Dirk Henrici

Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers

Radio-frequency identification devices (RFID) may emerge as one of the most pervasive computing technologies in history. On the one hand, with tags affixed to consumer items as well as letters, packets or vehicles costs in the supply chain can be greatly reduced and new applications introduced. On the other hand, unique means of identification in each tag like serial numbers enable effortless traceability of persons and goods. But data protection and privacy are worthwhile civil liberties. We introduce a simple scheme relying on one way hash-functions that greatly enhances location privacy by changing traceable identifiers on every read getting by with only a single, unreliable message exchange. Thereby the scheme is safe from many threats like eavesdropping, message interception, spoofing, and replay attacks.

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

This paper introduces shortly into the security and privacy issues of RFID systems and presents a simple approach to greatly enhance location privacy by changing traceable identifiers securely on every read attempt. The scheme gets by with only a single, unreliable message exchange. By employing one-way hash functions the scheme is safe from many security threats. It is intended for use in item identification but is useful in other applications as well.

A model for service-oriented communication systems

Like most software products, protocols are continuously enhanced and new protocols are developed. But especially new protocols of the transport layer can not be utilized widely easily. Even if the new protocols are made available, it is still necessary to adapt many applications or the protocols are not used by the majority of applications otherwise. The current situation is that only very limited enhancements of protocols are possible without changing applications. The proposed solution is to let applications use communications services only instead of protocols. A model for service-oriented communications systems that follows the concepts of service-oriented architectures is introduced. The model enables choosing and configuring protocols autonomously with regard to environmental and temporal conditions

Developing Web applications for mobile devices

Today, even small mobile devices access the Internet. Therewith, mobility issues have become an important technical and economic topic - not only in new but in proven and successful Web applications as well. The main problem derives from a growing development of heterogeneity in hardware and software of mobile devices. To overcome this problem, this paper presents a framework to develop Web applications for mobile devices. This framework issues important points when developing web application that also focuses on mobile users. This includes completely new developments, as well as development that issue an upgrade of existing Web applications to mobile devices. An important element in this framework is the employment of the fairly new CC/PP standard.

A hash-based pseudonymization infrastructure for RFID systems

Many proposals have been made to solve the privacy implications of RFID systems: The main idea to ensure location privacy is to change the identifiers of RFID tags regularly. For building inter-organizational RFID systems, pseudonyms can be used to provide a link to the respective owner of a tag without affecting location privacy. Based on these considerations, in this paper a pseudonymization infrastructure is presented that is based on one-way hash functions and thus is a better fit for the specific demands of resource scarce tags than approaches based on public key cryptography

DANCE: dynamic application oriented network services

The explicit usage of protocols in applications is common practice, but restricts the provided communication service. The dynamic utilization of more suitable protocols or taking into account specific user requirements is either hard to realize or even impossible. This work introduces a model which provides a service oriented view to a communication sub system. Its goal is to find the most suitable service provider. Therefore, service providers are selected dynamically at run time. This enables to take into account the requirements of both the application and the user as well as information about the current platform and network environment. Thus applications are able to benefit from uncommon protocols wherever such protocols make sense and are available. Otherwise standard protocols would be used.

Data Storage in RFID Systems

One of the advantages of the RFID technology over the still more widespread optical barcodes is the comparatively large data storage capacity. Conventional 1-dimensional barcodes can store just few bytes of data. For instance, the EAN13-code used at the point of sale in Europe stores 13 numerical digits identifying country, product manufacturer, and product type. There is no means for identifying each item uniquely. More complex 2dimensional barcodes or larger 1-dimensional barcodes extend the amount of data that can be stored. This comes at the cost of a larger printing area as long as the readability shall not decrease. While the amount of data that can be stored using optical barcodes is therewith limited by the available area, RFID transponders offer a more comprehensive data storage capacity. Already comparatively simple tags can store a serial number capable of identifying objects globally uniquely. RFID transponders can thus serve as a means of unique identification for different kinds of objects like clothes, foods, or documents. Transponders that are more expensive can store an even larger amount of data. For instance, additional data describing the tagged objects, a documentation of the objects’ history, or even data putting the object in the context of other objects can be stored. The question arises how to make use of the additional capabilities. What data should be stored directly on the RFID transponders and what data should be stored in databases in the backend of a system? The design decision influences many characteristics of the overall RFID system. Thus, data storage considerations are an important part in planning the architecture of such a system. This book chapter discusses different design possibilities for data storage in RFID systems and their impact on the quality factors of the resulting system. As will be shown, many characteristics of the systems are influenced. The design decision on the data storage in an RFID system is therewith of great importance. The decision should thus be taken with care considering all relevant aspects. Note that this book chapter relates only to RFID transponders used exclusively as data storage units. Transponders with processors, cryptographic hardware, or sensors require partially separate inspection and are out of scope.

A Model for Service-Oriented Communication Systems

Like most software products, protocols are continuously enhanced and new protocols are developed. But especially new protocols of the transport layer can not be utilized widely easily. Even if the new protocols are made available, it is still necessary to adapt many applications or the protocols are not used by the majority of applications otherwise. The current situation is that only very limited enhancements of protocols are possible without changing applications. The proposed solution is to let applications use communications services only instead of protocols. A model for service-oriented communications systems that follows the concepts of service-oriented architectures is introduced. The model enables choosing and configuring protocols autonomously with regard to environmental and temporal conditions.

RFID System Architecture Reconsidered

The RFID technology is already of high commercial relevance. It breaks into new application areas, and new markets are emerging. RFID becomes more and more an indispensable part of our everyday life. However, the technology also introduces security and privacy problems. Despite of the numerous research efforts, no satisfactory solutions for these issues have yet been found and widely implemented. For this reason, there are many people who take fright at RFID. Today’s RFID system architecture is carried over from the architecture used in other auto-id systems, chiefly optical barcode systems. As RFID introduces new functionalities and privacy risks, this classic architecture is no longer appropriate. For instance, the classic architecture fails to provide location privacy and self-determination for the affected users while being scalable and open. In this chapter, the problem is explained, the limitations in extending the classic architecture are outlined, and important aspects of a new architecture are sketched. In the remainder of this first subchapter, an overview of the security and privacy goals and the main concepts for reaching them is provided. The requirements that RFID systems should fulfill are outlined in a separate section. The second subchapter introduces into the current RFID system architecture and the general direction of RFID security and privacy research. Subchapter 3 shows the practical deficiencies of the current architecture and illustrates, using an example, why incremental improvements and extensions lack to provide satisfactory solutions. Finally, considerations on how a completely new RFID architecture might look like are performed.

TCP/IP und UDP/IP – ist da sonst gar nichts mehr?

Zusammenfassung: TCP/IP und UDP/IP sind heute die dominierenden Transportund Netzwerkprotokolle. Es existieren zwar alternative Protokolle, diese werden jedoch in der Praxis nur selten genutzt. Problematisch ist, dass neue oder spezialisierte Protokolle explizit von den Anwendungen unterstutzt werden mussen. Hier wird ein Modell vorgestellt, das Applikationen Transportdienste anbietet, wobei die verwendeten Protokolle fur die Applikation transparent sind. Geeignete Protokolle werden unter Berucksichtigung der Ausfuhrungsumgebung zur Laufzeit auswahlt und konfiguriert.