- Количество слайдов: 8
Technical Issues in Library RFID Privacy David Molnar UC-Berkeley Computer Science
What are we worried about? • RFID new technology – Law of “unintended consequences” • Read tags through backpacks, briefcases • Can we track books? – “track” = link sightings of same book • Can we figure out what you’re reading? • Who “we” is depends – FBI, marketers, teenagers, college students, pick your favorite
How RFID Works • Radio Frequency IDentification • Passive tags – no power source • Tag carries small amount of data – May be read-only or limited read/write • RFID reader powers tag, extracts data via radio Power Stored data
Two Main Questions • How to read tags? • What is on the tag?
How to read tags? • Need an RFID reader – Standardization not privacy issue in long term • Read range for 13. 56 Mhz tags low • Ubiquity of readers bigger problem! – Reader at door of every Starbucks? • Blocking tag signals, “kill”, not sufficient • “Security Bit” does not prevent tag read • Read passwords?
What is on the tag? • Varies by vendor and library decision • Library bar code – Unique, static ID can track book – Need library database to learn title/author • Unless see book later, learn bar code/title map • Some vendors suggest more info “The Lib~Chip stores data such as type of material, title, author, bar code and serial number, shelf location, last borrowed date, and last returned date. ” – Libramation site
“Encrypting” Tag Data • Several meanings to “encrypting” data – Proprietary encoding, not different per library • Buy reader from company or secondary market • Eventually reverse engineered – Encrypting bar code with per-library key • Does not currently exist • Non-library readers can’t understand data • Still leads to static data can track book
Bottom Line • Reading static ID is privacy risk – Risk will grow as readers become cheaper, more available, more common • Minimize data on tag – No title, no author, etc. on tag – Protect bibliographic database! • Privacy depends on choices in deployment