Page 1
A
Seminar-I Report
on
RFID BASED TRACKING SYSTEM PRIVACY CONTROL
Submitted in Partial Fulfillment of
the Requirements for the Degree
of
Bachelor of Engineering
in
T.E Computer Engineering
to
North Maharashtra University, Jalgaon
Submitted by
Shahrukh Ayaz Khan
Under the Guidance of
Miss Prachi Chaudhari
DEPARTMENT OF COMPUTER ENGINEERING
SSBT’s COLLEGE OF ENGINEERING AND TECHNOLOGY,
BAMBHORI, JALGAON - 425 001 (MS)2014 - 2015
Page 2
SSBT’s COLLEGE OF ENGINEERING AND TECHNOLOGY,
BAMBHORI, JALGAON - 425 001 (MS)
DEPARTMENT OF COMPUTER ENGINEERING
CERTIFICATE
This is to certify that the seminar-i entitled RFID based tracking system Privacy
Control, submitted by
Shahrukh Ayaz Khan
in partial fulfillment of the degree of Bachelor of Engineering in T.E Computer Engi-
neering has been satisfactorily carried out under my guidance as per the requirement
of North Maharashtra University, Jalgaon.
Date: April 21, 2015
Place: Jalgaon
Miss Prachi Chaudhari
Guide
Prof. Dr. Girish K. Patnaik Prof. Dr. K. S. Wani
Head Principal
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) i
Page 3
Acknowledgements
It gives me a great pleasure to express our deep sense of gratitude and indebtedness to my
guide Miss Prachi Chaudhari for his valuable support and encouraging mentality throughout
my work. I am highly obliged to her for helping me to gain the successful completion of my
case study.
I am highly grateful to the Honorable Head of Department, Prof. Dr. Girish K. Pat-
naik (Department of Computer Engineering),Dr K.S Wani(Principal SSBT COET) and my
Parents for their valuable guidance and encouragement during the work.
I have taken efforts for this report. However, it would not have been possible without
the kind support and help of many individuals who made my Seminar report successful. I
would also like to extend my sincere thanks to all of them.
I would like to take opportunity to sincerely thanks to all the concern individuals, family
members, friends, who made my Seminar successful. I also thanks all those people who
helped me in anyway what so ever act some point in time.
Shahrukh Ayaz Khan
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) ii
Page 4
Contents
Acknowledgements ii
Abstract 1
1 Introduction 2
1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Limitations and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Organisation of Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2 Literature Survey 6
2.1 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Existing Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3 Methodology 9
3.1 Radio Frequency Identification . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 RFID Origins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.1 Auto-Identification and RFID . . . . . . . . . . . . . . . . . . . . . . 11
3.3 How does RFID work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3.1 Basic System Components . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3.2 Transreciever-transponder Coupling . . . . . . . . . . . . . . . . . . . 15
3.4 RFID Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.4.1 Business Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.4.2 Government Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.4.3 Sub-Dermal Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.4.4 Tags in Libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.4.5 Smart Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4 Discussion 22
4.1 RFID SECURITY AND PRIVACY ISSUES . . . . . . . . . . . . . . . . . . 22
4.1.1 TAG DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.1.2 Eavesdropping (or Skimming) . . . . . . . . . . . . . . . . . . . . . . 22
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) iii
Page 5
4.1.3 Traffic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.1.4 Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.1.5 Denial of Service Attack . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.1.6 RFID READER INTEGRITY . . . . . . . . . . . . . . . . . . . . . . 24
4.1.7 PERSONAL PRIVACY . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.2 RFID Security Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.3 APPROACHES FOR TACKLING SECURITY AND PRIVACY ISSUES . . 25
4.3.1 SOLUTIONS FOR TAG DATA PROTECTION . . . . . . . . . . . . 25
4.3.2 SOLUTIONS FOR RFID READER INTEGRITY . . . . . . . . . . . 26
4.3.3 SOLUTIONS FOR PERSONAL PRIVACY . . . . . . . . . . . . . . 27
5 Analysis 29
5.1 Some Advantages and Disadvantages . . . . . . . . . . . . . . . . . . . . . . 29
5.1.1 Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.1.2 Disadvantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.2 How it differs from Traditonal Barcode . . . . . . . . . . . . . . . . . . . . . 29
6 Conclusion 31
7 Bibliography 32
7.1 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) iv
Page 6
List of Figures
1.1 Components called middleware . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Components of RFID systems . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1 RFID working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2 Components of RFID systems . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.3 A comparison between Bar Codes and RFID tags . . . . . . . . . . . . . . . 18
3.4 RFID systems in Supply Chain Management . . . . . . . . . . . . . . . . . . 18
3.5 RFID tags used in Library Management . . . . . . . . . . . . . . . . . . . . 21
5.1 Comparision RFID vs BarCode . . . . . . . . . . . . . . . . . . . . . . . . . 30
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) v
Page 7
Abstract
Radio-frequency identification (RFID) is a technology that uses communication via
electromagnetic waves to exchange data between a terminal and an electronic tag attached
to an object, for the purpose of identification and tracking. Some tags can be read from
several meters away and beyond the line of sight of the reader.
Radio-frequency identification involves interrogators (also known as readers), and tags
(also known as labels).
Most RFID tags contain at least two parts. One is an integrated circuit for storing
and processing information, modulating and demodulating a radio-frequency (RF) signal,
and other specialized functions. The other is an antenna for receiving and transmitting the
signal.
There are three types of RFID tags: passive RFID tags, which have no power source and
require an external electromagnetic field to initiate a signal transmission, active RFID tags,
which contain a battery and can transmit signals once an external source (’Interrogator’) has
been successfully identified, and battery assisted passive (BAP) RFID tags, which require
an external source to wake up but have significant higher forward link capability providing
greater range.
There are a variety of groups defining standards and regulating the use of RFID, includ-
ing: International Organization for Standardization (ISO), International Electrotechnical
Commission(IEC), ASTM International, DASH7 Alliance, EPC global. (Refer to Regula-
tion and standardization below.)
RFID has many applications; for example, it is used in enterprise supply chain man-
agement to improve the efficiency of inventory tracking and management.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 1
Page 8
Chapter 1
Introduction
This chapter describes some basic information on the RFID.
Radio Frequency Identication (RFID) originated during World War - II [22] when it was
imperative to determine whether combatants were friend or foe. In essence,the system fa-
cilitates automatic identication through a combination of tags and readers. Today, RFID
system have been successfully applied to the areas of manufacturing, supply chain, agricul-
ture, transportation, healthcare, and services to name a few. Research in this area has been
growing at a rapid pace as is evidenced by the number of articles published in the past couple
years
In this Chapter, Section 1.1 shows the Background of RFID while section 1.2 defines
the Objectives of this research. Section 1.3 describes some Limitations and solutions and
Section 1.4 shows the Organisation of this report.
