RFID Privacy
We have noticed in the last tens or twenty years a wide use and spread of computer based systems, everywhere, in the airport, bank, restaurant, shops…etc. we depend closely on these systems. Used also in the most critical fields as the security and military ones, these systems might have a serious impact on our lives. At the earliest stages, computer professionals focused in making the most efficient and stable systems especially when we consider the age where the disk space and memory were a real issue. Later and in parallel of the development process, some advanced professionals started focusing on the weaknesses of such systems and how these could be used to either build stronger and more stable systems or avoid the security processes and create breaches in these systems for wicked ends.
We have all read about some spectacular security attacks on governmental, banks and military systems which caused important damages. It was only after those attacks that the menaces started to be taken seriously and became a national security question. Regardless the field (civil, education, military, medical …etc) or the importance of the system, they all share some common criteria to be considered as good and systems such availability, security, consistency …etc.
Two main types of attacks have been classified (passive and active attacks), the passive attacks consist in sniffing and analysing network traffic to get access to confidential data or alter the content of message.
The wireless devices became very important in all communications especially the ones using the Radio Frequency Identification as they are used in different applications and fields, and especially due to the fact that these devices are designed to be inexpensive by having just the minimum required hardware (processing power and memory) to achieve their primary function, therefore providing security and reliability for such systems with very low cost is a real challenge (Siddika, 2010). RFID has also been defined as a wireless communication technology that enables the identification of tagged objects and people, it become a cost-effective technology thanks to Wal-Mart and DoD (Department of Defence) efforts (Daniel.et.al, 2007).
The RFID tags are becoming attached to all kinds of products or physical objects (even people), used to identify things and people they start to be a fundamental technology of ubiquitous services, this can sometimes lead to an abuse and excessive use by retailers and government agencies and it could be considered as a violation of personal privacy (Ohkubo.et.al, 2005).
We have seen in the past some protest companies against such use, the two most important ones were against apparel manufacturer Benetton (Italy) and Tesco (UK), which was a clear demonstration of the growing preoccupation and worry about the violation of personal privacy.
A recent newspaper article highlighted the fact that “Radio frequency identification (RFID) technology, which is being adopted on an increasingly wider scale in the UAE and globally, has privacy advocates wary of its integration into daily life. However, the benefits and functionality of the technology could overshadow privacy concerns, an information security expert told Gulf News.” (Jerusha, 2013).
All these facts lead to one principal question, is RFID properly used in respect of personal privacy? And is it secure enough to allow a tracking and identification only by the owner (and no misuse by any 3rd parties) ?
References
– Siddika Berna Ors Yalcin (2010). Radio Frequency Identification: Security and Privacy Issues: 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010. ISBN: 3642168213
– V. Daniel Hunt, Albert Puglia, Mike Puglia (2007). RFID: A Guide to Radio Frequency Identification. ISBN: 0470112247
– Miyako Ohkubo, Koutarou Suzuki and Shingo Kinoshita (2005).RFID privacy issues and technical challenges. Volume 48 Issue 9, September 2005 Pages 66-71. Available at: http://dl.acm.org/citation.cfm?id=1082022.
– Jerusha Sequeira (2013) Privacy concerns over radio frequency identification technology. Gulf News, available at:http://gulfnews.com/business/technology/privacy-concerns-over-radio-frequency-identification-technology-1.1210627
We have noticed in the last tens or twenty years a wide use and spread of computer based systems, everywhere, in the airport, bank, restaurant, shops…etc. we depend closely on these systems. Used also in the most critical fields as the security and military ones, these systems might have a serious impact on our lives. At the earliest stages, computer professionals focused in making the most efficient and stable systems especially when we consider the age where the disk space and memory were a real issue. Later and in parallel of the development process, some advanced professionals started focusing on the weaknesses of such systems and how these could be used to either build stronger and more stable systems or avoid the security processes and create breaches in these systems for wicked ends.
We have all read about some spectacular security attacks on governmental, banks and military systems which caused important damages. It was only after those attacks that the menaces started to be taken seriously and became a national security question. Regardless the field (civil, education, military, medical …etc) or the importance of the system, they all share some common criteria to be considered as good and systems such availability, security, consistency …etc.
Two main types of attacks have been classified (passive and active attacks), the passive attacks consist in sniffing and analysing network traffic to get access to confidential data or alter the content of message.
The wireless devices became very important in all communications especially the ones using the Radio Frequency Identification as they are used in different applications and fields, and especially due to the fact that these devices are designed to be inexpensive by having just the minimum required hardware (processing power and memory) to achieve their primary function, therefore providing security and reliability for such systems with very low cost is a real challenge (Siddika, 2010). RFID has also been defined as a wireless communication technology that enables the identification of tagged objects and people, it become a cost-effective technology thanks to Wal-Mart and DoD (Department of Defence) efforts (Daniel.et.al, 2007).
The RFID tags are becoming attached to all kinds of products or physical objects (even people), used to identify things and people they start to be a fundamental technology of ubiquitous services, this can sometimes lead to an abuse and excessive use by retailers and government agencies and it could be considered as a violation of personal privacy (Ohkubo.et.al, 2005).
We have seen in the past some protest companies against such use, the two most important ones were against apparel manufacturer Benetton (Italy) and Tesco (UK), which was a clear demonstration of the growing preoccupation and worry about the violation of personal privacy.
A recent newspaper article highlighted the fact that “Radio frequency identification (RFID) technology, which is being adopted on an increasingly wider scale in the UAE and globally, has privacy advocates wary of its integration into daily life. However, the benefits and functionality of the technology could overshadow privacy concerns, an information security expert told Gulf News.” (Jerusha, 2013).
All these facts lead to one principal question, is RFID properly used in respect of personal privacy? And is it secure enough to allow a tracking and identification only by the owner (and no misuse by any 3rd parties) ?
References
– Siddika Berna Ors Yalcin (2010). Radio Frequency Identification: Security and Privacy Issues: 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010. ISBN: 3642168213
– V. Daniel Hunt, Albert Puglia, Mike Puglia (2007). RFID: A Guide to Radio Frequency Identification. ISBN: 0470112247
– Miyako Ohkubo, Koutarou Suzuki and Shingo Kinoshita (2005).RFID privacy issues and technical challenges. Volume 48 Issue 9, September 2005 Pages 66-71. Available at: http://dl.acm.org/citation.cfm?id=1082022.
– Jerusha Sequeira (2013) Privacy concerns over radio frequency identification technology. Gulf News, available at:http://gulfnews.com/business/technology/privacy-concerns-over-radio-frequency-identification-technology-1.1210627
