ABSTRACT
People now routinely carry radio frequency identification (RFID) tags - in passports, driver's licenses, credit cards, and other identifying cards - from which nearby RFID readers can access privacy-sensitive information. The problem is that people are often unaware of security and privacy risks associated with RFID, likely because the technology remains largely invisible and uncontrollable for the individual. To mitigate this problem, we introduce a collection of novel yet simple and inexpensive tag designs. Our tags provide reader awareness, where people get visual, audible, or tactile feedback as tags come into the range of RFID readers. Our tags also provide information control, where people can allow or disallow access to the information stored on the tag by how they touch, orient, move, press or illuminate the tag.
Supplemental Material
- Ahson, S. and Ilyas, M. RFID Handbook. CRC Press, 2008.Google ScholarCross Ref
- Beckwith, R. Designing for ubiquity: the perception of privacy. Pervasive Computing, IEEE 2, 2 (2003), 40--46. Google ScholarDigital Library
- Bellotti, V. and Sellen, A. Design for privacy in ubiquitous computing environments. Proc. of ECSCW '93, Kluwer (1993), 77--92. Google ScholarDigital Library
- Brunette, W., Lester, J., Rea, A., and Borriello, G. Some sensor network elements for ubiquitous computing. Proc. of IPSN '05, IEEE (2005), 52. Google ScholarDigital Library
- Buettner, M., Prasad, R., Sample, A., et al. RFID sensor networks with the Intel WISP. Proc. of SenSys '08, ACM (2008), 393--394. Google ScholarDigital Library
- Cavoukian, Ann. Privacy by Design... Take the Challenge. Information and Privacy Commissioner of Ontario (Canada), http://www.ipc.on.ca/images/Resources/PrivacybyDesignBook.pdf, 2009.Google Scholar
- Curtin, J., Kauffman, R.J., and Riggins, F.J. Making the 'MOST' out of RFID technology: a research agenda for the study of the adoption, usage and impact of RFID. Inf. Technol. and Management 8, 2 (2007), 87--110. Google ScholarDigital Library
- Czeskis, A., Koscher, K., Smith, J.R., and Kohno, T. RFIDs and secret handshakes: Defending against ghost-and-leech attacks and unauthorized reads with context-aware communications. Proc. of CCS '08, ACM (2008), 479--490. Google ScholarDigital Library
- Das, R. and Harrop, P. RFID Forecasts, Players and Opportunities 2009--2019. IDTechEx Inc. Report, www.idtechex.com, Cambridge, MA, USA, 2009.Google Scholar
- Dourish, P., Grinter, E., Flor, J.D.D.L., and Joseph, M. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Comput. 8, 6 (2004), 391--401. Google ScholarCross Ref
- Eckfeldt, B. What does RFID do for the consumer? Commun. ACM 48, 9 (2005), 77--79. Google ScholarDigital Library
- Fishkin, K.P., Roy, S., and Jiang, B. Some Methods for Privacy in RFID Communication. In Security in Ad-hoc and Sensor Networks. 2005, 42--53. Google ScholarDigital Library
- Garfinkel, S. An RFID Bill of Rights. Technology Review, http://www.technologyreview.com/communications/12953/, 2002.Google Scholar
- Garfinkel, S., Juels, A., and Pappu, R. RFID Privacy: An Overview of Problems and Proposed Solutions. IEEE Security and Privacy 3, 3 (2005), 34--43. Google ScholarDigital Library
- Günther, O. and Spiekermann, S. RFID and the perception of control: the consumer's view. Com. ACM 48, 9 (2005), 73--76. Google ScholarDigital Library
- Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., and O Hare, T. Vulnerabilities in first--generation RFID--enabled credit cards. LNCS 4886, Springer (2008), 2. Google ScholarDigital Library
- Juels, A., Molnar, D., and Wagner, D. Security and Privacy Issues in E-passports. Proc. of SecureComm '05. (2005), 74--88. Google ScholarDigital Library
- Karjoth, G. and Moskowitz, P.A. Disabling RFID tags with visible confirmation: clipped tags are silenced. Proc. of the workshop on Privacy in the electronic society, ACM (2005), 27--30. Google ScholarDigital Library
- King, J. and McDiarmid, A. Where's the beep?: security, privacy, and user misunderstandings of RFID. Proc. of Conf. on Usability, Psychology, and Security, USENIX Assoc. (2008), 1--8. Google ScholarDigital Library