1.1 Background
In context of Radio Frequency Identification (RFID), the phrase RFID infrastructure
describes the IT-infrastructure which is necessary to collect, filter and enrich raw RFID data
before processing it to the backend-systems (business intelligence systems like ERP, etc.).
In our case, we are focusing on the software components doing this job. Hence middleware
and infrastructure are to be used synonymously in this report.
In order to standardize the technical description of each vendors solution, we have
derived a set of evaluation criteria. Furthermore we have defined three phases the act of
processing RFID-data typically has to go through if working properly. This was done by
identifying and generalizing the several steps to be performed. Hence the abstract task of
preprocessing data could be distinguished into three phases:
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 2
Page 9
Figure 1.1: Components called middleware
1.collecting data by managing the RFID-reader(s)
2. enriching this collected data for further use (e.g. by filtering, accumulating, etc.)
3.exchanging enriched data with backend-systems
Thus we have an n-tier design approach for RFID-middleware (usually a 3-tier archi-
tecture presuming one layer for each phase). As further reading will show, nearly all solutions
meet this approach.
1.2 Objectives
In this study, an attempt has been made to know how using of RFID technology helps to
improve services and business process efficiency in public and private sectors. However, the
specific objectives of the study are set forth as below: a) To delineate the concise essentials
of RFID technology; b) To explore its current and emerging applications in present world.
c) To evaluate the challenges to implement RFID technology in Bangladesh; d) To provide
some recommendation for prevail over those challenges.
1.3 Limitations and Solutions
The use of the RFID technology in livestock tracking is still not the Holy Grail for all
problems, since new problems evolve which need to be solved. One of the biggest problems
is the lack of standardized tags and tag readers. Some of the tag readers are only able to
read the information of specific tags. The lack of standardized codes leads to big obstacles
in centralizing the information about certain animals in a federal global database.. The
information received from the breeder needs to be arranged, before storing it, to set them
in to a uniform data format. A first step to solve this problem is the standardization of the
information on the tags and the standardization of the tag readers.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 3
Page 10
Figure 1.2: Components of RFID systems
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 4
Page 11
Like mentioned above there are standards from the ISO, but another problem is that
not all tag and reader producer are using the standard. Also it is not possible to ensure in
all cases the uniqueness of the IDs, since they could be duplicated or in case of the loss of
the tag the same number is given to more than one animal. The uniqueness can be better
ensured through biometric methods, which take advantage of clear physiologic characteristics
of an animal. Biometric identification methods for practical use are the DNS-Profiling, Iris-
Scanning or Retina- Imaging. The DNS-Profiling is mainly used in breeding animals with
best physical characteristics, but this is a very slow and expensive method, since the DNA
has to be extracted and analyzed for every single animal. In the case of Iris-scanning a picture
from the iris s taken and stored in a database, this method is faster and more practical than
DNS-Profiling. A unique and stable mark from birth is the vessel pattern of the retina.
These methods can help to make it easier to identify an animal, but the identification should
not embed one without tags, because the biometric methods are still under testing . Another
problem is the limited range of the tag readers. To identify an animal in a herd or on an
open field the breeder needs to be in the direct neighborhood of that animal. This can be
solved if the animals are carrying only active tags, but it is not likely to ensure that the
animals carries its unique ID its whole life, because the battery needs to be recharged.
1.4 Organisation of Report
In this Chapter, we present a brief history of RFID along with Objectives of this Research
and it’s Limitations.
In Chapter 2 we have done literature Survey to compare with other authors and dis-
cussed some related done by researchers with the existing technologies.
In Chapter 3, we present a primer on basic RFID principles and discuss the taxonomy
of various RFID systems along with its origins and working of the System. We have also
summarized several major applications of RFID in Chapter 3.
Chapter 4 addresses the technical, economic, security, and privacy challenges facing
RFID adoption and some solutions given by various researchers
Finally, Chapter 5 Some Advantages and Disadvantages of RFID along with the com-
parision with the traditional Barcode Stystem.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 5
Page 12
Chapter 2
Literature Survey
The Literaure Survey” or Literature review” is an evaluative report of information found
in the literature related to your selected area of study. The review describes, summaries,
evaluates and clari
es the proposed literature. It gives a theoretical base for the research and helps to
determine the nature of research. In this Chapter, Section 2.1 Shows some Related work
done previously and section 2.2 describes Existing Technologies Used.
The RFID system serves the purposes [19] of identication, monitoring, authentication
and alerting through this exchange of data between the tag and the reader. The process is
automatic and both the tag and the reader do not need to be in plain sight. Inother words,
the RFID system facilitates remote and automatic identication. To improve the security tags
and readers have a challenge-response mechanism [20] which works much like the security
question that many websites have the users complete in order to authenticate the user.
Cronin [21] compares RFID with its predecessor technology viz. barcodes. Barcodes
require that the barcode and scanner are in direct line of sight for them to be scanned
and the items have to be physically moved against the scanner for data collection. RFID
tags, on the other hand, automatically transmit data to the reader even without a line of
sight. Singh et al. [22] provides a brief overview of the RFID technology and also the recent
advances towards standardization of the system. The authors also describe some of the
recent applications in the eld of apparel, and fresh produce. Ngai et al. [23] summarize the
research ndings in this area from 1995 up to 2005. Alani et al. [24] summarize the various
aspects involved in a RFID system and their classication schemes.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 6
Page 13
2.1 Related Work
Privacy protection is an important component in ubiquitous computing environments
[1], [2]. The technique of using mix zones was proposed by [3], [4] where by users could
specify certain areas where nobody could trace their movements. Other researchers [5], [6],
[7] proposed techniques to help users define privacy policies. This approach is more flexible
than mix zones at the cost of additional complexity in specifying the policies. The idea of
allowing users to specify virtual walls was suggested by [8] to simplify the creation of a privacy
policy. Physical access control [9], [10] addresses the problem of specifying a privacy policy.
Users can only obtain the location information of people that are were present together at
the same time. The intuition is that users that were at the same location at the same time
already know each others presence, and thus there is no privacy issues when releasing that
information later. Our work differs from these proposed techniques in that we do not rely on
trusted servers to protect user privacy. Our idea of protecting privacy by separating location,
time, and identity is similar to that proposed by [11], but our solutions are designed to work
with RFID tags.
