Team for Research in
Ubiquitous Secure Technology

Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport
Marci Meingast, Jennifer King, Deirdre Mulligan

Citation
Marci Meingast, Jennifer King, Deirdre Mulligan. "Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport". IEEE International Conference on RFID, March, 2007.

Abstract
Abstract—New applications for Radio Frequency Identification (RFID) technology include embedding transponders in everyday things used by individuals, such as books, payment cards, and personal identification. While RFID technology has existed for decades, these new applications carry with them substantial new privacy and security risks for individuals. These risks arise due to a combination of aspects involved in these applications: 1) The transponders are permanently embedded in objects individuals commonly carry with them 2) Static data linkable to an individual is stored on these transponders 3) The objects these transponders are embedded in are used in public places where individuals have limited control over who can access data on the transponder. In 2002, the U.S. Department of State proposed the adoption of an “electronic passport,” which embedded RFID transponders into U.S. passports for identification and document security purposes. In this paper, we use the U.S. Government’s adoption process for the electronic passport as a case study for identifying the privacy and security risks that arise by embedding RFID technology in “everyday things.” We discuss the reasons why the Department of State did not adequately identify and address these privacy and security risks, even after the government’s process mandated a privacy impact assessment. We conclude with recommendations to assist government as well as industry in early identification and resolution of relevant risks posed by RFID technology embedded in everyday things.

Electronic downloads

Citation formats  
  • HTML
    Marci Meingast, Jennifer King, Deirdre Mulligan. <a
    href="http://www.truststc.org/pubs/157.html"
    >Embedded RFID and Everyday Things: A Case Study of the
    Security and Privacy Risks of the U.S. e-Passport</a>,
    IEEE International Conference on RFID, March, 2007.
  • Plain text
    Marci Meingast, Jennifer King, Deirdre Mulligan.
    "Embedded RFID and Everyday Things: A Case Study of the
    Security and Privacy Risks of the U.S. e-Passport".
    IEEE International Conference on RFID, March, 2007.
  • BibTeX
    @inproceedings{MeingastKingMulligan07_EmbeddedRFIDEverydayThingsCaseStudyOfSecurityPrivacy,
        author = {Marci Meingast and Jennifer King and Deirdre
                  Mulligan},
        title = {Embedded RFID and Everyday Things: A Case Study of
                  the Security and Privacy Risks of the U.S.
                  e-Passport},
        booktitle = {IEEE International Conference on RFID},
        month = {March},
        year = {2007},
        abstract = {AbstractâNew applications for Radio Frequency
                  Identification (RFID) technology include embedding
                  transponders in everyday things used by
                  individuals, such as books, payment cards, and
                  personal identification. While RFID technology has
                  existed for decades, these new applications carry
                  with them substantial new privacy and security
                  risks for individuals. These risks arise due to a
                  combination of aspects involved in these
                  applications: 1) The transponders are permanently
                  embedded in objects individuals commonly carry
                  with them 2) Static data linkable to an individual
                  is stored on these transponders 3) The objects
                  these transponders are embedded in are used in
                  public places where individuals have limited
                  control over who can access data on the
                  transponder. In 2002, the U.S. Department of State
                  proposed the adoption of an âelectronic
                  passport,â which embedded RFID transponders into
                  U.S. passports for identification and document
                  security purposes. In this paper, we use the U.S.
                  Governmentâs adoption process for the electronic
                  passport as a case study for identifying the
                  privacy and security risks that arise by embedding
                  RFID technology in âeveryday things.â We
                  discuss the reasons why the Department of State
                  did not adequately identify and address these
                  privacy and security risks, even after the
                  governmentâs process mandated a privacy impact
                  assessment. We conclude with recommendations to
                  assist government as well as industry in early
                  identification and resolution of relevant risks
                  posed by RFID technology embedded in everyday
                  things.},
        URL = {http://www.truststc.org/pubs/157.html}
    }
    

Posted by Marci Meingast on 7 Feb 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.