1 / 33

RFID: Technology, Business, and Privacy Issues

RFID: Technology, Business, and Privacy Issues. EE202A Fall 2003 Dustin McIntire, Parixit Aghera, and Yusuke Matsuoka. RFID Overview. What is RFID? What are the components of an RFID system? How does it work? RFID-Reader RFID-Tags Active tags (not covered) Passive tags

petra
Download Presentation

RFID: Technology, Business, and Privacy Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFID: Technology, Business, and Privacy Issues EE202A Fall 2003 Dustin McIntire, Parixit Aghera, and Yusuke Matsuoka

  2. RFID Overview • What is RFID? • What are the components of an RFID system? • How does it work? • RFID-Reader • RFID-Tags • Active tags (not covered) • Passive tags • Enterprise Network • What are the business opportunities? • What are the privacy and security implications? • Proposed Solutions

  3. What is RFID? • RFID is Radio Frequency Identification. • General concept known as non-contact identification. • Similar to barcodes, but does not require line-of-sight. • Contains orders of magnitude more information than current alternatives. • UPC Symbol=10 digits, RFID=100’s-1000’s of digits • RFID is not new • 1948: Harry Stockman, “Communication by Means of Reflected Power” – explored the electromagnetic theory used in current passive tags. • 1975: Los Alamos Labs, “Short-range radio-telemetry for electronic identification using modulated backscatter” – applied passive communication to identification. • Numerous technical standards: ETSI, ANSI, ISO, JTC, EPC • 350+ patents on RFID technology

  4. Components of an RFID System • Transponder (tag) – electronically programmed with unique information • Transceiver (reader) – identifies individual tags and scans tag information • Enterprise system – networked backend that records tag information Source: The Physics of RFID

  5. The Communication Channel Reader Antenna Power from RF field Reader->Tag Commands Reader Tag->Reader Responses Passive Tags RFID Communication Channel Source: The Physics of RFID

  6. Transceiver (Reader) Components Digital Signal Processor (DSP) Network Processor Power Supply 915MHz Radio 13.56MHz Radio Source: The Physics of RFID

  7. Passive Transponder (Tag) Components Substrate – Glass, Plastic, Ceramic Die attach – Flip Chip, Wire Bonding Tag IC – Low Voltage CMOS on Silicon, contains non-volatile memory Antenna – Etched Copper Foil or Plastic Laminated Copper Wire Source: The Physics of RFID

  8. Passive Tags: Type 1 - Inductive Coupling • Faraday’s Law – a changing B field creates an E field • Works like a loosely coupled transformer (near field). • Tag uses induced current in antenna loop to provide self power. • Tag to reader communication uses “load modulation”. • 0,1 value is indicated by changing the tags load in the induced current. • DR DV • DV may be used to transmit via FSK Source: aimglobal.org Source: TI Tag-IT

  9. Passive Tags: Inductive Coupling Properties • Works only in the near-field of the communication signal • Field extends from source to a distance of 1/2πf meters • Voltage induced at tag is proportional to the flux density at its distance from the signal source. • Magnetic field emitted by the reader decreases in power as: Pr 1/d3 • For a coiled antenna of radius R, the density is maximized at distance d: • For a typical HF card key/ID badge system: • f=13.56MHz, R=2.5cm • Optimum range: • For small antennas, the range is extremely short!

  10. Passive Tags: Type 2 - Propagating EM Wave • Reader sends modulated electromagnetic (EM) wave to tag. • Typically UHF frequencies in the ISM bands (915Mhz, 2.4Ghz) • Tag uses far field energy harvesting to provide tag power. • EM wave incident on tag antenna induces a voltage at the tag input terminals. • Tag to reader communication is through “backscatter”. The reflective cross section of the tag antenna changes to indicate 0 or 1. (Similar to radar). • Modulation of the carrier wave causes a reduction in power to the tag due to power in the sidebands Source: aimglobal.org

  11. Passive Tags: Propagating EM Wave Properties • Far-field uses basic free space link equation: Pr 1/d2 • Free space is idealized best case channel. Typically Pr 1/d3-6 • UHF ISM band example using ideal channel : • In the US, the FCC limits transmit power to < 1 Watt in 915Mhz ISM band • Reader: Pt = 30dBm (1 Watt), Gt = 6dBi (patch type),  = 33cm (915MHz) • Tag: Pr = -10dBm (100 microwatts), Gr = 1dBi dmax = 19.4 meters, theoretical maximum • Range is limited largely by tag’s required input power. • Not great, since active receivers can be sensitive to -90dBm!