RFID security is an active area of research with many different protocols being pro-
posed [12], [13], [14]. While our paper also proposes a simple security protocol, our focus is
less on the security and privacy between RFID reader and tag, but oriented more towards
data already collected and archived. Closely related to our paper is research on searching
encrypted data. In this problem, a user encrypts his data and stores it at an untrusted
server. The user wants to be able to search of part of his data in an efficient manner. Since
the server is untrustworthy, the user cannot send over his secret key. The user also cannot
request the server to transmit all the encrypted data back since it is inefficient. An search
system using symmetric key to encrypt data was proposed by [15], while [16] suggested a
public key based scheme. Practical encrypted database query retrieval systems were pro-
posed by [17], [18]. However, unlike our paper, prior research in this area do not consider the
privacy implications of ubiquitous environments such as malicious tracking of users. This
was shown in the second strawman approach by using [19] as an example. Furthermore,
these prior techniques assume that more advance hardware such as laptops are used, rather
than computational weak RFID tags.
2.2 Existing Technologies
According to the European e-Business Watch large-scale survey [19] of RFID adoption strate-
gies and impacts in four broad economic sectors, 14
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 7
Page 14
Health Sector: Austria tests by the municipal administration of Vienna on the ap-
plicability of RFID in the health care system. Mexico has Health insurance card: RFID
technology is integrated in the popular insurance card where the username, information on
doctors as well as prescribed drugs are stored. Korea uses RFID technology in hospitals.
e-Passport: In Denmark, e-passport is available since mid-2006; biometric passport relying
on RFID embedded fingerprint technology is introduced mid-2009. Germany has introduced
e-passport since the end of 2005 and electronic ID card since the end of 2009. Biometric pass-
port is relying on RFID technology in Netherlands, USA and UK. Portugal has e-passport
and e-passport control systems at Portuguese airports.
Public Services: Austria tests in the Viennese parking facility management. Germany
uses Waste management in different communities. Korea has implemented Pilot projects in
the fields of procurement, baggage handling, container management, ammunition manage-
ment, track- ing hazardous waste, museums etc. RFID tags replace paper season parking
tickets at car parks in public housing estates in Singapore.
Education Sector: RFID technology is used in Den- mark, Germany, Singapore, Nether-
lands and United States of America implementing for lending systems in libraries. Logis-
tics/Transport Sector: Japan has set-up of the Free Mobility Assistance System based on
ubiquitous network technology including RFID tags, to provide in- formation for seamless
movement (e.g. transfer routes and transport modes). Netherlands has introduced payment
cards for public transport. Singapore establishes Nationwide Electronic Road Pricing (ERP)
system to control and manage traffic volume; payment of road us- age charges. The ERP is
applied to all of Singapores 840,000 vehicles.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 8
Page 15
Chapter 3
Methodology
The Methodology” is a system of broad principles or rules from which specfic methods or
procedures may be derived to interpret or solve different problems within the scope of a
particular discipline. Unlike an algorithm, a methodology is not a formula but a set of
practices. Methodology is the systematic, theoretical analysis of the methods applied to a
held of study, or the theoretical analysis of the body of methods and principles associated
with a branch of knowledge. It, typically, encompasses concepts such as paradigm, theoretical
model, phases and quantitative or qualitative techniques. A Methodology does not set out
to provide solutions but offers the theoretical underpinning for understanding which method,
set of methods or so called Best Practices” can be applied to a specific case.
In this Chapter, Section 3.1 Explains Basics of RFID and 3.2 Tells us about it’s origins
and section 3.3 explains How RFID Works. While Section 3.3 Shows some applications of
RFID.
3.1 Radio Frequency Identification
Radio frequency identification (RFID) is a rapidly growing technology that has the potential
to make great economic impacts on many industries. While RFID is a relatively old technol-
ogy, more recent advancements in chip manufacturing technology are making RFID practical
for new applications and settings, particularly consumer item level tagging. These advance-
ments have the potential to revolutionize supply-chain management, inventory control, and
logistics.
At its most basic, RFID systems consist of small transponders, or tags, attached to
physical objects. RFID tags may soon become the most pervasive microchip in history.
When wirelessly interrogated by RFID transceivers, or readers, tags respond with some
identifying information that may be associated with arbitrary data records. Thus, RFID
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 9
Page 16
systems are one type of automatic identification system, similar to optical bar codes. There
are many kinds of RFID systems used in different applications and settings. These systems
have different power sources, operating frequencies, and functionalities. The properties and
regulatory restrictions of a particular RFID system will determine its manufacturing costs,
physical specifications, and performance. Some of the most familiar RFID applications are
item-level tagging with electronic product codes, proximity cards for physical access control,
and contact-less payment systems. Many more applications will become economical in the
coming years. While RFID adoption yields many efficiency benefits, it still faces several
hurdles. Besides the typical implementation challenges faced in any information technology
system and economic barriers, there are major concerns over security and privacy in RFID
systems.
Without proper protection, RFID systems could create new threats to both corporate
security and personal privacy.
3.2 RFID Origins
The origins of RFID technology lie in the 19th century when luminaries of that era made
great scientific advances in electromagnetism. Of particular relevance to RFID are Michael
Faradays discovery of electronic inductance, James Clerk Maxwells formulation of equations
describing electromagnetism, and Heinrich Rudolf Hertzs experiments validating Faraday
and Maxwells predictions. Their discoveries laid the foundation for modern radio communi-
cations.
Precursors to automatic radio frequency identification systems were automatic object
detection systems. One of the earliest patents for such a system was a radio transmitter
for object detection system designed by John Logie Baird in 1926 [4]. More well known is
Robert Watson-Watts 1935 patent for a Radio Detection and Ranging system, or RADAR.
The passive communication technology often used in RFID was first presented in Henry
Stockmans seminal paper Communication by Means of Reflected Power in 1948 [23].
One of the first applications of a radio frequency identification system was in Identify
Friend or Foe (IFF) systems deployed by the British Royal Air Force during World War
II 0. IFF allowed radar operators and pilots to automatically distinguish friendly aircraft
from enemies via RF signals. IFF systems helped prevent friendly fire incidents and aided in
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 10
Page 17
intercepting enemy aircraft. Advanced IFF systems are used today in aircraft and munitions,
although much of the technology remains classified.
Electronic detection, as opposed to identification, has a long history of commercial use.
By the mid- to late-1960s, Electronic Article Surveillance (EAS) systems were commercially
offered by several companies, including Checkpoint Systems and Sensormatic. These EAS
systems typically consisted of a magnetic device embedded in a commercial product and
would be deactivated or removed when an item was purchased. The presence of an activated
tag passing through an entry portal would trigger an alarm. These types of systems are
often used in libraries, music stores, or clothing stores. Unlike RFID, these types of EAS
systems do not automatically identify a particular tag; they just detect its presence.
3.2.1 Auto-Identification and RFID
In terms of commercial applications, RFID systems may be considered an instance of a
broader class of automatic identification (auto-ID) systems. Auto-ID systems essentially
attach a name or identifier to a physical object by some means that may be automatically
read. This identifier may be represented optically, electromagnetically, or even chemically.
