Technical Solutions for Privacy Protection in RFID

Download PDF
0 downloads 0 Views 347KB Size Report
Comment
Rieback et al [24] discuss a new shielding method called .... Melanie R. Rieback, Georgi N. Gaydadjiev, A ... K. L. Potts, D.R. Shore, Jr. Wood, B. David. RFID.
Survey Paper

Technical Solutions for Privacy Protection in RFID

Abstract RFID (Radio Frequency Identification) is used to automatic data capture allowing contact-less identification of objects using radio frequency. While RFID technology has several applications in all areas, it raises new consumer privacy risks and in business context too (silent tracking, assets inventory, profiling…etc). Panoply of solutions to privacy protection has been proposed. However, currently available approaches do not provide guarantees for efficient privacy protection. In this paper, we examine some representative approaches and what they can offer as protection. Keywords: RFID, privacy, singulation, Tag deactivation, Shielding.

1. Introduction Radio Frequency Identification (RFID) is a combination of radio broadcast and digital coding technology. RFID is a system that involves electronic tags (consist of an antenna attached to a microchip) containing identification numbers or other digital encoded data on a microchip. By monitoring tag IDs, the RFID system can track the presence and location of an object using contact-less data transfer such as smart cards [1]. Further, more than one tag can be read at a time by a reader and each tag can identify the object to which it is attached. When using bar codes, for example, one bottle of water has the same barcode as all other bottles of water of that particular brand. RFID technology enables each individual bottle to have its own unique ID [2]. RFID offers several advantages such as unique identification of tags attached to objects as pointers to database entries and automation scanning tags without physical contact of tagged-objects [3]. RFID technology has been around for more than 50 years, improving business processes, access control, theft prevention, automated payment, and supply chain management, to name few applications in use today. Due to the tag costs, some manufacturers are planning to tag just the packaging, whereas others prefer tagging all their products [4]. Once a customer buys an RFID-tagged product

and take, either in or out the store, it can be tacked by the salesperson to profile the costumer or by thieves to detect the valued tagged items. Many researches have been proposed to provide privacy and security solutions in RFID [8, 9, 10, 13, 21, 24, 25]. However, currently available solutions do not provide guarantees for privacy protection methods, especially in a personal use context. There are several security and privacy concerns related to RFID that need to be solved. In this paper, we examine some representative approaches aiming at privacy protection in order to highlight security issues. The remainder of the paper is organized as follows. In the next section, we discuss the consumer privacy problem. We then describe, in section 3, the binary tree scanning protocol that is an implementation of a “reader talks first” technology, known as “singulation protocol” or “tree-walking singulation algorithm”. In section 4, we analyse some proposed approaches for protecting consumer privacy.

2. Consumer privacy problem Privacy and security are terms that are often confused or conflated. Proper data security is certainly required by privacy laws, as insecure data or systems can pose a severe risk to privacy. Yet an organization cannot meet its legal privacy obligations merely by ensuring that data is collected, used and disclosed in a secure manner. The collection, use and disclosure of personal information must be carried out in a manner that is consistent with the Fair Information Principles embodied in privacy legislation. [5]. Today, RFID technology emerges in the packaging industry to manage inventory of any tagged item without optical line of sight or physical contact, to identify their location in a warehouse or to track them in a supply chain system. It is used also to locate lost children in a park, and protect newborns from abduction and mismatch in a nursery. There are many types of RFID applications, such as access control system to automatically check the physical authorization access and unlock doors or start a car. Automating business processes, using RFID technology, brings great gains in

