One interesting talk on “Interoperable Internet Scale Security Framework for RFID Networks” was given by Tingting Mao at the MIT AUTO-ID lab. This work describes a framework whereby businesses can define policies for sharing EPC data and the associated business events. A key feature of this system is that it uses authentication and authorization based on an aggregation of business rules, enterprise information, and RFID tag information. In another talk, Antti Sirkka from TietoEnator discussed “Modelling Traceability in the Forestry Wood Supply Chain”. This work aims to use RFID to improve information on processes in the forestry wood production system - a pressing problem given the equivalent of Є5 billion of wood raw material going to waste in Europe.

There were also great talks and discussion from panelists Yanlei Diao (University of Massachusetts, Amherst) and Fusheng Wang (Siemens Corporate Research).

Slides from the talks will eventually be posted online at: http://rfid.cs.washington.edu/rfdm08/

The first annual International Workshop on RFID Data Management (RFDM’08) is happening in Cancun today in conjunction with the International Conference on Data Engineering (ICDE). The workshop brings together researchers and practitioners that work on problems related to managing data produced by RFID or other traceability and automated identification (Auto ID) technologies. The goal is to fill an important gap in the community by bringing interested researchers together to identify future research challenges and opportunities. The workshop is co-chaired by Prof. Magdalena Balazinska and Dr. Karin Murthy (IBM).

Prof. Jiawei Han (UIUC) just gave a great keynote talk titled “Warehousing and Mining Massive RFID Data Sets”. It covered some recent work he an his student Hector Gonzalez have done on techniques for managing the massive (i.e. peta-byte scale) RFID data sets that are generated by supply chain applications of RFID. He concluded with some interesting work that applies these techniques to the analysis and aggregation of traffic patterns using EZ-pass and FasTrak data.

Also in attendance were Starbug (Jan Krissler) from the CCC in Berlin and 3ric Johanson, a Seattle-area security professional, RFID hacker, and member of Shmoo. The presentation and discussion were great! A video of a similar talk which Karsten gave at Google can be found on his homepage: http://www.cs.virginia.edu/~kn5f/

“[...] Washington state recognizes the importance of protecting the confidentiality and privacy of an individual’s personal information contained in drivers’ licenses and identicards.”

“[...] A nongovernmental entity may only electronically read an individual’s driver’s license or identicard to verify the authenticity of the document or verify the individual’s age or identity. [...] When a nongovernmental entity electronically reads a driver’s license or identicard for one of the purposes permitted in (a) of this subsection, and except as otherwise permitted in subsection (3) of this section, the entity may not store, sell, or share personal information collected from the driver’s license or identicard without written consent of the individual.”

Magda provided expert testimony on the privacy risks of such systems. Using examples from our research in the RFID Ecosystem project, Magda described how the lack of security features…
(Read complete post >>)

About half the speakers had government and/or industry backgrounds; the rest were RFID researchers. Among the government speakers was Hugo Teufel III, the CPO of the U.S. Department of Homeland Security, who spoke about his office’s work on authoring Privacy Impact Assessments for RFID-related issues such as WHTI and the EDL; he also said that he or someone from his office will go anywhere to speak on matters of privacy and homeland security (good to keep in mind!). Randy Vanderhoof of the Smart Card Alliance also gave an interesting presentation on his organization’s work with privacy – this included a note on their strong opposition to the use of EPC Gen 2 technology for WHTI.

The research portion of the program included presentations from Ari Juels and Ravi Pappu on practical key management techniques for crypto in real-world RFID applications. Christof Paar reviewed some lightweight crypto techniques which his group had developed for RFID, while Melanie Rieback and Karsten Nohl…
(Read complete post >>)