Perhaps the most successful and well-known auto-ID system is the Universal Product
Code (UPC). The UPC is a one-dimensional, optical barcode encoding product and brand
information. UPC labels can be found on most consumer products in the United States.
Similar systems are deployed worldwide.
The Uniform Code Council (UCC), a standards body originally formed by members
of the grocery manufacturing and food distribution industries, originally specified the UPC
[25]. A precursor body to the UCC first met in 1969 to discuss the need for an inter-industry
auto- ID system. By 1973, a one-dimensional (or linear) barcode design was chosen. In 1974,
a supermarket in Ohio scanned the first UPC-labeled product: a package of Wrigleys gum.
Adoption of the UPC grew steadily throughout the following years, to the point where
UPC barcode scanners are found in a vast majority of large American retailers. Today,
over five billion barcodes are scanned around the world each day. Shipping and transit
companies, such as United Parcel Service, Federal Express, and the United States Postal
service, commonly use two-dimensional barcodes, which can carry more data in a smaller
surface area.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 11
Page 18
Optical barcodes offer faster, more reliable, and more convenient inventory control
and consumer checkout than checking out by hand. Several weaknesses of optical barcodes
are that they require line-of-sight and may be smudged or obscured by packaging. In most
circumstances, optical barcodes still require some human manipulation to align a barcode
label with a reader. Supermarket shoppers have certainly experienced a checker struggling
to scan an optical barcode.
Auto-ID systems that transmit data via RF signals, i.e. RFID, do not have the same
performance limitations as optical systems. Data may be read without line-of-sight and
without human or mechanical intervention. A key advantage in RF-based auto-ID systems
is parallelism. Modern RFID systems may offer read rates of hundreds of items per second.
3.3 How does RFID work?
Systems that make use of RFID technology are typically composed of three key elements:
• An RFID tag, or transponder, that carries object-identifying data.
• An RFID tag reader, or transceiver, that reads and writes tag data.
• A back-end database, that stores records associated with tag contents.
Each tag contains a unique identity code. An RFID reader emits a low-level radio
frequency magnetic field that energises the tag. The tag responds to the readers query and
announces its presence via radio waves, transmitting its unique identification data. This data
is decoded by the reader and passed to the local application system via middleware. The
middleware acts as an interface between the reader and the RFID application system. The
system will then search and match the identity code with the information stored in the host
database or backend system. In this way, accessibility or authorisation for further processing
can be granted or refused, depending on results received by the reader and processed by the
database.
3.3.1 Basic System Components
Typical transponders (transmitters/responders) consist of a microchip that stores data and
a coupling element, such as a coiled antenna, used to communicate via radio frequency
communication. Transponders may be either active or passive. Active transponders have an
on-tag power supply (such as a battery) and actively send an RF signal for communication
while passive transponders obtain all of their power from the interrogation signal of the
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 12
Page 19
Figure 3.1: RFID working
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 13
Page 20
transceiver and either reflect or load modulate the transceivers signal for communication.
Most transponders, both passive and active, communicate only when they are interrogated
by a transceiver.
Typical transceivers (transmitter/receivers), or RFID readers, consist of a radio fre-
quency module, a control unit, and a coupling element to interrogate electronic tags via
radio frequency communication. In addition, many transceivers are fitted with an interface
that enables them to communicate their received data to a data processing subsystem, e.g.,
a database running on a personal computer. The use of radio frequencies for communica-
tion with transponders allows RFID readers to read passive RFID tags at small to medium
distances and active RFID tags at small to large distances even when the tags are located
in a hostile environment and are obscured from view.
The basic components of an RFID system combine in essentially the same manner for
all applications and variations of RFID systems. All objects to be identified are physically
tagged with transponders. The type of tag used and the data stored on the tag varies from
application to application
Transceivers are strategically placed to interrogate tags where their data is required.
For example, an RFID-based access control system locates its readers at the entry points
to the secure area. A sports timing system, meanwhile, locates its readers at both the
starting line and the finish line of the event. The readers continuously emit an interrogation
signal. The interrogation signal forms an interrogation zone within which the tags may
be read. The actual size of the interrogation zone is a function of the transceiver and
transponder characteristics. In general, the greater the interrogation signal power and the
higher the interrogation signal frequency, the larger the interrogation zone. Sending power to
the transponders via the reader-to-tag communication signal is the bottleneck in achieving
large read range with passive tags. Active tags do not suffer from this drawback; thus, they
typically have larger communication ranges than an otherwise equivalent passive tag.
The transceivers and transponders simply provide the mechanism for obtaining data
(and storing data in the case of writable tags) associated with physical objects.
Passive RFID systems are the most promising to provide low-cost ubiquitous tag-
ging capability with adequate performance for most supply chain management applications.
These low-cost RFID systems are, of necessity, very resource RFID Systems and Security
and Privacy Implications limited, and the extreme cost pressures make the design of RFID
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 14
Page 21
Figure 3.2: Components of RFID systems
systems a highly coupled problem with sensitive trade-offs. Unlike other computation sys-
tems where it is possible to abstract functionality and think modularly, almost every aspect
of an RFID system affects every other aspect. We present a brief overview of the critical
components of RFID technology and summarize some of these trade-offs in passive RFID
design
3.3.2 Transreciever-transponder Coupling
Passive RFID tags obtain their operating power by harvesting energy from the electromag-
netic field of the readers communication signal. The limited resources of a passive tag require
it to both harvest its energy and communicate with a reader within a narrow frequency band
as permitted by regulatory agencies. We denote the center of this frequency band by f, and
we refer to RFID systems operating at frequency f with the understanding that this is the
center frequency of the band within which it operates.
Passive tags typically obtain their power from the communication signal either through
inductive coupling or far field energy harvesting. Inductive coupling uses the magnetic field
generated by the communication signal to induce a current in its coupling element (usually
a coiled antenna and a capacitor). The current induced in the coupling element charges the
on-tag capacitor that provides the operating voltage, and power, for the tag. In this way,
inductively coupled systems behave much like loosely coupled transformers. Consequently,
inductive coupling works only in the near-field of the communication signal. The near field
for a frequency f extends up to 1/(2f) meters from the signal source.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 15
Page 22
For a given tag, the operating voltage obtained at a distance d from the reader is
directly proportional to the flux density at that distance. The magnetic field emitted by the
reader antenna decreases in power proportional to 1/d3 in the near field. Therefore, it can
be shown that for a circularly coiled antenna the flux density is maximized at a distance
d (in meters) when R = 2d, where R is the radius of the readers antenna coil. Thus, by
increasing R the communication range of the reader may be increased, and the optimum
reader antenna radius R is 1.414 times the demanded read range d.