productivity, increase efficiency in lower costs and improve effectiveness to provide best response to costumer requirements. However, like every information technology, the RFID system presents security and privacy risks. The National Institute of Standards and Technology [6] describes some potential risks of implementing RFID and discuss, in its guideline, the nature of RFID systems that companies might implement and the risks associated with implementing the technology. A privacy risk could happen when someone tracks clandestinely holders of tagged items and uses the collected information for profiling, e.g if someone carries insulin, is probably to be diabetic or in contact with diabetic. Unauthorised remote access to data is sometimes also called skimming and can facilitate stalking and aggression. Eavesdropping on the transmission between rogue reader and tags can reveal the content of the communications thus enabling unauthorised access to potentially valuable business, competitive or personal information and also enabling other attacks such as “manin-the-middle attack” [6, 7] or “relay attack” (it consists, for an adversary, of making the reader believe that the tag is present in its field, while it is not [9]). Researchers proposed many solutions against this kind of attacks. Engberg et al [8] note that the main threat is not of collecting or storing information but of tracking costumer and making information abusable creating privacy risks. He pointed out that privacy threats often present a security threat to the system application and can be easily violated by hackers. Avoine, in his Ph.D thesis [9], discussed both authentication and identification protocols useful in practice. The basic identification protocol consists in checking, by the reader, whether the tag is legitimate. This basic authentication protocol consists in a common challenge-response protocol using one-way hash function and random number and it is used against replay attack, man-in-the-middle attack and so one [10]. The privacy and security aspects of RFID systems have been investigated in many contexts [26, 27]. Most of these investigations focus on addressing the consumer’s privacy concerns and the information privacy and security issues within business processes. To assure security and privacy, a multitude of approaches have been proposed by researchers such as: (i) Tag deactivation approaches [3, 16] in which tags of sold items are disabled

permanently using “kill command” or temporarily using “sleep command”. (ii) Shielding approaches as Faraday cage, jamming and tag blocking [13], in which unauthorized scanning of consumer items is blocked or disturbed. (iii) Renaming approach [28, 29, 30, 31, 33], in which Tags could be renamed. One possibility is for the reader to relabel tags. Other approach is for a tag to maintain a collection of pseudonyms that change over time. An alternative approach is to re-encrypt periodically the data on a tag. (iv) Distance approach [32], in which tags reveal more information about themselves according to the distance and energy received from the reader. (v) Proxying approach [34, 35], in which a mobile device, including RFID functionality, acts like a guardian or a personnel firewall. .

3. Tree scanning protocol Tags and readers communicate by using a common communication protocol often specified in RFID standards. Tag-Reader communication can be initiated in two ways: Reader Talks First (RTF): The reader can identify a specific tag and request data from it by selecting a particular subset of tags [11]. Tag Talk First (TTF): The tag communicates its presence to a reader when the tag is within the reader’s RF field [6]. Readers and tags communicate using only RTF or TTF transactions but not both types. The tree scanning protocol, that is an implementation of a RTF transaction, enables an RFID reader to identify a specific tag and request data from it. There are many different methods of singulation, but the “tree walking” is most commonly used. The tree scanning protocol or the singulation tree-walking protocol, uses a binary algorithm that queries tags bit-by-bit; it resembles a depth-first search of a binary tree. Each bit is represented as a “0” or a “1”. A population of tags to be read by the reader is represented by the binary tree of 2k (where k=64, 96 or 128) nodes. Each node represents a unique ID of a tag. The representation of the tree will descend from the root (at level 0) with branches leading leaves or nodes (at level k). The reader traverses through the tree, from the root, until a tag is singularized. Each tag broadcast “0” if it lies in the left subtree and “1” if it lies on the right subtree. In case of collision, more than one tag responds, the reader might ask for all tags with an ID that starts with 01 to respond, and then

010 and so one. When the algorithm reaches a leaf or node (at level k) it outputs the yielding k-bit sequence, which is the ID of that singularized tag [2, 7, 13].

Figure 1: Tree walking example of depth 4 [2]. In the example bellow, the reader traverses trough the tree, in recursive depth-first form, from the root to the last level. In our example, from level 0 to level 1 (at the left), the tag broadcasts “0” and from level 1 to level 2 (at the left), it broadcasts “0, then from the level 2 to level 3 (at the right) it broadcasts “1” and finally from the level 3 to level 4 (at the right), it broadcasts “1”. So, the tag is singularized as “0011” [2, 6, 12, 13, 14]. This tree has 2 4=16 tag’s ID. If the number of levels is higher, the number of ID tags will increase. When multiple tags respond simultaneously to a reader’s signal, their communication signals can interfere and refers to collision. Sarma et al [15], discuss the anti-collision algorithms either probabilistic or deterministic. In the probabilistic algorithms, the tags respond at randomly generated times. Deterministic schemes are those in which the reader sorts through tags based on their unique ID. The simplest deterministic scheme is the binary tree-walking scheme, as we discussed bellow.

