a distributed architecture for scalable private rfid tag

ARTICLE IN PRESS

Computer Networks xxx (2007) xxx–xxx

www.elsevier.com/locate/comnet

A distributed architecture for scalable private RFIDtag identification

Agusti Solanas *, Josep Domingo-Ferrer, Antoni Martınez-Balleste, Vanesa Daza

Rovira i Virgili University of Tarragona, Department of Computer Engineering and Maths, Av. Paısos Catalans 26,

E-43007 Tarragona, Catalonia, Spain

Abstract

The fast growth of Radio Frequency IDentification (RFID) implies a deployment challenge, namely how to keep thistechnology scalable without renouncing security and privacy features. This paper focuses on combining tag privacy andscalability using the hash locks mechanism. Our contribution is twofold: (i) a cell-based architecture is proposed in whichthe readers co-operate in order to conduct tag identification in a private and scalable way; (ii) a communication protocolfor the proposed architecture is defined and assessed. The proposed architecture and protocol solve the scalability short-comings of private RFID identification pointed out by Juels and Weis.� 2007 Elsevier B.V. All rights reserved.

Keywords: RFID; Scalability; Security; Privacy; Identification

1. Introduction

The development of the radio-frequency identifi-cation (RFID) technology is now a reality and per-vasiveness of this technology within the next fewyears is a realistic situation. A few years ago, RFIDtags were only used for tracking expensive itemssuch as shipping containers, automobile parts, oreven live cattle. The value of such tracked goodsfully justified the investment in RFID tags, whichinitially had a significant cost. Nowadays, the costof RFID components is decreasing and their low

1389-1286/$ - see front matter � 2007 Elsevier B.V. All rights reserved

doi:10.1016/j.comnet.2007.01.012

* Corresponding author.E-mail addresses: [email protected] (A. Solanas), josep.

[email protected] (J. Domingo-Ferrer), [email protected](A. Martınez-Balleste), [email protected] (V. Daza).

Please cite this article in press as: A. Solanas et al., A distribNetw. (2007), doi:10.1016/j.comnet.2007.01.012

prices have opened a broad range of possibilitiesinvolving mass deployment of tags.

A key factor in the spectacular market push ofRFID technology is the interest by large retailers(e.g., Wal-Mart1), important manufacturers (e.g.,Gillette, Procter & Gamble, etc.) and governments.As a result, almost any object in our daily life is lia-ble to carry a RFID tag, at least during a period ofits life (e.g., during the manufacturing process, dur-ing its distribution, at the shop, etc.). Due to thisimportant revolution many information technologymanufacturers have entered the RFID arena (e.g.,Philips Semiconductors, Intel, Intermec, Tyco, etc.).

Some authors [10] depict the future of RFID witha mixture of optimism and concern. On the good

.

1 Wal-Mart started to explore the RFID technology in 2003and devoted at least three billion dollars to implement it [10].

uted architecture for scalable private RFID ..., Comput.

mailto:[email protected]

mailto:josep. [email protected]

mailto:josep. [email protected]



Table 1Symbols used in the architecture description

Symbol Meaning

Reader covering a cellTag in a cellA message between two readersTag ID in the cacheSystem Access Point (SAP)System Exit Point (SEP)Movement of a tag

2 A. Solanas et al. / Computer Networks xxx (2007) xxx–xxx

ARTICLE IN PRESS

side, the RFID technology will eventually replacebar codes. It can be used on a variety of fields andserves many purposes, namely goods tracking, sup-ply chain optimization, reduction of theft and lossduring the distribution and selling processes, techni-cal equipment tracking, inventory management,firemen team location in fire departments, etc. Onthe bad side, RFID systems are a cause of privacyconcern for consumers, which might seriously ham-per their deployment. Clearly, RFID technologymust not violate privacy nor civil liberties. In [11]the most threatening points are identified as: hiddenplacement of tags, uniqueness of the identifiers,massive data aggregation, possibility of hiddenreaders and individual tracking and profiling.

The above privacy threats have unleashed radicalopposition in some cases. Consumer Against Super-market Privacy Invasion and Numbering (CAS-PIAN [8]) criticized the plan of Benetton to attachtags to its products, leading to a boycott of theseproducts in 2003 [4,5]. Something similar happenedto Tesco [16] in 2005. Some authors [1] are com-pletely against the use of supermarket cards and,accordingly, they are against the deployment ofRFID systems [2] in the sense that they would helpinfringing on personal privacy. They argue that theimproper use of this technology represents a mas-sive push toward global surveillance being drivenby the retail sector.