Far field energy harvesting uses the energy from the interrogation signals far field signal
to power the tag. The far field begins where the near field ends, at a distance of 1/(2f) from
the emitting antenna. The signal incident upon the tag antenna induces a voltage at the
input terminals of the tag. This voltage is detected by the RF front-end circuitry of the tag
and is used to charge a capacitor that provides the operating voltage for the tag.
There is a fundamental limitation on the power detected a distance d away from a
reader antenna. In a lossless medium, the power transmitted by the reader decreases as a
function of the inverse square of the distance from the reader antenna in the far field.
A reader communicates with and powers a passive tag using the same signal. The
fact that the same signal is used to transmit power and communicate data creates some
challenging trade-offs. First, any modulation of the signal causes a reduction in power to
the tag. Second, modulating information onto an otherwise spectrally pure sinusoid spreads
the signal in the frequency domain. This spread, referred to as a side band, along with the
maximum power transmitted at any frequency, is regulated by local government bodies in
most parts of the world. These regulations limit the rate of information that can be sent
from the reader to the tag. RFID systems usually operate in free bands known as Industrial-
Scientific-Medical (ISM) bands, where the emitted power levels and the side band limits tend
to be especially stringent.
The signaling from the tag to the reader in passive RFID systems is not achieved by
active transmission. Since passive tags do not actively transmit a signal, they do not have
a regulated limit on the rate of information that can be sent from the passive tag to the
reader. In the near field, tag to reader communication is achieved via load modulation. Load
modulation is achieved by modulating the impedance of the tag as seen by the reader. In the
far field, tag to reader communication is achieved via backscatter. Backscatter is achieved
by modulating the radar cross-section of the tag antenna. Comprehensive reviews of the
operation of tags and readers are available in [8] and [17].
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 16
Page 23
The powering of and communication with passive tags with the same communication
signal places restrictions on the functionality and transactions the tags are capable of. First,
there is very little power available to the digital portion of the integrated circuit on the tag.
This limits the functionality of the tag. Second, the length of transactions with the tag is
limited to the time for which the tag is expected to be powered and within communication
range. Governmental regulations can further limit communication timings. In the US in the
915 MHz ISM band, regulations require that, under certain operating conditions, the com-
munication frequency change every 400 ms. Since every change in frequency may cause loss
of communication with a tag, transponders must not be assumed to communicate effectively
for longer than 400 ms. Finally, it is important to minimize state information required in
passive tags. In many practical situations, power supplied to the tag may be erratic, and any
long-term reliance on state in the tag may lead to errors in the operation of a communication
protocol.
3.4 RFID Applications
The main purpose of RFID is automated identification of products and people. One of the
biggest advantages of RFID over conventional systems such as bar codes, is that neither line
of sight nor physical contact is required for an object with an RFID tag to be identified,
as is the case with bar codes where line of sight is required and smart cards, where contact
is required. It is hoped that RFID tags will become widely used, replacing all manner of
current identification as well as introducing applications not dreamed of earlier. One of the
reasons is that the prices of RFID tags have been falling steadily. RFID tags are viewed
as the next generation successors to bar codes. This makes it necessary for their cost to be
low, as they will add to the cost of the item on which they are included. To the best of
our knowledge, the cheapest tags available in the market cost .07 cents per tag, if they are
bought in volumes of 10 million [2] as of February 2006. The cost seems likely to drop to
.05 in the near future [3]. From a financial point of view, such prices would facilitate the
use of RFID in all manners of applications where identification is required. As mentioned,
the main application of RFID is for automated identification, and it is hoped that RFID
devices will replace all manners of optical identification techniques. To explain the numerous
advantages RFID possesses, we include here in Table I a comparison of RFID tags and bar
codes [4] for quick reference.
Commercial applications of RFID can be found today in supply chain management,
automated payment systems, airline baggage management, and so on. According to RFIDup-
date.com, one of the catalysts for the RFID industry has been mandates issued by Wal-Mart
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 17
Page 24
Figure 3.3: A comparison between Bar Codes and RFID tags
Figure 3.4: RFID systems in Supply Chain Management
and the US Department of Defense (DOD) for their suppliers to adopt RFID technology4.
Although the market has not grown quickly or as large as originally expected, these two
mandates continue to be important drivers in development of the industry.
3.4.1 Business Use
In June 2003, the worlds largest retailer, Wal-Mart, sent out a request to its top 100 suppliers
to put RFID tags on all cases and pallets of consumer goods shipped to a limited number
of Wal-Mart distribution centers and stores by 2005[5]. While the deployment of the RFID
project continued, Wal-Mart indicated in 2006 that out-of-stock items carrying RFID tags
could be replenished three times faster than they were before the project began[6].
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 18
Page 25
However, not all companies have found RFID technology that helpful. A number of
smaller Wal-Mart suppliers have had trouble justifying the investment in implementing RFID
in their supply chain7 in order to meet Wal-Marts expectations
Many access control devices currently used are based on smart cards, which have to
be swiped in a reader. The use of RFID for access control would mean that removal of the
card from a pocket is unnecessary, making it more convenient for the user. Use of RFID also
makes control systematic. By systematic we mean that two people accessing an area at the
same time should be recorded. For example, if access control uses smart cards, then if one
person opens a door using a smart card another authorized person can slip in behind him,
without the system having a record of it. If however, RFID tags are used, then as soon as
a person with a tag comes into the read range, the reader detects the person. An example
of such a system was implemented by Texas Instruments (TI) in 1999 [5]. They developed
a wireless access system for ski lifts. As soon as members with a valid RFID tag came near
the lift, the ski car opens and they can climb on. An automatic log of the people using the
lift is also maintained.
Another access control area where RFID has found popular use is that of car keys.
Companies such as Mercedes Benz are implanting tags in keys, and a reader in the car.
When the person with the key comes near the car, the door automatically opens, without
having to insert the key. Some cars even have multiple keys. This is useful if there is more
than one person who drives the car. Each person saves his preferences with reference to seat
position, cabin temperature etc. Depending on which RFID tag is read, the onboard system
changes the various parameters in the car to suit the person whose key it is.
One last example, which has been implemented successfully in many cities around the
world, is the use of RFID in toll gates. Frequent commuters place an RFID tag on their
dashboard. When they approach the gate through a special lane, a high-ranged reader reads
tag and allows them through. Each time the tag is read, the amount of currency left in the
users account is decreased, and when the currency gets over, the user buys a new tag.