4. Approaches to privacy protection In this section we study and discuss some technical approaches to privacy protection in RFID by doing a research literature review.

4.1 Tag deactivation approaches Tag deactivation approaches can be temporary or permanent to assure a straightforward approach to privacy protection. When a tag is deactivated, it cannot respond to any reader and does not reveal its information stored on its microchip. There are two ways to do this either temporary by sleeping approach or permanently by killing approach [3, 7, 13, 19].

a) Kill tag approach When an Electronic Product Code (EPC) tag receives a “kill” command from a reader, it renders itself permanently inoperative. The kill command is PIN protected and it is irreversible, it prevents subsequent unauthorized use of a tag. The information stored on the microchip will be destroyed protecting, therefore, the personal privacy. It is considered that point-of-sale devices will kill the RFID tags on purchased items to protect consumer’s privacy but eliminates all of the post-purchase benefits of RFID to consumers [3, 7, 16]. EPC Class 1 Gen 1 tags employ an 8 bit kill password. The brute-force attack (consists of trying out all possible code combinations until the right one is found) could take place. EPC Class 1 Gen 2 tags employ 32 bit kill and read passwords making brute force attacks less feasible (but not impossible). The PIN transmission between reader and tag can be victim of side-channel attack (is power analysis which tries to extract cryptographic keys and passwords) [17, 18, 19]. Killing method is not useful in all contexts for example of borrowing and returning a book or for e-passport or in supply chain system. But it will be recommended as a good security practice for destroy information stored in unusable tags but the responsible of sending the kill command must verify if tags have been successfully killed. b) Sleep tag approach Rather than killing permanently tags, when the product is purchased; another way, to temporarily disable tags, is putting them to sleep. A reader provides a tag with a hashed value of a key: meta-id=hash(key) and its state change to sleep mode. The sleeping tag is still replying to reader interrogation by using it. This sleeping tag can be tracked using this meta-id requests, it can be used to implement new information or more generally control the tag. The Sleep command is PIN protected, indeed, a reader have to transmit his key to wake a sleeping tag. The key is sent in clear-text to the tag, so the activation may be caught by an eavesdropper [19, 20, 21]. In practice, this approach seems not enough secure and the sleeping tag is in hibernation mode and still responds to reader interrogation.

4.2 Shielding approaches With all the privacy and security concerns about contact-less credit cards, employee ID cards, and e-passports, several companies commercialise anti-RFID sleeves, envelopes, wallets and other forms using shielding approaches.

1. 2.

3.

An RFID reader requests the tag A mobile device captures the query in real time. The query is checked on the Access Control List (ACL)-based security policy If the query is allowed, the tag could then respond to the reader, if not the mobile device will send a jamming signal to block the RFID tag response.

a) The Faraday cage approach Faraday cages are based on the principle that meshes made of certain metals (for example aluminium foil) provide a natural barrier to radio waves. There are some applications where this low-tech approach may make sense. For example, e-passport should be kept in a Faraday cage to hamper unauthorized access to data stored on the RFID-chip. However this method does not offer any protection when the tag is not within the Faraday cage [19, 22]. Unfortunately, some aluminium foil does not block RFID but does seriously inhibit it. That is, the RFID Shield does not completely prevent all RFID transmission but would appear to limit reading to only strong readers at very close distances [23]. b) The jamming approach Another solution to shield RFID tags from reader interrogation is emitting jamming signals which can either break or disturb the communication between RFID devices. However, this kind of approach may be considered as a denial of service attack. Rieback et al [24] discuss a new shielding method called “Selective RFID jamming” which is a form of off-tag access control (this mechanism on a device external to RFID tag, in contrast, on-tag access control mechanisms are located on the RFID tags themselves like kill or sleep commands). The selective RFID jamming is implemented as shown in figure 2.

