seminar report on rfid based trackin system

A

Seminar-I Report

on

RFID BASED TRACKING SYSTEM PRIVACY CONTROL

Submitted in Partial Fulfillment of

the Requirements for the Degree

of

Bachelor of Engineering

in

T.E Computer Engineering

to

North Maharashtra University, Jalgaon

Submitted by

Shahrukh Ayaz Khan

Under the Guidance of

Miss Prachi Chaudhari

DEPARTMENT OF COMPUTER ENGINEERING

SSBT’s COLLEGE OF ENGINEERING AND TECHNOLOGY,

BAMBHORI, JALGAON - 425 001 (MS)2014 - 2015

SSBT’s COLLEGE OF ENGINEERING AND TECHNOLOGY,

BAMBHORI, JALGAON - 425 001 (MS)

DEPARTMENT OF COMPUTER ENGINEERING

CERTIFICATE

This is to certify that the seminar-i entitled RFID based tracking system Privacy

Control, submitted by

Shahrukh Ayaz Khan

in partial fulfillment of the degree of Bachelor of Engineering in T.E Computer Engi-

neering has been satisfactorily carried out under my guidance as per the requirement

of North Maharashtra University, Jalgaon.

Date: April 21, 2015

Place: Jalgaon

Miss Prachi Chaudhari

Guide

Prof. Dr. Girish K. Patnaik Prof. Dr. K. S. Wani

Head Principal

SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) i

Acknowledgements

It gives me a great pleasure to express our deep sense of gratitude and indebtedness to my

guide Miss Prachi Chaudhari for his valuable support and encouraging mentality throughout

my work. I am highly obliged to her for helping me to gain the successful completion of my

case study.

I am highly grateful to the Honorable Head of Department, Prof. Dr. Girish K. Pat-

naik (Department of Computer Engineering),Dr K.S Wani(Principal SSBT COET) and my

Parents for their valuable guidance and encouragement during the work.

I have taken efforts for this report. However, it would not have been possible without

the kind support and help of many individuals who made my Seminar report successful. I

would also like to extend my sincere thanks to all of them.

I would like to take opportunity to sincerely thanks to all the concern individuals, family

members, friends, who made my Seminar successful. I also thanks all those people who

helped me in anyway what so ever act some point in time.

Shahrukh Ayaz Khan

SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) ii

Contents

Acknowledgements ii

Abstract 1

1 Introduction 2

1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.3 Limitations and Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4 Organisation of Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2 Literature Survey 6

2.1 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2 Existing Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 Methodology 9

3.1 Radio Frequency Identification . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2 RFID Origins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2.1 Auto-Identification and RFID . . . . . . . . . . . . . . . . . . . . . . 11

3.3 How does RFID work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3.3.1 Basic System Components . . . . . . . . . . . . . . . . . . . . . . . . 12

3.3.2 Transreciever-transponder Coupling . . . . . . . . . . . . . . . . . . . 15

3.4 RFID Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.4.1 Business Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.4.2 Government Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.4.3 Sub-Dermal Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.4.4 Tags in Libraries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.4.5 Smart Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4 Discussion 22

4.1 RFID SECURITY AND PRIVACY ISSUES . . . . . . . . . . . . . . . . . . 22

4.1.1 TAG DATA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4.1.2 Eavesdropping (or Skimming) . . . . . . . . . . . . . . . . . . . . . . 22

SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) iii

4.1.3 Traffic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.1.4 Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.1.5 Denial of Service Attack . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.1.6 RFID READER INTEGRITY . . . . . . . . . . . . . . . . . . . . . . 24

4.1.7 PERSONAL PRIVACY . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.2 RFID Security Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.3 APPROACHES FOR TACKLING SECURITY AND PRIVACY ISSUES . . 25

4.3.1 SOLUTIONS FOR TAG DATA PROTECTION . . . . . . . . . . . . 25

4.3.2 SOLUTIONS FOR RFID READER INTEGRITY . . . . . . . . . . . 26

4.3.3 SOLUTIONS FOR PERSONAL PRIVACY . . . . . . . . . . . . . . 27

5 Analysis 29

5.1 Some Advantages and Disadvantages . . . . . . . . . . . . . . . . . . . . . . 29

5.1.1 Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.1.2 Disadvantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.2 How it differs from Traditonal Barcode . . . . . . . . . . . . . . . . . . . . . 29

6 Conclusion 31

7 Bibliography 32

7.1 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) iv

List of Figures

1.1 Components called middleware . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.2 Components of RFID systems . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3.1 RFID working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.2 Components of RFID systems . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.3 A comparison between Bar Codes and RFID tags . . . . . . . . . . . . . . . 18

3.4 RFID systems in Supply Chain Management . . . . . . . . . . . . . . . . . . 18

3.5 RFID tags used in Library Management . . . . . . . . . . . . . . . . . . . . 21

5.1 Comparision RFID vs BarCode . . . . . . . . . . . . . . . . . . . . . . . . . 30

SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) v

Abstract

Radio-frequency identification (RFID) is a technology that uses communication via

electromagnetic waves to exchange data between a terminal and an electronic tag attached

to an object, for the purpose of identification and tracking. Some tags can be read from

several meters away and beyond the line of sight of the reader.

Radio-frequency identification involves interrogators (also known as readers), and tags

(also known as labels).

Most RFID tags contain at least two parts. One is an integrated circuit for storing

and processing information, modulating and demodulating a radio-frequency (RF) signal,

and other specialized functions. The other is an antenna for receiving and transmitting the

signal.

