🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS EN 16571:2014

BS EN 16571:2014

$215.11

Information technology. RFID privacy impact assessment process

Published By Publication Date Number of Pages
BSI 2014 108
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

This European Standard has been prepared as part of the EU RFID Mandate M/436. It is based on the Privacy and Data Protection Impact Assessment Framework for RFID Applications, which was developed by industry, in collaboration with the civil society, endorsed by Article 29, Data Protection Working Party, and signed by all key stakeholders, including the European Commission, in 2011.

It defines aspects of that framework as normative or informative procedures to enable a common European method for undertaking an RFID PIA.

It provides a standardized set of procedures for developing PIA templates, including tools compatible with the RFID PIA methodology.

In addition, it identifies the conditions that require an existing PIA to be revised, amended, or replaced by a new assessment process.

PDF Catalog

PDF Pages PDF Title
4 Contents Page
7 Foreword
8 Introduction
9 1 Scope
2 Normative references
3 Terms and definitions
13 4 Symbols and abbreviations
14 5 Structure of this European Standard
6 Field of reference for this European Standard
6.1 ‘RFID’ as defined by the EU RFID Recommendation
15 Table 1 — RFID and related technology standards within the scope of this European Standard
6.2 ‘RFID application’ as defined by the EU RFID Recommendation
6.3 ‘RFID operator’ as defined by the EU RFID Recommendation
16 6.4 Relationship between the RFID PIA and data protection and security
17 Figure 1 — Interrelation between RFID privacy, security, and data protection functions
19 6.5 Relevant inputs for the PIA process
6.5.1 General
6.5.2 The privacy capability statement
6.5.3 The Registration Authority
6.5.4 RFID PIA templates
7 RFID operator’s organizational objectives of the RFID PIA
7.1 Overview
20 7.2 Meeting and exceeding legal requirements
21 7.3 When to undertake the RFID PIA
7.3.1 General
7.3.2 Undertaking a PIA at the design stage before the RFID system becomes operational
7.3.3 Undertaking a PIA at a review and update the design-based PIA
7.3.4 Undertaking a PIA to contribute to the development of a template
22 7.3.5 Undertaking a PIA with an established template
7.3.6 Undertaking a PIA at the introduction of a new function within the RFID application
7.3.7 Undertaking a PIA based on changes in RFID technology
7.3.8 Undertaking a PIA when a privacy breach has been reported
23 8 Tools to simplify the process
8.1 RFID operator responsibility
8.2 RFID technology privacy capability tools – overview
8.3 Registration of RFID privacy capability statements by RFID product manufacturers
8.3.1 General
8.3.2 Obligations of the Registration Authority
24 8.3.3 Appointment
8.3.4 Resignation
8.3.5 Responsibilities of the RFID product manufacturers
25 8.4 RFID technology privacy capability tools – details
8.4.1 RFID integrated circuit privacy capabilities
8.4.2 RFID tag privacy capabilities
8.4.3 RFID interrogator privacy capabilities
8.4.4 The default privacy capability statement
26 8.4.5 Using CEN/TR 16672 to construct privacy capabilities for products using proprietary protocols
8.5 Templates
8.5.1 General
8.5.2 Developing a template
27 8.5.3 Who should prepare the templates?
8.5.4 The role of stakeholders in template development
28 9 RFID PIA – a process approach
9.1 Introduction
9.2 Process Steps
29 9.3 Achieving the correct level of detail
9.3.1 General
9.3.2 Level 0 – no PIA
9.3.3 Level 1 – small scale PIA
9.3.4 Level 2 – PIA focussed on the controlled domain of the application
30 9.3.5 Level 3 – Full scale (complete) PIA of the application
9.3.6 Reducing the effort for the SME organization
Table 2 — Official ceiling criteria for SME categories
31 9.4 Process methodology
32 Table 3 — Matrix approach to determine a risk value