In [25], Rieback and Gaydadjiev implemented an RFID Guardian as a mediator between RFID readers and RFID tags. This Guardian uses Selective RFID Jamming to enforce access control by controlling the communication mediation. The RFID Guardian maintains a centralized security policy which is implemented as an Access Control List (ACL). The ACL allows or denies RFID traffic based upon the querying reader, the targeted tag(s), the attempted command, and the context (if any). However, the selective RFID jamming has an unresolved problem of denial of service attack and might be seen as a legal problem. c)

Blocking tag approach

Instead of destroying, killing or putting to sleep, another approach is to block the communication between reader and tag. In[13], Juels et al. suggest using blocker tags to make it harder for readers to gain unwanted assess to the tag. It disrupts the communication at the physical layer. A blocking tag approach is kind of passive jamming. It represents all possible IDs of tags belonging to a selected serial number. The implementation of blocker tag relies on exploiting singulation protocol. A blocker tag uses two antennas, one to broadcast “0” and another to broadcast “1”[24]. The “full blocker tag” simulates the full set of 2k possible IDs and the reader may stall after reaching on the entire tree-walking. In contrast, the “selective blocker tag” simulates just a subset of tags belonging to the left subtree with prefix “0” or to the right one with prefix “1”. Finally, we mention another “polite blocker tag” which can notify readers the policy of its implementation [13].

Figure 2: How the selective RFID jamming works

We show in the table bellow a scenario of RFID tags and blockers and which signal will be detected by the reader. Let us consider a tree-walking of depth 3. Thus, it has 23=8 tag’s IDs.

In this scenario, we consider: -

4 tag IDs: T1 (001), T2 (011), T3 (101) and T4 (110) and 3 blockers B1 (full), B2 (Selective with “1”) and B3 (Polite with “10”).

Subtree With 000 001 010 011 100 101 110 111

T1

T2

T3

T4

B1

B2

Yes Yes Yes No Yes Yes Yes No Yes Yes No Yes Yes Yes Yes Table 1: Scenario of blocker tags

B3

No

Yes

As it is shown in table 1, the full blocker tag (B1) is always detected by the reader because it simulates all possible IDs and all tags can not be detected because of presence of collision. B2 simulates the right sub-tree, so T3 and T4 cannot detect even on absence of B1 (in this case, T1 and T2 can be detected). Finally, B3 simulates just the tags belonging to “10” subset and T4 cannot be seen by the reader even on absence of B1 and B2 (if so, we can inventory T1, T2 and T3). A holder of a selective blocker tag or polite blocker can be tracked if an eavesdropper can match any product belonging to the zone privacy of that blocker tag. The blocker tag can be used maliciously for Deny of Service attack or for active jamming and the reader will be stun and unable to achieve its inventory for example. Blocking can provide some protecting consumer privacy in a defined environment but cannot, necessary, do likewise in other one.

of standards and technology [7] recommends for this action to implement a privacy policy and determine the appropriate security control to disable tags when they are no longer used. In the EPCGlobal guidelines on EPC for costumer products [36], its is noticed that consumers will be given clear notice of the presence of EPC on products or their packaging and will be informed of the use of EPC technology. This notice will be given through the use of an EPC logo or identifier on the products or packaging. And they will be informed of the choices that are available to discard or remove or in the future disable EPC tags from the products they acquire. In practice, the consumer is not well informed about all the technology to be aware on the risks that can be occur by carrying tagged products (imbedded or attached). A number of companies are working on or offer solutions to prevent tags from being scanned improperly or the tag data being "eavesdropped" or "skimmed" impermissibly [39, 43]. Solutions range from tag deactivation, encryption, jamming devices, kill commands, to tag blocking [40, 41, 42]. Researches done in this domain are very important and offer many solutions to protect the consumer privacy but guarantees are not enough using an isolate approach. Hybrid RFID solutions may provide best technology and give more privacy protection [43].