There are three types of RFID tags: passive RFID tags, which have no power source and

require an external electromagnetic field to initiate a signal transmission, active RFID tags,

which contain a battery and can transmit signals once an external source (’Interrogator’) has

been successfully identified, and battery assisted passive (BAP) RFID tags, which require

an external source to wake up but have significant higher forward link capability providing

greater range.

There are a variety of groups defining standards and regulating the use of RFID, includ-

ing: International Organization for Standardization (ISO), International Electrotechnical

Commission(IEC), ASTM International, DASH7 Alliance, EPC global. (Refer to Regula-

tion and standardization below.)

RFID has many applications; for example, it is used in enterprise supply chain man-

agement to improve the efficiency of inventory tracking and management.

SSBT’s College of Engineering and Technology, Bambhori, Jalgaon (MS) 1

Chapter 1

Introduction

This chapter describes some basic information on the RFID.

Radio Frequency Identication (RFID) originated during World War - II [22] when it was

imperative to determine whether combatants were friend or foe. In essence,the system fa-

cilitates automatic identication through a combination of tags and readers. Today, RFID

system have been successfully applied to the areas of manufacturing, supply chain, agricul-

ture, transportation, healthcare, and services to name a few. Research in this area has been

growing at a rapid pace as is evidenced by the number of articles published in the past couple

years

In this Chapter, Section 1.1 shows the Background of RFID while section 1.2 defines

the Objectives of this research. Section 1.3 describes some Limitations and solutions and

Section 1.4 shows the Organisation of this report.

1.1 Background

In context of Radio Frequency Identification (RFID), the phrase RFID infrastructure

describes the IT-infrastructure which is necessary to collect, filter and enrich raw RFID data

before processing it to the backend-systems (business intelligence systems like ERP, etc.).

In our case, we are focusing on the software components doing this job. Hence middleware

and infrastructure are to be used synonymously in this report.

In order to standardize the technical description of each vendors solution, we have

derived a set of evaluation criteria. Furthermore we have defined three phases the act of

processing RFID-data typically has to go through if working properly. This was done by

identifying and generalizing the several steps to be performed. Hence the abstract task of

preprocessing data could be distinguished into three phases:


Figure 1.1: Components called middleware

1.collecting data by managing the RFID-reader(s)

2. enriching this collected data for further use (e.g. by filtering, accumulating, etc.)

3.exchanging enriched data with backend-systems

Thus we have an n-tier design approach for RFID-middleware (usually a 3-tier archi-

tecture presuming one layer for each phase). As further reading will show, nearly all solutions

meet this approach.

1.2 Objectives

In this study, an attempt has been made to know how using of RFID technology helps to

improve services and business process efficiency in public and private sectors. However, the

specific objectives of the study are set forth as below: a) To delineate the concise essentials

of RFID technology; b) To explore its current and emerging applications in present world.

c) To evaluate the challenges to implement RFID technology in Bangladesh; d) To provide

some recommendation for prevail over those challenges.

1.3 Limitations and Solutions

The use of the RFID technology in livestock tracking is still not the Holy Grail for all

problems, since new problems evolve which need to be solved. One of the biggest problems

is the lack of standardized tags and tag readers. Some of the tag readers are only able to

read the information of specific tags. The lack of standardized codes leads to big obstacles

in centralizing the information about certain animals in a federal global database.. The

information received from the breeder needs to be arranged, before storing it, to set them

in to a uniform data format. A first step to solve this problem is the standardization of the

information on the tags and the standardization of the tag readers.


Figure 1.2: Components of RFID systems


Like mentioned above there are standards from the ISO, but another problem is that

not all tag and reader producer are using the standard. Also it is not possible to ensure in

all cases the uniqueness of the IDs, since they could be duplicated or in case of the loss of

the tag the same number is given to more than one animal. The uniqueness can be better

ensured through biometric methods, which take advantage of clear physiologic characteristics

of an animal. Biometric identification methods for practical use are the DNS-Profiling, Iris-

Scanning or Retina- Imaging. The DNS-Profiling is mainly used in breeding animals with

best physical characteristics, but this is a very slow and expensive method, since the DNA

has to be extracted and analyzed for every single animal. In the case of Iris-scanning a picture

from the iris s taken and stored in a database, this method is faster and more practical than

DNS-Profiling. A unique and stable mark from birth is the vessel pattern of the retina.

These methods can help to make it easier to identify an animal, but the identification should

not embed one without tags, because the biometric methods are still under testing . Another

problem is the limited range of the tag readers. To identify an animal in a herd or on an

open field the breeder needs to be in the direct neighborhood of that animal. This can be

solved if the animals are carrying only active tags, but it is not likely to ensure that the

animals carries its unique ID its whole life, because the battery needs to be recharged.

1.4 Organisation of Report

In this Chapter, we present a brief history of RFID along with Objectives of this Research

and it’s Limitations.

In Chapter 2 we have done literature Survey to compare with other authors and dis-

cussed some related done by researchers with the existing technologies.

In Chapter 3, we present a primer on basic RFID principles and discuss the taxonomy

of various RFID systems along with its origins and working of the System. We have also

summarized several major applications of RFID in Chapter 3.

Chapter 4 addresses the technical, economic, security, and privacy challenges facing

RFID adoption and some solutions given by various researchers

Finally, Chapter 5 Some Advantages and Disadvantages of RFID along with the com-

parision with the traditional Barcode Stystem.