  12. Example: Texas Instruments Tag-IT Protocol • Reader to Transponder (tag): HF carrier is amplitude modulated with PWM encoded data: 1=150μs , 0=100μs • AM signal allows reader to be powered while receiving data. Source: TI Tag-IT Protocol Manual

  13. Example: Texas Instruments Tag-IT Protocol • Transponder (tag) to Reader: • Manchester encoded data: carries clock information for easy synchronization • Encoded bits are sent via 2-FSK • Symbol rate: 27.6Kbaud Source: TI Tag-IT Protocol Manual

  14. RFID Technology Limitations • Inductive type (HF) limitations • Range is extremely short due to near field limitation. • Antenna size may not be reduced beyond certain limit due to range limitation. • EM Propagation type (UHF) limitations • Materials in the RF field can have several effects: • Reflection / refraction • Absorption (loss) • Dielectric effects (detuning) • Complex propagation effects (photonic bandgap) • Any conductive material exhibits a skin depth effect • δ = sqrt ( 2  / ( 2  f0 ) ), where 0 = 4  x10 -7 H/m. • For aluminum,  = 2.65x10 -6 ohm-cm. An effective aluminum shield is only 27 microns thick. (i.e. a soda can). • For dilute salt water,  = 10 -2 ohm-cm. An effective salt water shield is 1 mm thick. (i.e. skin). • As tag power requirements, Pr, decrease with technology, the tag reader’s receiver sensitivity becomes the limitation

  15. RFID Overview • What is RFID? • What are the components of an RFID system? • How does it work? • RFID-Reader • RFID-Tags • Active tags (not covered) • Passive tags • Enterprise Network • What are the business opportunities? • What are the privacy and security implications? • Proposed solutions

  16. Enterprise Network • Networked backend that records tag information • Example: EPC Network • EPC – Electronic Product Code, unique id for each product manufactured on this earth • Savant – software system that sits between tag readers and enterprise applications • ONS – Object Naming Service, is a directory service that maps EPC to an IP address where information related to EPC is maintained. • PML – Physical Markup Language, is a XML based language to describe physical objects, processes and environments,

  17. Adding Identity to Product Reading Tags Adding Identity to Cases PML at Work ONS at Work Savant at Work RFID In Action (at SuperCola Inc.) Source : Auto-ID Center

  18. Efficiency in Distribution Efficiency in Inventory Smart Recycling Overstocking Eliminated Smart Appliances Consumer Convenience RFID In Action Cont… Source : Auto-ID Center

  19. RFID Application (Today) • Supply chain and logistics and Retail • METRO Group - European supermarket • Production control • Toyota, South Africa • Automotive – immobilization, gas & toll payments (near field) • Library management • Prada, meaningful advertisement • Public transport • London Transport introduced smart tickets, 3 million cards in first year • Building access (HID) • House Pets, Humane Society animal tracking

  20. Future Consumer Applications • “Smart” appliances • Refrigerators that automatically create shopping lists • Ovens that know how to cook pre-packaged food • “Smart” products • Clothing, appliances, CDs, etc. tagged for store returns • “Smart” paper • Airline tickets that indicate your location in the airport • Business cards • Classified Documents • Recycling • Plastics that sort themselves

  21. Another future application: Euro banknotes • European Central Bank rumored to plan implanting RFID tags in banknotes by 2005 • Uses? • Anti-counterfeiting • Tracking of illicit monetary flows Source : RFID Privacy Conference, November 2003

  22. Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Kapitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… Clothes Consumer Privacy Source : RFID Privacy Conference, November 2003