6. References 1.

2.

5. Conclusion RFID is now being used in everything and it serves a variety of purposes. RFID Tags are embedded or attached to many consumer products as they move from the factories to retail stores through supply chain [37]. To realise its potential for consumers, retailers and suppliers, it is important to address privacy considerations throughout the development life cycle. The Foundation Chief Information Officers Council [38] published a reference model that point out of privacy as part of the development life cycle. The National institute

3.

4.

5.

CompTIA RFID+ certification. Student Manual. CompTIA press. ILT series. 2006 Course technology, a division of Thomson Learning. Draft protocol specification for a 900 MHZ Class 0 Radio Frequency Identification Tag. Auto-ID center. Referenced at February 2003. http://www.epcglobalinc.org/standards/spe cs/900_MHz_Class_0_RFIDTag_Specific ation.pdf A. Juels. RFID Security and Privacy: A research Survey. RSA Labotories. September 2005. http://www.rsa.com/rsalabs/staff/bios/ajuel s/publications/pdfs/rfid_survey_28_09_05. pdf RFID chips are here. Scott Granneman. June 2003. http://www.securityfocus.com/columnists/ 169 Radio Frequency Identification (RFID) in the Workplace: Recommendations for Good Practices. A Consultation Paper.

6.

7.

8.

9.

10.

11.

12.

13.

14. 15.

March 2008. Office of the Privacy Commissioner of Canada. http://www.privcom.gc.ca/information/pu b/rfid_e.pdf Radio Frequency Identification (RFID): A focus on information security and privacy. Directorate for Science, Technoly and Industry, Comitteefor Infornation, Computer and Comunications policy. DSTI/ICCP/REG(2007)9/FINAL (Unclassified). January 2008. http://www.olis.oecd.org/olis/2007doc.nsf/ LinkToFrench/NT00005A7A/$FILE/JT03 238682.PDF Guidelines for Securing Radio Frequency Identification (RFID) systems. National Institute of Standards and Technology (NIST). Special publication 800-98. http://csrc.nist.gov/publications/nistpubs/8 00-98/SP800-98_RFID-2007.pdf S.J. Engberg, M. B. Harning, C. D. Jensen. Zero-knowledge Device Authentication: Privacy & Security Enhanced RFID preserving Business Value and Consumer Convenience. http://dev.hil.unb.ca/Texts/PST/pdf/engber g.pdf G. Avoine. Cryptography in Radio Frequency Identification and fair exchange protocols. Ph.D thesis N°3407 December 2005. http://www.avoine.net/rfid/ K. Rhee, J. Kwak; S. Kim, D. Won. Challenge-response based RFID authenticator protocol for distributed database environment. April 2005. INISTCNRS. http://cat.inist.fr/?aModele=afficheN&cpsi dt=16923853 RFID Soup. A Glossary of RFID Terms, Acronyms and Abbreviations. http://rfidsoup.pbwiki.com/ RFID security and privacy white paper. Smart Border Alliance RFID Feasibility Study Final Report. http://www.dhs.gov/xlibrary/assets/foia/U S-VISIT_RFIDattachE.pdf A. Juels, R.L. Rivest, M. Szydlo. The blocker Tag: selective Blocking of RFID tags for Consumer Privacy. October 2003. http://www.rsa.com/rsalabs/staff/bios/ajuel s/publications/blocker/blocker.pdf Wikipedia. www.en.wikipedia.org/wiki/singulation S. E. Sarma, S. A. Weis, D. W. Engels. RFID Systems and Security and Privacy Implications. Auto-ID Center. http://citeseer.ist.psu.edu/cache/papers/cs/ 27175/http:zSzzSztheory.lcs.mit.eduzSz~s weiszSzches-rfid.pdf/sarma02rfid.pdf

