|
|
 |
 |
|
|
|
Many issues have already been raised regarding
security and privacy protection in the context of ubiquitous
computing and ubiquitous networking environments. These are
key considerations for us at the Ubiquitous ID Center, and
we have devised an array of feasible solutions.
|
|
 Security
issues in ubiquitous computing environments
| • |
Interception of communication - eavesdropping
Unauthorized monitoring of the communication infrastructure
of ubiquitous ID systems poses the risk that private
or confidential information may be leaked.
For example, if uID technology is used in logistics
control, eavesdropping would put the confidentiality
of distribution data in jeopardy.
Or, in the case of an information service associated
with tags applied to pharmaceuticals, illicit monitoring
of communication to see who investigates what kind of
medication could lead the eavesdropper to deduce who
is actually taking what medication.
|
|
| • |
Leaking data from reading RFID tags
When access to the information stored in RFID tags is
inadequately restricted, the information may be read
remotely via wireless communication by someone for whom
it was not intended, posing a risk of further leakage.
Suppose a person's clothes were sold through a ucode logistics
control system. If someone brings a ubiquitous communicator
near the RFID in the clothes, reads the ucode, and searches
the product database, they may be able to tell when
and where the clothes were purchased, and at what price.
|
|
|
 |
|
| • |
Personal identification from reading
RFID tags
Even if an object's attribute data in an RFID is protected,
if unauthorized users apply the RFID identification -
or even the ID's fixed value by applying mathematical
processing - to obtain the unique code (identical, for
purposes of access), a quite undesirable scenario can
be imagined: readers can be used for the RFID leaked into
the public realm, and if the unique code becomes known,
the movement of the RFID can also be understood and malicious
users might create links between the objects and specific
owners to track the individuals without their awareness. |
|
|
 |
|
|
Seamless
Communication
Security policies are established for everything that comprises
a ubiquitous computing environment: elements of ubiquitous
ID architecture, ubiquitous ID technology, and everything
up to the users themselves. These security policies form the
basis for all ubiquitous ID services.
In creating the security policies, the uID Center emphasizes
user privacy. Ubiquitous computing environments unify advanced
networks in which countless miniscule computers are pervasive
in our surroundings as never before, deeply permeating our
social activities. What kinds of objects will we embed with
computers, and in what aspects of our lives will they play
a role? To support a spectrum of usage scenarios, we need
to specify security policies.
Furthermore, everyone seems to have a different opinion about
matters of privacy. Security policies should be designed taking
into account these varied perspectives on privacy; while linked
with the core technology, they should also be flexible enough
to offer users the best in ubiquitous ID technology.
It should become common knowledge among users how ubiquitous
ID technology solves problems and is immune to certain threats,
but they should also realize its limitations. We want to maintain
the optimum balance: richer lives, adequate privacy, powerful
technology, and useful services.
Our work at the uID Center is focused on constructing ubiquitous
computing and networking systems that the average person can
feel confident about using, as well as designing the security
policies to make this possible.
|
|
eTRON
Architecture
Encryption and authentication mechanisms and mechanisms to
protect system security are indispensable in uID technology
for protecting private information in communication channels.
The security technology at work behind uID technology is Economy
and Entity TRON, or eTRON. Information to be protected is
stored in the tamper-proof hardware of eTRON nodes, a prerequisite
of this system, and these nodes support information exchange.
When information is passed between eTRON nodes, mutual authentication
is required, and this restricts communication to legitimate
parties. All communication is also encrypted. Thus, even if
unauthorized interception occurs, the eavesdropper would have
absolutely no idea what the content is. When communication
is complete, as long as the data is stored in eTRON nodes
their tamper-proof hardware prevents malicious monitoring.
Ubiquitous communicators, product information databases, and
ucode resolution servers must all support eTRON. Thus, as
necessary, database searching and other communication are
conducted by certified, legitimate users only and are always
encrypted to protect privacy and security. Furthermore, when
the embedded data carrier device embedded in objects is an
eTRON-based smart chip, the information stored on the chip
can be protected.
|
|
 |
|
Seamless
Communication
The ISO 18000 air interface protocol cannot be used without
modification for ubiquitous computing environments developed
by the uID Center because it was not designed to deal with
privacy issues related to ID tag identification. Thus, we
are establishing our own non-identifying air interface protocol
that prevents tracking by third parties through data mining
and protects the privacy of tag owners.
The protocol is designed for RFID tags or similar devices.
It leverages fast, lightweight core security technology while
offering a practical form of non-identifying communication.
The protocol also includes control mechanisms to restrict
access to ucode data. Thus, by blocking the threat of unknown
parties reading ID data, it prevents malicious users from
eavesdropping to learn an object's price or other information.
|
|
|
|
|
