A cost-effective approach to protecting RFID tag identity

by

Wednesday, February 22, 2006, 10:30am - Wednesday, February 22, 2006, 12:00pm

325b

pervasive computing, privacy, rfid, security

Radio Frequency Identifier (RFID) is an emerging technology. Despite formidable security vulnerabilities, RFID finds applications from supply chain management to tracking personnel. A rogue RFID reader being able to query a RFID tag for its unique identifier or eavesdrop on the identifier is a major security concern. One-way hashing, cryptography and one-time pads are among some of the methods being used to secure this channel. Most of these methods involve the use of expensive active RFID tags.

We develop a scheme to ensure that an RFID tagged item will reveal sensitive data to only an authorized agency. We develop a cost-effective security solution using common passive RFID tags and an agent for validation. We propose a novel method by which a tag can enforce validation/authentication by storing code (or a code fragment) on it. This code would be executed in a sand-box within the environment of an agent or a reader. Certificates would be used to verify the authenticity of the interacting entities. A reader would be granted varying level of access based on its capability certificates by the agent.

We target a scenario in which we protect the identity of specific goods being transported in a consignment of goods using a special RFID tag (or reader) which would act as a sentinel. The tag identifiers are of local significance, and can be decoded by the sentinel. The sentinel has state information and has code (or keys) for partial authentication, and directs the reader to the agent. The reader then contacts the agent to get access to the tag data, using its capability certificates.

This scheme leverages the existing technologies to provide an effective privacy protection mechanism for RFID tags.

OWL Tweet

UMBC ebiquity