16. Information Session “ Ubiquitous Computing” Dragon -Radio Frequency Identification (RFID). 29th International conference of data protection and privacy commissioners. September 2007. Office of the privacy commissioner of Canada. http://www.privacyconference2007.gc.ca/ workbooks/Terra_Incognita_workbook8_ bil.pdf 17. RFID security issues – Generation 2 security – ThingMagic.com. http://www.thingmagic.com/rfid-securityissues 18. Practical attacks. NeoCantena Networks Inc. Next Generation RFID security. http://www.neocatena.com/learningcenter/ casestudies/ 19. http://www.fidis.net/resources/deliverable s/hightechid/ 20. J.Kjällman. An overview of approaches to privacy protection in RFID. Helsinki University of Technology. http://www.tml.tkk.fi/Publications/C/22/p apers/Kjallman_final.pdf 21. T. Dimitriou. Proxy Framework for enhanced RFID security and privacy. Athens Information Technology. Greece. http://www.ait.gr/Faculty/T_Dimitriou_fil es/RFIDProxyCCNC08.pdf 22. RFID security and privacy. RFID News. http://www.rfidnews.org/library/2008/05/3 0/rfid-privacy-and-security/ 23. Aluminium foil does not stop RFID. http://www.omniscienceisbliss.org/rfid.ht ml 24. M. R. Rieback, B. Crispo, S. Andrew. Keep on Blockin' in the Free World: Personal Access Control for Low-Cost RFID Tags. Computer Systems Group. Vrije Universiteit Amsterdam, the Netherlands. http://www.rfidguardian.org/images/7/75/ Sec_prot.05.pdf 25. Melanie R. Rieback, Georgi N. Gaydadjiev, A Platform for RFID Security and Privacy Administration. Department of Computer Science Vrije Universiteit, Amsterdam. http://events.ccc.de/congress/2006/Fahrpla n/attachments/1111-lisa.06.pdf 26. Yingjiu Li, Xuhua Ding. Protecting RFID Communications in Supply Chains. http://portal.acm.org/citation.cfm?id=1229 318 27. S. L. Garfinkel, A. Juels, and R. Pappu. RFID privacy: An overview of problems and proposed solutions. IEEE Security & Privacy, 3(3):34–43, 2005. 28. G. Ateniese, J. Camenisch, and B. de Medeiros. Untraceable rfid tags via

29.

30.

31.

32.

33.

34.

35.

36.

37.

38.

insubvertible encryption. In ACM Conference on Computer and Communications Security, pages 92–101, 2005. S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels. Security and privacy aspects of low-cost radio frequency identification systems. In SPC, pages 201– 212, 2003. L. Lu, J. Han, L. Hu, Y. Liu, L.M. Ni, Dynamic key-updating: privacypreserving authentication for RFID systems A. Juels. Minimalist cryptography for low-cost RFID tags. In SCN, pages 149– 164, 2004 K. P. Fishkin and S. Roy. Enhancing RFID privacy via antenna energy analysis. tech. memo IRS-TR-03-012, Intel Research Seattle, 2003. A. Juels and R. Pappu. Squealing Euros: Privacy protection in RFIDenabled banknotes. In R. Wright, editor, Financial Cryptography ’03, volume 2742 of Lecture Notes in Computer Science, pages 103–121. Springer-Verlag, 2003. C. Floerkemeier, R. Schneider, and M. Langheinrich. Scanning with a purpose supporting the fair information principles in RFID protocols, 2004. Referenced 2005 at citeseer. ist.psu.edu/floerkemeier04scanning.html. M. Rieback, B. Crispo, and A. Tanenbaum. RFID Guardian: A batterypowered mobile device for RFID privacy management. In Colin Boyd and Juan Manuel Gonz´alez Nieto, editors, Australasian Conference on Information Security and Privacy – ACISP 2005 , volume 3574 of Lecture Notes in Computer Science, pages 184–194. Springer-Verlag, 2005. Christian Metzger, Christian Flörkemeier, Philippe Bourquin, Elgar Fleisch Making Radio Frequency Identification Visible – A Watchdog Tag. Auto-ID Labs White Paper WP-HARDWARE-037. http://www.autoidlabs.org/uploads/media/ AUTOIDLABS-WP-HARDWARE037.pdf Guidelines on EPC for Consumer Products. http://www.epcglobalinc.org/public/ppsc_ guide/ Federal Enterprise Architecture Security and Privacy Profile (version 2). The foundation for government-wide improvement. Chief Information Officers Council.