10 Preparing the RFID functional statement
33 11 Preparing the description of the RFID applications
11.1 Introduction
11.2 Multiple applications
34 11.3 RFID application overview
11.3.1 General
11.3.2 Determine which RFID technology is intended or being used
35 11.3.3 Determine the RFID components used in the application
Figure 2 — RFID privacy in depth model
36 11.3.4 RFID applications on portable devices
11.3.4.1 General
37 11.3.4.2 The mobile device as a reader or as a tag emulator
11.3.4.3 Mobile devices as relay devices supporting other protocols
38 11.4 Data on the RFID tag
11.4.1 General
11.4.2 Determine what inherent identifiable features are possessed by the RFID tag
39 11.4.3 Listing the data elements encoded on the RFID tag
11.4.4 Determine whether encoded data can be considered identifiable
40 11.4.5 Determine whether personal data is encoded on the tag
11.5 Additional data on the application
11.6 RFID data processing
41 11.7 Internal transfer of RFID data
11.8 External transfer of RFID data
11.9 RFID application description sign off
42 12 Risk Assessment
12.1 Procedural requirements derived from the RFID Recommendation
12.1.1 Common procedure requirements for all RFID operators
43 12.1.2 Requirements for retailers that are RFID operators
44 12.1.3 Procedure requirements for manufacturers of products eventually sold to consumers
12.2 Asset identification and valuation
12.2.1 General
45 12.2.2 Identification of assets
Figure 3 — Flowchart for identifying personal privacy assets
46 12.2.3 Valuing assets
12.2.3.1 General
Figure 4 — Flowchart for valuing personal privacy assets
12.2.3.2 Valuing personal privacy assets using a data type value
47 Table 4 — Example of asset valuation
48 12.2.3.3 The process for the SME organization
Table 5 — Guideline on the number of data types to consider
12.2.3.4 Valuing personal privacy assets in terms of potential business impact
49 12.3 Threat identification and evaluation
12.3.1 General
50 12.3.2 Identification and classification of threats
Figure 5 — Flowchart for identifying RFID threats
51 12.3.3 Evaluating threats
52 12.3.4 The process for the SME organization
Table 6 — Guideline on the number of RFID threats to consider
12.4 Identifying vulnerabilities and enumerating the associated risk levels
12.4.1 Basic procedure
53 12.4.2 Procedure to account for exposure time
12.5 Initial risk level
54 Table 7 — Possible initial risks levels for asset value = 2
Table 8 — Possible initial risks levels for asset value = 2, threat level = medium
Table 9 — Possible initial risks levels for asset value = 2, threat level = medium, vulnerability level = high
55 12.6 Countermeasures
12.6.1 General
12.6.2 Identifying countermeasures
12.6.2.1 General
Figure 6 — Flowchart for identifying countermeasures
56 12.6.2.2 Countermeasures from the privacy capability statements
12.6.2.3 Countermeasures in CEN/TR 16672
57 12.6.2.4 Other countermeasures
12.6.3 Reassessing risk levels
12.7 Residual risks
58 12.8 RFID PIA endorsement
13 Worked example of the risk assessment process
14 The PIA summary report
14.1 PIA report date
14.2 RFID application operator
14.3 RFID application overview
14.4 Data on the RFID tag
59 14.5 RFID Privacy Impact Assessment score
14.6 RFID countermeasures
15 Revision control
60 16 Monitoring and incident response
61 Annex A (normative) Details of Registration Authority
62 Annex B (informative) RFID manufacturer’s product privacy capability statements
B.1 RFID integrated circuit (chip) privacy features
Table B.1 — Product details for the RFID integrated circuit (chip)
63 Table B.2 — Privacy capability features supported by the RFID integrated circuit (chip)
64 Table B.3 — Product details for the RFID tag
Table B.4 — Privacy capability features supported by the RFID tag
B.2 RFID interrogator privacy features
65 Table B.5 — Product details for the RFID interrogator
66 Table B.6 — Privacy capability features supported by the RFID interrogator
