Sécurité et protection de la vie privée dans les systèmes RFID, appliquées aux réseaux EPCglobal

• Main Author: TOUNSI, Wiem
• Language: English
• Published: 2014
• Subjects: [INFO:INFO_CR] Computer Science/Cryptography and Security; [INFO:INFO_CR] Informatique/Cryptographie et sécurité; Wireless networks; RFID; Security; Privacy; Authentication; Formal model; Key generation systems
• Online Access: http://tel.archives-ouvertes.fr/tel-00978739; http://tel.archives-ouvertes.fr/docs/00/97/87/39/PDF/2014telb0291_Tounsi_Wiem.pdf

Radio Frequency IDentification (RFID) provides a way to automate identification and to store information in individual RFID tags. These tags can be attached or embedded in an item to be identified and are read when they enter a RFID reader's antenna field. The Electronic Product Code (EPC) Class 1 Generation 2 (Gen2 for short) is a proper example of passive RFID technology. It represents the key component of an RFID architecture named EPCglobal network. However, if the tag carries more than just an identifier, the privacy of the tag holder may be violated. In this thesis, we deal with privacy issues in two levels of the EPCglobal network to only let authorized entities access private data. Our goal is to ensure that the data exchange from RFID tags to middleware and enterprise applications guarantees the privacy requirements, in environments where privacy control is paramount, e.g., home healthcare monitoring systems. The first part of this dissertation is dedicated to securing data exchange between RFID readers and passive tags. We provide a key establishment and derivation protocol for Gen2 systems, called KEDGEN2, to handle the flawed security model of the Gen2 tag memory access. KEDGEN2 achieves secure data exchange, based on a key generation model adapted to Gen2 tags. To prove the security of our model, we specify the protocol using the High Level Protocol Specification Language (HLPSL) and verify the expected security properties, using the Constraint-Logic based Attack Searcher (CL-AtSe) model checking tool. The current version of the protocol guarantees mutual authentication of participants and forward secrecy of the keys in the presence of active adversaries. It also guarantees backward secrecy with active adversaries bounded by limited communication range, which is consistent with typical RFID environments. As for derived keys, we propose adapting the Solitaire cipher, as a Pseudo-random Number Generator. To complement our approach, an additional filter is added and described in the second part of this dissertation. We focus on the collection of tag information through the RFID middleware component. The middleware is a central point that sits between RFID readers and database applications. It is in charge of collecting, filtering and aggregating the requested events from heterogeneous RFID environments. Thus, the system at this point is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. We propose a privacy-enhanced approach as a part of the RFID middleware of the EPCglobal network, which does not interfere with the standard interface. Our approach is policy driven using some enhanced contextual concepts of the extended Role Based Access Control model. We use specifically, the PrivOrBAC privacy-aware model to store and manage privacy preferences, taking the declared purpose, the accuracy and the explicit consent, as privacy requirements. To show the feasibility of our approach, we provide a proof-of-concept prototype that we apply to the Fosstrak plateform, an open-source implementation of the EPCglobal specifications.