39.

40.

41. 42. 43.

44.

http://www.cio.gov/documents/Security_a nd_Privacy_Profile_v2.pdf Building a Faraday cage in clothing to shield RFID Tags. http://www.rfidweblog.com/50226711/building_a_farada y_cage_in_clothing_to_shield_rfid_tags.p hp K. L. Potts, D.R. Shore, Jr. Wood, B. David. RFID shielding device http://www.freepatentsonline.com/y2007/ 0040653.html http://www.rfid-shield.com/ http://www.rpipolymath.com/ducttape/RFIDWallet.php Radio Freqency shielding. Word Intellectual property organization. http://www.wipo.int/pctdb/en/wo.jsp?IA= WO2006107397&wo=2006107397&DISP LAY=CLAIMS Hybrid RFID Solution Helps Manage Financial, Customer Data Security. http://solutions.ihs.com/news/axcess-rfiddata-security.htm

7. Biography Dr. Hanan Sitlia is currently a postdoctoral researcher at University of Moncton, New Brunswick Canada. She received the Ph.D. degree essciences from the Ibn Tofaïl University in Morocco at 2007. Before that, she worked as IT manager in a business company in Morocco and IT auditor. She received her master’s degree in Information Systems Security from ESIEA in France at 2005 and another master’s degree es-science at 1999 from Hassan II University in Casablanca and a bachelor from Mohamed V University in Rabat at 1993.

Prof. Habib Hamam obtained the Diploma of Engineering in information processing from the Technical University of Munich, Germany, 1992, and the PhD degree in Physics and applications in telecommunications from Université de Rennes I conjointly with France Telecom Graduate School, France 1995. He also obtained a postdoctoral diploma, “Accreditation to Supervise Research in Signal Processing and Telecommunications”, from Université de Rennes I in 2004. He is currently

a full Professor in the Department of Electrical Engineering at the University of Moncton, a Canada Research Chair holder in “Optics in Information and Communication Technologies” and the Director of the Research Center of the Canadian University of Dubai as well as its Vice-President of Academic Affairs. He is among others associate editor of the IEEE Canadian Review, member of the editorial boards of Wireless Communications and Mobile Computing John Wiley & Sons - and of Journal of Computer Systems, Networking, and Communications - Hindawi Publishing Corporation. His research interests are in optical telecommunications, diffraction, fiber components, optics of the eye, RFID and eLearning.

Prof. Sid-Ahmed Selouani received his B. Eng. degree in 1987 and his M.S. degree in 1991 both in electronic engineering from the Algiers University of Technology (U.S.T.H.B). He joined the Communication Langagière et Interaction Personne-Système (CLIPS) Laboratory of Université Joseph Fourier of Grenoble taking part in the Algerian-French double degree program and then he got a Docteur d'État degree in the field of artificial intelligence and HumanMachine interaction in 2000. From 2000 to 2002 he held a post-doctoral fellowship in the Multimedia Group at the Institut National de Recherche Scientifique (INRSTélécommunications) in Montréal. He is currently Associate Professor and chair of the Human-Machine Interaction Laboratory at the Université de Moncton, Campus de Shippagan. He is also an invited Professor at INRS-Télécommunications. His main areas of research include new models in E-Commerce, mobile communications, ubiquitous systems, assistive technologies, and E-learning solutions. Dr Selouani is actually the representative of Université de Moncton, Shippagan campus, in the Alliance to Promote Fair Trade and Sustainable Development, a consortium which includes partners from Canada, USA and Mexico. Since 2003, he acts as consultant for CIPA, smart Community of Industry Canada and for the Government of New Brunswick through the

Numerical Prosperity Round Table. He has been recognized with international awards such as the World Bank Studentship. In 2008, he was awarded the Canadian Foundation for Innovation Infrastructure grant for a new Hybrid Speech-RFID technology.