rfid
TRANSCRIPT
RFID
Steven DiBenedetto
Outline
• Introduction and Principles
• Evolution of Security
• Tag Counting
• Context/Location Awareness
• Secure Storage
Introduction
• Radio Frequency Identification (RFID)
• Generally consists of a reader and tags.– Readers issue queries to tags which then respond.
• RFID is among the most loved and reviled technologies of our time.– Poster child for ubiquitous computing.
– Enemy #1 for privacy groups.
• Lots of interesting problems concerning context awareness and privacy.
RFID Equipment
http://www.rfidc.com/docs/introductiontorfid_technology.htm
RFID Principles
• Active: require powered infrastructure or attached battery– Examples: aircraft IFF transponder
– Pros: can generate own signal, wider range of uses
– Cons: more expensive, limited battery life
• Passive: powered by a tag reader– Example: labels
– Pros: no battery or maintenance needed, cheap
– Cons: few uses, still too expensive for some uses
RFID Principles
• 2 main methods to power passive devices
– Near-field RFID
• Works off of magnetic induction fields
• Tag responds through load modulation
• Limited effective range.
– Far-field RFID
• Tags capture EM waves emitted by a dipole antenna.
• Response loses power more quickly than near-field.
RFID Principles
• Operates in 3 main frequency bands
– Low (125/134 KHz)
• Useful for access control
– High (13.56 MHz)
• Provides read ranges up to 1.5 meters
– Ultra High (850 – 950 MHz)
• High speed reading and range up to 3 meters.
• Favored for inventory tracking.
Example Applications
• Originally developed for aircraft IFF systems.
• More efficient check-out systems.
• Automatic toll collection devices.
• Access control.
Outline
• Introduction and Principles
• Evolution of Security
• Tag Counting
• Context/Location Awareness
• Secure Storage
Past Security Issues
• Sniffing and Tracking
• Spoofing
– Make adversary think you are someplace else.
• Replay
– Steal IFF transponder to answer identification challenges.
• Denial of Service
– Jamming radars result in hesitation or friendly fire.
Modern Security Issues
• Sniffing– Easy to eavesdrop or query tags with a compliant reader.
• Tracking– Well placed readers can track you and “constellations” of
who/what you associate with.
• Spoofing– Tag cloning. See Oyster Cards.
• Replay• Denial of Service
– Tag relocation– Faraday cages
Security Evolution
• No longer a clear concept of who is an attacker.– Past: Allies vs. Axis
– Present: Potentially everyone.
• Physical security went out the window.– Past: IFF transponder was on a plane.
– Present: Device may already be in adversary’s possession.
• Security vs. Privacy– Past: Exclusively security.
– Present: Security and privacy are now critical.
Security Evolution
• Back-end infrastructure
– Past: Compromise affects a single plane.
– Present: Potentially connected to important databases and other middleware.
• Social factors
– Past: Attacks are always attacks.
– Present: Attacks may also be an attempt at self-defense.
Evolution of Solutions
• Cryptography
– Past
• Issue random challenge.
• Friendly responds with encrypted challenge.
• Interrogator validates response.
– Present
• Symmetric & asymmetric key cryptography.
• May offload solution of a back-end device.
Evolution of Solutions
• Detection and evasion
– Past: Radar predication devices showed radar locations on relief maps.
– Present: RFID Guardian detects scans and logs their meaning.
• Temporary deactivation
– Past: Turn off IFF device.
– Present: Password protected sleep or Faraday cages.
Evolution of Solutions
• Other techniques
– Past
• Hop between random frequencies to evade attacks.
• Require a code to be periodically entered into transponder.
– Present
• Periodically regenerate tag name or ID.
• Re-encrypt tag data.
Security Feasibility
• Application considerations
– Past
• Cost not an issue thanks to war time budget.
• Size not an issue thanks to deployment on bombers.
– Present:
• Wide scale deployment requires low cost.
• Size is an issue for ubiquitous deployment.
Security Feasibility
• On-tag cryptography
– Past: Crypto makes sense in a war.
– Present
• Crypto may cause power/size constraints.
• Move crypto off-tag.
• Key revocation
– Past: Revoke IFF key if a plane is stolen.
– Present: Determining when a key has been compromised is difficult.
Outline
• Introduction and Principles
• Evolution of Security
• Tag Counting
• Context/Location Awareness
• Secure Storage
Tag Counting
• Objective: Quickly and accurately count the number of tags with a region.
– Inventory items as they are unloaded.
• Multiple tags responding can cause collisions.
• Passive tags have little functionality.
– Unable to detect collisions and neighbors.
• Tags may be read multiple times.
Tag Count Frame Slotted Aloha
• Tag transmissions are scheduled by communication between tag and reader.
• Tags should implement:
– identified flag
– Random number generator
– Slot counter
– Simple state machine
Tag Count Frame Slotted Aloha
Tag Count Frame Slotted Aloha: A Novel Anti-collision Protocol in RFID Systems. Xiaodong Deng, Mengtian Rong, Tao Liu, Yong Yuan and Dan Yu
TCFSA Performance
• Evaluate based on:
• Number of arrivals = number of departures for simulations.
