Item Details

Print View

Hiding in Groups: On the Expressiveness of Privacy Distributions

Nohl, Karsten; Evans, Dave
Nohl, Karsten
Evans, Dave
Many applications inherently disclose information because perfect privacy protection is prohibitively expensive. RFID tags, for example, cannot be equipped with the cryptographic primitives needed to completely shield their information from unauthorized reads. All known privacy protocols that scale to the anticipated sizes of RFID systems achieve at most modest levels of protection. Previous anal- yses found the protocols to have weak privacy, but relied on simplifying attacker models and did not provide insights into how to improve privacy. We introduce a new general way to model privacy through probability distributions, that capture ow much information is leaked by different users of a system. We use this metric to examine information leakage for an RFID tag from the a scalable privacy pro- tocol and from a timing side channel that is observable through the tag�s random number generator. To increase the privacy of the protocol, we combine our results with a new model for rational attackers to derive the overall value of an attack. This attacker model is also based on distributions and integrates seamlessly into our framework for information leakage. Our analysis points to a new parameteriza- tion for the privacy protocol that significantly improves privacy by decreasing the expected attack value while maintaining reasonable scalability at acceptable cost.
Date Received
University of Virginia, Department of Computer Science, 2008
Published Date
Libra Open Repository
In CopyrightIn Copyright
▾See more
▴See less


Access Online