The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

Fair EPC System

사용자 프라이버시 보호 및 추적이 가능한 EPC 시스템

  • 곽진 (성균관대학교 정보통신공학부 정보통신보호연구실) ;
  • 오수현 (호서대학교 컴퓨터공학부 정보보호) ;
  • 이근우 (성균관대학교 정보통신공학부 정보통신보호연구실) ;
  • 김승주 (성균관대학교 정보통신공학부) ;
  • 원동호 (성균관대학교 정보통신공학부)
  • Published : 2005.01.01
Download PDF
⟨ Previous Next ⟩

Abstract

The low-cost REID system is expected to be widely used in the ubiquitous computing environment as an intelligent device. Although REID systems have several advantages, they may create new threats to users' privacy. In this paper, a traceable and unlinkable REID system called 'Fair EPC system' is proposed for low-cost RFID tags. The proposed system enables the protection of users' privacy from unwanted scanning, and it is traceable to the tag by authorized administrators when necessary. The proposed system has some advantages; (1) eliminating any danger of exposing users' information via tag tracking through the cooperation between readers or back-end databases, (2) enabling the tracking of real serial number of the tag only through the cooperation of authorized administrators using a cryptographic secret sharing scheme, and (3) providing the efficiency of the proposed system reduce the computational workloads of back-end databases.

저가의 RFID 시스템은 유비쿼터스 컴퓨팅 환경에서 유용하게 사용될 것으로 기대되고 있다. 그러나 REID 시스템이 많은 장점을 가지고 있는 반면에 사용자의 프라이버시 침해라는 새로운 유형의 문제점 또한 가지고 있다. 본 논문에서는 저가의 REID 시스템을 위한 "Fair EPC 시스템"을 제안한다. 제안하는 시스템은 원하지 않는(사용자가 인식하지 못하는) 스캐닝으로부터 사용자의 프라이버시 보호가 가능하고, 필요시 인가된 관리자들에 의해서만 태그의 추적이 가능하다. 본 논문에서 제안하는 Fair EPC 시스템은 서로 다른 리더와 벡-엔드 데이터베이스들의 연동을 통한 태그의 정보 유출이 불가능하므로 태그 정보의 노출에 대해 안전하며, 실제 시리얼 넘버의 복구(추적)이 필요한 경우, 암호학적인 비밀분산 방식을 사용하여 오직 인가된 관리자들에 의해서만 실제 시리얼 넘버를 복구(추적)할 수 있다. 또한, 태그와 벡-엔드 데이터베이스의 동기화를 제공하므로 벡-엔드 데이터베이스에서의 계산 효율성을 제공할 수 있다.

Keywords

References

  1. D. M. Ewatt and M. Hayes. 'Gillette razors get new edge: RFID tags'. Information Week, 13 January 2003. http://www.informationweek.com
  2. S. E. Sarma. 'Towards the five-cent tag'. Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center, 2001. http://www.autoidcenter.org
  3. S. E. Sarma, S. A. Weis, and D. W. Engels. 'Radio-frequency identification security risks and challenges'. CryptoBytes, 6(1), 2003
  4. 'Security technology: Where's the smart money?' The Economist, pp. 69-70. 9 February 2002
  5. S. E. Sarma, S. A.Weis, and D. W. Engels. 'RFID systems, security and privacy implications'. Technical Report MIT-AUTOID-WH-014, Auto ID Center, MIT, 2002
  6. S. E. Sarma, S. A. Weis, and D. W. Engels. 'Radio-frequency identification systems'. Workshop on Cryptographic Hardware and Embedded Systems, CHES02, LNCS 2523, pp. 454-469, Springer-Verlag, 2002
  7. A. Juels, R. L. Rivest and M. Szydlo. 'The Blocker Tag : Selective Blocking of RFID Tags for Consumer Privacy'. In Proceedings of 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 103-111, 2003
  8. S. A. Weis. 'Radio-frequency identification security and privacy'. Master's thesis, . May 2003
  9. S. A.Weis, S. Sarma, R. Rivest, and D. Engels. 'Security and privacy aspects of low-cost radio frequency identification systems'. In First International Conference on Security in Pervasive Computing 2003, LNCS 2802, pp. 201-212, Springer-Verlag, 2004
  10. A. Juels and R. Pappu. 'Squealing Euros: Privacy protection in RFID-enabled banknotes'. Financial Cryptography 03, LNCS 2742, pp. 103-121, Springer-Verlag, 2003
  11. M. Ohkubo, K. Suzuki, and S. Kinoshita. 'A Cryptographic Approach to 'Privacy-Friendly' tag'. RFID Privacy Workshop, Nov 2003. http://www.rfid.edu.com/
  12. D. Engels. 'The Reader Collision Problem'. Technical Report. MIT-AUTOID-WH-007, MIT Auto ID Center, 2001. http://www.autoidcenter.org
  13. K. Finkenzeller. RFID Handbook, John Wiley and Sons. 1999
  14. T. Scharfeld. 'An Analysis of the Fundamental Constraints on Low Cost Passive Radio-Frequency identification System Design'. MS Thesis, Department of Mechanical Engineering, Massachusetts Institute of Technology, Cambridge, MA 02139, 2001
  15. MIT Auto-ID Center, http://www.autoidcenter.org
  16. D. L. Brock. 'The electronic product code (EPC): A naming scheme for objects'. Technical Report MIT-AUTOID-WH-002, MIT Auto ID Center, 2001. Available from http://www.autoidcenter.org
  17. D. L. Brock. 'EPC Tag Data Specification'. Technical Report MIT-AUTOID-WH-025, MIT Auto ID Center, 2003. http://www.autoidcenter.org
  18. D. Engels. 'EPC-256: The 256-bit Electronic Product Code Representation'. Technical Report MIT- AUTOID-WH-010, MIT Auto ID Center, 2003. Available from http://www.autoidcenter.org
  19. 'mCloak : Personal/corporate management of wireless devices and technology', 2003. Abailable form http://www.mobilecloak.com
  20. C. Cachin. 'On-Line Secret Sharing'. Cryptography and Coding: The 5th IMA Conf., LNCS 1025, pp. 190-198, Springer-Verlag, 1995
  21. L. Chen, D. Gollmann, C. J. Mitchell and P. Wild. 'Secret sharing with Reusable Polynomial'. Australasian Conference on Information Security and Privacy, ACISP 97, LNCS 1270, pp. 183-193, Springer-Verlag, 1997
  22. P. Fedlman. 'A Practical scheme for Noninteractive Verifiable secret sharing'. Proceeding of the 28th Annual Symposium on the Foundation of Computer Science, pp. 427-437, 1987
  23. S. J. Kim, S. J. Park and D. H. Won. 'Proxy Signatures, Revisited'. Proceedings of ICICS '97, International Conference on Information and Com- munications Security, LNCS 1334, pp. 223-232, Springer-Verlag, 1997
  24. T. P. Pedersen. 'A Threshold cryptosystem without a trusted party'. Proceedings of Eurocrypt '91, LNCS 547, Springer-verlag, 1991, pp. 522-526
  25. A. Shamir, 'How to share a secret'. Communication of the ACM, vol. 21, pp. 120-126, 1979 https://doi.org/10.1145/359340.359342
  26. M. Tompa and H. Woll. 'How to share a secret with cheater'. Journal of Cryptology, vol. 1, pp. 133-138, 1988 https://doi.org/10.1007/BF02252871