1、 ETSI TR 187 020 V1.1.1 (2011-05)Technical Report Radio Frequency Identification (RFID);Coordinated ESO response to Phase 1 of EU Mandate M436ETSI ETSI TR 187 020 V1.1.1 (2011-05) 2Reference DTR/TISPAN-07044 Keywords privacy, RFID, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex
2、- FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document
3、may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF v
4、ersion kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.a
5、sp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to
6、 reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit
7、 of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 187 020 V1.1.1 (2011-
8、05) 3Contents Intellectual Property Rights 6g3Foreword . 6g31 Scope 7g32 References 7g32.1 Normative references . 8g32.2 Informative references 8g33 Definitions and abbreviations . 11g33.1 Definitions 11g33.2 Abbreviations . 13g34 Summary of findings and recommendations 13g34.1 Overview of findings
9、13g34.2 Clarification of definition of RFID . 14g34.3 Summary of standardisation gaps . 15g34.3.1 General principles . 15g34.3.2 Standards to provide greater consumer awareness 15g34.3.3 Standards in the privacy domain (excluding PIA) 15g34.3.4 PIA standards 16g34.3.5 RFID Penetration testing standa
10、rds 16g34.3.6 Standards in the security domain 16g34.4 Gaps in current standards . 17g34.4.1 Overview 17g34.4.1.1 Summary of main gaps 18g34.4.2 Gantt chart for addressing gaps in Phase 2 of M/436 . 18g35 Addressing consumer aspects . 21g35.1 Awareness 21g35.2 Personal data security . 21g35.3 Data P
11、rotection Requirements 22g35.3.1 Purpose . 22g35.3.2 Deactivation 22g35.3.3 Consent . 22g35.3.4 Personal data record access and data correction . 23g35.4 Accessibility of applications and consumer information 23g36 The RFID ecosystem 23g36.1 Overview 23g36.2 Types of RFID Tags . 24g36.3 RFID Tag Cha
12、racteristics . 24g36.4 Stakeholders . 25g36.5 Open and closed system applications . 25g36.6 RFID and IoT . 26g37 Analysis in support of recommendations . 26g37.1 RFID system architecture . 26g37.2 RFID system and privacy . 27g37.2.1 Modelling the role of RFID in privacy . 28g37.3 Principles for hand
13、ling personal data in RFID systems 31g37.4 Role of Privacy Enhancing Technologies (PETs) 35g38 Data Protection, Privacy and Security Objectives and Requirements 36g38.1 Distinguishing objectives and requirements . 36g38.2 Data protection and privacy objectives 36g38.3 Statement of objectives for Sec
14、urity . 38g39 Privacy and Data Protection Impact Assessment (PIA) outline . 39g39.1 State of the art and standardization gaps 39g3ETSI ETSI TR 187 020 V1.1.1 (2011-05) 49.2 Role of the PIA . 40g39.3 Overview of RFID-related features with an impact on privacy 41g39.4 RFID PIA Framework 42g39.5 PIA Me
15、thodology Requirements 42g39.5.1 Assets and the RFID PIA 43g39.5.2 Scope of the PIA . 43g39.5.3 General methodological requirements 44g39.5.4 Data Protection and Privacy requirements of the RFID PIA 44g39.5.4.1 Data protection requirements 44g39.5.4.2 Data protection requirements 45g39.5.4.3 Emergin
16、g issues and requirements related to emerging or future applications, technologies, and other issues 46g310 RFID Penetration (PEN) Testing Outline. 46g310.1 PEN testing standards and methodologies 47g310.2 RFID PEN testing standardization roadmap 48g310.3 PEN testing requirements and method outline
17、. 48g311 Common European RFID Emblem and Sign . 49g312 Environmental aspects of RFID tags and components . 49g312.1 Health and safety considerations 49g312.2 RFID hardware end of life considerations 50g312.3 Data end of life considerations . 50g3Annex A: Summary of status of RFID standardization . 5
18、1g3Annex B: Summary of tag capabilities . 53g3B.1 Command set 53g3B.2 Security functionality . 53g3B.2.1 Tag embedded capabilities . 53g3Annex C: Summary of risk assessment of RFID systems . 56g3C.1 Security analysis and requirements derivation . 56g3C.2 Weaknesses and threats in RFID systems 57g3C.
19、2.1 Privacy and Data Protection (DPP) related threats . 58g3C.2.1.1 Identify theft . 58g3C.2.1.2 Profiling 58g3C.2.1.3 Data linkability . 58g3C.2.1.4 Tracking 58g3C.2.1.5 Exclusion of the data subject from the data processing process due to disabling of RFID tag . 58g3C.2.1.6 Procedures/instructions
20、 not followed leading to tags being used past end of purpose 58g3C.2.1.7 Large-scale and/or inappropriate data mining and/or surveillance . 58g3C.2.1.8 Non-compliance with data protection legislation . 59g3C.2.2 Security threats . 59g3C.2.2.1 Denial-of-Service attack . 59g3C.2.2.2 Collision attack .
21、 59g3C.2.2.3 De-synchronization . 59g3C.2.2.4 Replay . 59g3C.2.2.5 Man-in-the-middle attack . 59g3C.2.2.6 Theft 60g3C.2.2.7 Unauthorised access to/deletion/modification of data (in tags, interrogators, backend system) . 60g3C.2.2.8 Cloning of credentials and tags (RFID related) 60g3C.2.2.9 Worms, vi
22、ruses and malicious code 60g3C.2.2.10 Side channel attack . 60g3C.2.2.11 Masquerade . 61g3C.2.2.12 Traffic analysis/scan/probe . 61g3C.2.2.13 RF eavesdropping . 61g3C.3 Summary of vulnerabilities in RFID systems 61g3ETSI ETSI TR 187 020 V1.1.1 (2011-05) 5Annex D: RFID Penetration Testing 63g3D.1 Sho
23、rt Introduction to PEN testing 63g3D.2 PEN testing methodologies and standards . 63g3Annex E: Summary of requirements and analysis for signs and emblems . 65g3E.1 Requirements specification 65g3E.2 RFID Emblem/Logo classified requirements . 65g3E.2.1 General Requirements Specification 65g3E.2.2 Loca
24、tion and Placement . 70g3E.2.3 Other Requirements 72g3E.3 RFID Sign classified requirements . 72g3E.3.1 General Requirements Specification 72g3E.3.2 Location and Placement . 75g3E.3.3 Other Requirements 76g3Annex F: Review of security analysis issues in PIA 77g3Annex G: Bibliography 82g3G.1 Books 82
25、g3G.2 GRIFS database extract 82g3G.3 Sign Related Standards . 89g3G.3.1 In development . 89g3G.3.2 Published 90g3G.4 Other references . 91g3History 93g3ETSI ETSI TR 187 020 V1.1.1 (2011-05) 6Intellectual Property Rights IPRs essential or potentially essential to the present document may have been de
26、clared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, whi
27、ch is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs no
28、t referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. CEN and CENELEC have based their IPR policy on that of ISO, IEC and ITU-T. Patents or pending patent applications relating to a CEN or CENELEC publication m
29、ay have been declared on this basis to CEN or CENELEC. Information on these declared patents or pending patent applications is made available by CEN and CENELEC via an on-line list of declarations (ftp:/ftp.cen.eu/CEN/WorkArea/IPR/Patents.pdf). Foreword This Technical Report (TR) has been produced b
30、y ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). The present document has been prepared under the coordination of a technical experts group composed of representatives of each of ETSI, CEN and CENELEC and represents the agr
31、eed response of the European Standards Organizations (ESOs) to Mandate M/436 on the subject of Radio Frequency Identification Devices (RFID) in relation to data protection, information security and privacy. NOTE: This work was funded under EC/EFTA Contract reference SA/ETSI/ENTR/436/2009-02. ETSI ET
32、SI TR 187 020 V1.1.1 (2011-05) 71 Scope The present document provides the results of the coordinated response of the European Standards Organizations (ESOs) to Phase 1 of EC mandate M436 on the subject of Radio Frequency Identification Devices (RFID) in relation to privacy, data protection and infor
33、mation security. The present document outlines a standardization roadmap for privacy and security of RFID. The development of the roadmap involved analyses of RFID from a number of perspectives: analysis of OECD guidelines i.17 and relevant data protection; analysis of privacy and its link to behavi
34、our; analysis of EU directives on data protection and privacy and their implications on RFID; review of the role of PETs for RFID (see clause 7); and analysis of security threats to RFID and their implications (see Annex C). The resulting requirements set defines the data protection, privacy and sec
