Radio Frequency Identification RFID Technologies

1
Radio Frequency Identification (RFID) Technologies

• Dale R. Thompson, Ph.D., P.E.
• Associate Professor
• Computer Science and Computer Engineering Dept.
• University of Arkansas

2
Related Activities

• Member of GS1 EPCglobal Hardware Action Group
  Product Data Protection ad hoc Committee (Dec.
  2006 present)
• Affiliated with University of Arkansas RFID
  Research Center (http//itri.uark.edu/rfid/)
  (Feb. 2005 present)
• Lightweight Authentication for RFID (Aug. 2006
  present)
• Categorizing RFID Privacy Threats with STRIDE
  (July 2006)
• Taught RFID Communications class (May June
  2006)
• RFID Security Threat Model (Mar. 2006)
• Brute Force Attack of EPCglobal UHF Class-1
  Generation-2 RFID Tag (Jan. May 2006)
• Attack Graphs for EPCglobal RFID (Jan. May
  2006)
• MIXNET Using Universal Re-encryption for Radio
  Frequency Identification (RFID) (Aug. 2005 Dec.
  2006)
• RFID Technical Tutorial and Threat Modeling
  Project (Jun. Dec. 2005)

3
University of Arkansas RFID Research Center

• Fully student staffed with 24 industry members,
  which recently became the first open laboratory
  to be accredited by EPCglobal Inc.

4
What is RFID?

• Stands for Radio Frequency Identification
• Uses radio waves for identification
• New frontier in the field of information
  technology
• One form of Automatic Identification
• Provides unique identification or serial number
  of an object (pallets, cases, items, animals,
  humans)

5
Applications

• Mobil Speedpass systems
• Automobile Immobilizer systems
• Fast-lane and E-Zpass road toll system
• Passports
• Animal Identification
• Humans
• Supply chain management

6
RFID system
7
RFID reader

• Also known an interrogator
• Reader powers passive tags with RF energy
• Can be handheld or stationary
• Consists of
• Transceiver
• Antenna
• Microprocessor
• Network interface

Antenna
Reader
8
RFID tags

• Tag is a device used to transmit information such
  as a serial number to the reader in a contact
  less manner
• Classified as
• Passive energy from reader
• Active - battery
• Semi-passive battery and energy from reader

9
UHF passive tag
10
Printers
11
Applications, frequencies, and standards
12
Animal Identification Standards

• Pets such as dogs and cats
• Livestock such as cattle, pigs, etc.
• International standard 134.2 kHz
• ISO 11784 Radio-frequency identification of
  animals code structure
• ISO 11785 Radio-frequency identification of
  animals Technical concept
• ISO 14223 Radio-frequency identification of
  animals Advanced transponders
• U.S. standard 125 kHz
• At these frequencies the RF can penetrate mud,
  blood, and water

13
VeriChip

• Human implantable RFID tag operating at about 134
  KHz because at these frequencies the RF can
  penetrate mud, blood, and water
• About the size of uncooked grain of rice
• Oct. 22, 2002 US Food and Drug Administration
  ruled VeriChip not regulated device
• Oct. 2004 FDA ruled serial number in VeriChip
  could be linked to healthcare information
• Healthcare applications
• Implanted medical device identification
• Emergency access to patient-supplied health
  information
• Portable medical records access including
  insurance information
• In-hospital patient identification
• Medical facility connectivity via patient
• Disease/treatment management of at-risk
  populations (such as vaccination history)

14
Contactless Smart Cards Standards

• ISO 7618 - A set of international standards
  covering the basic characteristics of contactless
  smart cards, such as physical and electrical
  characteristics, communication protocols and
  others.
• Proximity Smart Cards (13.56 MHz)
• Range 4 inches (10 centimeter)
• Baud rate 106 kilobaud
• ISO/IEC 14443
• Vicinity Smart Cards (13.56 MHz)
• Range 3 feet (1 meter)
• Baud rate 26.48 kilobaud
• ISO/IEC 15693

15
Supply Chain Management

• RFID adds visibility as the items flow through
  the supply chain from the manufacturer, shippers,
  distributors, and retailers.
• The added visibility can identify bottlenecks and
  save money.
• Wal-Mart requested in June 2003 that their top
  100 suppliers use RFID at the pallet and case
  level by January 2005.
• Wal-Mart currently has 300 suppliers sending
  products to 500 RFID-enabled Wal-Mart and Sam's
  Club stores.
• Wal-Mart wants 1,000 stores with RFID by January
  2007.
• Source http//www.extremerfid.com/article/WalMar
  tForgesAheadwithRFID/172888_1.aspx

16
Electronic Product Code (EPC) 96-bit Version

• Every product has unique identifier
• 96 bits can uniquely label all products for the
  next 1,000 years
• 296 79,228,162,514,264,337,593,543,950,336