Some of the aforementioned privacy problemscan be overcome by using cryptographic techniquessuch as the ones described in [12,13]. Juels and Weishave given a definition of strong privacy for RFIDin [13]. However, their notion of strong privacyseems to be in conflict with scalability: private tagidentification in their model involves decryption ofthe ID of the tag being identified by exhaustivesearch. The same authors acknowledge this short-coming when they point out that

For RFID tags capable of only symmetric-keycryptography, we believe that our definitionmay require the reader to perform brute-forcesearch to identify tags[. . .] Such a system scalespoorly.

The scalability of RFID privacy is a major challengeto be satisfied in order for pervasive tag deploymentto be possible. This paper intends to advance in thatdirection. A solution based on the distribution oftag ID information with a communication protocolbetween readers is presented. For the sake of con-creteness, we focus on privacy based on hash locks.


However, our approach can be used to mitigate thescalability problems of any RFID privacy-preserv-ing technique. In Section 2, the architecture of thesystem is described and the notation and assump-tions are presented. In Section 3, an informationsharing protocol suite is detailed. The results ofthe protocol simulation are given in Section 4.Finally, Section 5 is a conclusion.

2. The architecture

Our system can be defined in terms of its compo-nents (i.e., tags and readers), the location and capa-bilities of those components and their privacyfunctionalities. The proposed architecture is cell-based. Cell-based approaches have successfully beenused to alleviate traffic in dense ad hoc networks [7]and are proposed here to scale computation inprivate RFID identification.

2.1. Main components

The main components in our architecture areRFID readers and tags (see Table 1 for a graphicalrepresentation of these components).

The tags considered in this article are passivedevices that can answer queries from readers byusing the power transmitted by the readers. Eachtag has a unique identifier and returns it when que-ried by a reader. Returning the identifier withoutany sort of protection could jeopardize tag security.Thus, we assume that the tag is able to compute asimple hash function to protect its identity froman eavesdropper (these security aspects are elabo-rated further in Section 2.3). Also, it is assumed thattags can change their location at any time. No otheradditional features are considered for the tags.

In our model, the readers are static devices intelli-gently distributed to cover the area in which the tagsare roaming. In contrast to the tags described above,readers are active devices capable of detecting tags by


Fig. 1. Scheme of the coverage of a set of readers. The numbersare used to indicate different tag location situations.

Fig. 2. Communication graph.

A. Solanas et al. / Computer Networks xxx (2007) xxx–xxx 3

ARTICLE IN PRESS

emitting a signal with a certain frequency. It is

assumed that a reader has some computational and

storage capabilities (e.g., a reader must be able tostore a number of identifiers in a cache, compute hashfunctions, generate pseudo-random numbers, etc.).The coverage range of the readers is a system param-eter to be taken into account during the deploymentprocess: the readers must be able to locate the tagsin the system and no shadow areas2 are allowed.Without loss of generality, we will assume that eachreader covers a specific square area, which will becalled a cell. Moreover, all readers have communica-tion capabilities and can exchange information withother readers using a secure channel (e.g., anencrypted wireless connection).

2.2. Covering the space

We now describe the spatial distribution of read-ers and the distribution of IDs among them toincrease scalability. Consider an area W that canbe covered through the use of a number of readers.Assume that tags enter and leave W through desig-nated points called System Access Points (SAP)and System Exit Points (SEP), respectively.

Readers are placed according to a grid patterndepicted in Fig. 1. Let Ai be the square cell coveredby the ith reader Ri. For the sake of simplicity, weconsider that all readers have the same coveragerange, so that all cells have the same size. Further,we consider cells to be disjoint and to span the entirearea W. Formally,[

Ai ¼ W 8i; ð1ÞAi \ Aj ¼ ; 8i; jji 6¼ j: ð2Þ

It is assumed that the readers are able to locate a tagby collaborating. Although the technologies forlocating a tag are beyond the scope of this work, wenext discuss some relevant issues about tag location.

Let D be the radius of the smallest circle contain-ing a square cell and d the radius of the greatest cir-cle inscribed in a square cell. Depending on thelocation of the tag, readers can face three differentsituations (see numbers in Fig. 1):

1. The distance between the tag and the reader Ri isless than d: in this case, the tag is located in thesquare area covered by Ri.

2 A shadow area is defined as a region where tags are notdetected by any reader.


2. The distance between the tag and Ri is less than D

and greater than d: in this case Ri needs the helpof an adjacent reader Rj to determine the locationof the tag. Note that it is not necessary to exactlylocate the tag: determining its current cell isenough. Thus, it is possible to fulfill this task withonly two readers.3

3. The distance between the tag and Ri is greaterthan D: in this case, the tag is off range of Ri.

In order to perform properly, the readers must beable to communicate between them. To that end, wepropose the use of a network topology that can berepresented as a graph where nodes are readersand edges are connections between readers. LetRadj

i be the set of readers which are adjacent, i.e.,connected, to Ri. As an example, Fig. 2 shows thecommunication graph for a regular grid with 12readers.

3 If the exact location were needed, at least three readers oughtto be used.



ARTICLE IN PRESS

2.3. Privacy

When the RFID technology was initiallydeployed, the population of tags was quite small.However, the number of outstanding tags is grow-ing fast and this trend is likely to continue withthe replacement of optical bar codes with electronicproduct codes (EPC). Clearly, the possibilities ofharming the privacy of consumers of productstagged with EPC will increase.

A variety of information can be stolen from con-sumers by reading without authorization the identi-fiers of the tags attached to the products that theybuy. It would be possible to determine the amountof money that a consumer spends, the products thathe/she prefers, his/her eating habits, etc. An eaves-dropper would be able to gather unprecedentedamounts of information. Thus, privacy is a veryimportant factor that has to be tackled if a wideand complete deployment of the RFID technologyis desired.

In [13], Juels and Weis propose a definition ofprivacy. However, basic RFID tags lack or have lit-tle cryptographic functionality, so researchers havehad to develop a farrago of lightweight methodsoffering security and privacy with as little cryptogra-phy as possible. Examples are the method byOhkubo, Suzuki and Kinoshita (OSK) [15] and itsevolutions [3], the method by Nohara, Inoue, Babaand Yasuura (NIBY) [14], the YA-TRAP scheme ofTsudik [17], the zero-knowledge scheme of Engberg,Harning and Jensen (EHJ) [9] and O-TRAP [6].

As mentioned above in Section 2.1, in this articlewe consider a class of RFID tags capable of simplecryptographic operations, such as computing a one-way hash function. Thus, a tag can securely send itsID to the reader by implementing the improved ran-domized hash locks described in [13], which havebeen shown to be a secure evolution of the deter-ministic hash locks and randomized hash locks pro-posed in [18].

The basic operation of the improved randomizedhash locks is depicted in Fig. 3 and is next brieflydescribed:

Fig. 3. Diagram of Juels–Weis improved randomized hash locks.


1. A reader R sends a challenge c0 to a tag T, wherec0 = nonceR is generated uniformly at random.

2. T generates its own nonce nonceT and hides itsunique identifier IDT by sending a responser0 = (nonceT,h(nonceRknonceTkIDT)).

3. To determine IDT, R must perform an exhaustivesearch of the IDs in its database to computeri ¼ ðnonceT ; hðnonceRknonceTkIDT iÞÞ and com-pare the result with r0. Once R finds an IDT i thatsatisfies ri = r0, the tag is identified.

In [13] it is proven that improved randomizedhash locks offer strong tag privacy in the face ofeavesdroppers. The main limitation of this tech-nique is scalability: indeed, the authors of [13]express their belief that, for RFID tags capable ofonly symmetric-key cryptography, their definitionof strong privacy may require the reader to performbrute-force search to identify tags, which scalespoorly. They also point out the need of definitionsand protocols for RFID privacy that are weaker,but more practical and useful. We absolutely agreewith their remarks and, in this paper, we concen-trate on the definition of a protocol permitting thepractical use of privacy schemes like the improvedrandomized hash locks in a scalable manner.

3. Information sharing protocol suite

Our method is based on sharing informationbetween readers. The shared information is the tagID and the ID of the reader which covers the cellin which a certain tag is located. The readers usethree kinds of messages to share information: tagarrival, tag roaming and tag departure (see Table2). This information is stored in the local cache ofeach reader involved in the message exchange.

In order for information to be shared withoutunnecessary replication, each reader removes fromits cache the information related to tags which areno longer in the reader’s cell or in any cell adjacentto the reader’s cell.

The suite consists of three protocols correspond-ing to the life cycle of a tag with respect to the sys-tem (i.e., arrival, roaming and departure):

Table 2Message types used by the information sharing protocol suite

Message Meaning

(T,�) Tag T enters the system for the first time(T,Ri) Tag T enters the cell of reader Ri

(T,�) Tag T leaves the system



ARTICLE IN PRESS

1. Arrival protocol. This protocol starts when a newtag enters the system for the first time. Upon arri-val of a tag in the system, a number of messagesare sent in order to propagate the tag ID and theID of the reader that acted as a SAP (entrypoint).

2. Roaming protocol. This protocol is used when atag moves from the cell of a reader into the cellof another reader. As a result, a number of IDpropagation messages are generated and arequest of ID deletion is also sent to the readerswhich are no longer accessible by the tag fromits new location (the tag ID should only be keptby the readers of the current cell and the adjacentcells).

3. Departure protocol. This protocol is responsiblefor managing the departure of tags from the sys-tem. It generates a number of ID deletion notifi-cations to rid the readers of the IDs of thedeparted tags.

4 Once a tag enters the system, its ID can be removed from theSAP database because it is transferred to the readers in the systemand the tag will not be allowed to leave the system through aSAP.

3.1. Arrival protocol

The number of SAPs and their location are vari-able and user-definable, i.e., they depend on the nat-ure and lay-out of the facility (airport, factory,store, etc.) served by the RFID system.

In a wholesale distribution center, each type ofgood enters the system through a designated gate,to which a specific SAP can be associated. EachSAP is supposed to know all the possible tags whichcan enter the system through it. For example, freshfish enters through gate 1 served by SAP1, cleaningproducts enter through gate 2 served by SAP2, etc.Thus, SAP1 only needs to know the informationabout fresh fish and SAP2 only needs to know theinformation about cleaning products. Thanks tothis division, the amount of information stored inthe SAPs scales better and goods can enter the sys-tem in an orderly fashion.

We assume that a SAP consists of a reader con-nected to a computer that can efficiently access adatabase of tag IDs. Regarding the remaining read-ers (those which are not SAPs), they can be verysimple devices with little storage and computationalcapabilities.

Note 1. It should be noticed that our approachsubstantially differs from a centralized scheme inwhich all readers are connected to a back-endcomputing system. In our approach, only SAPsneed a connection to the back-end and only the


incoming tags are considered, which increasesscalability.

For the sake of simplicity we describe the proto-col with a single SAP and a single reader Rin thatreceives the new tags entering the system. The gen-eralization to multiple SAPs and readers isstraightforward.

The arrival protocol is as follows:

Protocol 1 (Tag arrival).

1. The protocol starts when a tag T is detected by aSAP (see Step 1 of Figs. 4 and 5). If T is notfound in the SAP database then the SAP raisesan alarm to inform that there is an unidentifiedtag trying to enter the system without permission.

2. If the tag is correctly identified, the SAP sends amessage to Rin in order to inform the reader thata new tag T is going to enter the reader’s cell4 (seeStep 2 of Figs. 4 and 5).

3. Rin adds the tag T to its cache; thus, when Treaches the cell of Rin, the reader is able toauthenticate T. After authentication, Rin sendsa message to all readers Radj

in in adjacent cells toinform them that T has entered Rin’s cell andcan roam to any adjacent cell (see Step 3 of Figs.4 and 5).

4. In response to that message, the adjacent readersRadj

in add T to their caches and record the name ofthe message originator (i.e., in this case Rin).

3.2. Roaming protocol

The roaming protocol performs the task of shar-ing the tag ID information needed for updating thecaches of the readers. By properly updating theircaches, the readers can authenticate the tags in theircells, and can also leverage their resource manage-ment (memory allocation, computational power).To that end, the ID information of the tags in a cellmust be shared with adjacent readers, and non-adja-cent readers must remove the ID information fromtheir caches. Such a removal averts the uncontrolledgrowth of the reader caches and makes the systemscalable in terms of computational cost and memoryspace.


Fig. 4. Messages generated upon the arrival of an authenticatedtag into the system.

Fig. 5. Graphical scheme of the arrival of an authenticated taginto the system.

Fig. 7. Messages generated during the roaming protocol.


ARTICLE IN PRESS

The roaming protocol is launched when any tagT moves from its current cell to another (adjacent)cell. The protocol works as follows:

Protocol 2 (Roaming).

1. A tag T is detected by a reader Ri other than theowner of the tag (see Step 1 of Figs. 7 and 6),where we denote by owner of T the last readerthat informed the rest of the readers that T wasin its cell. Due to the spatial distribution of thereaders, T must come from one of the adjacentreaders to Ri, so Ri has in its cache the ID infor-mation of T and is able to identify it.

2. After identification, Ri sends a message to its adja-cent readers Radj

i in order to inform them that thenew owner of T is Ri (see Step 2 of Figs. 7 and 6).

Fig. 6. Graphical scheme of an authenticated tag roaming aboutthe system.


3. Upon message reception, the adjacent readersbehave differently depending on their currentcache information:(a) If an adjacent reader Rj 2 Radj

i has no infor-mation about T in its cache then it simplyappends T and its owner information (seeStep 3 of Fig. 6).

(b) If an adjacent reader Rj 2 Radji has informa-

tion about T in its cache but was not theprevious owner of T, then it only needs toupdate the name of the owner of T (i.e.,in this case Ri).

(c) The adjacent reader Rown which was theprevious owner of T must communicate toits adjacent readers Radj

own that the new ownerof T is Ri. To do so, Rown propagates themessage from Ri to its adjacent readers(see Step 3 of Fig. 7 and 6).

4. When the adjacent readers of Rown receive themessage, they behave differently depending ontheir adjacency relations:(a) If a reader Rk 2 Radj

own is adjacent to Ri thenit does nothing.

(b) If a reader Rk 2 Radjown is not adjacent to Ri

then it removes the information on T fromits cache (see Step 4 of Fig. 6).

5. At the end of the protocol, only readers adjacentto the current owner keep information on T intheir cache (see Step 5 of Fig. 6).

3.3. Departure protocol

In almost any RFID application, tags which haveentered a controlled system must leave it. In a super-market, grocery, warehouse, etc., tags travel fromthe shelves to the checkout. Similarly, the tags in aproduction line leave the system when the parts theycorrespond to have been completely assembled.

In order to control the departure of tags from thesystem, the System Exit Points (SEP)s mentionedabove are used. A SEP is an area covered by a



ARTICLE IN PRESS

reader from which no tag can go back into the sys-tem (e.g., a checkout in a supermarket).

The departure protocol works as follows:

Protocol 3 (Departure).

1. The protocol starts when a tag T is detected by aSEP (see Step 1 of Figs. 8 and 9).

2. The SEP informs its adjacent readers RadjSEP that T

must be removed from their caches because thereis no chance for T to go back (see Step 2 of Figs. 8and 9). The adjacent readers of the SEP, includingthe previous owner Rown of T, erase the informa-tion on T from their caches (see Step 2 in Fig. 9).

3. The previous owner Rown of T propagates theremoval message to its adjacent readers Radj

own

(see Step 3 of Figs. 8 and 9).4. The readers Radj

own remove any information on T

from their caches, and nothing remains in thesystem about the departed tag (see Step 4 ofFig. 9).

Fig. 8. Messages generated during the departure protocol.

Fig. 9. Graphical scheme of a tag departing through a SEP.


3.4. Comparison with the centralized approach

To the best of our knowledge, ours is the firstcontribution to scalable private tag identification.Thus, the only possible comparison is with the(non-scalable) centralized approach to private tagidentification, whose shortcomings are at least:

Dependability: Any failure in the back-end serverof a centralized private tag identification systemresults in a complete system crash.Message explosion: The number of messages gen-erated by the tags grows with their number, andit is obvious that a single back-end will eventuallybecome swamped with incoming traffic as thenumber of tags grows.Computational explosion: In a single back-endapproach the computations for private tagidentification cannot be distributed, so thatthe back-end server will be unable to pri-vately identify all tags if their number keepsgrowing.Delay: A centralized approach is supposed towork with a FIFO structure to queue the mes-sages of the tags waiting to be identified. Evenwithout reaching back-end collapse, buffering alarge number of tag messages may lead to delaysincompatible with the roaming pattern of tags: ifa tag moves to a new cell before the previousmessages have been processed by the back-end,the system fails in its purpose of keeping controlof the tag movements.

The above shortcoming are obviously mitigatedby the distributed scheme proposed in this paper.

4. Experimental results

The simulation of a complex environment is notstraightforward because of the quantity and varietyof the parameters involved. The aim of the pre-sented simulation is to show that the size of thecache used at the readers quickly stabilizes andtends to become uniform over time, regardless ofthe number and the roaming pattern of tags. Thisis an indication of the scalability of the proposedsystem.

Three different simulation scenarios depicted inFig. 10 have been considered:

Empty: In an empty scenario there are no obsta-cles, so the tags that enter the system can roam


Fig. 10. The three test scenarios. From left to right ‘‘Empty’’, ‘‘Unstructured’’ and ‘‘Corridor’’.


ARTICLE IN PRESS

PN

freely. This kind of environment is not very com-mon but it is useful to demonstrate how the sys-tem works.Unstructured: This scenario includes randomlydistributed obstacles which hinder free tag roam-

Fig. 11. Evolution of the Cache/Total Ratio mean and deviati

lease cite this article in press as: A. Solanas et al., A distributeetw. (2007), doi:10.1016/j.comnet.2007.01.012

ing. It is suitable for analyzing the behavior ofthe system in the presence of bottlenecks.Corridor: Most real-life scenarios can be viewed ascorridors (e.g., supermarkets, offices, libraries,etc.).

on for different values of the roaming probability.

d architecture for scalable private RFID ..., Comput.


ARTICLE IN PRESS

Looking at Fig. 10, each scenario consists of aSAP located on the left, 4 SEPs on the right and agrid of 25 by 25 readers evenly distributed. We donot need to specify the real spatial dimensions ofthe environment nor the cover range of the readers,because our protocols are invariant to these param-eters, as they only make use of the adjacency rela-tions between the readers.

In order to test the scalability of the system, wehave taken as a measure the ratio between the cachesize at the readers and the total number of tags. TheCached/Total Ratio (CTR) of a reader R at simula-tion step s is defined as follows:

CTRðR;sÞ ¼ 100� I ðR;sÞEs

where I(R,s) is the number of tag IDs stored in thecache of reader R and Es is the total number of tagsin the system.

Fig. 12. Evolution of the Cache/Total Ratio mean and deviation


The means and the standard deviations of theCTR are computed by taking into account only the

readers with a non-empty cache.For each scenario, 100,000 tags are allowed to

enter into the system through the SAP during thesimulation.

In order to test our proposal under several condi-tions, we have performed tests using the three afore-mentioned scenarios and taking into account twoparameters:

• Roaming probability of a tag: This is the probabil-ity that a tag moves to another cell (and thus to adifferent reader).

• Number of new tags per simulation step: This isthe number of tags that enter the system (throughthe SAP) at each simulation step.

for different values of the number of entering tags per step.



ARTICLE IN PRESS

For roaming probabilities ranging from 0.2 to 1.0and 1000 new tags per simulation step, Fig. 11shows the evolution of the mean and standard devi-ation of the CTR for readers with non-empty cache.Regardless of the roaming probability, the load ofthe reader caches tends to become uniform.

For a number of new tags per step ranging from50 (slow entrance) to 10,000 (fast entrance) and aroaming probability 0.5, Fig. 12 shows the evolutionof the mean and standard deviation of CTR forreaders with non-empty cache. Regardless of thetag entrance rate, the load of the reader caches tendsto become uniform.

After analyzing these results, we can concludethat neither tag mobility nor tag entrance rate sig-nificantly affect the overall behavior of the system,in the sense that the cache load at the readersbecomes evenly distributed over time.

For all three scenarios, the following can beobserved:

• During the first simulation steps, the mean of theCTR is high. This happens because all tags enter

0 5 10 15 20 25

0

5

10

15

20

25

010002000300040005000600070008000

Fig. 14. Number of tags in each cache for the ‘‘Unstru

5 10 15 20 25

0

5

10

15

20

25

0

1000

2000

3000

4000

5000

6000

1

2

3

4

5

6

Fig. 13. Number of tags in each cache for the ‘‘Em


the system through the SAP and the only readersthat store tag identifiers are the ones close to theSAP.

• After a few steps, the mean and the standarddeviation of the CTR sharply decrease. As tagsmove around, the proposed protocol ensures thattheir identifiers become evenly distributed amongthe readers and the average size of the non-emptycaches decreases. Consequently, it can be con-cluded that the proposed information sharingprotocol scales properly regardless of thescenario.

Fig. 13 shows the number of identifiers for eachcache at two different simulation steps (s = 20 ands = 300) for the ‘‘Empty’’ scenario, using 0.5 asroaming probability and with a rate of 1000 newtags per simulation step. It can be observed that,for s = 20 the caches which are close to the SAPhave a higher number of stored identifiers. Figs.14 and 15 show the same information for the‘‘Unstructured’’ and ‘‘Corridor’’ scenarios, respec-tively. It can be seen that, thanks to the proposed

0 5 10 15 20 25

0

5

10

15

20

25

010002000300040005000600070008000

ctured’’ scenario at steps 20 (left) and 300 (right).

0 5 10 15 20 25

0

5

10

15

20

25

0

000

000

000

000

000

000

pty’’ scenario at steps 20 (left) and 300 (right).


0 5 10 15 20 25

0

5

10

15

20

25

0

1000

2000

3000

4000

5000

6000

7000

0 5 10 15 20 25

0

5

10

15

20

25

010002000300040005000600070008000

Fig. 15. Number of tags in each cache for the ‘‘Corridor’’ scenario at steps 20 (left) and 300 (right).


ARTICLE IN PRESS

protocol, the number of identifiers stored in thecaches is much smaller than the total number ofidentifiers in the system.

From the above results, it becomes clear that theproposed distributed architecture and protocol areuseful to reduce the cache size required at the read-ers, which makes the RFID system scalable whilestill allowing private tag identification.

5. Conclusions and future work

RFID technology has already become a powerfulreality. However, there is still a long way to go inorder to evolve RFID into a ripe technology thatcan be widely deployed without compromising withprivacy and security matters.

In this article we have proposed a cell-basedarchitecture which provides scalability withoutrenouncing private tag identification. The abovearchitecture is engineered by an information sharingprotocol suite whose basic idea is to distributeamong the readers the computations needed for pri-vate tag identification.

To the best of our knowledge, this is the first con-tribution in the literature that tackles scalability ofprivate RFID tag identification.

The experimental results provided clearly demon-strate the usefulness of our approach and pave theway to future research and development. In partic-ular, we envision at least the following futureresearch topics:

• Study and optimize the number of messagesgenerated by the information sharing protocolsuite.


• Generalize the proposed system to allow the useof heterogeneous readers (i.e., with differentcover ranges and capabilities).

• Test the system in real scenarios.

Acknowledgements

This work was partly supported by the Span-ish Ministry of Education through projectSEG2004-04352-C04-01 ‘‘PROPRIETAS’’ and bythe Government of Catalonia under grant 2005SGR 00446.

References

[1] K. Albrecht, Supermarket cards: the tip of the retailsurveillance iceberg, Denver University Law Review 79(2002) 534–565. http://www.spychips.com/documents/Albr-echt-Denver-Law.pdf.

[2] K. Albrecht, L. McIntyre, RFID: the big brother bar code,American Legislative Exchange Council Forum 6 (2004) 49–54. http://www.spychips.com/alec-big-brother-barcode-article.html.

[3] G. Avoine, P. Oechslin, A scalable and provably secure hash-based RFID protocol, in: Third IEEE International Con-ference on Pervasive Computing and CommunicationsWorkshops 2005, March, pp. 110–114.

[4] E. Batista. What your clothes say about you, Wired Newshttp://www.wired.com, 2003. http://www.wired.com/news/wireless/0,1382,58006,00.html.

[5] Boycott Benetton, http://www.boycottbenetton.com.[6] M. Burmester, T. van Le, B. de Medeiros, Provably secure

ubiquitous systems: Universally composable RFID authen-tication protocols, 2006. Referenced 2006 at http://eprint.ia-cr.org/2006/131.pdf.

[7] M. Burmester, T. van Le, A. Yasinsac, Adaptive gossipprotocols: managing security and redundancy in dense adhoc networks, Journal of Ad hoc Networks 4 (3) (2006) 504–515.


http://www.spychips.com/documents/Albrecht-Denver-Law.pdf

http://www.spychips.com/documents/Albrecht-Denver-Law.pdf

http://www.spychips.com/alec-big-brother-barcode-article.html

http://www.spychips.com/alec-big-brother-barcode-article.html

http://www.wired.com

http://www.wired.com/news/wireless/0,1382,58006,00.html

http://www.wired.com/news/wireless/0,1382,58006,00.html

http://www.boycottbenetton.com

http://eprint.iacr.org/2006/131.pdf

http://eprint.iacr.org/2006/131.pdf


ARTICLE IN PRESS

[8] C.A.S.P.I.A.N. http://www.nocards.org.[9] S.J. Engberg, M.B. Harning, C.D. Jensen, Zero-knowledge

device authentication: privacy & security enhanced RFIDpreserving business value and consumer convenience, in:Second Annual Conference on Privacy, Security and Trust2004. Referenced 2006 at http://www.obivision.com/Papers/PST2004_RFID_ed.pdf.

[10] C.C. Haley, Are you ready for RFID? Internetnews.com,November 2003. http://www.internetnews.com/wireless/arti-cle.php/3109501.

[11] J.E. Henning, Preserving privacy in RFID deployment,Technical Report RVS-Occ-04-01, RVS, Faculty of Tech-nology, University of Bielefeld, March 2004.

[12] A. Juels, RFID security and privacy: a research survey,IEEE Journal on Selected Areas in Communications 24 (2)(2006) 381–394.

[13] A. Juels, S.A. Weis, Defining strong privacy for RFID, 2006.http://www.rsasecurity.com/rsalabs/node.asp?id=3046, sub-mitted for publication.

[14] Y. Nohara, S. Inoue, K. Baba, H. Yasuura, Quantitativeevaluation of unlinkable ID matching schemes, in: Work-shop on Privacy in the Electronic Society (WPES), 2005.

[15] M. Ohkubo, K. Suzuki, S. Kinoshita, Efficient hash-chainbased RFID privacy protection scheme, in: InternationalConference on Obiquitous Computing – Ubicomp, Work-shop Privacy, Current Status and Future Directions, 2004.

[16] Boycott Tesco, http://news.zdnet.co.uk/0,39020330,39185481,00.htm.

[17] G. Tsudik, YA-TRAP: yet another trivial RFID authenti-cation protocol, in: PerCom Workshops 2006, IEEE Com-puter Society, Pisa, Italy, 2006, pp. 640–643.

[18] S.A. Weis, S.E. Sarma, R.L. Rivest, D.W. Engels, Securityand privacy aspects of low-cost radio frequency identifi-cation systems, in: Security in Pervasive Computing, vol.2802 of Lecture Notes in Computer Science 2004, pp. 201–212.

Agusti Solanas (Tarragona, Catalonia,Spain, 1980) is a predoctoral researcherat the CRISES Research Group in thedepartment of Computer Science andMaths at Rovira i Virgili University(URV) of Tarragona, Catalonia. Hereceived his B.Sc. and M.Sc. degrees inComputer Engineering from URV in2002 and 2004, respectively, the latterwith honours (Oustanding GraduationAward). He received a Master in Tele-

matics Engineering from the Technical University of Catalonia(UPC) in 2006. He was selected to take part into the Young
Researchers Award 2005 organized by the Spanish Ministry ofEducation, Culture and Sport. His fields of activity are dataprivacy, data security, watermarking, neural networks and evo-lutionary computation. He participated in several Spanish-fun-ded and Catalan-funded research projects. He has authored over20 publications and he has delivered several talks. He has servedas program committee member and reviewer in several confer-ences and journals.

Josep Domingo-Ferrer is a Full Professorof Computer Science at Rovira i VirgiliUniversity of Tarragona, Catalonia. Hereceived with honors his M.Sc. and Ph.D.degrees in Computer Science from theAutonomous University of Barcelona in1988 and 1991 (Outstanding GraduationAward). He also holds a M.Sc. in Math-ematics. His fields of activity are dataprivacy, data security and cryptographicprotocols. In 2003, he was a co-recipient

of a research prize from the Association of Telecom Engineers ofCatalonia. In 2004, he got the TOYPS’2004 Award from the
Junior Chambers of Catalonia. He has authored 3 patents andover 170 publications, one of which became an ISI highly-citedpaper in early 2005. He was the co-ordinator of EU FP5 projectCO-ORTHOGONAL and of several Spanish funded and USfunded research projects. He has chaired or co-chaired 8 interna-tional conferences (including 2 CARDIS conferences) and hasserved in the program committee of over 42 conferences on privacyand security. He is an Associate Editor of three internationaljournals and has been a Guest Editor of Computer Networks,IJUFKS and Data Mining and Knowledge Discovery. In 2004, hewas a Visiting Fellow at Princeton University. He is the Secretaryof IFIP WG 8.8 on Smart Cards and he is the founder andchairholder of the forthcoming UNESCO Chair in Data Privacy.
Antoni Martınez-Balleste (Tarragona,Catalonia, Spain, 1976) is a Junior Lec-turer at Rovira i Virgili University ofTarragona (URV). He is currently amember of the CRISES research group.His research interests are related tosecurity in computer networks andsecure applications. In 1999, he receivedhis B.Sc. in Computer Systems Engi-neering from the URV. In 2002, hereceived his M.Sc. in Computer Engi-

neering also from URV. In 2004, he received with honors a Ph.D.in Telematics Engineering from the Technical University of
Catalonia (UPC). In 2004, he was a visiting researcher at LAAS-CNRS, Toulouse, France. He has authored more than 25 articlesin journals and conferences. He is also currently working oninnovative learning techniques in engineering and the EuropeanHigher Education Space.
Vanesa Daza graduated in Mathematicsin University of Barcelona in 1999 andreceived her Ph.D. in Mathematics inTechnical University of Catalonia in2004. Afterwards, she joined a crypto-based security company as a SeniorResearcher. Currently she holds a post-doc position in the CRISES researchgroup at Rovira i Virgili University. Herresearch interests are mainly related withdistributed cryptography and its applica-

tions. She has co-authorized over 20 articles in journals and con-ferences. She has also co-authored 2 international patents. In 2001,
she was a visiting researcher at BRICS (Basic Research in Com-puter Science) at Aarhus University (Denmark), supported by aEU Marie Curie Fellowship.

http://www.nocards.org

http://www.obivision.com/Papers/PST2004_RFID_ed.pdf

http://www.obivision.com/Papers/PST2004_RFID_ed.pdf

http://www.internetnews.com/wireless/article.php/3109501

http://www.internetnews.com/wireless/article.php/3109501

http://www.rsasecurity.com/rsalabs/node.asp?id=3046

http://news.zdnet.co.uk/0,39020330,39185481,00.htm

http://news.zdnet.co.uk/0,39020330,39185481,00.htm

a distributed architecture for scalable private rfid tag

Business

rfid tags

private rfid identication

rfid arena

future of rfid

rfid technology2

rfid privacypreserv

deployment of rfid readers

graphical rfid systems