Database Reference
In-Depth Information
An interesting solution for making it dicult to read tags in an unau-
thorized way is the use of
blocker tags
[59, 60]. Blocker tags exploit
the collision properties of RFID transmission, which are inherent in this
technology. The key idea is that when two RFID tags transmit dis-
tinct signals to a reader at the same time, a broadcast collision occurs,
which prevents the reader from deciphering either response. Such col-
lisions are in fact very likely to occur during the normal operation of
the RFID infrastructure. In order to handle this issue, RFID readers
typically use anti-collision protocols. The purpose of blocker tags is to
emit signals (or spam) which can defeat these anti-collision protocols,
thereby causing the reader to stall. The idea is that blocker tags should
be implemented in a way, that it will only spam unauthorized readers,
thereby allowing the authorized readers to behave normally. Details of
the blocking approach are discussed in [9].
It was inferred in [111] that the greater threat to privacy arises from
the eavesdropping of signals sent from the reader (which can be detected
much further away), rather than reading the tag itself (which can be done
only at a much closer distance). In fact, the IDs being read by the tree-
walking protocol can be inferred merely by listening to the signals being
broadcast by the reader. Therefore, it has been proposed in [111] to
encrypt the signals being sent by the reader in order to prevent privacy
attacks by eavesdropping of
reader
signals.
It is also possible to modify RFID tags to cycle through a set of
pseudonyms
rather than emit a unique serial number [58]. Thus, the tag
cycles through a set of
k
pseudonyms and emits them sequentially. This
makes it more di
cult for an attacker to identify the tags, because they
may only be able to scan different pseudonyms of the tags at different
times. Of course, if the attacker is aware of the method being used in
order to mask the tag, they may try to scan the tag over a longer period
of time, in order to learn all the pseudonyms associated with the tag.
This process can be made more dicult for an attacker by increasing
the time it takes for the tag to switch from one pseudonym to another.
5.2 Privacy in Data Sharing and Management
Since the functionality of the internet of things is based on the data
communication between different entities, and the underlying data may
often be person-centric, the ability to provide privacy during the data
transmission and sharing process is critical. For example, in a mobile
application, the GPS data for a user may be collected exactly, but may
not necessarily be shared exactly. A variety of techniques may be used
in order to reduce the privacy challenges during data sharing:
