《欧盟物联网白皮书.ppt》由会员分享,可在线阅读,更多相关《欧盟物联网白皮书.ppt(21页珍藏版)》请在三一办公上搜索。
1、,DRAFT White Paper WP7Issued May 2009CoordinationAndSupportAction forGlobalRFID-relatedActivities andStandardisationEU Project Number 216803CASAGRAS will provide a framework of foundation studies to assist the EuropeanCommission and the global community in defining and accommodating internationaliss
2、ues and developments concerning radio frequency identification(RFID)withparticular reference to the emerging Internet of Things.WP7:Socio-economic componentsof RFID usagein the Internet of Things,WP7,White Paper,v4a(Issued 6 April 2009,1,1,1.1,2,2.2,2.3,3,4,WP7:Socio-economic componentsof RFID usage
3、in the Internet of ThingsContentsIntroduction1.1 The Social Connection with the Internet of ThingsAwareness,Public Perception and Social ChangeTechnology enablers of things ubiquitous and Internet of Things2.1 The Privacy ImperativeOutline Methodology for Designing Privacy into RFID ApplicationsA St
4、andard for Design for Privacy and SecuritySafety Issues concerning RFID and Radio-based SystemsStructure and Governance for the Internet of Things,WP7,2,2.4,2.5,2.6,2.7,2.8,2.9,1,Introduction,In principle the Internet of Things(IoT),based upon popular perceptions,may be considered as astructure in w
5、hich human intervention is minimised,but in which activities are directed at servinghuman-kind either directly or indirectly and at various levels of human enterprise,domestic,corporate,public,national and international.A paradigm shift in nature and scale is envisaged within the Internetof Things w
6、hich will inevitably have a profound impact upon society,in much the same way as theInternet and the world-wide-web have impacted upon everyday life and the commercial world.Whilethe level of impact is likely to be different the nature of the impact is likely to be as far reaching and asradical and
7、revolutionary as the Internet itself.In considering the socio-economic issues arising from the developments in RFID and the Internet ofThings it is both relevant and important to reflect upon the opinion expressed by the EuropeanEconomic and Social Committee(EESC)in its published statement of the 18
8、th September 2008.Thiswas in response to a consultation request from the European Commission,under Article 262 of theTreaty establishing the European Community,on the subject of The Internet of Things(exploratoryopinion).The conclusions and recommendations presented in this opinion were as follows:“
9、The EESC encourages the EU Commission to:Invest in research,to support dissemination(such as the past presidencyevents)and standard setting activities because they consider the Internet ofThings(IOT)domain important.Take measures to remove barriers that would hamper the taking-up of thetechnology.As
10、sess whether centralised systems will be able to handle the amount of trafficthat can be expected of IOT applications and if local governance(of names andservices)are a better approach to manage mass deployment.Investigate whether the current existing directives handle the data protectionand securit
11、y requirements adequately or if new legislative measures areneeded.Consider the need for some laboratories in Europe with combined fundingfrom universities and private companies,in order to ensure that researchresults are taken up in Europe and to counter a brain-drain of researchers toresearch faci
12、lities and enterprises in other parts of the world(US).On the issue of eventual electromagnetic risks-the principle of precautionshould apply for these new environments with a high density of wave readers,in particular for the workers in such environments.They should be informedabout any potential r
13、isks and methods of protection should be put in place.Allthe same,the question should be seriously assessed,through scientific studies.,WP7,3,2.10,2.11,2.12,Remember that technology development should be done for the people and thatthere is a need to evaluate the related ethical risks.For trans-Euro
14、pean services,the European Commission or the independentadministrative authority that may regulate the spectrum in the future,shouldconsider the spectrum needs of the Internet of Things.Research will be crucial to win the race to deliver computing capacity to handlefuture real time Internet of Thing
15、s applications.”Within this opinion statement there is clear support for RFID and the concept being developed for theInternet of Things.Removing barriers to take-up and for research to advance the realisation of the Internetof Things are also explicit in the statement.From a clearly social perspecti
16、ve data protection,privacy,security,ethical risk assessment and safety of systems constitute particularly important issues.Governance is a further issue that is likely to have impact from a social perspective but only features in aclosing paragraph,pointing to the notion that the new network poses p
17、roblems of governance in view of itsscale,content and universal standards requirements.There is insufficient reference to internationalISO/IEC standards for RFID suggesting that RFID is“currently regulated through private standards andcommercial relations with global EPC”.In addressing these issues
18、as part of this communication a moreinclusive approach will be adopted.1.1 The Social Connection with the Internet of ThingsThe word social is indicative of issues of a human nature.It is therefore important to establish how theInternet of Things,and developments towards the Internet of Things,are l
19、ikely to have the profound socialimplications suggested above.As expressed in the CASAGRAS white paper on Applications for the Internetof Things,integration with the existing and evolving Internet is,at the very least,a migratory feature ofachieving the Internet of Things,in which various categories
20、 of application or service may be distinguished:1.Object-to-Internet-to-human(eg object initiated service that results in an email to ahuman respondent)2.Human-to-Internet-to-object(eg human communicates via Internet to activate a controldevice in the home)3.Object-to-Internet-to-object(eg object ac
21、tivated control service via the Internet that resultsin an object or systems activation,control event or information update,possibly with ahuman interface to allow monitoring of events)4.Object-to-dedicated IoT infrastructure-to-object(eg similar to 3,but exploiting a dedicatedinfrastructure and dom
22、ain features to support a new range of object-oriented applicationsand services,possibly with human interfaces as appropriate for interactive functions)While the categories indicating explicit human intervention could,depending upon the application,haveimplications with respect to privacy and securi
23、ty,it should be recognised that the object-to-object categorymay also have privacy implications if linked to personal information and or activities.,WP7,4,2,Approach,In drawing upon this categorisation of applications and the issues raised in the EESC opinion statementthe following socio-economic fa
24、ctors can be recognised:Awareness,Public Perception and Social ChangePrivacy,Security and Risk AssessmentSafety Issues concerning RFID and Radio-based SystemsStructure,Revenue Streams and GovernanceWhile governance is included in this list the other issues clearly come into the considerations and as
25、pectsof governance.Adding to this list of issues for which governance assumes a role are issues concerningbusiness models and aspects of application and service.Governance will also need to cover aspects ofnetwork functionality and protection.1.2 Awareness,Public Perception and Social ChangeOne of t
26、he principal barriers to take-up of RFID resides in the lack of awareness of RFID and itscapabilities.Unfortunately,a decade or so characterised by hype,mis-understanding and misconceptionshave suppressed awareness and willingness on the part of non-users to recognise the potential that RFIDhas to o
27、ffer.As there are many applications,such as those in retail,travel and leisure that may be seen toinvolve personal data or potential access to personal data the need may also be seen for privacy protectionalong with public awareness and measures to gain public acceptance.A European Commission consul
28、tation process on RFID,conducted in 2006,revealed that 61%of the 2190respondents were of the view that the public in general were not sufficiently informed about or aware ofRFID.It also revealed privacy to be their biggest concern.While awareness-raising was seen as anecessary expedient in addressin
29、g this situation the need was also seen for awareness accompanied byconfidence-building directives that demonstrate that privacy is appropriately supported.While public consultation has already been exercised within Europe on RFID and privacy it remains asubstantive objective to raise awareness and
30、promote the take-up of RFID.A thematic network is about tobe established within the European member states to realise this objective.Privacy,Security and Risk assessment-A designPrivacy and associated security with respect to radio frequency identification(RFID)has been the focusfor a great deal of
31、media and campaign attention over recent years,with a lot of emphasis upon thepotential infringement of privacy and infringement scenarios.A legislative framework is emerging that helps to distinguish the various facets of privacy and whatconstitutes violation of privacy.Such developments have been
32、influenced by consumer or campaignconcerns.While these and others rightly seek to protect privacy and human rights in respect of technologyusage,media hype,exaggerated claims,misconceptions and misinformation often arise that confuse andpresent difficulties in deriving coherent and effective measure
33、s for handling privacy and satisfyingconsumer and campaign group concerns.It becomes increasingly difficult to exploit technologicaldevelopments,such as RFID,where multiple factors,including some that are application-specific,impactupon privacy.The situation is exacerbated when technological develop
34、ments and concepts such as theInternet of Things are not sufficiently explained and insufficient attempts are made to seek publicacceptance.A seemingly open-ended flow of problems can be seen to arise with respect to RFID and people-relatedapplications where privacy is an important consideration.The
35、 solutions derived can be considered robust iftechniques for accommodating privacy and associated security issues are clearly identified and effectivelyapplied.When viewed as part of a design methodology these techniques constitute part of a framework or,WP7,5,tool-box to be used in selecting techni
36、ques and technologies to meet particular application needs.Viewedin isolation privacy protection techniques may yield a degree of confidence on the part of consumers andcampaign groups but to have more impact in this respect they need to be viewed in context of overallapplication requirements.Core t
37、o these considerations,particularly within Europe,are the EU directives,and correspondingmember state enactments in law that govern the protection of individuals with regard to processing ofpersonal data and freedom of movement for such data.Similar directives,albeit concerned with RFID inparticular
38、 or data protection in general,may be found in other nations around the world that are likely tohave bearing upon privacy and security in relation to the Internet of Things.With respect to RFID in Europethe EC Directive 95/46/EC can be seen to be key.However,as identified in the European ParliamentS
39、cientific Technology Options Assessment(STOA)report,RFID and Identity Management in Everyday Life,the directive may not be adequate to accommodate fully the requirements in respect of governance.In view of such limitations it is important from a design perspective to consider national guidelines and
40、supporting principles with respect to privacy and data protection.An example of such guidelines are theOECD“Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data”and basicprinciples of data protection used in formulating data protection legislation.The concept of IdentityMa
41、nagement introduced through the European Parliament Scientific Technology Options Assessment(STOA)report is also significant in this respect and is covered in more illustrative terms in the booklet“RFID&Identity Management in Everyday Life”.In Japan,a set of Guidelines for Privacy Protection,with pa
42、rticular reference to RFID,was issued in 2004by the Ministry of Internal Affairs and Communications(MIC)and the Ministry of Economy,Trade andIndustry(METI).Ten Articles comprise these Guidelines:1.Purpose2.Scope3.Indication etc.of the fact that products are tagged with RFID tags4.Reservation of the
43、right of final choice of consumers with respect to reading of RFID tags5.Information offerings concerning social benefits of RFID tags6.Handling of RFID tags in cases where information is used by linking personal information,databases etc.stored in computers with RFID information7.Limitations on inf
44、ormation collection and use in cases where recording personalinformation in RFID tags8.Ensuring of information accuracy where recording personal information in RFID tags9.Establishment of information administrator10.Explanation and information offerings to consumersThe guidelines draw attention to t
45、he view that the problem of privacy protection is due to characteristicspeculiar to RFID tags.For example,if RFID tags were removed at the point when a retail store hands aproduct to a consumer,there would not be a question of risk.However,in the future it is likely that RFIDtags will be required to
46、 ensure some kind of consumer benefit or satisfy some social and/or societal need.Such developments raise the question of risk and the need for appropriate protective measures.,WP7,6,1,There are a number of useful policy and solution guidance documents to be found that can assist inaddressing privac
47、y issues and in designing protection systems.An example of such a document is the AIMGlobal RFID Expert Group“RFID Guidelines on Data Access Security”,AIM working document REG 352.The document looks at systemic solutions that prevent unauthorised or inadvertent access to data on anRFID tag and in an
48、 RFID system.It is intended to provide guidance to users and systems designers onpotential threats to data security and countermeasures available to provide RFID data security.Design methodology for systems where privacy requirements are indicated,also demand attention to riskidentification and asse
49、ssment and appropriate consideration of range of factors that impact on privacy andassociated security,including:Directives and legislation on protection of personal dataPrivacy guidelines and standardsAttack and system failure modes and risk assessmentTechnologies and techniquesFrom the standpoint
50、of privacy-attack a RFID,or comparable,technological system may be considered asan identification and data transfer facility with vulnerabilities that potential attackers,individual or corporate,might exploit with intent to track,gather personal information or otherwise compromise privacy.Understand