Chapter 2

Literature Survey

The Literaure Survey” or Literature review” is an evaluative report of information found

in the literature related to your selected area of study. The review describes, summaries,

evaluates and clari

es the proposed literature. It gives a theoretical base for the research and helps to

determine the nature of research. In this Chapter, Section 2.1 Shows some Related work

done previously and section 2.2 describes Existing Technologies Used.

The RFID system serves the purposes [19] of identication, monitoring, authentication

and alerting through this exchange of data between the tag and the reader. The process is

automatic and both the tag and the reader do not need to be in plain sight. Inother words,

the RFID system facilitates remote and automatic identication. To improve the security tags

and readers have a challenge-response mechanism [20] which works much like the security

question that many websites have the users complete in order to authenticate the user.

Cronin [21] compares RFID with its predecessor technology viz. barcodes. Barcodes

require that the barcode and scanner are in direct line of sight for them to be scanned

and the items have to be physically moved against the scanner for data collection. RFID

tags, on the other hand, automatically transmit data to the reader even without a line of

sight. Singh et al. [22] provides a brief overview of the RFID technology and also the recent

advances towards standardization of the system. The authors also describe some of the

recent applications in the eld of apparel, and fresh produce. Ngai et al. [23] summarize the

research ndings in this area from 1995 up to 2005. Alani et al. [24] summarize the various

aspects involved in a RFID system and their classication schemes.


2.1 Related Work

Privacy protection is an important component in ubiquitous computing environments

[1], [2]. The technique of using mix zones was proposed by [3], [4] where by users could

specify certain areas where nobody could trace their movements. Other researchers [5], [6],

[7] proposed techniques to help users define privacy policies. This approach is more flexible

than mix zones at the cost of additional complexity in specifying the policies. The idea of

allowing users to specify virtual walls was suggested by [8] to simplify the creation of a privacy

policy. Physical access control [9], [10] addresses the problem of specifying a privacy policy.

Users can only obtain the location information of people that are were present together at

the same time. The intuition is that users that were at the same location at the same time

already know each others presence, and thus there is no privacy issues when releasing that

information later. Our work differs from these proposed techniques in that we do not rely on

trusted servers to protect user privacy. Our idea of protecting privacy by separating location,

time, and identity is similar to that proposed by [11], but our solutions are designed to work

with RFID tags.

RFID security is an active area of research with many different protocols being pro-

posed [12], [13], [14]. While our paper also proposes a simple security protocol, our focus is

less on the security and privacy between RFID reader and tag, but oriented more towards

data already collected and archived. Closely related to our paper is research on searching

encrypted data. In this problem, a user encrypts his data and stores it at an untrusted

server. The user wants to be able to search of part of his data in an efficient manner. Since

the server is untrustworthy, the user cannot send over his secret key. The user also cannot

request the server to transmit all the encrypted data back since it is inefficient. An search

system using symmetric key to encrypt data was proposed by [15], while [16] suggested a

public key based scheme. Practical encrypted database query retrieval systems were pro-

posed by [17], [18]. However, unlike our paper, prior research in this area do not consider the

privacy implications of ubiquitous environments such as malicious tracking of users. This

was shown in the second strawman approach by using [19] as an example. Furthermore,

these prior techniques assume that more advance hardware such as laptops are used, rather

than computational weak RFID tags.

2.2 Existing Technologies

According to the European e-Business Watch large-scale survey [19] of RFID adoption strate-

gies and impacts in four broad economic sectors, 14


Health Sector: Austria tests by the municipal administration of Vienna on the ap-

plicability of RFID in the health care system. Mexico has Health insurance card: RFID

technology is integrated in the popular insurance card where the username, information on

doctors as well as prescribed drugs are stored. Korea uses RFID technology in hospitals.

e-Passport: In Denmark, e-passport is available since mid-2006; biometric passport relying

on RFID embedded fingerprint technology is introduced mid-2009. Germany has introduced

e-passport since the end of 2005 and electronic ID card since the end of 2009. Biometric pass-

port is relying on RFID technology in Netherlands, USA and UK. Portugal has e-passport

and e-passport control systems at Portuguese airports.

Public Services: Austria tests in the Viennese parking facility management. Germany

uses Waste management in different communities. Korea has implemented Pilot projects in

the fields of procurement, baggage handling, container management, ammunition manage-

ment, tracking hazardous waste, museums etc. RFID tags replace paper season parking

tickets at car parks in public housing estates in Singapore.

Education Sector: RFID technology is used in Den- mark, Germany, Singapore, Nether-

lands and United States of America implementing for lending systems in libraries. Logis-

tics/Transport Sector: Japan has set-up of the Free Mobility Assistance System based on

ubiquitous network technology including RFID tags, to provide information for seamless

movement (e.g. transfer routes and transport modes). Netherlands has introduced payment

cards for public transport. Singapore establishes Nationwide Electronic Road Pricing (ERP)

system to control and manage traffic volume; payment of road us- age charges. The ERP is

applied to all of Singapores 840,000 vehicles.


Chapter 3

Methodology

The Methodology” is a system of broad principles or rules from which specfic methods or

procedures may be derived to interpret or solve different problems within the scope of a

particular discipline. Unlike an algorithm, a methodology is not a formula but a set of

practices. Methodology is the systematic, theoretical analysis of the methods applied to a

held of study, or the theoretical analysis of the body of methods and principles associated

with a branch of knowledge. It, typically, encompasses concepts such as paradigm, theoretical

model, phases and quantitative or qualitative techniques. A Methodology does not set out

to provide solutions but offers the theoretical underpinning for understanding which method,

set of methods or so called Best Practices” can be applied to a specific case.

