Calling All Things

1
Calling All Things

• RFID technology,
• its impact and our challenges

2
Contents

• How it works (Hardware)
• What it can do (Applications)
• How it affects us (Societal issues)
• How to control it (Countermeasures)

3
I
How it works
4
A typical RFID system

• Transponder/tag
• active / passive
• 1 bit 64 kB (EEPROM/SRAM)
• controller / CPU
• read-only / read-write

• Backoffice
• Databases
• Datamining

• Reader
• LF / UHF
• Communication range
• Coupling

5
RFID tags
6
RFID readers
7
Primary classifiers

• Active / passive
• LF / HF / UHF / micro
• Read-only / read-write
• State-machine / CPU
• n-bit / 1-bit

8
Reading distance (1)

• Design range
• Close-coupling (0 1 cm)
• Proximity coupling (7 15 cm)
• Vicinity/Remote-coupling (0 1 m)
• Long range (gt 1m)
• Eavesdropping range
• Maximum reading range

9
Reading distance (2)
Limited by power consumption of controller/CPU
on tag
Longer for active tags
10
Communication
Tag-to- reader eavesdropping hard

• Principle (load modulation)
• Collision avoidance
• Prefixes of ID

11
II
What it can do
12

• We now face the imminent expansion
• of cyberspace into physical space
• in the form of
• networked cameras,
• biometric identification devices,
• RFID tags on consumer goods,
• and a wide variety of sensors.

13
Applications
Mind that tree, Richard!

• Health care
• Emergency services
• Blindness (The object in front is a )
• Obsessive Compulsive Disorder (OCD )
• Access control
• Who is inside? Emergency information
• Logistics / Supply chain
• WalMart
• Shopping
• METRO store
• PRADA

14
Applications

• Travel/traffic
• Passport
• Hypertag (advertisement)
• Tag on object user (gsm) reads
• Exploratorium, San Fransisco
• Reader at object user wears tag

15
Example What-is-this

• With RFID
• Not only immovables (GPS)
• Including billboards
• RFID (UphID) ? URL
• Conditional access
• Sowing seeds vs 1 UphID for all
• 1 RFID n UphID

16
Smart Dust
17
III
How it affects us
18
In a mediated environment where everything is
connected to everything - it is no longer clear
what is being mediated, and what mediates.
19
Current RFID systems unsafe

• No authentication
• No friend/foe distinction
• No access control
• Rogue reader can link to tag
• Rogue tag can mess up reader
• No encryption
• Eavesdropping possible (esp. reader)
• Predictable responses
• Traffic analysis, linkability
• No GUI
• and distance not enforced by tag

20
RFID Risks Consumers

• User profiling
• Possible robbery target
• Possible street-marketing target
• Personalised loyalty/discounts
• Refuse/grant access to shop/building
• Even for tags without serial no
• Loss of location privacy
• By tracking same user profile
• Fake transactions / Identity theft

21
RFID Risks Companies

• Corporate espionage
• Scanning competitors inventory (or customer base)
• Eavesdropping tags
• Querying tags
• Unauthorised access
• Fake RFIDs
• Derived/competing services
• Using competitors installed base
• Denial of service attacks
• Supply chain failure
• Jamming signals
• Fake RFIDs

22
Aggregate data
time space

• Maybe too big to analyse/datamine.
• . but easily searched for 1 person

23
IV
How to control it
24
First ideas

• Kill command
• Blocker tag
• Metal shielding
• Many tags

25
Random identifier
h
identifier
g
to reader
26
Tracing banknotes (1)

• Primary issues
• Prevent tracing
• Prevent purse scanning
• Prevent counterfeiting
• Trace money laundering

27
Tracing banknotes (2)
28
Biometric passport (1)

• Primary issues
• Prevent tracing
• Prevent skimming
• Especially biometric data
• Prevent counterfeiting

29
Biometric passport (2)
30
http//www.cs.ru.nl/pearl
jhh_at_cs.ru.nl
31
Resources

• Klaus Finkenzeller RFID-Handbook, 2nd (3rd) ed,
  Wiley Sons, ISBN 0-470-84402-7
  http//www.rfid-handbook.de/