The UW CSE RFID Security and Privacy Group

   The RFID Security and Privacy group includes participants from the database, security, and ubicomp groups. We meet regularly to discuss current security and privacy issues in both the RFID Ecosystem sub-projects and RFID systems in general. Topics of key focus have included: identifying, investigating, and addressing security and privacy concerns which emerge from RFID Ecosystem user studies; developing socially appropriate policies for access control and information dissemination; applying data privacy techniques to RFID data (including probabilistic data); and designing systems that assist users in better understanding and managing their privacy settings.
   
PEEX and PEEX+, Probabilistic Event EXtractors

   The PEEX and PEEX+ systems are probabilistic event extraction systems. These systems allow applications to easily define, extract, and manage meaningful probabilistic high-level events from low-level RFID data. By using a declarative query language, these systems simplify the definition of new events. By using probabilities, the system copes with the noise and errors in the data and the inherent ambiguity in the event extraction.

Please see the PEEX website to learn more about the PEEX and PEEX+ systems.
   
Scenic: A Visual Event Specification Interface for Non-Expert Users

   Authoring event specifications in the declarative language used by the PEEX systems may be difficult for some developers and impossible for users. The Scenic tool is intended to enable non-expert developers and end-users to quickly and easily create or customize event specifications in the PEEX language. It does so by presenting an iconic language with an intuitive storyboard metaphor that can be automatically translated into the PEEX language.
   
RFID Ecosystem Map Mash-ups

   The Map Mash-ups are web-based location visualization applications that use either Google maps or Virtual Earth. A mash-up allows users to locate objects and people which they have permission to see. For example, a user who has lost her car keys can use a mash-up to locate them on a map of the Allen Center. Alternatively, a user looking for a friend could locate his friend on the map (assuming that user's friend has granted him permission to query his location).
   
RFID Ecosystem Simulator + Toolkit

   The simulator and its associated toolkit allow us to generate RFID tag read events (TREs) based on previously collected location traces, user-generated traces, or on traces that are randomly generated according to user-provided parameters. The TREs are generated according to a user-specified voronoi graph which includes all antennas and all inhabitable spaces in the simulated deployment. The generated TREs can be stored in a log file, sent to a database, or streamed directly to system components for benchmarking, debugging, and experimentation.

   The simulator toolkit includes Tablet PC-based applications for generating location trace files. These applications allow users to generate location traces by simply drawing them on top of a map.
   
RFIDDER: Micro-blogging with the RFID Ecosystem
(pronounced 'friter')

   RFIDDER is a microblogging infrastructure that uses events (e.g. "Kai entered the Ubicomp lab", "Turiya is having lunch with Ying", "The database group meeting in CSE 605 just ended") detected by the RFID Ecosystem to provide a user's social network with an ambient awareness of that user's status. RFIDDER has a web-based interface and a mobile interface for Nokia Nseries phones. For interested users, RFIDDER also supports a connection to the popular social networking and microblogging application Twitter.
   
Personal Digital Diary: Automatically Logging Your Day's Events

   The Personal Digital Diary application uses the RFID Ecosystem's event detection services to automatically detect and log a person's activities each day. The event data for a particular user is uploaded to a Google calendar where that user can review it. This way users can see how, where, and with whom they spent their time. In addition, the digital diary provides a platform for activity-based search (e.g. "What websites did I visit during the last Database Group meeting?").


  		 
Course Projects
   
APEX: Automatically Extracting Events from Sensory Data

   The APEX system takes a human-in-the-loop machine learning approach to help users extract high-level events from low-level RFID data stored in relational databases. APEX automatically searches databases for high-level events in the form of statistical patterns which it presents to the user for iterative refinement and then stores for future sensor-based application use. APEX is intended to make interaction with databases more accessible to end users such as sensor-based application developers.

Saleema Amershi
CSE 544 Course Project
   
Assessing Fine-Grained Access Control Techniques for Peer-to-Peer Privacy Concerns

   This project identified malicious attackers, curious peers, and institutional surveillance as key privacy concerns for a network-based RFID system. In addition, this work included the design, implementation, and evaluation of a novel, default access control policy to address the problem of curious peers: Physical Access Control (PAC). The central concept is to allow users access to data on only those events that occurred when and where they were physically present. An efficient implementation is achieved using materialized authorization views.

Travis Kriplean and Evan Welbourne
CSE 544 Course Project
   

Privacy and Opting-Out in a Location-Sensing RFID Ecosystem

   One essential privacy-related operation for any RFID-tracking system is to remove all data pertaining to a particular individual. This can be a challenging task if there are many higher-level events derived from the base RFID data. This project proposes a novel method for efficient removal of derived events using that data's lineage. The lineage-based method is shown to greatly outperform the naive approach of deleting base data and regenerating all derived events.

Jonathan Beall and Tamara Denning
CSE 544 Course Project
   
iFind

   iFind is a system that uses RFID tags to track important items throughout a building and allows users to utilize this information when trying to locate a misplaced item or confirm they have all essential items that they need when leaving a specified area. This information can also be used by administrative personnel in tracking assets or monitoring restricted items. Users receive information via a mobile or desktop interface. An overall evaluation of iFind has shown that the system is accurate for locating items and generating alert notifications.

Christine Lovett, Mallory Scola, and Adam Warbington
CSE 477 Capstone Project
   
Ultimate Friendstar

   Ultimate Friendstar is a privacy-enhanced friend-finder application for the RFID Ecosystem. Each user carries a mobile phone and an RFID tag and may make queries on the location of friends. To increase privacy, UF provides protections that allow users to specify who can view what information and when. These protections include:
1. Queries can only be made if both the inquirer and target are inside the CSE building.
2. Each user has a username, password, and a list of authorized friends.
3. Users can set friend-specific privacy settings for each friend in a friend list.
4. Privacy settings control the times at which location can be accessed as well as the precision (e.g. Alice can see which room I am in right now , but Bob can only see whether or not I'm in the building today).
5. There is also a limit on how many queries a particular user can make in a day.

Patricia Lee, Anna Ma, Binh Tran
CSE 477 Capstone Project