FragDBFragDBSecure Localized Storage Based onS Di t ib t d RFID T I f t tSuper-Distributed RFID-Tag Infrastructures

M L h i i hMarc LangheinrichInstitute for Pervasive Computing, ETH Zurich, Switzerland

L ti b d A C t lLocation-based Access Control

FragDB: A Location-Based Access Control System

Location-Based Access Control in the Real World

Marc‘s Not In

My Office

May 11, 2007 5PALMS 2007 Workshop

May 11, 2007 6PALMS 2007 Workshop

May 11, 2007 7PALMS 2007 Workshop

Coffe BreakCafeteria

May 11, 2007 8PALMS 2007 Workshop

h kNo ID Check Here

A Classroom

See What‘s Marc Teaching TodaySee What s Marc Teaching Today

May 11, 2007 9PALMS 2007 Workshop

Examples of „Hands-Free“ Access Control

Information Not Secret“Information Not „SecretBut wouldn‘t want it broadcasted either

L ti B d ALocation-Based AccessIf you‘re in the vicinity, feel free to look

No Management – „Hands-Free“No users, passwords, certificates, policies

May 11, 2007 10PALMS 2007 Workshop

FragDB: A Hands-Free Access Control System

Like Virtual Post-Its

Your Data

A Place

A Visitor

May 11, 2007 12PALMS 2007 Workshop

Basic FragDB Principle: Fingerprinting

Principle: Fingerprinting Place & Time

A VisitorYou

May 11, 2007 14PALMS 2007 Workshop

Principle: Fingerprinting Place & Time

A VisitorYou

Places Change – Fingerprints Should TooPlaces Change Fingerprints Should, TooOtherwise: one visit gives continued accessOld fingerprints fade away“Old fingerprints „fade away

May 11, 2007 15PALMS 2007 Workshop

Fingerprint Requirements

Fluid BoundariesFluid BoundariesTolerate „close enough“ positions

Ti V iTime VarianceFingerprints change over time

Time ContinuityOld fingerprints fade-away slowly

Secure StorageAccess to central server yields no informationy

May 11, 2007 16PALMS 2007 Workshop

Technology Enabler: RFID (Hitachi mu-Chips)

μ-Chip 2005 (Hitachi)

RFID ChipSize: 0 4 x 0 4 mmSize: 0.4 x 0.4 mmCarrier frequency: 2.45 GHzOperating distance: 0-25 cmMemory capacity 128bit ROMMemory capacity: 128bit ROMOperating temperature: -27 to +75ºCAnti-collision: no Response time: 20 msOptional external antenna

May 11, 2007 18PALMS 2007 Workshop

Super-Distributed RFID Tag Infrastructures

A VisitorYou

Bohn Mattern: Super-Distributed RFID TagBohn, Mattern: Super-Distributed RFID Tag Infrastructures. EUSAI 2004, Eindhoven, NL

Passive RFID tags deployed in vast quantities and in aPassive RFID tags deployed in vast quantities and in a highly redundant fashion over large areas or surfaces

May 11, 2007 20PALMS 2007 Workshop

FragDB: Basic Principles

FragDB: Fragmented Database Storage

Each Tag-ID Represents Single Storage CellEach Tag-ID Represents Single Storage CellData is fragmented and stored „in“ tagsCentral storage (encrypted with hashed ID)Central storage (encrypted with hashed ID)

Fl id B d i F d E C ti1. Fluid Boundaries: Forward Error CorrectionData is redundantly stored across several cells

2. Time Variance: Ids Change Over TimeProbabilistic after n readouts (currently simulated)

May 11, 2007 22PALMS 2007 Workshop

4. Secure Storage

Cell Data is Encrypted With Key == Hashed Tag IDNo need for key managementNo need for key management

Storage Cell Location NOT tag ID but Hashed KeyStorage Cell Location NOT tag ID, but Hashed KeyOtherwise: trivial DB-scan attack possibleB t i l t t ll l ti f t IDBut: simple to compute cell location from tag ID

