Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the Fosstrak platform

Wiem Tounsi 1 Nora Cuppens-Boulahia 2, 3 Frédéric Cuppens 2, 3 Guy Pujolle 1
1 Phare
LIP6 - Laboratoire d'Informatique de Paris 6
2 Lab-STICC_TB_CID_SFIIS
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : Radio Frequency IDentification (RFID) technology offers a new way of automating the identification and storing of information in RFID tags. The emerging opportunities for the use of RFID technology in human centric applications like monitoring and indoor guidance systems indicate how important this topic is in term of privacy. Holding privacy issues from the early stages of RFID data collection helps to master the data view before translating it into business events and storing it in databases. An RFID middleware is the entity that sits between tag readers and database applications. It is in charge of collecting, filtering and aggregating the requested events from heterogeneous RFID environments. Thus, the system, at this point, is likely to suffer from parameter manipulation and eavesdropping, raising privacy concerns. In this paper, we propose an access and privacy controller module that adds a security level to the RFID middleware standardized by the EPCglobal consortium. We provide a privacy policy-driven model using some enhanced contextual concepts of the extended Role Based Access Control model, namely the purpose, the accuracy and the consent principles. We also use the provisional context to model security rules whose activation depends on the history of previously performed actions. To show the feasibility of our privacy enforcement model, we first provide a proof-of-concept prototype integrated into the middleware of the Fosstrak platform, then evaluate the performance of the integrated module in terms of execution time.
Liste complète des métadonnées

Littérature citée [36 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01257854
Contributeur : Bibliothèque Télécom Bretagne <>
Soumis le : lundi 18 janvier 2016 - 12:59:18
Dernière modification le : jeudi 21 mars 2019 - 13:08:40
Document(s) archivé(s) le : vendredi 11 novembre 2016 - 09:23:02

Fichier

WWW.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Wiem Tounsi, Nora Cuppens-Boulahia, Frédéric Cuppens, Guy Pujolle. Access and privacy control enforcement in RFID middleware systems: Proposal and implementation on the Fosstrak platform. World Wide Web, Springer Verlag, 2016, 19 (1), pp.41 - 68. 〈10.1007/s11280-015-0325-5〉. 〈hal-01257854〉

Partager

Métriques

Consultations de la notice

985

Téléchargements de fichiers

234