Issue No. 04 - October-December (2007 vol. 6)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MPRV.2007.81
Travis Kriplean , University of Washington
Evan Welbourne , University of Washington
Nodira Khoussainova , University of Washington
Vibhor Rastogi , University of Washington
Magdalena Balazinska , University of Washington
Gaetano Borriello , University of Washington
Tadayoshi Kohno , University of Washington
Dan Suciu , University of Washington
RFID security is a vibrant research area, and many protection mechanisms against unauthorized RFID cloning and reading attacks are emerging. However, little work has yet addressed the complementary issue of privacy for RFID data after it has been captured and stored by an authorized system. In this article, the authors discuss the problem of peer-to-peer privacy for personal RFID data. In this setting, they assume a system with trusted owners and administrators, and focus on ways to constrain peers' access to information about one another. An access control policy, called Physical Access Control, protects privacy by constraining the data a user can obtain from the system to those events that occurred when and where that user was physically present. PAC provides a high level of privacy. It also offers a database view that augments users' memory of places, objects, and people. PAC is a natural, intuitive access-control policy for peer-to-peer privacy. It enables many classes of applications while providing a good baseline trade-off between privacy and utility. This article is part of a special issue on security and privacy.
privacy, RFID, security, data management, pervasive computing
N. Khoussainova et al., "Physical Access Control for Captured RFID Data," in IEEE Pervasive Computing, vol. 6, no. , pp. 48-55, 2007.