Preserving RFID data privacy

Abstract

Radio frequency identification (RFID), a technology for automatic object identification, has wide applications in many areas including manufacturing, healthcare, and transportation. Yet, the uniquely identifiable objects pose a privacy threat to individuals carrying the objects. Most previous work on privacy-preserving RFID technology, such as EPC re-encryption and killing tags, focused on the threats caused by the physical RFID tags in the data collection phase, but these techniques cannot address the privacy threats in the data publishing phase, when a large volume of RFID data is released to a third party. In this paper, we study the privacy threats caused by publishing RFID data. Even if the explicit identifying information, such as name and social security number, has been removed from the published RFID data, an adversary may identify a target victim's record or infer her sensitive value by matching a priori known visited locations and timestamps. RFID data by default is high-dimensional, so applying traditional anonymity model to RFID data suffers from the curse of high dimensionality, and would result in poor data usefulness. We define a new privacy model, develop an anonymization algorithm to address the special challenges on RFID data, and evaluate its performance in terms of data quality and efficiency.