67 Annex C (informative) RFID Privacy Impact Assessment flowchart
Figure C.1 (continued)
68 Figure C.1 (end)
69 Annex D (informative) Template development
70 Annex E (informative) Flowchart to determine the RFID PIA level
Figure E.1
71 Annex F (informative) RFID functional statement
72 Annex G (normative) RFID application description
73 Annex H (informative) Identification and valuation of personal privacy assets
H.1 Individually held personal privacy asset
74 Table H.1 — Assets that can directly identify the individual
75 Table H.2 — Assets that when held can identify the individual
76 Table H.3 — Data types and guideline asset value
78 H.2 Assets that apply to the organization
Table H.4 — Organizational assets impacted by the loss of personal data
79 Annex I (informative) RFID threats
I.1 Threats associated with the data encoded on the RFID tag and the RFID tag (or RF card) itself
I.1.1 General
Table I.1 — Threats associated with RFID tags and their data
I.1.2 Side Channel Attack
80 I.1.3 Physical data modification
I.1.4 Cloning
I.1.5 Spoofing
I.1.6 Physical tag switching
I.1.7 RF tag switching
I.1.8 Tag reprogramming
81 I.1.9 Tag Removal
I.1.10 Tag destruction
I.1.11 Disabling the tag by command abuse
I.1.12 Exhaustion of Protocol Resources
I.1.13 De-synchronization Attack
82 I.2 Threats associated with the air interface or the device interface communication
I.2.1 General
83 Table I.2 — Threats associated with the RFID air interface or the device interface
I.2.2 Unauthorized Tag Reading
I.2.3 Tracking
84 I.2.4 Data linking
I.2.5 Behavioural Profiling
I.2.6 Hotlisting
I.2.7 Eavesdropping or traffic analysis
I.2.8 Power analysis
I.2.9 Crypto Attacks
85 I.2.10 Reverse Engineering
I.2.11 Relay, or man-in-the-middle attack
I.2.12 Replay Attack
I.2.13 Message (Re)construction
I.2.14 Data Modification in the air interface transmission
86 I.2.15 Data Insertion in the air interface transmission
I.2.16 Noise
I.2.17 Jamming
I.2.18 Malicious Blocker Tags
I.2.19 Effects of Radio Degradation
I.2.20 Shielding of Tags
87 I.3 Threats associated with the interrogator (or reader)
I.3.1 General
Table I.3 — Threats associated with the RFID interrogator
I.3.2 Side Channel Attack
I.3.3 Exhaustion of Protocol Resources
I.3.4 De-synchronization Attack
I.4 Threats associated with the host application
I.4.1 General
88 Table I.4 — Threats associated with the host, application and stored data
I.4.2 Privacy and Data Protection Violations
I.4.3 Compromising of security keys
I.4.4 Buffer overflow attack
I.4.5 Injecting Malicious Code
89 I.4.6 Partial denial of service
I.4.7 Complete denial of service
90 Annex J (informative) Countermeasures
J.1 List of countermeasures
91 Table J.1 — List of countermeasures
92 J.2 Threat and countermeasure mappings
93 Table J.2 — Threats and countermeasures associated with RFID tags and their data
94 Table J.3 — Threats and countermeasures associated with the air interface
95 Table J.4 — Threats and countermeasures associated with the RFID interrogator
Table J.5 — Threats and countermeasures associated with the host, application and stored data
96 Annex K (informative) PIA risk assessment example
K.1 Introduction
K.2 Ranking the assets
Table K.1 — Asset valuation, ranked by asset value
97 K.3 Considering threats at the tag layer and air interface layer
98 K.4 Considering threats at the interrogator layer
99 K.5 Considering threats at the device interface layer
K.6 Considering threats at the application layer
100 K.7 Considering vulnerabilities
Table K.2 — Impact of threats and vulnerabilities on asset values
K.8 Risk scores after considering all the threats and vulnerabilities
101 Table K.3 — Impact of threats and vulnerabilities on the risks of specific data types
K.9 Applying countermeasures
K.10 Overall risk
103 Annex L (informative) RFID Privacy Impact Assessment summary
104 Bibliography

Related products

BS EN 16571:2014
$215.11