![Page 1: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/1.jpg)
http://rfid.cs.washington.edu/The RFID Ecosystem Project
Studying Next GenerationRFID Applications in the Workplace
Evan Welbourne
University of Washington, CSEChips Ahoy?
The Legal Issues Associated with RFID in the WorkplaceMay 1, 2009 - Seattle, WA
![Page 2: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/2.jpg)
http://rfid.cs.washington.edu/
PART 1: RFID and The RFID Ecosystem
PART 2: Current and Future Applications
PART 3: Security and Privacy Issues
+
Technical Protection Mechanisms
Outline
![Page 3: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/3.jpg)
http://rfid.cs.washington.edu/
Image credit: Tom Reese, The Seattle Times
PART ONE
Radio Frequency Identification
![Page 4: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/4.jpg)
http://rfid.cs.washington.edu/
What is RFID?
Wireless ID and tracking
Captures information on: Identity Location Time
Unique identification
Passive (no batteries)
Reader
Tag
![Page 5: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/5.jpg)
http://rfid.cs.washington.edu/
Radio Frequency Identification
Wireless identification and tracking Information on:
Identity Location Time
tag time location
… … …
t 1 A
t 2 B
A B C
t 3 C
![Page 6: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/6.jpg)
http://rfid.cs.washington.edu/
RFID Tags – A Wide Variety
Consumer Item Cases Pallets Trucks Ships / Trains
barcodes
passive tags
active tags
GPS-enabledactive tags
Cos
t of
tag
(loga
rithm
ic)
![Page 7: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/7.jpg)
http://rfid.cs.washington.edu/
Elements of an RFID System
RFID ReaderRFID Tags Reader Antenna
Network Infrastructure
Data ManagementSystem
Applications
![Page 8: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/8.jpg)
http://rfid.cs.washington.edu/
The RFID Ecosystem 100s of passive EPC Gen 2 tags
100s of RFID antennas
85,000 sq ft (8,000 sq m) building
Simulating an RFID-saturated future
![Page 9: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/9.jpg)
http://rfid.cs.washington.edu/
RFID Ecosystem at UW CSE
![Page 10: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/10.jpg)
http://rfid.cs.washington.edu/
PART TWO:Current and Future RFID Applications
![Page 11: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/11.jpg)
http://rfid.cs.washington.edu/
Focus: RFID for Real-Time Location
Current trend: RFID in Hospitals
Track equipment, patients, personnel
Improve utilization, track workflows
Rapid progression in 2009: Feb 19: Awarepoint deploys RFID throughout 4 M sq. ft. Hospital Feb 26: Versus Tech. deploys RFID system at Virginia Mason Mar 4: St. Vincent Hospital deploys RFID workflow tracker Mar 9: St. John’s Deploys RFID to track child patients Mar 23: Good Samaritan tracks surgical instruments w/RFID Mar 24: Western Maryland Health deploys RFID tracking system Mar 25: RFID system for tracking patient files at Cleveland Clinic April 14: RFID vendor Reva Systems gets $5M in VC funding April 21: Greenville Hospital System tracks OR case carts Ongoing…
[ right middle and right bottom image credit: http://www.pcts.com ]
![Page 12: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/12.jpg)
http://rfid.cs.washington.edu/
Focus: RFID for Real-Time Location
Proposed in research: Infer higher-level events from data Business Intelligence Reminding Systems Social Networking
![Page 13: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/13.jpg)
http://rfid.cs.washington.edu/
PART THREE
Security & Privacy Issues+
Technical Protection Mechanisms
Image credit: Karsten Nohl, from: OV-chipkaart Hack using polishing paper, a microscope and Matlab
![Page 14: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/14.jpg)
http://rfid.cs.washington.edu/
Many attacks:
Encryption can improve security but… Increases cost and power consumption, slows down read rate
-- to be useful, RFID tags have to be cheap and fast!
Physical security Foil-lined wallet: works, but you have to remove tag sometime
Skimming Cloning
Replay attack Eavesdropping
Ghost leech
Issue: Basic Insecurity of RFID
![Page 15: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/15.jpg)
http://rfid.cs.washington.edu/
Issue: Basic Insecurity of RFID
Case Study: WA State Enhanced Driver’s License
DHS claims RFID “removes risk of cloning” Can be cloned easily in less than a second w/cheap device
Can be read more than 75 ft away
Sleeve doesn’t always work, worse when crumpled
# EDL Reads, Week of Apr 27th
Case study credit: Karl Koscher, Ari Juels, Tadayoshi Kohno, Vjekoslav Brajkovic
![Page 16: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/16.jpg)
http://rfid.cs.washington.edu/
Our approach in the RFID Ecosystem:
1) Store little on tags, secure link between the tag ID and PII
2) Incorporate cryptographic techniques as they emerge
Issue: Basic Insecurity of RFID
![Page 17: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/17.jpg)
http://rfid.cs.washington.edu/
Who owns collected data?
Who has access to it? Modes of information disclosure: Institutional
Organization collects, uses, and potentially shares personal data Addressed by contracts, federal law, corporate practice (e.g. FIPs)
Peer-to-Peer or “Mediated” Peers and superiors access data through some authorized channel Mediated by access control policies
Malicious Personal data is compromised by unauthorized parties Addressed by secure systems engineering
Issue: Data Access & Ownership
![Page 18: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/18.jpg)
http://rfid.cs.washington.edu/
Our approach: “Physical Access Control Policy”
Each user has a personal view of the data
Each user has access to only those historical events thatoccurred when and where s/he was physically present
Models line-of-sight, augments memory
Other “context-aware” policies are possible:
“Only reveal my location during business hours”
“Only reveal my activity when I am in a meeting”
Issue: Data Access & Ownership
![Page 19: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/19.jpg)
http://rfid.cs.washington.edu/
Issue: Uncertainty of RFID Data
1) In practice, RFID tags are often missed by readers Data cleaning algorithms are commonly applied
2) Further, apps need high-level information from smoothed data Event detection and data mining algorithms applied
But there is always a “sensory gap” between what actually occurs, what is sensed and what is inferred from the data.
![Page 20: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/20.jpg)
http://rfid.cs.washington.edu/
Issue: Uncertainty of RFID Data
Our approach: Directly represent uncertainty with probabilistic datae.g. “Bob could be in his office (p = 0.5), the lounge (p = 0.1), or next door (p = 0.4)”
Problem: probabilistic data is huge; and compressed by throwing away less likely possibilities.
![Page 21: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/21.jpg)
http://rfid.cs.washington.edu/
Main Takeaways
1) Use what security the technology provides Should improve with time
2) Verify implementation meets security/privacy claims
3) Access control can help enforce a policy framework
Novel, context-aware access controls are a possibility
4) RFID data and higher-level info inferred from it probably should not be considered actionable
![Page 22: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/22.jpg)
http://rfid.cs.washington.edu/
Thanks
Thank you!
Check out our blog:http://rfid.cs.washington.edu/blog/
Follow us on Twitter! http://twitter.com/rfid_ecosystem
See publications for details: http://rfid.cs.washington.edu/publications.html
![Page 23: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/23.jpg)
http://rfid.cs.washington.edu/
Backup Slides
Backup Slides…
![Page 24: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/24.jpg)
http://rfid.cs.washington.edu/
Privacy & Security Discussion…
Just having an RFID tag could be a privacy risk
Pseudonymity not Anonymity Each RFID tag you carry has a unique number Sequential readings of your tags create a trace Over time this trace can be used to identify you-“The person who: wears this sweater, takes this bus, uses this bus stop, shops at this grocery, …”
U.S. privacy law doesn’t consider these traces to be PII European and Canadian law may handle this better
Important to discuss these issues RFID is increasingly ubiquitous, may be in the REAL ID cards
![Page 25: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/25.jpg)
http://rfid.cs.washington.edu/
Security of Tags and Readers
Promise: Provides a faster, easier payment option
Problem: Name, #, expiration sent as plaintext
$150 homemade device can steal and replay credit cards
Next generation of cards includes better security
Promise: Faster border-crossings, improved security
Problem: Identity, nationality sent in the clear
Malicious parties can easily identify / target U.S. citizens
Revised passport includes faraday shielding and BAC
First generation RFID credit card vulnerabilities (UMass Amherst, RSA labs)
Security and Privacy Risks of the U.S. e-Passport (UC Berkeley)
![Page 26: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/26.jpg)
http://rfid.cs.washington.edu/
Data Privacy and Security
RFID and Contactless Smart Card Transit Fare Payment
Promise: Streamlines transit experience and book keeping
Problem: Massive databases with transit traces of individuals
Not entirely clear what data is private and how it can be used
Oyster card data is the new law enforcement tool in London
Increasing # of requests for Oyster data: 4 in all of 2004 61 in Jan. 2007
ORCA Card: RFID-Based Transit Card for Seattle Area (August 2008)
Promise: Streamlines transit experience and book keeping Integrated with easy pay and institutional partners
Problem: The word “privacy” appears twice in 500 pages of docs…
![Page 27: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/27.jpg)
http://rfid.cs.washington.edu/
Data Privacy and Security
From RFID Ecosystem user studies: “How do I know if I have a tag on me?”, “How do I opt out?” Users must be carefully educated before consenting There should be equal, available alternatives to the RFID option
If personal RFID data is stored:
Clearly define how each piece of information can and will be used
Define and enforce appropriate access control policies• May depend on user, application, and context of use (PAC)
Formal data privacy techniques to further ensure privacy (K-anonymity)• Store only the information you need, and add noise!
Provide users with direct access to and control of their data
![Page 28: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/28.jpg)
http://rfid.cs.washington.edu/
sightings timestamp sightings timestamp sightings timestamp
Time: 0
’s data store ’s data store ’s data store
0 0 0
![Page 29: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/29.jpg)
http://rfid.cs.washington.edu/
sightings timestamp sightings timestamp sightings timestamp
Time:
’s data store ’s data store ’s data store
1 1 1
1
0 0 0
![Page 30: Studying Next Generation RFID Applications in the Workplace](https://reader036.vdocuments.site/reader036/viewer/2022081518/54b8a3104a795932498b4637/html5/thumbnails/30.jpg)
http://rfid.cs.washington.edu/
sightings timestamp sightings timestamp sightings timestamp
Time:
’s data store ’s data store ’s data store
1 1 1
0 0 0
2 2 2
2