rfid

RFID

Steven DiBenedetto

Outline

• Introduction and Principles

• Evolution of Security

• Tag Counting

• Context/Location Awareness

• Secure Storage

Introduction

• Radio Frequency Identification (RFID)

• Generally consists of a reader and tags.– Readers issue queries to tags which then respond.

• RFID is among the most loved and reviled technologies of our time.– Poster child for ubiquitous computing.

– Enemy #1 for privacy groups.

• Lots of interesting problems concerning context awareness and privacy.

RFID Equipment

http://www.rfidc.com/docs/introductiontorfid_technology.htm

http://www.rfidc.com/docs/introductiontorfid_technology.htm

RFID Principles

• Active: require powered infrastructure or attached battery– Examples: aircraft IFF transponder

– Pros: can generate own signal, wider range of uses

– Cons: more expensive, limited battery life

• Passive: powered by a tag reader– Example: labels

– Pros: no battery or maintenance needed, cheap

– Cons: few uses, still too expensive for some uses

RFID Principles

• 2 main methods to power passive devices

– Near-field RFID

• Works off of magnetic induction fields

• Tag responds through load modulation

• Limited effective range.

– Far-field RFID

• Tags capture EM waves emitted by a dipole antenna.

• Response loses power more quickly than near-field.

RFID Principles

• Operates in 3 main frequency bands

– Low (125/134 KHz)

• Useful for access control

– High (13.56 MHz)

• Provides read ranges up to 1.5 meters

– Ultra High (850 – 950 MHz)

• High speed reading and range up to 3 meters.

• Favored for inventory tracking.

Example Applications

• Originally developed for aircraft IFF systems.

• More efficient check-out systems.

• Automatic toll collection devices.

• Access control.

Outline



• Tag Counting


• Secure Storage

Past Security Issues

• Sniffing and Tracking

• Spoofing

– Make adversary think you are someplace else.

• Replay

– Steal IFF transponder to answer identification challenges.

• Denial of Service

– Jamming radars result in hesitation or friendly fire.

Modern Security Issues

• Sniffing– Easy to eavesdrop or query tags with a compliant reader.

• Tracking– Well placed readers can track you and “constellations” of

who/what you associate with.

• Spoofing– Tag cloning. See Oyster Cards.

• Replay• Denial of Service

– Tag relocation– Faraday cages

Security Evolution

• No longer a clear concept of who is an attacker.– Past: Allies vs. Axis

– Present: Potentially everyone.

• Physical security went out the window.– Past: IFF transponder was on a plane.

– Present: Device may already be in adversary’s possession.

• Security vs. Privacy– Past: Exclusively security.

– Present: Security and privacy are now critical.

Security Evolution

• Back-end infrastructure

– Past: Compromise affects a single plane.

– Present: Potentially connected to important databases and other middleware.

• Social factors

– Past: Attacks are always attacks.

– Present: Attacks may also be an attempt at self-defense.

Evolution of Solutions

• Cryptography

– Past

• Issue random challenge.

• Friendly responds with encrypted challenge.

• Interrogator validates response.

– Present

• Symmetric & asymmetric key cryptography.

• May offload solution of a back-end device.


• Detection and evasion

– Past: Radar predication devices showed radar locations on relief maps.

– Present: RFID Guardian detects scans and logs their meaning.

• Temporary deactivation

– Past: Turn off IFF device.

– Present: Password protected sleep or Faraday cages.


• Other techniques

– Past

• Hop between random frequencies to evade attacks.

• Require a code to be periodically entered into transponder.

– Present

• Periodically regenerate tag name or ID.

• Re-encrypt tag data.

Security Feasibility

• Application considerations

– Past

• Cost not an issue thanks to war time budget.

• Size not an issue thanks to deployment on bombers.

– Present:

• Wide scale deployment requires low cost.

• Size is an issue for ubiquitous deployment.

Security Feasibility

• On-tag cryptography

– Past: Crypto makes sense in a war.

– Present

• Crypto may cause power/size constraints.

• Move crypto off-tag.

• Key revocation

– Past: Revoke IFF key if a plane is stolen.

– Present: Determining when a key has been compromised is difficult.

Outline



• Tag Counting


• Secure Storage

Tag Counting

• Objective: Quickly and accurately count the number of tags with a region.

– Inventory items as they are unloaded.

• Multiple tags responding can cause collisions.

• Passive tags have little functionality.

– Unable to detect collisions and neighbors.

• Tags may be read multiple times.

Tag Count Frame Slotted Aloha

• Tag transmissions are scheduled by communication between tag and reader.

