Monday, June 7, the first IFIP WG 11.2 seminar on “Pervasive Systems Security” took place in Istanbul. There were a few interesting talks and observations, that I want to discuss here.
Gildas Avoine raised the question “What is RFID?”. In other words: what are the identifying characteristics that allow us to classify technologies to be RFID or not. This turns out to be hard: in many cases, WiFi or Bluetooth will be classified as RFID (whereas intuitively they are not). For example RF (i.e. wireless communication) is not the sole distinguisher. And ID (i.e. identification) isn’t either, because Bluetooth could be used to identify an object too…. If you use absence of an own power source, i.e. if we only consider passive tags, then active tags drop out (and radar becomes RFID…).
Personally I believe that passive RFID tags are the only interesting case to consider. Active tags are not widely used, and if they are, they similar enough to sensors to consider them to belong to the class of sensors… Manfred Aigner suggested to also use the large number of elements in circulation as a characteristic of RFID systems.
Manfred Aigner presented some interesting research problems that arise when one considers RFID tags that also contain one or more sensors. Such tags exist, see for example the Wireless Sensor Platform (WISP) from Intel. One use case for such sensor tags is the cold chain surveillance problem in logistics. During transport of food products for example, the storage temperature of the goods should be kept below a certain maximal temperature during transport. The problem consists of three separate parts. First of all, the temperature must be reliably monitored. Secondly, the recipient of the goods must be able to check whether the goods were kept at the proper temperature (without being able to claim that they were not when in fact they were). Finally, the transporting company should be not be able to claim that the goods were stored at the proper temperature while that is in fact not the case.
Marc Langheinrich gave in invited talk about location privacy. His research interest is usable security and privacy in smart environments. He discussed the different notions of privacy. He also prefers the Kafka’s “The Trial” metaphor over Orwell’s “Big Brother” metaphor to describe the importance of privacy, and mentioned David Lyons theory of “Social Sorting” as a related danger of profiles “channeling” one’s choices, and hence the turns one’s life can take. With respect to location privacy he noted that it is hard to provide privacy in location based services (like Google Lattitude or Loopt), because too strong privacy guarantees prevent the service from operating, or kills the business case. Spatial and temporal cloaking (Gruteser and Grunwald, 2003) by itself does not always provide enough privacy because people can still be identified by their preferred location (e.g. their house where they sleep at night), or through linking a location event with another external event (e.g. seeing someone on the street at a certain time). When discussing this after the talk, the conclusion was that only when this approach is combined with using randomised identifiers associated with different location events, a certain level of privacy may be achieved.
Finally, Ton van Deursen showed a nice attack on an RFID authentication protocol that uses elliptic curve cryptography (ECC), to make them efficient and suitable to be implemented on low cost RFID tags. The problem was caused by the homomorphic properties of the ECC protocol used. In other words: homomorphism is a nice property in certain cases, but one has to be careful to ensure that it does not break the security of the whole system.
More information about the seminar, including slides of the presentation, can be found here shortly. If you are interested in this research area, and if you want to become a member of the working group, send an email to the secretary, Flavio Garcia.