  23. Consumer Privacy Threats • Association threat – associating personal identity with tags • Location threat – determining tag location (e.g. tags in shoes) • Preference threat – revealing personal preferences • Transaction threat – determining transactional information • Action threat – determining action based on tags

  24. Other Security Risks • Threats and Attacks • Spoofing – A good tool for thieves • Eavesdropping – Competitive information gathering • Traffic analysis – Capturing supply chain dynamics • Denial of service – Can disrupt a supply chain

  25. Simple approaches to consumer privacy Method 1: “Kill” RFID tags Problem: RFID tags are much too useful… Source : RFID Privacy Conference, November 2003

  26. Cryptography a solution?? • Yes, for some class of RFID • Price range of $0.50 to $1.00 • Smart Cards, Credit Card • Example: GenuID from NTRU • No, due to following constraints • For lower cost: US$0.05 – US$0.10 • Passive tags (A few meters of operating range) • Read-only identification func. ( A few hundred bits of storage) • 200-2000 gates available for security • 100-200 tags must be able to read per second

  27. Security Protocol – I • One Way Hash-Based Access Control [Weis03] Lock • Reader R selects a random keyand computes metaID:=hash(key) • R writes metaID to tag T (via RF channel or physical contact) • T enters the lock state Unlock • Reader R queries Tag T for its metaID • R looks up (metaID, key) in database • R sends key to T • If( hash(key)==metaID ), T unlocks itself • While unlocked, Tags offer full functionality and lock again after a while Two states Lock key metaID Unlock metaID But, tracking individuals is still possible !

  28. 1,2,3, …, 2023 pairs of sneakers and… (reading fails)… Security Protocol – II Blocker Tag Blocker simulates all (billions of) possible tag serial numbers!! Any Problems? Source : RFID Privacy Conference, November 2003 [Juels03]

  29. ? “Tree-walking” anti-collision protocol for RFID tags Collision 0 1 00 01 10 11 000 010 111 101 001 011 100 110 Source : RFID Privacy Conference, November 2003 [Juels03]

  30. Privacy zone Blocking with privacy zones 0 1 00 01 10 11 000 010 111 101 001 011 100 110 Transfer to privacy zone on purchase of item Source : RFID Privacy Conference, November 2003 [Juels03]

  31. Conclusion • RFID is really a great technology provided • Tag cost should be around $0.05 to $0.10 • A unified standards • A good privacy and security solution • Detection range is still an issue • Not tested in wide deployment

  32. Web Resources • EPC Global (www.epcglobalinc.org) • AlM Global Networks (www.aimglobal.org) • MIT Workshop on RFID privacy (www.rfidprivacy.org)

  33. References • E. Sarma, S. Weis, and D. Engels. “RFID Systems and Security and Privacy Implications”, http://citeseer.nj.nec.com/sarma02rfid.html • AIM WP-98/002R, “Radio Frequency Identification – RFID A Basic Primer”, http://www.aimglobal.org/technologies/rfid/resources/papers/rfid_basics_primer.htm • J. Landt. “Shrouds of Time, The History of RFID”,http://www.aimglobal.org/technologies/rfid/resources/shrouds_of_time.pdf • M. Reynolds. “The Physics of RFID”, http://www.rfidprivacy.org/papers/physicsofrfid.ppt • [Weis03]: Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel E.Engels, Security and Privacy Aspects of Low-Cost Radio frequency Identification Systems, International Conference on Security in Pervasive Computing, 2003. http://citeseer.nj.nec.com/weis03security.html • Stephen A. Weis, Security and Privacy in Radio-Frequency Identification Devices, Masters Thesis. MIT. May, 2003 http://theory.lcs.mit.edu/~sweis/masters.pdf • [Juels03]: Ari Juels and Ronald L. Rivest and Michael Szydlo, The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy, May 2003. Submitted for publication. http://citeseer.nj.nec.com/juels03blocker.html • NTRU GenuID: http://www.ntru.com/products/genuid.htm • [Pappu03]: Ari Juels and Ravikanth Pappu, Squealing Euros: Privacy protection in RFID-enabled banknotes, Financial Cryptography '03. Springer-Verlag, 2003. To appear. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/squealing-euros/SquealingEuros.pdf

More Related