Identification and analysis of risks to privacy in RFID systems

This article identifies and analyzes the main privacy issues associated with RFID technology. RFID technology is increasingly becoming part of everyday life of European citizens. According to European Commission has the RFID market will experience very significant growth over the next ten years.

The widespread adoption of RFID technology can help increase the occurrence of privacy problems if measures are not taken appropriate management techniques and urgently. Not only must protect RFID tags, but the rest of the RFID system where we can find databases, servers and communication links.

RFID (Radio Frequency Identification) is an automatic identification technology operates at 424 Kbps M2M and a wide range of frequencies as (passive tags 135kHz, 13.56MHz, 866-930MHz, 2.45 GHz ISO 15693, ISO18000, ISO 14 223, active 868 / 915MHz, 2.45 GHz, ISO 18000, ISO 14443 13.56 MHz contactless smart card, 13.56 MHz ISO 14443 Dual Interface Smart Card). In addition to RFID systems with passive tags / semipassive / active, other automatic identification technologies are: 1D linear bar codes, 2D symbols (used for example in the electronic billing service), OMC (Optical Memory Card), STS (Satellite-Tracking Systems), smart cards / CAC (used in passports), CMB (Contact Memory Button). RFID provides a method for identifying entities using RFID tags injected or attached to the entities (people, animals, objects, vehicles) the unit detects an interrogator or reader, who may question a distance, without visual contact and can read several at a time and even moving at speed, modern labels can integrate and / or communicate with micro-sensors to collect data in advance as a location / state of the product that is associated, temperature cycle for which the product has passed, light level exposed, field magnetic-electric, humidity, g-sensor (gravity sensor, currently used to keep the image on a screen horizontal to the ground, etc.). Historically have been associated with passive RFID pallets first, then packaging and finally the product itself. There is a difference between identity theft and identity theft. The theft or purchase outside the law of data that identifies a person occurs when someone obtains information from individuals identified as name, address, birthday, phone numbers, social security number, etc. Theft-Identity theft occurs when the above information is used for fraudulent purposes or outside the law. Must be distinguished because it may happen that data theft happens, but not necessarily identity theft..

Risks to privacy. Perspective
RFID technology raises several concerns in the issue of privacy: (1) Organizations may collect personal information for a particular purpose eg to complete a financial transaction or grant an individual access to a facility and then subsequently use that information for different purposes that the individual is undesirable for example to carry out a direct marketing campaign. (2) Organizations that implement RFID systems to serve a particular business process may not be aware of how RFID data can be used for unintended purposes, eg to analyze or perform traceability of individuals or to reveal potentially practices or personal preferences unauthorized third party (very different companies, even to the spammers or spam generators).
There are risks to privacy from the individual's perspective and from the perspective of the organization which implements RFID technology. The risks to privacy from the perspective of the individual are among others the unauthorized disclosure of personal information, profiling, tracking and personal level consequences of such breaches of privacy. The risks to privacy from the perspective of the organization that RFID implants are among others: (i) Penalties / fines if the organization fails to comply with privacy laws and regulations (as LOPD-RMS, HIPPA, LPG, COPPA, OECD , FTC, etc.).. (Ii) The avoidance or boycott of clients of the organization due to real or perceived concerns regarding privacy with RFID technology. (Iii) To be legally responsible for any consequences resulting from poor protection / weak privacy. (Iv) The employees, shareholders and other stakeholders (social partners, etc..) Can de-associate with the organization due to concerns about corporate social responsibility. Business objectives often conflict with the objectives of privacy. Organizations can benefit from analysis and sharing of personal information collected with RFID technology. Furthermore, these activities can potentially violating privacy rights or expectations of citizens and consumers. Análogamen-te, methods to protect personal privacy may pose a risk in the business process. For example, consumers may want to disable RFID tags at point of sale so that they can not be used for tracking purposes later. However, if it is easy to disable an RFID tag at the point of sale, then it can also be easier for opponents to disable RFID tags before the point of sale, thus disrupting the business process. In addition, organizations may want to use RFID tags after the point of sale to provide after-sales support, claims and other purposes. The privacy risks can increase when an individual has several organizations RFID tags due to someone to read the labels can now combine and correlate information for profiling individuals so that any organizations alone could have foreseen. For example, if a consumer buys a product with an RFID tag and the label has not been disabled or removed, then the seller or anyone else can then use the RFID tags to reveal the presence of that person in another geographic location and instant of time . Consumers may have purchased the product to cash in the transaction claiming anonymity.