May 11, 2007 23PALMS 2007 Workshop

3. Time ContinuityTag ID Memory

RFID TagsStorage System

C t ID8AF62 54017 03BCA 7843AFile67 - File315 File315, File942

RFID TagsStorage System

C t ID8AF62 54017 03BCA 7843AFile67 - File315 File315, File942

Tag ID-Memory

Current IDCurrent IDF2539

B35F*

8DC12

0439*

948AA

8CC3*

43B21

D132*

File315

File942, File4

File315, File4

File4 File4, File42, …File952

File942 File67

siveFile 4

04DA*

74A**

9DB**

B3EC*

C34**

324**

1231*

BC3**

987**

E321*

DE2**

9E4**

File12, File44

-

File91

File44, File12

File91

-

File44

File91, File12

File14, File74

File44

File91, File12

File74 ally

expe

ns

File 91 9

89***

C1***

3

AC***

9C***

98

AA***

84***

9

12***

4E***

9

File14, File15, …

File4856

File14, File74

File44265

4, 74

File4856

-

74

File14

File32 bina

toric

a9

Tags „remember“ their old IDsOld t d ll l fid lit (i bit )

Com

Old tags gradually loose fidelity (i.e., bits)

May 11, 2007 24PALMS 2007 Workshop

What Can You Do With This?

Classroom Cam

Pass Through Here to Get Lecture Video

May 11, 2007 26PALMS 2007 Workshop

Example: Fingerprinting Road Infrastructures

Continually Fingerprint Road

Store Warning on Previous Segment

Store Warning for Approaching CarsStore Warning for Approaching Cars

May 11, 2007 27PALMS 2007 Workshop

Prototype Implementation

mu-Chip Reader

mu-Chips

May 11, 2007 29PALMS 2007 Workshop

Simulator Control Panel

Virtual Surface

Storage Cells

May 11, 2007

Storage Cells

30PALMS 2007 Workshop

RFID TagsRFID TagsStorage System

Current ID8AF62

F2539

54017

8DC12

03BCA

948AA

7843A

43B21

File67

File315

-

File315, File4

File315

File942

File315, File942

File67

B35F*

04DA*

0439*

B3EC*

8CC3*

1231*

D132*

E321*

File942, File4

File12, File44

File4 File4, File42, …File952

File44, File12 File44 File44

File 4

74A**

9DB**

89***

C34**

324**

AC***

BC3**

987**

AA***

DE2**

9E4**

12***

-

File91

File14 File15

File91

-

File14 File74

File91, File12

File14, File74

File4856

File91, File12

File74

File14

File 91

May 11, 2007

89

C1***

AC

9C***

AA

84***

12

4E***

File14, File15, …

File4856

File14, File74

File44265

File4856

-

File14

File32

31PALMS 2007 Workshop

Summary

FragDB – „Hands-Free“ Access Control

Mimics real-world location-based access controlMimics real-world location-based access controlUseful for many types of semi-public data, e.g., out of office notices lecture materials road conditionsoffice notices, lecture materials, road conditions, …

Principle: Embedded RFIDs & Fragmented StorageFluid BoundariesFluid BoundariesTime VarianceTi C ti itTime ContinuitySecure Storageilt Si l t d t t ( hi )Built Simulator and Prototype (mu-Chips)

May 11, 2007 33PALMS 2007 Workshop

More in the Tech Reportfind it at people inf eth ch/langhein/find it at: people.inf.ethz.ch/langhein/

Effects of ID-fading“Effects of „ID-fadingtime- vs. usage-based updates

St t i f d t hStrategies for data searchesHow to reassemble a file

May 11, 2007 34PALMS 2007 Workshop

S i A tService Announcement

Ubicomp Privacy Workshop 2007Ubicomp Privacy Workshop 2007

Organized ByJohn Canny (UC Berkeley)

Marc Langheinrich (ETH Zurich)Sarah Spiekermann (Humboldt University Berlin)

Technologies, Users, Policy

Keynotes & Contributions by Leading Privacy ExpertsLorrie Cranor Jason Hong John Krumm Serge Guthwirth Paul de Hert

Selected Papers Published in „Personal & Ubiquitous Comp.“

Lorrie Cranor, Jason Hong, John Krumm, Serge Guthwirth, Paul de Hert, …

Submission Deadline: June 1, 2007

May 11, 2007

www.vs.inf.ethz.ch/events/uc7privacy/36PALMS 2007 Workshop