- Koscher, K., Juels, A., Kohno, T., and Brajkovic, V. EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond. RSA Laboratories. In Submission. http://www.rsa.com/rsalabs/node.asp?id=3557, (2008).Google Scholar
- Langheinrich, M. Privacy by Design -- Principles of Privacy-Aware Ubiquitous Systems. Proc. of Ubicomp '01, Springer (2001), 273--291. Google ScholarDigital Library
- Langheinrich, M. A survey of RFID privacy approaches. Personal and Ubiquitous Computing, (2008). Google ScholarDigital Library
- Marquardt, N. and Taylor, A.S. RFID Reader Detector and Tilt-Sensitive RFID Tags. DIY for CHI Workshop, (2009).Google Scholar
- Martinussen, E.S. and Arnall, T. Designing with RFID. Proc. of TEI '09, ACM (2009), 343--350. Google ScholarDigital Library
- Nguyen, D.H., Kobsa, A., and Hayes, G.R. An empirical investigation of concerns of everyday tracking and recording technologies. Proc. of Ubicomp '08, ACM (2008), 182--191. Google ScholarDigital Library
- Ohkubo, M., Suzuki, K., and Kinoshita, S. RFID privacy issues and technical challenges. Com. ACM 48, 9 (2005), 66--71. Google ScholarDigital Library
- Ozer, N.A. Rights "Chipped" Away: RFID and Identification Documents. Stanford Technology Law Review, http://stlr. stanford.edu/pdf/ozer-rights-chipped-away.pdf 1, 1 (2008).Google Scholar
- Philipose, M., Smith, J.R., Jiang, B., Mamishev, A., Roy, S., and Sundara-Rajan, K. Battery-free Wireless Identification and Sensing. IEEE Pervasive Computing 4, 1 (2005), 37--45. Google ScholarDigital Library
- Poole, E.S., Dantec, C.A.L., Eagan, J.R., and Edwards, W.K. Reflecting on the invisible: understanding end-user perceptions of ubiquitous computing. Proc. of Ubicomp '08, ACM (2008), 192--201. Google ScholarDigital Library
- Rieback, M., Crispo, B., and Tanenbaum, A. RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management. Proc. of ACISP'05, Springer (2005), 184--194. Google ScholarDigital Library
- Sample, A., Yeager, D., Powledge, P., and Smith, J. Design of a Passively-Powered, Programmable Sensing Platform for UHF RFID Systems. Proc. of RFID '07, IEEE (2007), 149--156.Google ScholarCross Ref
- Sample, A., Yeager, D., and Smith, J. A capacitive touch interface for passive RFID tags. Proc. of RFID '09, IEEE (2009), 103--109.Google ScholarCross Ref
- Schmidt, A. Implicit human computer interaction through context. Personal and Ubiq. Computing 4, 2 (2000), 191--199.Google Scholar
- Selker, E.J. Manually Operated Switch for Enabling and Disabling an RFID card. US Patent 6863220, (2005).Google Scholar
- Smith, J.R., Fishkin, K.P., Jiang, B., et al. RFID-based techniques for human-activity detection. Commun. ACM 48, 9 (2005), 39--44. Google ScholarDigital Library
- Spiekermann, S. and Evdokimov, S. Critical RFID Privacy-Enhancing Technologies. Security & Privacy, IEEE 7, 2 (2009), 56--62. Google ScholarDigital Library
- Spiekermann, S. and Berthold, O. Maintaining Privacy in RFID Enabled Environments. In Privacy, Security and Trust within the Context of Pervasive Computing. 2005, 137--146.Google Scholar
- Want, R. Enabling ubiquitous sensing with RFID. Computer 37, 4 (2004), 84--86. Google ScholarDigital Library
- Want, R. The Magic of RFID. Queue 2, 7 (2004), 40--48. Google ScholarDigital Library
- Want, R., Fishkin, K.P., Gujar, A., and Harrison, B.L. Bridging Physical and Virtual Worlds with Electronic Tags. Proc. of CHI '99, ACM (1999), 370--377. Google ScholarDigital Library
Index Terms
- Rethinking RFID: awareness and control for interaction with RFID systems
Recommendations
Visible and controllable RFID tags
CHI EA '10: CHI '10 Extended Abstracts on Human Factors in Computing SystemsRadio frequency identification (RFID) tags containing privacy-sensitive information are increasingly embedded into personal documents (e.g., passports and driver's licenses). The problem is that people are often unaware of the security and privacy risks ...
On two RFID privacy notions and their relations
Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on ...
RFID: The Next Serious Threat to Privacy
Radio Frequency Identification, or RFID, is a technology which has been receiving considerable attention as of late. It is a fairly simple technology involving radio wave communication between a microchip and an electronic reader, in which an ...
Comments