas (i.e., backroom of the retail store). Finally, as tags travel through the supply chain, the context they share with each other is lost. An adversary looking some tags on the store shelf does not know anything about their fellow travellers - history is erased. We used these three observations to devise a key management and privacy protection scheme.

More information: Wikipedia entries on Secret Sharing and Reed Solomon Error Correction

RFID Journal article

RFID Privacy Without Killing

Posted by Ravi Pappu on Wed, Jan 23, 2008 @ 12:54 PM

Tags: RFID Privacy, RFID Security, RFID

Here is a presentation at the RFID CUSP Workshop on RFID Security at Johns Hopkins University is available below. For best results, please view the presentation in full screen mode at the slideshare site.

Subscribe by Email

Most Popular Posts

Browse by Tag

Ask the Experts 

Do you have a question about one of our products that you'd like us to answer on our Forum?

Post Your Question