In this Chapter, Section 3.1 Explains Basics of RFID and 3.2 Tells us about it’s origins

and section 3.3 explains How RFID Works. While Section 3.3 Shows some applications of

RFID.

3.1 Radio Frequency Identification

Radio frequency identification (RFID) is a rapidly growing technology that has the potential

to make great economic impacts on many industries. While RFID is a relatively old technol-

ogy, more recent advancements in chip manufacturing technology are making RFID practical

for new applications and settings, particularly consumer item level tagging. These advance-

ments have the potential to revolutionize supply-chain management, inventory control, and

logistics.

At its most basic, RFID systems consist of small transponders, or tags, attached to

physical objects. RFID tags may soon become the most pervasive microchip in history.

When wirelessly interrogated by RFID transceivers, or readers, tags respond with some

identifying information that may be associated with arbitrary data records. Thus, RFID


systems are one type of automatic identification system, similar to optical bar codes. There

are many kinds of RFID systems used in different applications and settings. These systems

have different power sources, operating frequencies, and functionalities. The properties and

regulatory restrictions of a particular RFID system will determine its manufacturing costs,

physical specifications, and performance. Some of the most familiar RFID applications are

item-level tagging with electronic product codes, proximity cards for physical access control,

and contact-less payment systems. Many more applications will become economical in the

coming years. While RFID adoption yields many efficiency benefits, it still faces several

hurdles. Besides the typical implementation challenges faced in any information technology

system and economic barriers, there are major concerns over security and privacy in RFID

systems.

Without proper protection, RFID systems could create new threats to both corporate

security and personal privacy.

3.2 RFID Origins

The origins of RFID technology lie in the 19th century when luminaries of that era made

great scientific advances in electromagnetism. Of particular relevance to RFID are Michael

Faradays discovery of electronic inductance, James Clerk Maxwells formulation of equations

describing electromagnetism, and Heinrich Rudolf Hertzs experiments validating Faraday

and Maxwells predictions. Their discoveries laid the foundation for modern radio communi-

cations.

Precursors to automatic radio frequency identification systems were automatic object

detection systems. One of the earliest patents for such a system was a radio transmitter

for object detection system designed by John Logie Baird in 1926 [4]. More well known is

Robert Watson-Watts 1935 patent for a Radio Detection and Ranging system, or RADAR.

The passive communication technology often used in RFID was first presented in Henry

Stockmans seminal paper Communication by Means of Reflected Power in 1948 [23].

One of the first applications of a radio frequency identification system was in Identify

Friend or Foe (IFF) systems deployed by the British Royal Air Force during World War

II 0. IFF allowed radar operators and pilots to automatically distinguish friendly aircraft

from enemies via RF signals. IFF systems helped prevent friendly fire incidents and aided in


intercepting enemy aircraft. Advanced IFF systems are used today in aircraft and munitions,

although much of the technology remains classified.

Electronic detection, as opposed to identification, has a long history of commercial use.

By the mid- to late-1960s, Electronic Article Surveillance (EAS) systems were commercially

offered by several companies, including Checkpoint Systems and Sensormatic. These EAS

systems typically consisted of a magnetic device embedded in a commercial product and

would be deactivated or removed when an item was purchased. The presence of an activated

tag passing through an entry portal would trigger an alarm. These types of systems are

often used in libraries, music stores, or clothing stores. Unlike RFID, these types of EAS

systems do not automatically identify a particular tag; they just detect its presence.

3.2.1 Auto-Identification and RFID

In terms of commercial applications, RFID systems may be considered an instance of a

broader class of automatic identification (auto-ID) systems. Auto-ID systems essentially

attach a name or identifier to a physical object by some means that may be automatically

read. This identifier may be represented optically, electromagnetically, or even chemically.

Perhaps the most successful and well-known auto-ID system is the Universal Product

Code (UPC). The UPC is a one-dimensional, optical barcode encoding product and brand

information. UPC labels can be found on most consumer products in the United States.

Similar systems are deployed worldwide.

The Uniform Code Council (UCC), a standards body originally formed by members

of the grocery manufacturing and food distribution industries, originally specified the UPC

[25]. A precursor body to the UCC first met in 1969 to discuss the need for an inter-industry

auto- ID system. By 1973, a one-dimensional (or linear) barcode design was chosen. In 1974,

a supermarket in Ohio scanned the first UPC-labeled product: a package of Wrigleys gum.

Adoption of the UPC grew steadily throughout the following years, to the point where

UPC barcode scanners are found in a vast majority of large American retailers. Today,

over five billion barcodes are scanned around the world each day. Shipping and transit

companies, such as United Parcel Service, Federal Express, and the United States Postal

service, commonly use two-dimensional barcodes, which can carry more data in a smaller

surface area.


Optical barcodes offer faster, more reliable, and more convenient inventory control

and consumer checkout than checking out by hand. Several weaknesses of optical barcodes

are that they require line-of-sight and may be smudged or obscured by packaging. In most

circumstances, optical barcodes still require some human manipulation to align a barcode

label with a reader. Supermarket shoppers have certainly experienced a checker struggling

to scan an optical barcode.