3.4.2 Government Use
Similar to Wal-Mart, the US Department of Defense (DOD) began a policy in July 2004,
requesting vendors supplying goods directly or indirectly to the DOD integrate RFID into
their shipping procedures[8]. This mandate triggered a number of DOD suppliers to test
RFID, or run pilot projects in order to comply with the new requirements.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 19
Page 26
Another adoption of RFID technology has been by governments, with the electronic
passport project. In a number of countries, traditional paper passports are gradually being
replaced with passports embedded with a small integrated circuit. Biometric information,
such as face recognition, fingerprints or iris scans are stored in the electronic passport. The
electronic passport project was initiated by the US, requesting all countries participating in
the Visa Waiver Program issue passports with integrated circuits. The main objectives are
for automated identity verification, and for greater border protection and security[9].
3.4.3 Sub-Dermal Tags
This refers to tags that are implanted under the skin of people or animals. TI has imple-
mented several systems for animal tracking. RFID tags are especially useful in tracking
cattle, as well as keeping a count of a herd. Tags can also be used to study migration pat-
terns of fish, by tagging them and keeping track at regular intervals using a powerful reader
on a ship. Recently, the number of people who have been getting RFID tags implanted has
also been on the rise.
There are a number of forums on the Internet where people who have been tagged
discuss their experience [7]. One typical example is for computer access. Instead of typing
in a user name and password, a user has a tag implanted under his palm, and simply has to
wave his hand in front of the monitor, which has an RFID reader inbuilt.
3.4.4 Tags in Libraries
Some libraries have implanted RFID tags in their books. This allows users to carry out
returning and borrowing applications themselves. Librarians can also detect missing and
misfiled books easily, by using a hand held battery operated RFID reader. Then, the books
on each shelf do not have to be removed to check which belong there and which dont, only
those shelves that cause the RFID system to show an error can be checked. According to
Bibliotheca Library systems [8], more than 100 million books world wide in libraries across
Europe and North America have already been tagged.
3.4.5 Smart Appliances
A potential use of RFID devices is in smart appliances. Though these have not yet been
developed, there is a lot of speculation on them, and smart appliances are probably one of
the most exciting areas of RFID. Here we cite a few examples.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 20
Page 27
Figure 3.5: RFID tags used in Library Management
-Clothes made of a particular material can be implanted with tags with ID numbers
in a particular range. When these clothes are placed in a washing machine with an RFID
reader, the machine automatically selects the number of cycles, amount of water etc.
-Consider the following scenario you buy a packet of microwave popcorn implanted
with an RFID tag. You go home and place it in your RFID enabled microwave, and as soon
as you do so the microwave automatically sets the time required and starts operating!
-Your refrigerator contains an RFID system, and all food products are tagged. The
RFID system can communicate with a central database that holds the information for the
food products. The reader reads the information and is able to determine information such
as the expiry date for a particular carton of juice. When the date is reached, an alert is
sounded, saving you from having the expired juice!
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 21
Page 28
Chapter 4
Discussion
In this Chapter Section 4.1 describes the Security and Privacy issues in RFID and security
trends while section 4.2 explain approaches for Tackling Security and Privacy Issues
4.1 RFID SECURITY AND PRIVACY ISSUES
With the adoption of RFID technology, a variety of security and privacy risks need to be
addressed by both organisations and individuals:
Consumer concerns regarding RFID can broadly be classified into security and pri-
vacy. Security issues deal with legitimate readers getting information from illegitimate tags,
whereas privacy issues deal with illegitimate readers getting information from legitimate
tags. From a consumers point of view, the privacy issue is more important, and as a result
media coverage has been much higher. However, recognition of the importance of RFID
security has also been increasing.
4.1.1 TAG DATA
RFID tags are considered dumb devices, in that they can only listen and respond, no matter
who sends the request signal. This brings up risks of unauthorised access and modification
of tag data. In other words, unprotected tags may be vulnerable to eavesdropping, traffic
analysis, spoofing or denial of service attacks. We will look at each of these in turn:
4.1.2 Eavesdropping (or Skimming)
Radio signals transmitted from the tag, and the reader, can be detected several metres away
by other radio receivers. It is possible therefore for an unauthorised user to gain access
to the data contained in RFID tags if legitimate transmissions are not properly protected.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 22
Page 29
Any person who has their own RFID reader may interrogate tags lacking adequate access
controls, and eavesdrop on tag contents.
Researchers in the US has demonstrated a skimming attack on an RFID credit card,
through which credit card information, such as the cardholders name and account informa-
tion, could be skimmed if not properly encrypted[10].
4.1.3 Traffic Analysis
Even if tag data is protected, it is possible to use traffic analysis tools to track predictable tag
responses over time. Correlating and analysing the data could build a picture of movement,
social interactions and financial transactions. Abuse of the traffic analysis would have a
direct impact on privacy.
4.1.4 Spoofing
Based on the data collected from eavesdropping or traffic analysis, it is possible to perform
tag spoofing. For instance, a software package known as RFDump,[11] that runs on a
notebook computer or personal digital assistant, allows a user to perform reading or writing
tasks on most standard smart tags if they are not properly protected. The software permits
intruders to overwrite existing RFID tag data with spoof data. By spoofing valid tags, the
intruder could fool an RFID system, and change the identity of tags to gain an unauthorised
or undetected advantage. One example is trying to save money by buying expensive goods
that have had their RFID price tags spoofed to display cheaper prices. By combining the
two capabilities of eavesdropping and spoofing, a replay attack is possible where an attacker
can query a tag, receive the information it sends, and retransmit this information at a later
time[12].
4.1.5 Denial of Service Attack
The problems surrounding security and trust are greatly increased when large volumes of
internal RFID data are shared among business partners. A denial of service attack on RFID
infrastructure could happen if a large batch of tags has been corrupted. For example, an
attacker can use the kill command, implemented in RFID tags, to make the tags permanently
inoperative if they gain password access to the tags. In addition, an attacker could use an
illegal high power radio frequency (RF) transmitter in an attempt to jam frequencies used
by the RFID system, bringing the whole system to a halt[13].
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 23
Page 30
4.1.6 RFID READER INTEGRITY
In some cases, RFID readers are installed in locations without adequate physical protection.
Unauthorised intruders may set up hidden readers of a similar nature nearby to gain access to
the information being transmitted by the readers, or even compromise the readers themselves,
thus affecting their integrity. Unauthorised readers may also compromise privacy by accessing
tags without adequate access controls.
As a result, information collected by readers and passed to the RFID application may
have already been tampered with, changed or stolen by unauthorised persons. An RFID
reader can also be a target for viruses. In 2006, researchers demonstrated that an RFID virus
was possible. A proof-of-concept self-replicating RFID virus was written to demonstrate that
a virus could use RFID tags to compromise backend RFID middleware systems via an SQL
injection attack[14].