• Tags should implement:

– identified flag

– Random number generator

– Slot counter

– Simple state machine

Tag Count Frame Slotted Aloha

Tag Count Frame Slotted Aloha: A Novel Anti-collision Protocol in RFID Systems. Xiaodong Deng, Mengtian Rong, Tao Liu, Yong Yuan and Dan Yu

TCFSA Performance

• Evaluate based on:

• Number of arrivals = number of departures for simulations.

TCFSA vs. Other Aloha-based


TCFSA vs. ABS


Outline



• Tag Counting


• Secure Storage

Context Awareness

• Goal: Determine user’s location and what actions are being taken.

• Relative vs. Absolute location measurements

– Measuring based on last known location

• E.g. measure distance walked based on pace and time

– Measurement based on reference

E.g. GPS system

Context Awareness Challenges

• Environment may be constantly changing.

• Heterogeneous data sources with varying levels of reliability.

• May desire different levels of privacy based on location.– Location is more than a set of coordinates.

– Expected behavior at location?

• Privacy varies based on who is looking for information.

Location Sensing

• Objective: Track people or objects within a given area.

• Variety of commonly used solutions.

– GPS

– Infrared sensors

– Ultrasonic sensors

– RFID

– 802.11

RFID-based Location

Placement of 9 readers with two different ranges and the sub- regions.

LANDMARC: Indoor Location Sensing Using Active RFID. LIONEL M. NI, YUNHAO LIU, YIU CHO LAU and ABHISHEK P. PATIL. Wireless Networks 10, 701–710, 2004

LANDMARC

• Objective: Create a location sensing system using off the shelf hardware.

• Equipment:

– RFID readers

• 8 power levels

• Event-based or continuous update scheme

• Detection range of 150 ft

• 802.11b interface

– Active RFID tags

LANDMARC Approach

• Adding more readers increases accuracy.

– Expensive

– Static obstructions and human movement can effect readings.

• Add static tags to act as landmarks.

– Reference tags will behave similar to target tags.

– Requires active tags.

LANDMARC Approach

• Maintain signal strength vectors.

– Moving tag: S = (S1 , S2 , . . . , Sn )

– Reference tag: θ = (θ1 , θ2 , . . . , θ)

• Measure using Euclidean distance of strengths

LANDMARC Approach

• K-nearest neighbors algorithm for coordinates

• w represents the weight of a reference tag.

– Uniform weights results in more errors.

– Calibrate weights based on E

LANDMARC Evaluation

• Reference tags limit some interference effects.

• More readers improves accuracy, but very expensive.


LANDMARC Evaluation


Outline



• Tag Counting


• Secure Storage

Location-based Storage

• Use the properties of a physical location as implicit access control.– May be enough security for a given piece of data.

– Analogous to how people use to manage privacy.

• Requirements:– Fluid boundaries

– Time variance

– Time continuity

– Secure storage

FragDB Approach

• Fluid boundaries

– Use tag IDs are pointers to memory holding a fragment of data.

– Data is fragmented based level of redundancy.

• Simple split (no redundancy)

• Redundant split

• FEC 2:1– Allows reassembly with any set of half the fragments.

FragDB Approach

• Time variance

– Tag should change its ID periodically.

• Timer component on tag

• Change ID upon query with probability

• Time continuity

– Old IDs must be stored on tag.

– Gradually expire old IDs.

FragDB Approach

• Secure storage

– Data is not stored at location.

– Only need knowledge about location key.

FragDB – Secure Localized Storaged Based on Super-Distributed RFID-Tag Infrastructures. Marc Langheinrich

Summary

• RFID does not provide a one size fits all solution for computing needs.

• Lots of security and privacy concerns remain to be answered.

• RFID will continue to be a solid foundation for ubiquitous computing applications.

References

• RFID Centre. http://www.rfidc.com• An Introduction to RFID Technology. Roy Want. • Activity and Location Recognition Using Wearable Sensors. Seon-

Woo Lee and Kenji Mase.• Managing Context Information in Mobile Devices. Panu Korpipää,

Jani Mäntyjärvi, Juha Kela, Heikki Keränen, and Esko-Juhani Malm • Tag Count Frame Slotted Aloha: A Novel Anti-collision Protocol in

RFID Systems. Xiaodong Deng, Mengtian Rong, Tao Liu, Yong Yuan and Dan Yu.

• FragDB – Secure Localized Storaged Based on Super-Distributed RFID-Tag Infrastructures. Marc Langheinrich

• LANDMARC: Indoor Location Sensing Using Active RFID. LIONEL M. NI, YUNHAO LIU, YIU CHO LAU and ABHISHEK P. PATIL. Wireless Networks 10, 701–710, 2004

http://www.rfidc.com/

rfid

Business