Auto-ID systems that transmit data via RF signals, i.e. RFID, do not have the same

performance limitations as optical systems. Data may be read without line-of-sight and

without human or mechanical intervention. A key advantage in RF-based auto-ID systems

is parallelism. Modern RFID systems may offer read rates of hundreds of items per second.

3.3 How does RFID work?

Systems that make use of RFID technology are typically composed of three key elements:

• An RFID tag, or transponder, that carries object-identifying data.

• An RFID tag reader, or transceiver, that reads and writes tag data.

• A back-end database, that stores records associated with tag contents.

Each tag contains a unique identity code. An RFID reader emits a low-level radio

frequency magnetic field that energises the tag. The tag responds to the readers query and

announces its presence via radio waves, transmitting its unique identification data. This data

is decoded by the reader and passed to the local application system via middleware. The

middleware acts as an interface between the reader and the RFID application system. The

system will then search and match the identity code with the information stored in the host

database or backend system. In this way, accessibility or authorisation for further processing

can be granted or refused, depending on results received by the reader and processed by the

database.

3.3.1 Basic System Components

Typical transponders (transmitters/responders) consist of a microchip that stores data and

a coupling element, such as a coiled antenna, used to communicate via radio frequency

communication. Transponders may be either active or passive. Active transponders have an

on-tag power supply (such as a battery) and actively send an RF signal for communication

while passive transponders obtain all of their power from the interrogation signal of the


Figure 3.1: RFID working


transceiver and either reflect or load modulate the transceivers signal for communication.

Most transponders, both passive and active, communicate only when they are interrogated

by a transceiver.

Typical transceivers (transmitter/receivers), or RFID readers, consist of a radio fre-

quency module, a control unit, and a coupling element to interrogate electronic tags via

radio frequency communication. In addition, many transceivers are fitted with an interface

that enables them to communicate their received data to a data processing subsystem, e.g.,

a database running on a personal computer. The use of radio frequencies for communica-

tion with transponders allows RFID readers to read passive RFID tags at small to medium

distances and active RFID tags at small to large distances even when the tags are located

in a hostile environment and are obscured from view.

The basic components of an RFID system combine in essentially the same manner for

all applications and variations of RFID systems. All objects to be identified are physically

tagged with transponders. The type of tag used and the data stored on the tag varies from

application to application

Transceivers are strategically placed to interrogate tags where their data is required.

For example, an RFID-based access control system locates its readers at the entry points

to the secure area. A sports timing system, meanwhile, locates its readers at both the

starting line and the finish line of the event. The readers continuously emit an interrogation

signal. The interrogation signal forms an interrogation zone within which the tags may

be read. The actual size of the interrogation zone is a function of the transceiver and

transponder characteristics. In general, the greater the interrogation signal power and the

higher the interrogation signal frequency, the larger the interrogation zone. Sending power to

the transponders via the reader-to-tag communication signal is the bottleneck in achieving

large read range with passive tags. Active tags do not suffer from this drawback; thus, they

typically have larger communication ranges than an otherwise equivalent passive tag.

The transceivers and transponders simply provide the mechanism for obtaining data

(and storing data in the case of writable tags) associated with physical objects.

Passive RFID systems are the most promising to provide low-cost ubiquitous tag-

ging capability with adequate performance for most supply chain management applications.

These low-cost RFID systems are, of necessity, very resource RFID Systems and Security

and Privacy Implications limited, and the extreme cost pressures make the design of RFID


Figure 3.2: Components of RFID systems

systems a highly coupled problem with sensitive trade-offs. Unlike other computation sys-

tems where it is possible to abstract functionality and think modularly, almost every aspect

of an RFID system affects every other aspect. We present a brief overview of the critical

components of RFID technology and summarize some of these trade-offs in passive RFID

design

3.3.2 Transreciever-transponder Coupling

Passive RFID tags obtain their operating power by harvesting energy from the electromag-

netic field of the readers communication signal. The limited resources of a passive tag require

it to both harvest its energy and communicate with a reader within a narrow frequency band

as permitted by regulatory agencies. We denote the center of this frequency band by f, and

we refer to RFID systems operating at frequency f with the understanding that this is the

center frequency of the band within which it operates.

Passive tags typically obtain their power from the communication signal either through

inductive coupling or far field energy harvesting. Inductive coupling uses the magnetic field

generated by the communication signal to induce a current in its coupling element (usually

a coiled antenna and a capacitor). The current induced in the coupling element charges the

on-tag capacitor that provides the operating voltage, and power, for the tag. In this way,

inductively coupled systems behave much like loosely coupled transformers. Consequently,

inductive coupling works only in the near-field of the communication signal. The near field

for a frequency f extends up to 1/(2f) meters from the signal source.


For a given tag, the operating voltage obtained at a distance d from the reader is

directly proportional to the flux density at that distance. The magnetic field emitted by the

reader antenna decreases in power proportional to 1/d3 in the near field. Therefore, it can

be shown that for a circularly coiled antenna the flux density is maximized at a distance

d (in meters) when R = 2d, where R is the radius of the readers antenna coil. Thus, by

increasing R the communication range of the reader may be increased, and the optimum

reader antenna radius R is 1.414 times the demanded read range d.

Far field energy harvesting uses the energy from the interrogation signals far field signal

to power the tag. The far field begins where the near field ends, at a distance of 1/(2f) from

the emitting antenna. The signal incident upon the tag antenna induces a voltage at the

input terminals of the tag. This voltage is detected by the RF front-end circuitry of the tag

and is used to charge a capacitor that provides the operating voltage for the tag.