4.1.7 PERSONAL PRIVACY
As RFID is increasingly being used in the retailing and manufacturing sectors, the widespread
item-level RFID tagging of products such as clothing and electronics raises public concerns
regarding personal privacy. People are concerned about how their data is being used, whether
they are subject to more direct marketing, or whether they can be physically tracked by RFID
chips. If personal identities can be linked to a unique RFID tag, individuals could be profiled
and tracked without their knowledge or consent.
For instance, washing clothes tagged with RFID does not remove the chips, since they
are specially designed to withstand years of wear and tear. It is possible that everything
an individual buys and owns is identified, numbered and tracked, even when the individual
leaves the store, as far as products are embedded with RFID tags. RFID readers can detect
the presence of these RFID tags wherever they are close enough to receive a signal.
4.2 RFID Security Trends
Since RFID remains an emerging technology, the development of industry standards for pro-
tecting information stored on RFID chips is still being explored and strengthened. Research
into the development and adaptation of efficient hardware for cryptographic functions, sym-
metric encryption, message authentication codes and random number generators will improve
RFID security. In addition, advances in RFID circuit design and manufacturing technology
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 24
Page 31
can also lower development costs releasing more resources in tags that can be used for other
functions, such as allocating power consumption towards security features.
Today, certain public key technologies are also being studied and in some cases deployed
by RFID vendors. This helps improve confidentiality, user authentication and privacy of
RFID tags and associated applications. RFID vendors are also conducting research into
integrity and confidentiality issues around RFID reader infrastructure. Data can now be
stored on a token using dynamic re-keying, where specific readers can rewrite a tokens
credentials/signature, and verify the tokens identity. However, the cost and performance
issues around using public key technologies in RFID applications have stalled its use for
critical security applications.
4.3 APPROACHES FOR TACKLING SECURITY AND
PRIVACY ISSUES
There are a variety of solutions for tackling the security and privacy issues surrounding
RFID. They can be categorised into the following areas
• 1. Tag Data Protection
• 2. Reader Integrity
• 3. Personal Privacy
4.3.1 SOLUTIONS FOR TAG DATA PROTECTION
Password Protection on Tag Memory
Passwords can be used to protect tag data, preventing tags from being read without the
original owners permission. But if the passwords for all the tags are identical, then the
data becomes virtually public. However, if each tag is going to have a different or unique
password, there may be millions of passwords that need to be recorded, meaning the reader
would have to access the database and perform a lot of comparisons for each reading attempt.
Physical Locking of Tag Memory
The tag manufacturer locks information such as a unique identifier into tag before the tag is
released into an open environment. In other words, the chip is read-only and is embedded
with information during the manufacturing process. This provides proof of origin.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 25
Page 32
The limitation of this method is that no rewriting of data can be done on the tag
chip. Additional memory would be required for storing modifiable or extra information and
an algorithm would be needed for finding the latest tag data. This would result in higher
memory cost and a larger size memory.
Authentication of the Author in Tag Memory
The author or owner of the tag encrypts the tag data with his own private key (i.e. digitally
signs the tag) and writes the encrypted data into tag memory along with the authors name,
a reference to his public key and the algorithm used in non-encrypted form. When the reader
wants to verify the authenticity of information, it retrieves the authors name and other non-
encrypted information from the tag to verify that the data has been actually written by the
original author as claimed. However, if the RFID reader needs to update the tag with new
data, a key management system is required in order to manage the private key.
4.3.2 SOLUTIONS FOR RFID READER INTEGRITY
Reader Protection
Readers can reject tag replies with anomalies in response times or signal power levels which
dont match the physical properties of tags. If passive tags are used, this can be a way to
prevent spoofing attempts. Readers can also use random frequencies with tags designed
to follow a frequency dictated by the reader. Readers can change frequencies randomly so
that unauthorised users cannot easily detect and eavesdrop on traffic. On top of this, data
transmitted between the reader and the RFID application server could require verification
of the readers identity. Authentication mechanisms can be implemented between the reader
and the back end application to ensure that information is passed to the valid processor.
Read Detectors
RFID environments can be equipped with special devices to detect unauthorized read at-
tempts or transmissions on tag frequencies. These read detectors may be used to detect
unauthorized read/update attempts on tags, if they are used together with specially de-
signed tags that can transmit signals over a reserved frequencies, indicating any attempts to
kill or modify tags
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 26
Page 33
4.3.3 SOLUTIONS FOR PERSONAL PRIVACY
Kill Tag
By executing a special kill command on a tagged product, the RFID tag will be killed and
can never be re-activated. This kill command may disconnect the antenna or short-circuit a
fuse. This ensures that the tag cannot be detected any further, and thus protects the privacy
of the individual who possesses the product.
However, there may be instances where tags should not be killed. A store may wish for
example to re-detect the tags on defective products returned by customers. Also, smart-cards
embedded with RFID chips for access control will need to be activated continuously.
Faraday Cage
An RFID tag can be shielded with a container made of metal mesh or foil, known as a
Faraday Cage. This foil-lined container can block radio signals of certain frequencies and
thus protect tagged products from being detected. However, this approach might not work
in some situations. For example, it is difficult to wrap foil-lined containers around tags used
in clothing for pets and people.
Active Jamming
Active jamming of RF signals refers to the use of a device that actively broadcasts radio
signals in order to disrupt the operation of any nearby RFID readers. This physical means
of shielding may disrupt nearby RFID systems.
However, the use of such a device may be illegal, depending on the broadcasting power
of the device and government regulations in force. There is a risk of severe disruption to all
nearby RFID systems if the jamming power is too strong.
RSA Selective Blocker Tag
A blocker tag is a passive RFID device that uses a sophisticated algorithm to simulate
many ordinary RFID tags simultaneously. It provides an endless series of responses to RFID
readers through the use of two antennas to reflect back two bits simultaneously, thereby
preventing other tags from being read, performing a kind of passive jamming.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 27
Page 34
However, this approach gives individuals a lot of control. In addition, a blocker tag
may be used maliciously to circumvent RFID reader protocols by simulating multiple tag
identifiers.
Logical Hash-lock
When a tag is locked, it is given a value (or meta-ID) that is a hash value of the corresponding
key or PIN. The tag will refuse to reveal its ID until it can be unlocked by presenting the value
of the key or PIN value. For example, tags may be locked at check out time in a supermarket
and then unlocked by the individual using a given meta-ID and PIN after returning home.
These meta-ID and PINs may be read optically by individuals, and be printed on the interior
of the package or on the payment bill after purchasing, rather than transmitted by radio.