17
EPCglobal, Inc.

• Not-for-profit organization developing
  commercial, world-wide RFID standards
• Joint venture between EAN International and the
  Uniform Code Council (UCC).
• UCC standardized Universal Product Code (UPC)
  barcodes in US
• EAN standardized barcodes in Europe
• UCC and EAN combined to form GS1
• http//www.epcglobalinc.org/
• UHF Class-1 Generation-2 (Class-1 Gen-2 or
  commonly known as Gen-2)
• ISO 18000-6C standard

18
EPC vs. UPC (Barcodes)

• Both are forms of Automatic identification
  technologies
• Universal Product Code (UPC) require line of
  sight and manual scanning whereas EPC do not
• UPC require optical reader to read whereas EPC
  reader reads via radio waves
• EPC tags possess a memory and can be written
  while UPC do not
• EPC tags cost 5 cents, UPC tags cost 1/10 cent

19
EPCglobal Inc. UHF Specification History

• EPCglobal UHF Class-0
• EPCglobal UHF Class-1 Generation-1
• EPCglobal UHF Class-1 Gen-2 (Gen-2)
• ISO 18000-6C standard
• Item management standard
• Retail standard

20
Trivia on Passive UHF RFID

• How far can a reader read a tag?
• Less than 20 feet using legal equipment
• What causes interference at these frequencies?
• Metal reflects the energy and can shield
• Water absorbs the energy. Microwaves operate at
  2.4 GHz because water absorbs energy at these
  frequencies. Passive UHF operates around 900 MHz,
  which is close enough.

21
Maximum Distances to Read UHF Passive Tag
Reality Today, in the lab 8 to 12 feet.
22
Electronic Passports

• Dept. of State begins issuing e-passports Aug.
  14, 2006
• Contactless chip in rear cover
• ISO 14443
• Name, date of birth, gender, place of birth,
  dates of passport issuance and expiration,
  passport number, digital image of the bearers
  photograph stored electronically
• Digital photograph is used as biometric
  identifier
• Anti-skimming material in cover to prevent
  unauthorized reading when it is closed
• Eavesdropping prevented by reading machine
  readable key inside passport to unlock chip
• Randomized unique identification (RUID) to
  prevent tracking
• Information signed with a digital signature
• New industry for wallet makers creating Faraday
  cages for passports

23
Passport Solution!
24
Certified Passport Solution
25
RFDump

• Open source software tool for RFID ISO-15693 and
  ISO-14443 readers (13.56 MHz)
• Read/write data on RFID tags
• Integrated cookie feature
• Add cookie to tag and automatically increment
  counter when tag is in range of reader
• Track number of times shopper enters reader field
  or picks up item
• www.rf-dump.org

26
RFID-related publications

• M. Byers, A. Lofton, A. K. Vangari-Balraj, and D.
  R. Thompson, Brute force attack of EPCglobal UHF
  class-1 generation-2 RFID tag, in Proc. IEEE
  Region 5 Technical Conf., Fayetteville, Arkansas,
  April 20-21, 2007, to appear.
• S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi,
  S. Estes, D. R. Thompson, Attack graphs for
  EPCglobal RFID, in Proc. IEEE Region 5 Technical
  Conf., Fayetteville, Arkansas, April 20-21, 2007,
  to appear.
• J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce,
  and J. Penumarthi, MIXNET for radio frequency
  identification, in Proc. IEEE Region 5 Technical
  Conf., Fayetteville, Arkansas, April 20-21, 2007,
  to appear.
• D. R. Thompson, J. Di, H. Sunkara, and C.
  Thompson, Categorizing RFID privacy threats with
  STRIDE, in Proc. ACM Symposium on Usable Privacy
  and Security (SOUPS), Carnegie Mellon University,
  Pittsburgh, Pennsylvania, July 12-14, 2006.
• D. R. Thompson, RFID technical tutorial, The
  Journal of Computing Sciences in Colleges, vol.
  21, no. 5, pp. 8-9, May, 2006.
• D. R. Thompson, N. Chaudhry, and C. W. Thompson,
  RFID security threat model, in Proc. Acxiom
  Laboratory for Applied Research (ALAR) Conf. on
  Applied Research in Information Technology,
  Conway, Arkansas, Mar. 3, 2006.
• N. Chaudhry, D. R. Thompson, and C. Thompson,
  RFID Technical Tutorial and Threat Modeling, ver.
  1.0, tech. report, Dept. of Computer Science and
  Computer Engineering, University of Arkansas,
  Fayetteville, Arkansas, Dec. 8, 2005. Available
  http//csce.uark.edu/drt/rfid

27
Contact Information

• Dale R. Thompson, Ph.D., P.E.
• Associate Professor
• Computer Science and Computer Engineering Dept.
• University of Arkansas
• 311 Engineering Hall
• Fayetteville, Arkansas 72701
• Phone 1 (479) 575-5090
• FAX 1 (479) 575-5339
• E-mail d.r.thompson_at_ieee.org
• WWW http//csce.uark.edu/drt/