TCFSA vs. Other Aloha-based
Tag Count Frame Slotted Aloha: A Novel Anti-collision Protocol in RFID Systems. Xiaodong Deng, Mengtian Rong, Tao Liu, Yong Yuan and Dan Yu
TCFSA vs. ABS
Tag Count Frame Slotted Aloha: A Novel Anti-collision Protocol in RFID Systems. Xiaodong Deng, Mengtian Rong, Tao Liu, Yong Yuan and Dan Yu
Outline
• Introduction and Principles
• Evolution of Security
• Tag Counting
• Context/Location Awareness
• Secure Storage
Context Awareness
• Goal: Determine user’s location and what actions are being taken.
• Relative vs. Absolute location measurements
– Measuring based on last known location
• E.g. measure distance walked based on pace and time
– Measurement based on reference
E.g. GPS system
Context Awareness Challenges
• Environment may be constantly changing.
• Heterogeneous data sources with varying levels of reliability.
• May desire different levels of privacy based on location.– Location is more than a set of coordinates.
– Expected behavior at location?
• Privacy varies based on who is looking for information.
Location Sensing
• Objective: Track people or objects within a given area.
• Variety of commonly used solutions.
– GPS
– Infrared sensors
– Ultrasonic sensors
– RFID
– 802.11
RFID-based Location
Placement of 9 readers with two different ranges and the sub- regions.
LANDMARC: Indoor Location Sensing Using Active RFID. LIONEL M. NI, YUNHAO LIU, YIU CHO LAU and ABHISHEK P. PATIL. Wireless Networks 10, 701–710, 2004
LANDMARC
• Objective: Create a location sensing system using off the shelf hardware.
• Equipment:
– RFID readers
• 8 power levels
• Event-based or continuous update scheme
• Detection range of 150 ft
• 802.11b interface
– Active RFID tags
LANDMARC Approach
• Adding more readers increases accuracy.
– Expensive
– Static obstructions and human movement can effect readings.
• Add static tags to act as landmarks.
– Reference tags will behave similar to target tags.
– Requires active tags.
LANDMARC Approach
• Maintain signal strength vectors.
– Moving tag: S = (S1 , S2 , . . . , Sn )
– Reference tag: θ = (θ1 , θ2 , . . . , θ)
• Measure using Euclidean distance of strengths
LANDMARC Approach
• K-nearest neighbors algorithm for coordinates
• w represents the weight of a reference tag.
– Uniform weights results in more errors.
– Calibrate weights based on E
LANDMARC Evaluation
• Reference tags limit some interference effects.
• More readers improves accuracy, but very expensive.
LANDMARC: Indoor Location Sensing Using Active RFID. LIONEL M. NI, YUNHAO LIU, YIU CHO LAU and ABHISHEK P. PATIL. Wireless Networks 10, 701–710, 2004
LANDMARC Evaluation
LANDMARC: Indoor Location Sensing Using Active RFID. LIONEL M. NI, YUNHAO LIU, YIU CHO LAU and ABHISHEK P. PATIL. Wireless Networks 10, 701–710, 2004
Outline
• Introduction and Principles
• Evolution of Security
• Tag Counting
• Context/Location Awareness
• Secure Storage
Location-based Storage
• Use the properties of a physical location as implicit access control.– May be enough security for a given piece of data.
– Analogous to how people use to manage privacy.
• Requirements:– Fluid boundaries
– Time variance
– Time continuity
– Secure storage
FragDB Approach
• Fluid boundaries
– Use tag IDs are pointers to memory holding a fragment of data.
– Data is fragmented based level of redundancy.
• Simple split (no redundancy)
• Redundant split
• FEC 2:1– Allows reassembly with any set of half the fragments.
FragDB Approach
• Time variance
– Tag should change its ID periodically.
• Timer component on tag
• Change ID upon query with probability
• Time continuity
– Old IDs must be stored on tag.
– Gradually expire old IDs.
FragDB Approach
• Secure storage
– Data is not stored at location.
– Only need knowledge about location key.
FragDB – Secure Localized Storaged Based on Super-Distributed RFID-Tag Infrastructures. Marc Langheinrich
Summary
• RFID does not provide a one size fits all solution for computing needs.
• Lots of security and privacy concerns remain to be answered.
• RFID will continue to be a solid foundation for ubiquitous computing applications.
References
• RFID Centre. http://www.rfidc.com• An Introduction to RFID Technology. Roy Want. • Activity and Location Recognition Using Wearable Sensors. Seon-
Woo Lee and Kenji Mase.• Managing Context Information in Mobile Devices. Panu Korpipää,
Jani Mäntyjärvi, Juha Kela, Heikki Keränen, and Esko-Juhani Malm • Tag Count Frame Slotted Aloha: A Novel Anti-collision Protocol in
RFID Systems. Xiaodong Deng, Mengtian Rong, Tao Liu, Yong Yuan and Dan Yu.
• FragDB – Secure Localized Storaged Based on Super-Distributed RFID-Tag Infrastructures. Marc Langheinrich
• LANDMARC: Indoor Location Sensing Using Active RFID. LIONEL M. NI, YUNHAO LIU, YIU CHO LAU and ABHISHEK P. PATIL. Wireless Networks 10, 701–710, 2004