There is a fundamental limitation on the power detected a distance d away from a

reader antenna. In a lossless medium, the power transmitted by the reader decreases as a

function of the inverse square of the distance from the reader antenna in the far field.

A reader communicates with and powers a passive tag using the same signal. The

fact that the same signal is used to transmit power and communicate data creates some

challenging trade-offs. First, any modulation of the signal causes a reduction in power to

the tag. Second, modulating information onto an otherwise spectrally pure sinusoid spreads

the signal in the frequency domain. This spread, referred to as a side band, along with the

maximum power transmitted at any frequency, is regulated by local government bodies in

most parts of the world. These regulations limit the rate of information that can be sent

from the reader to the tag. RFID systems usually operate in free bands known as Industrial-

Scientific-Medical (ISM) bands, where the emitted power levels and the side band limits tend

to be especially stringent.

The signaling from the tag to the reader in passive RFID systems is not achieved by

active transmission. Since passive tags do not actively transmit a signal, they do not have

a regulated limit on the rate of information that can be sent from the passive tag to the

reader. In the near field, tag to reader communication is achieved via load modulation. Load

modulation is achieved by modulating the impedance of the tag as seen by the reader. In the

far field, tag to reader communication is achieved via backscatter. Backscatter is achieved

by modulating the radar cross-section of the tag antenna. Comprehensive reviews of the

operation of tags and readers are available in [8] and [17].


The powering of and communication with passive tags with the same communication

signal places restrictions on the functionality and transactions the tags are capable of. First,

there is very little power available to the digital portion of the integrated circuit on the tag.

This limits the functionality of the tag. Second, the length of transactions with the tag is

limited to the time for which the tag is expected to be powered and within communication

range. Governmental regulations can further limit communication timings. In the US in the

915 MHz ISM band, regulations require that, under certain operating conditions, the com-

munication frequency change every 400 ms. Since every change in frequency may cause loss

of communication with a tag, transponders must not be assumed to communicate effectively

for longer than 400 ms. Finally, it is important to minimize state information required in

passive tags. In many practical situations, power supplied to the tag may be erratic, and any

long-term reliance on state in the tag may lead to errors in the operation of a communication

protocol.

3.4 RFID Applications

The main purpose of RFID is automated identification of products and people. One of the

biggest advantages of RFID over conventional systems such as bar codes, is that neither line

of sight nor physical contact is required for an object with an RFID tag to be identified,

as is the case with bar codes where line of sight is required and smart cards, where contact

is required. It is hoped that RFID tags will become widely used, replacing all manner of

current identification as well as introducing applications not dreamed of earlier. One of the

reasons is that the prices of RFID tags have been falling steadily. RFID tags are viewed

as the next generation successors to bar codes. This makes it necessary for their cost to be

low, as they will add to the cost of the item on which they are included. To the best of

our knowledge, the cheapest tags available in the market cost .07 cents per tag, if they are

bought in volumes of 10 million [2] as of February 2006. The cost seems likely to drop to

.05 in the near future [3]. From a financial point of view, such prices would facilitate the

use of RFID in all manners of applications where identification is required. As mentioned,

the main application of RFID is for automated identification, and it is hoped that RFID

devices will replace all manners of optical identification techniques. To explain the numerous

advantages RFID possesses, we include here in Table I a comparison of RFID tags and bar

codes [4] for quick reference.

Commercial applications of RFID can be found today in supply chain management,

automated payment systems, airline baggage management, and so on. According to RFIDup-

date.com, one of the catalysts for the RFID industry has been mandates issued by Wal-Mart


Figure 3.3: A comparison between Bar Codes and RFID tags

Figure 3.4: RFID systems in Supply Chain Management

and the US Department of Defense (DOD) for their suppliers to adopt RFID technology4.

Although the market has not grown quickly or as large as originally expected, these two

mandates continue to be important drivers in development of the industry.

3.4.1 Business Use

In June 2003, the worlds largest retailer, Wal-Mart, sent out a request to its top 100 suppliers

to put RFID tags on all cases and pallets of consumer goods shipped to a limited number

of Wal-Mart distribution centers and stores by 2005[5]. While the deployment of the RFID

project continued, Wal-Mart indicated in 2006 that out-of-stock items carrying RFID tags

could be replenished three times faster than they were before the project began[6].


However, not all companies have found RFID technology that helpful. A number of

smaller Wal-Mart suppliers have had trouble justifying the investment in implementing RFID

in their supply chain7 in order to meet Wal-Marts expectations

Many access control devices currently used are based on smart cards, which have to

be swiped in a reader. The use of RFID for access control would mean that removal of the

card from a pocket is unnecessary, making it more convenient for the user. Use of RFID also

makes control systematic. By systematic we mean that two people accessing an area at the

same time should be recorded. For example, if access control uses smart cards, then if one

person opens a door using a smart card another authorized person can slip in behind him,

without the system having a record of it. If however, RFID tags are used, then as soon as

a person with a tag comes into the read range, the reader detects the person. An example

of such a system was implemented by Texas Instruments (TI) in 1999 [5]. They developed

a wireless access system for ski lifts. As soon as members with a valid RFID tag came near

the lift, the ski car opens and they can climb on. An automatic log of the people using the

lift is also maintained.

Another access control area where RFID has found popular use is that of car keys.

Companies such as Mercedes Benz are implanting tags in keys, and a reader in the car.

