Cryptographic approaches to security and privacy issues in pervasive computing

Abstract

Technological innovation has enabled tiny devices to participate in pervasive com- puting. Such devices are particularly vulnerable to security and privacy threats, because of their limited computing resources and relatively weak physical security. We investigate possible cryptographic solutions to security and privacy problems arising in two kinds of emerging pervasive computing networks: Personal Area Net- works (PANs) and the EPCglobal Network. A number of key management schemes have been proposed for use in PANs, but these schemes only support key management within a PAN. However, as people are increasingly equipped with multiple wireless devices, PANs are likely to be intercon- nected to share information or services. We introduce a term, iPANs, to name such interconnected PANs. We define system models and design goals for key manage- ment in iPANs, and propose a novel security initialisation scheme for use in iPANs. The proposed scheme achieves desirable security and efficiency properties by making use of the unique characteristics of PANs. The EPCglobal Network is designed to give efficiency and cost savings in and beyond the supply chain using Radio Frequency Identification (RFID) technology; however, privacy threats affecting such networks are particularly serious. We construct a formal privacy model for RFID systems accurately reflecting adversarial threats and power. We then give brief privacy analysis for the existing privacy-enhanced RFID schemes which have received wide attention in the literature. We then construct a secure refresh-based RFID system based on re-encryption techniques, and prove its privacy using the defined privacy model. Finally, we show that the proposed scheme can greatly enhance the security and privacy of EPC tags, making the maximum use of given tag functionalities as specified in the standards.