Team for Research in
Ubiquitous Secure Technology

• Covert Channels in Privacy-Preserving Identification Systems.

Citation
"• Covert Channels in Privacy-Preserving Identification Systems.". D. Bailley, D. Boneh, E. Goh, and A. Juels (eds.), 14'th ACM conference on Computer and Communications Security, 2007.

Abstract
We examine covert channels in privacy-enhanced mobile identification devices where the devices uniquely identify themselves to an authorized verifier. Such devices (e.g. RFID tags) are increasingly commonplace in hospitals and many other environments. For privacy, the device outputs used for identification should "appear random" to any entity other than the verifier, and should not allow physical tracking of device bearers. Worryingly, there already exist privacy breaches for some devices that allow adversaries to physically track users. Ideally, such devices should allow anyone to publicly determine that the device outputs are covert-channel free (CCF); we say that such devices are CCF-checkable. Our main result shows that there is a fundamental tension between identifier privacy and CCF-checkability; we show that the two properties cannot co-exist in a single system. We also develop a weaker privacy model where a continuous observer can correlate appearances of a given tag, but a sporadic observer cannot. We also construct a privacy-preserving tag identification scheme that is CCF-checkable and prove it secure under the weaker privacy model using a new complexity assumption.

Electronic downloads

Citation formats  
  • HTML
     <a
    href="http://www.truststc.org/pubs/589.html"
    ><i>•	Covert Channels in
    Privacy-Preserving Identification
    Systems.</i></a>, D. Bailley, D. Boneh, E. Goh,
    and A. Juels (eds.), 14'th ACM conference on Computer and
    Communications Security, 2007.
  • Plain text
     "•	Covert Channels in Privacy-Preserving
    Identification Systems.". D. Bailley, D. Boneh, E. Goh,
    and A. Juels (eds.), 14'th ACM conference on Computer and
    Communications Security, 2007.
  • BibTeX
    @proceedings{BailleyBonehGohJuels07_CovertChannelsInPrivacyPreservingIdentification,
        title = {•	Covert Channels in Privacy-Preserving
                  Identification Systems.},
        editor = {D. Bailley, D. Boneh, E. Goh, and A. Juels},
        organization = {14'th ACM conference on Computer and
                  Communications Security},
        year = {2007},
        abstract = {We examine covert channels in privacy-enhanced
                  mobile identification devices where the devices
                  uniquely identify themselves to an authorized
                  verifier. Such devices (e.g. RFID tags) are
                  increasingly commonplace in hospitals and many
                  other environments. For privacy, the device
                  outputs used for identification should "appear
                  random" to any entity other than the verifier, and
                  should not allow physical tracking of device
                  bearers. Worryingly, there already exist privacy
                  breaches for some devices that allow adversaries
                  to physically track users. Ideally, such devices
                  should allow anyone to publicly determine that the
                  device outputs are covert-channel free (CCF); we
                  say that such devices are CCF-checkable. Our main
                  result shows that there is a fundamental tension
                  between identifier privacy and CCF-checkability;
                  we show that the two properties cannot co-exist in
                  a single system. We also develop a weaker privacy
                  model where a continuous observer can correlate
                  appearances of a given tag, but a sporadic
                  observer cannot. We also construct a
                  privacy-preserving tag identification scheme that
                  is CCF-checkable and prove it secure under the
                  weaker privacy model using a new complexity
                  assumption. },
        URL = {http://www.truststc.org/pubs/589.html}
    }
    

Posted by Jessica Gamble on 13 Mar 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.