When the person with the key comes near the car, the door automatically opens, without

having to insert the key. Some cars even have multiple keys. This is useful if there is more

than one person who drives the car. Each person saves his preferences with reference to seat

position, cabin temperature etc. Depending on which RFID tag is read, the onboard system

changes the various parameters in the car to suit the person whose key it is.

One last example, which has been implemented successfully in many cities around the

world, is the use of RFID in toll gates. Frequent commuters place an RFID tag on their

dashboard. When they approach the gate through a special lane, a high-ranged reader reads

tag and allows them through. Each time the tag is read, the amount of currency left in the

users account is decreased, and when the currency gets over, the user buys a new tag.

3.4.2 Government Use

Similar to Wal-Mart, the US Department of Defense (DOD) began a policy in July 2004,

requesting vendors supplying goods directly or indirectly to the DOD integrate RFID into

their shipping procedures[8]. This mandate triggered a number of DOD suppliers to test

RFID, or run pilot projects in order to comply with the new requirements.


Another adoption of RFID technology has been by governments, with the electronic

passport project. In a number of countries, traditional paper passports are gradually being

replaced with passports embedded with a small integrated circuit. Biometric information,

such as face recognition, fingerprints or iris scans are stored in the electronic passport. The

electronic passport project was initiated by the US, requesting all countries participating in

the Visa Waiver Program issue passports with integrated circuits. The main objectives are

for automated identity verification, and for greater border protection and security[9].

3.4.3 Sub-Dermal Tags

This refers to tags that are implanted under the skin of people or animals. TI has imple-

mented several systems for animal tracking. RFID tags are especially useful in tracking

cattle, as well as keeping a count of a herd. Tags can also be used to study migration pat-

terns of fish, by tagging them and keeping track at regular intervals using a powerful reader

on a ship. Recently, the number of people who have been getting RFID tags implanted has

also been on the rise.

There are a number of forums on the Internet where people who have been tagged

discuss their experience [7]. One typical example is for computer access. Instead of typing

in a user name and password, a user has a tag implanted under his palm, and simply has to

wave his hand in front of the monitor, which has an RFID reader inbuilt.

3.4.4 Tags in Libraries

Some libraries have implanted RFID tags in their books. This allows users to carry out

returning and borrowing applications themselves. Librarians can also detect missing and

misfiled books easily, by using a hand held battery operated RFID reader. Then, the books

on each shelf do not have to be removed to check which belong there and which dont, only

those shelves that cause the RFID system to show an error can be checked. According to

Bibliotheca Library systems [8], more than 100 million books world wide in libraries across

Europe and North America have already been tagged.

3.4.5 Smart Appliances

A potential use of RFID devices is in smart appliances. Though these have not yet been

developed, there is a lot of speculation on them, and smart appliances are probably one of

the most exciting areas of RFID. Here we cite a few examples.


Figure 3.5: RFID tags used in Library Management

-Clothes made of a particular material can be implanted with tags with ID numbers

in a particular range. When these clothes are placed in a washing machine with an RFID

reader, the machine automatically selects the number of cycles, amount of water etc.

-Consider the following scenario you buy a packet of microwave popcorn implanted

with an RFID tag. You go home and place it in your RFID enabled microwave, and as soon

as you do so the microwave automatically sets the time required and starts operating!

-Your refrigerator contains an RFID system, and all food products are tagged. The

RFID system can communicate with a central database that holds the information for the

food products. The reader reads the information and is able to determine information such

as the expiry date for a particular carton of juice. When the date is reached, an alert is

sounded, saving you from having the expired juice!


Chapter 4

Discussion

In this Chapter Section 4.1 describes the Security and Privacy issues in RFID and security

trends while section 4.2 explain approaches for Tackling Security and Privacy Issues

4.1 RFID SECURITY AND PRIVACY ISSUES

With the adoption of RFID technology, a variety of security and privacy risks need to be

addressed by both organisations and individuals:

Consumer concerns regarding RFID can broadly be classified into security and pri-

vacy. Security issues deal with legitimate readers getting information from illegitimate tags,

whereas privacy issues deal with illegitimate readers getting information from legitimate

tags. From a consumers point of view, the privacy issue is more important, and as a result

media coverage has been much higher. However, recognition of the importance of RFID

security has also been increasing.

4.1.1 TAG DATA

RFID tags are considered dumb devices, in that they can only listen and respond, no matter

who sends the request signal. This brings up risks of unauthorised access and modification

of tag data. In other words, unprotected tags may be vulnerable to eavesdropping, traffic

analysis, spoofing or denial of service attacks. We will look at each of these in turn:

4.1.2 Eavesdropping (or Skimming)

Radio signals transmitted from the tag, and the reader, can be detected several metres away

by other radio receivers. It is possible therefore for an unauthorised user to gain access

to the data contained in RFID tags if legitimate transmissions are not properly protected.


Any person who has their own RFID reader may interrogate tags lacking adequate access

controls, and eavesdrop on tag contents.

Researchers in the US has demonstrated a skimming attack on an RFID credit card,

through which credit card information, such as the cardholders name and account informa-

tion, could be skimmed if not properly encrypted[10].

4.1.3 Traffic Analysis

Even if tag data is protected, it is possible to use traffic analysis tools to track predictable tag

responses over time. Correlating and analysing the data could build a picture of movement,

social interactions and financial transactions. Abuse of the traffic analysis would have a

direct impact on privacy.