However, if the consumer has another label that reveals their identity such as an identification card that is RFID, then someone can surreptitiously read both RFID tags to establish an association between the product purchased and identity did not exist previously. Because people have more and more products with RFID tags and the widespread use of RFID reader units in daily life, the potential for complex associations increases significantly. Other factors that impact the risk level of privacy are: (1) If personal information is stored on RFID tags. (2) If the products with RFID tags are considered personal (eg, pharmaceuticals or devices that might reveal a medical condition or a book that might spoil a political or religious affiliation. (3) The likelihood that the RFID tag will be in the proximity of compatible RFID reader units. (4) The length of time that records are retained in the file or analytical systems. (5) The effectiveness of RFID security controls, namely: (i) The effectiveness of control Access and authentication mechanisms of the memory of the RFID tag. (ii) The ability to disable RFID tags after use in the business process has been completed. (iii) The ability of users to shielding efficiently electromagnetically RFID tags to prevent unauthorized reading transactions.

Privacy concerns related to the use of RFID
The extent and nature of privacy issues depends on the specific proposed use, for example using RFID technology for inventory control generic should not generate substantial privacy issues, but the use RFID to track movements of individuals traveling within a country can generate concern to the parties concerned. The main privacy issues identified are: (1) Notice. Individuals may know that RFID technology is used unless they are informed that the devices are in use. Therefore, unless they are notified, consumers may not know of the RFID tags embedded or attached to products have a look or buy, or who purchased products are being explored by electromagnetically hidden RFID reader units. (2) traceability. It is an attack on the anonymity of both in public and private, is monitoring in real time or near real time in which a person's movements are tracked using RFID scanning. You can follow the movements of employees in a company or of citizens in a city or nation. (3) profiling. Is the reconstruction of the movements or transactions of a person (for example, to browse the Internet) over a specific period of time usually to find out something about the habits, tastes or predilections of an individual. Because RFID tags contain unique identifiers, once an entity with RFID tag is associated with a particular individual, personally identifiable information may be obtained and added to develop a profile of the individual. Recently, profiling by race, ethnicity or country of origin of individuals have caused a quite heated debate. Both the tracking and profiling, may compromise the privacy and anonymity of the individual. (4) The secondary uses. Besides the questions about the planned uses of such information there is also concern about the possibility that organizations could develop secondary uses for the information of individuals, this is the information collected for one purpose tends over time to be used for other uses . This is known as "mission" or "function vine." For example, social security number gives evidence of how de-veloped an identifier for a particular use has become a mainstay of identification for many other purposes, governmental or not. Secondary uses social security number have been a matter of technical controls but no change of management priorities and policies.


Concluding remarks
Our research group has been working for over fifteen years in the field of privacy, risk assessment to privacy in general and RFID in particular and in the development of countermeasures in all technical, personnel and management.
This article focuses on the activities developed within the project LEFIS-APTICE (funded by Socrates. European Commission).

Bibliography

Este artículo se enmarca en las actividades desarrolladas dentro del proyecto LEFIS-APTICE (financiado por Socrates. European Commission).

Bibliografía

- Areitio, J. “Seguridad de la Información: Redes, Informática y Sistemas de Información”. Cengage Learning-Paraninfo. 2009.
- Areitio, J. “Análisis de los sistemas de autoidentificación y autenticación de dos factores no memorísticos: RFID y biometría”. Revista Conectrónica. Nº 127. Mayo 2009.
- Areitio, J. “Análisis de los sistemas de identificación automática RFID”. Revista Gigatronic. Nº 49. Enero 2008.
- Areitio, J. “Consideraciones sobre seguridad en torno a la tecnología RFID”. Revista Conectrónica. Nº 105. Marzo 2007.
- Cole, P.H. and Ranasinghe, D.C. “Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting”. Springer. 2007.
- Thornton, F. and Lathem, C. “RFID Security”. Syngress. 2006.
- Finkenzeller, K. “RFID Handbook: Radio-Frequency Identification. Fundamentals and Applications”. John Wiley & Sons. UK. 1999.

Autor:

Prof. Dr. Javier Areitio Bertolín – E.Mail:

Catedrático de la Facultad de Ingeniería. ESIDE.
Director del Grupo de Investigación Redes y Sistemas.
Universidad de Deusto.

Más información o presupuesto