The limitation of this approach is that individuals need to manage the lock/unlock
features and the associated PINs for a whole collection of tags and purchases, and need to
keep track of which objects carrying which RFID tags. This approach also incurs additional
cost as it involves a cryptographic operation on tags.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 28
Page 35
Chapter 5
Analysis
In this Chapter, section 5.1 explains some Advantages and Disadvantages of RFID and
section 5.2 Explains How it differs from Traditonal Barcode
5.1 Some Advantages and Disadvantages
5.1.1 Advantages
• The RFID tags can store data up to 2 kb.
• Cannot be easily replicated and therefore, it increases the security of the product.
• Simple to install/inject inside the body of animals/human beings
• Fast and Robust
5.1.2 Disadvantages
• Doesnt work properly on liquids and metal products.
• More expensive than barcode system
• Harder to understand
• Tags are usually larger than barcode labels
• Possibility of unauthorized reading of passports and credit cards
5.2 How it differs from Traditonal Barcode
• RFID is more effective
• Barcodes have limited information
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 29
Page 36
Figure 5.1: Comparision RFID vs BarCode
• Read/write capability
• RFID tags can be read at much distance
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 30
Page 37
Chapter 6
Conclusion
While the use of RFID technology is increasing across a range of different industries,
the associated security and privacy issues need to be carefully addressed. Because RFID tags
come in different flavours, there is no overall, generic RFID security solution. Some low-cost
passive and basic tags cannot execute standard cryptographic operations like encryption,
strong pseudorandom number generation, and hashing. Some tags cost more than basic
RFID tags, and can perform symmetric-key cryptographic operations. Organisations wishing
to use RFID technology need to therefore evaluate the cost and security implications as well
as understand the limitations of different RFID technologies and solutions.
We have been able to discuss a few aspects of RFID security and privacy, as well as the
enormous scope RFID offers. It is hoped that we have been able to give a flavor of the work
that is currently being done, and that we have also shown how much work is still required.
Nevertheless, RFID researchers have already presented numerous solutions to some of
the most pressing concerns. It will be fascinating to see which of these proposals (and when)
are incorporated into the next generations of industrial RFID systems. Finally, we see that
RFIDs individual advantages adhere perfect to the idea of ubiquitous computing and look
out for further development of this complex topic.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 31
Page 38
Chapter 7
Bibliography
7.1 References
[1] D. Anthony, T. Henderson, and D. Kotz, Privacy in location aware computing environ-
ments, IEEE Pervasive Computing,2007.
[2] S. Lederer, J. I. Hong, X. Jiang, A. K. Dey, J. A. Landay, and J. Mankoff, Towards
everyday privacy for ubiquitous computing, Computer Science Division, University of Califor-
nia, Berkeley, Tech. Rep. UCB-CSD-03-1283, 2003. [Online]. Available: http://www.cs.berkeley.edu/projects/
io/publications/privacy-techreport03a.pdf
[3] A. Beresford and F. Stajano, Location privacy in pervasive computing, IEEE Pervasive
Computing, 2003.
[4] A. R. Beresford and F. Stajano, Mix zones: User privacy in location-aware services,
in Pervasive Computing and Communications Workshops (PERCOMW), 2004.
[5] U. Hengartner and P. Steenkiste, Access control to people location information, ACM
Trans. Inf. Syst. Secur., 2005.
[6] J. I. Hong and J. A. Landay, An architecture for privacy sensitive ubiquitous com-
puting, in International conference on Mobile systems, applications, and services (MobiSys),
2004.
[7] G. Myles, A. Friday, and N. Davies, Preserving privacy in environments with location-
based applications, IEEE Pervasive Computing, 2003.
[8] A. Kapadia, T. Henderson, J. J. Fielding, and D. Kotz, Virtual walls: Protecting dig-
ital privacy in pervasive environments, in Proceedings of the Fifth International Conference
on Pervasive Computing (Pervasive), 2007. [9] T. Kriplean, E. Welbourne, N. Khous-
sainova, V. Rastogi, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu, Physical access
control for captured rfid data, IEEE Pervasive Computing, 2007.
[10] V. Rastogi, E. Welbourne, N. Khoussainova, T. Kriplean, M. Balazinska, G. Borriello,
T. Kohno, and D. Suciu, Expressing privacy policies using authorization views, in Workshop
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 32
Page 39
on Ubicomp Privacy, (Ubicomp), 2007.
[11] T. Rodden, A. Friday, H. Muller, and A. Dix, A lightweight approach to managing
privacy in location-based services, equator- 02-058, University of Nottingham and Lancaster
University and University of Bristol, Tech. Rep. CSTR-07-006, 2002.
[12] S. Weis, S. Sarma, R. Rivest, and D. Engels, Security and, Privacy Aspects of Low-
Cost Radio Frequency Identification Systems, in International Conference on Security in
Pervasive Computing, 2003.
[13] D. Molnar and D. Wagner, Privacy and Security in Library RFID: Issues, Practices,
and Architectures, in Conference on Computer and Communications Security, 2004.
[14] K. Ouafi and R. C.-W. Phan, Privacy of Recent RFID Authentication Protocols, in
4th International Conference on Information Security Practice and Experience ISPEC 2008,
2008.
[15] D. X. Song, D. Wagner, and A. Perrig, Practical techniques for searches on encrypted
data, in IEEE Symposium on Security and Privacy, 2000.
[16] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, Public key encryption
with keyword search, in EUROCRYPT, 2004.
[17] S. Wang, X. Ding, R. H. Deng, and F. Bao, Private information retrieval using
trusted hardware, in European Symposium On Research In Computer Security (ESORICS),
2006.
[18] Z. Yang, S. Zhong, and R. N. Wright, Privacy-preserving queries on encrypted data,
in European Symposium On Research In Computer Security (ESORICS), 2006.
[19] Marc Langheinrich. A survey of rd privacy approaches. Personal and Ubiquitous
Computing, 13(6):413421, 2009.
[20] Eun-Kyung Ryu and Tsuyoshi Takagi. A hybrid approach for privacy-preserving
rd tags. Computer Standards and Interfaces, 31(4):812815, 2009 [21] Ray Cronin. Rd
versus barcode. Pharmaceutical Technology, 32(11):178+177178+177, 2008.
[22] S. P. Singh, M. McCartney, J. Singh, and R. Clarke. Rd research and testing for
packages of apparel, consumer goods and fresh produce in the retail distribution environment.
Packaging Technology and Science, 21(2):91102, 2008
[23] E.W.T. Ngai, K.K.L. Moon, F.J. Riggins, and Y.Y. Candace. Rd research: An
academic literature review (1995-2005) and future research directions. International Journal
of Production Economics, 112: 510520, 2008.
[24] Mustafa Alani, Widad Ismail, and Js Mandeep. Active rd system and applications.
Electronics World, 115(1877):2224, 2009.
SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 33