ietf
[Top] [All Lists]

Re: Some more background on the RFID experiment in Hiroshima

2009-09-14 13:18:26
Marshall Eubanks wrote:

On Sep 14, 2009, at 12:29 PM, Scott Brim wrote:

Excerpts from Eric Rescorla on Sun, Sep 13, 2009 11:09:31PM -0700:
At Sun, 13 Sep 2009 21:19:53 -0700 (PDT),
Ole Jacobsen wrote:


Eric,

The local hosts are reading the messages on this list and will take
appropriate steps including:

* Not displaying the ID number <--> attendee mapping anywhere

* Not assigning numbers sequencially

That seems like a good start. As Richard and I have both indicated,
however, this system seems to have substantial residual privacy
risk, even if the identifiers are assigned completely unpredictably
(and note that non-sequential and unpredictable are not at all the
same thing).

So don't carry it.  Or carry it in your faraday cage passport holder.

Maybe we could do a test of this as part of the meeting. I often tell
people that a metal lunch box or
aluminum foil should be sufficient, but it might be good to see how good
they (plus the holders you can buy)
really are.

Also, since the RFID readers can be bought easily (they're probably at
Fry's), I would hope to hear of some good hack uses of this technology.

I worked on RFID readers last year as part of an aborted tentative[1] to improve
remote attendance for IETF meeting.  I expected the kind of problems that people
are (rightly so) worrying about currently, so I did a little bit of research on
the privacy part.  125Khz tags needs to be completely enclosed in a Faraday cage
with a double layer of conductive material. OTOH 13.56 Mhz tags can be isolated
with a single layer of conductive material, and it works fine even if the
material is only on one side or the card.  I chose 13.56 Mhz tags because, at
the difference of 125 Khz tag that can only carry a serial id, 13.56 Mhz tags
can store data (i.e. name, affiliation) and I do like the idea of having only to
destroy a card to improve my privacy (when it is in a database somewhere, it is
no longer yours).

Anyway, I designed a prototype of a card holder that permit to read the RFID
card and the printed information when open, and prevent to read both when 
closed:

http://ietf.implementers.org/rfid.jpg



[1] http://ietf.implementers.org/IETF20081118.pdf

-- 
Marc Petit-Huguenin
Personal email: marc(_at_)petit-huguenin(_dot_)org
Professional email: petithug(_at_)acm(_dot_)org
Blog: http://blog.marc.petit-huguenin.org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf