December 31, 2006

Getting Both Privacy and Functionality

(This relates to my report Den hänsynsfulla taggen, see also this brief english summary)

1304ot9efa8gh9.jpgI came across A Platform for RFID Security and Privacy Administration by Melanie R. Rieback, Georgi N. Gaydadjiev, Bruno Crispo, Rutger F.H. Hofman & Andrew S. Tanenbaum. It is an interesting description of the "RFID Guardian", essentially a wearable RFID firewall that enables access control and privacy for RFID tags in one's vicinity.

The idea is that the device intercepts requests and can then jam them or let them through, enabling access control. It also logs what is going on, enabling the user to find out when and what requests arrive and whether unknown tags have appeared. Since it is a pretty smart device it can be context aware and, I guess, linked to other wearable devices.

Overall this is a very nice solution for privacy. Blocker tags require every tag to follow particular standards, putting tags into faraday cages is cumbersome and limits their uses, as does burning them out. Also, this enables positive control over one's "tag cloud", something which is very important for making it trustworthy. Privacy is not just about not delivering unintended information to other parties, it is also about knowing when somebody snoops - or just the pattern of information flows. If the price of privacy is lack of functionality we will likely end up ditching it for the cool and useful new functions. But we can get both.

Of course, the current design is pretty complex. Setting ACLs isn't trivial, and what does a particular pattern actually mean? To make this kind of device useful it needs 1) a simple user interface and 2) to be integrated in our normal electronics. It seems plausible that this is yet another thing to add to the cellphone. RFID-cellphones already exist and the Japanese are looking into commercial applications. Adding the privacy functionality is technically likely not too demanding. The real challenge is going to be to get people to buy it. Just like computer firewalls it has taken quite a bit of bad experiences with low default security for people to realize the need (or vendors to add security as a default).

Another interesting issue is handling multiple systems. If I block access to all my unknown tags in my vicinity, how much will I be distrupting my neighbour's identity infrastructure? It seems that having people use these systems will not just stimulate setting ownership but also developing of social norms about who gets to jam what identity signals when and where. Indiscriminate jamming is just as destructive as indiscriminate transparency.

While googling up the link for the paper I also found this nice bibliography of security and privacy in RFID systems. Lots of more yummy things to read and consider.

Posted by Anders3 at December 31, 2006 01:21 PM