35、urity needs of RFID and was used as input to the standards gaps analysis and the development of requirements to PIA for RFID and RFID PEN testing frameworks. An outline of the PIA framework requirements is given in clause 9. Overview of the standardization gaps and requirements for RFID PEN testing
36、is given in clause 10. The standardisation gaps analysis and resulting overall RFID standardisation roadmap is given in clause 4. The present document recommends a plan of activities for Phase 2 of EC Mandate M436 as follows: identifies the use of existing technical measures described by standardisa
37、tion in order to promote confidence and trust (by end users organizations and the general public) in RFID technology and its applications; identifies where new technical measures described by standardisation are required in order to promote confidence and trust (by end users organizations and the ge
38、neral public) in RFID technology and its applications. These measures will be developed in the course of phase 2 of the mandate. In addition the present document describes the results of modelling the role of RFID in privacy and personal data as defined by European Directives alongside a Threat Vuln
39、erability and Risk Analysis (TVRA) of the use of RFID technology and its applications, including the results of a generic and an industry specific Privacy Impact Assessment (a guide to PIA is given in Annex A). NOTE: Many of the risks identified as part of the present document are equally applicable
40、 in other tracking scenarios (e.g. CCTV, car number/licence plate recognition, face recognition, mobile phone cell tracking). Under the terms of the Mandate, the present document covers only those areas in the data acquisition part that are specific to RFID. The other tracking scenarios are included
41、 in the work of the Article 29 Data Protection Working Party. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest vers
42、ion of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETS
43、I cannot guarantee their long term validity. ETSI ETSI TR 187 020 V1.1.1 (2011-05) 82.1 Normative references The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references The following referenced documents are not necessary f
44、or the application of the present document but they assist the user with regard to a particular subject area. i.1 EC Mandate 436: “Standardisation mandate to the European Standardisation Organisations CEN, CENELEC and ETSI in the field of Information and Communication Technologies Applied to Radio F
45、requency Identification (RFID) and Systems“. i.2 ISO/IEC 15961 (all parts): “Information technology - Radio frequency identification (RFID) for item management - Data protocol: application interface“. i.3 ISO/IEC 15962: “Information technology - Radio frequency identification (RFID) for item managem
46、ent - Data protocol: data encoding rules and logical memory functions“. i.4 ISO/IEC 18001: “Information technology - Radio frequency identification for item management - Application requirements profiles“. i.5 ISO/IEC 14443 (all parts): “Identification cards - Contactless integrated circuit(s) cards
47、 - Proximity cards“. i.6 ISO/IEC 15693: “Identification cards - Contactless integrated circuit(s) cards - Vicinity cards“. i.7 ETSI TR 187 010: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Report on issues related to security in id
48、entity imanagement and their resolution in the NGN“. i.8 ITU-T Recommendation X.200: “Information technology - Open Systems Interconnection - Basic Reference Model: The basic model“. i.9 ISO/IEC 18000 (all parts): “Information technology - Radio frequency identification for item management“. i.10 Eu
49、ropean Commission Recommendation of 12 May 2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification. NOTE: (Notified under document number C(2009) 3200), Official Journal L 122, 16/05/2009 P. 0047 - 0051. i.11 CENELEC EN 62369-1: “Evaluation of human exposure to electromagnetic fields from short range devices (SRDs) in various applications over the frequency range 0 GHz to 300 GHz - Part 1: Fields produced by devices used for electronic article surveillance, radio fr
