Skip to Main content Skip to Navigation
Journal articles

Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the Fosstrak platform

Wiem Tounsi 1 Nora Cuppens-Boulahia 2, 3 Frédéric Cuppens 2, 3 Guy Pujolle 1
1 Phare
LIP6 - Laboratoire d'Informatique de Paris 6
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : Radio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering and aggregating the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. In this paper, we propose an access and privacy controller module that adds a security level to the RFID middleware standardized by the EPCglobal consortium. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model, namely the purpose, the accuracy and the consent principles. We also use the provisional context to model security rules whose activation depends on the history of previously performed actions. To show the feasibility of our privacy enforcement model, we first provide a proof-of-concept prototype integrated into the middleware of the Fosstrak platform, then evaluate the performance of the integrated module in terms of execution time.
Complete list of metadata

Cited literature [36 references]  Display  Hide  Download
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Monday, January 18, 2016 - 12:59:18 PM
Last modification on : Tuesday, April 20, 2021 - 10:32:06 AM
Long-term archiving on: : Friday, November 11, 2016 - 9:23:02 AM


Files produced by the author(s)



Wiem Tounsi, Nora Cuppens-Boulahia, Frédéric Cuppens, Guy Pujolle. Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the Fosstrak platform. World Wide Web, Springer Verlag, 2016, 19 (1), pp.41 - 68. ⟨10.1007/s11280-015-0325-5⟩. ⟨hal-01257854⟩



Record views


Files downloads