This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Physical Access Control for Captured RFID Data
October-December 2007 (vol. 6 no. 4)
pp. 48-55
Travis Kriplean, University of Washington
Evan Welbourne, University of Washington
Nodira Khoussainova, University of Washington
Vibhor Rastogi, University of Washington
Magdalena Balazinska, University of Washington
Gaetano Borriello, University of Washington
Tadayoshi Kohno, University of Washington
Dan Suciu, University of Washington
RFID security is a vibrant research area, and many protection mechanisms against unauthorized RFID cloning and reading attacks are emerging. However, little work has yet addressed the complementary issue of privacy for RFID data after it has been captured and stored by an authorized system. In this article, the authors discuss the problem of peer-to-peer privacy for personal RFID data. In this setting, they assume a system with trusted owners and administrators, and focus on ways to constrain peers' access to information about one another. An access control policy, called Physical Access Control, protects privacy by constraining the data a user can obtain from the system to those events that occurred when and where that user was physically present. PAC provides a high level of privacy. It also offers a database view that augments users' memory of places, objects, and people. PAC is a natural, intuitive access-control policy for peer-to-peer privacy. It enables many classes of applications while providing a good baseline trade-off between privacy and utility. This article is part of a special issue on security and privacy.

1. G. Borriello et al., "Reminding ABOUT Tagged Objects Using Passive RFIDs," Proc. Ubiquitous Computing 6th Int'l Conf. (Ubicomp 04), LNCS 3205, Springer, 2004, pp. 36–53.
2. D. Patterson et al., "Fine-Grained Activity Recognition by Aggregating Abstract Object Usage," Proc. 9th Int'l Symp. Wearable Computers (ISWC 05), IEEE CS Press, 2005, pp. 44–51.
3. E. Welbourne et al., "Challenges for Pervasive RFID-Based Infrastructures," Proc. 5th Ann. IEEE Int'l Conf. Pervasive Computing and Communications Workshops (Pertec 07), IEEE CS Press, 2007, pp. 388–394.
4. A. Juels, "RFID Security and Privacy: A Research Survey," IEEE J. Selected Areas in Communications, Feb. 2006, pp. 381–395.
5. M. Foucault, Discipline and Punish, Random House, 1975.
6. G. Iachello et al., "Privacy and Proportionality: Adapting Legal Evaluation Techniques to Inform Design in Ubiquitous Computing," Proc. SIGCHIConf. Human Factors in Computing Systems, ACM Press, 2005, pp. 91–100.
7. J. Gemmell et al., "Passive Capture and Ensuing Issues for a Personal Lifetime Store," Proc. 1st ACM Workshop on Continuous Archival and Retrieval of Personal Experiences (CARPE04), ACM Press, 2004, pp. 48–55.
8. S. Intille et al., New Challenges for Privacy Law: Wearable Computers that Create Electronic Digital Diaries, tech. report, MIT Dept. of Architecture House_n, Sept. 2003.
9. R. Agrawal et al., "Privacy-Preserving Data Mining," ACM SIGMODRecord, vol. 29, no. 2, 2000, pp. 439–450.
10. L. Sweeney, "K-Anonymity: A Model for Protecting Privacy," Int'l J. Uncertainty, Fuzziness and Knowledge-based Systems, vol. 10, no. 5, 2002, pp. 557–570.
11. R. Agrawal et al., "Hippocratic Databases," Proc. 28th Int'l Conf. Very Large Databases (VLDB 02), Morgan Kaufmann, 2002, pp. 143–154.
12. S. Lederer et al., "Personal Privacy through Understanding and Action," Personal Ubiquitous Computing, vol. 8, no. 6, 2004, pp. 440–454.
13. M. Langheinrich, "Privacy by Design: Principles of Privacy-Aware Ubiquitous Systems," Proc. Ubiquitous Computing 3rd Int'l Conf. (Ubicomp 01), LNCS 2201, Springer, 2001, pp. 273–291.
14. Y. Duan and J. Canny, "Protecting User Data in Ubiquitous Computing," Privacy Enhancing Technologies, LNCS 3424, Springer, 2004, pp. 273–291.
15. S. Rizvi et al., "Extending Query Rewriting Techniques for Fine-Grained Access Control," Proc. SIGMOD, ACM Press, 2004, pp. 551–562.
16. Y. Li et al., "Design and Experimental Analysis of Continuous Location Tracking Techniques for Wizard of Oz Testing," Proc. SIGCHIConf. Human Factors in Computing Systems, ACM Press, 2006, pp. 1019–1022.
17. N. Khoussainova et al., "Probabilistic RFID Data Management," tech. report UW-CSE-07-03-01, Univ. of Washington, Computer Science and Engineering Dept., Mar. 2007.
18. J. Hong et al., "An Architecture for Privacy-Sensitive Ubiquitous Computing," Proc. Mobisys, ACM Press, 2004, pp. 177–189.
19. D. Povey, "Optimistic Security," Proc. 1999 Workshop on New Security Paradigms, ACM Press, 1999, pp. 40–45.
20. G. Iachello et al., "Prototyping and Sampling Experience to Evaluate Ubiquitous Computing Privacy in the Real World," Proc. SIGCHIConf. Human Factors in Computing Systems, ACM Press, 2006, pp. 1009–1018.
21. S. Consolvo et al., "Location Disclosure to Social Relations," Proc. SIGCHIConf. Human Factors in Computing Systems, ACM Press, 2005, pp. 81–90.
22. A. Kapadia et al., "Virtual Walls," Proc. Pervasive, LNCS 4480, Springer, May 2007, pp. 162–179.

Index Terms:
privacy, RFID, security, data management, pervasive computing
Citation:
Travis Kriplean, Evan Welbourne, Nodira Khoussainova, Vibhor Rastogi, Magdalena Balazinska, Gaetano Borriello, Tadayoshi Kohno, Dan Suciu, "Physical Access Control for Captured RFID Data," IEEE Pervasive Computing, vol. 6, no. 4, pp. 48-55, Oct.-Dec. 2007, doi:10.1109/MPRV.2007.81
Usage of this product signifies your acceptance of the Terms of Use.