4.1.4 Spoofing

Based on the data collected from eavesdropping or traffic analysis, it is possible to perform

tag spoofing. For instance, a software package known as RFDump,[11] that runs on a

notebook computer or personal digital assistant, allows a user to perform reading or writing

tasks on most standard smart tags if they are not properly protected. The software permits

intruders to overwrite existing RFID tag data with spoof data. By spoofing valid tags, the

intruder could fool an RFID system, and change the identity of tags to gain an unauthorised

or undetected advantage. One example is trying to save money by buying expensive goods

that have had their RFID price tags spoofed to display cheaper prices. By combining the

two capabilities of eavesdropping and spoofing, a replay attack is possible where an attacker

can query a tag, receive the information it sends, and retransmit this information at a later

time[12].

4.1.5 Denial of Service Attack

The problems surrounding security and trust are greatly increased when large volumes of

internal RFID data are shared among business partners. A denial of service attack on RFID

infrastructure could happen if a large batch of tags has been corrupted. For example, an

attacker can use the kill command, implemented in RFID tags, to make the tags permanently

inoperative if they gain password access to the tags. In addition, an attacker could use an

illegal high power radio frequency (RF) transmitter in an attempt to jam frequencies used

by the RFID system, bringing the whole system to a halt[13].


4.1.6 RFID READER INTEGRITY

In some cases, RFID readers are installed in locations without adequate physical protection.

Unauthorised intruders may set up hidden readers of a similar nature nearby to gain access to

the information being transmitted by the readers, or even compromise the readers themselves,

thus affecting their integrity. Unauthorised readers may also compromise privacy by accessing

tags without adequate access controls.

As a result, information collected by readers and passed to the RFID application may

have already been tampered with, changed or stolen by unauthorised persons. An RFID

reader can also be a target for viruses. In 2006, researchers demonstrated that an RFID virus

was possible. A proof-of-concept self-replicating RFID virus was written to demonstrate that

a virus could use RFID tags to compromise backend RFID middleware systems via an SQL

injection attack[14].

4.1.7 PERSONAL PRIVACY

As RFID is increasingly being used in the retailing and manufacturing sectors, the widespread

item-level RFID tagging of products such as clothing and electronics raises public concerns

regarding personal privacy. People are concerned about how their data is being used, whether

they are subject to more direct marketing, or whether they can be physically tracked by RFID

chips. If personal identities can be linked to a unique RFID tag, individuals could be profiled

and tracked without their knowledge or consent.

For instance, washing clothes tagged with RFID does not remove the chips, since they

are specially designed to withstand years of wear and tear. It is possible that everything

an individual buys and owns is identified, numbered and tracked, even when the individual

leaves the store, as far as products are embedded with RFID tags. RFID readers can detect

the presence of these RFID tags wherever they are close enough to receive a signal.

4.2 RFID Security Trends

Since RFID remains an emerging technology, the development of industry standards for pro-

tecting information stored on RFID chips is still being explored and strengthened. Research

into the development and adaptation of efficient hardware for cryptographic functions, sym-

metric encryption, message authentication codes and random number generators will improve

RFID security. In addition, advances in RFID circuit design and manufacturing technology


can also lower development costs releasing more resources in tags that can be used for other

functions, such as allocating power consumption towards security features.

Today, certain public key technologies are also being studied and in some cases deployed

by RFID vendors. This helps improve confidentiality, user authentication and privacy of

RFID tags and associated applications. RFID vendors are also conducting research into

integrity and confidentiality issues around RFID reader infrastructure. Data can now be

stored on a token using dynamic re-keying, where specific readers can rewrite a tokens

credentials/signature, and verify the tokens identity. However, the cost and performance

issues around using public key technologies in RFID applications have stalled its use for

critical security applications.

4.3 APPROACHES FOR TACKLING SECURITY AND

PRIVACY ISSUES

There are a variety of solutions for tackling the security and privacy issues surrounding

RFID. They can be categorised into the following areas

• 1. Tag Data Protection

• 2. Reader Integrity

• 3. Personal Privacy

4.3.1 SOLUTIONS FOR TAG DATA PROTECTION

Password Protection on Tag Memory

Passwords can be used to protect tag data, preventing tags from being read without the

original owners permission. But if the passwords for all the tags are identical, then the

data becomes virtually public. However, if each tag is going to have a different or unique

password, there may be millions of passwords that need to be recorded, meaning the reader

would have to access the database and perform a lot of comparisons for each reading attempt.

Physical Locking of Tag Memory

The tag manufacturer locks information such as a unique identifier into tag before the tag is

released into an open environment. In other words, the chip is read-only and is embedded

with information during the manufacturing process. This provides proof of origin.


The limitation of this method is that no rewriting of data can be done on the tag

chip. Additional memory would be required for storing modifiable or extra information and

an algorithm would be needed for finding the latest tag data. This would result in higher

memory cost and a larger size memory.

Authentication of the Author in Tag Memory

The author or owner of the tag encrypts the tag data with his own private key (i.e. digitally

signs the tag) and writes the encrypted data into tag memory along with the authors name,

a reference to his public key and the algorithm used in non-encrypted form. When the reader

wants to verify the authenticity of information, it retrieves the authors name and other non-

encrypted information from the tag to verify that the data has been actually written by the

original author as claimed. However, if the RFID reader needs to update the tag with new

data, a key management system is required in order to manage the private key.

4.3.2 SOLUTIONS FOR RFID READER INTEGRITY

Reader Protection

Readers can reject tag replies with anomalies in response times or signal power levels which

dont match the physical properties of tags. If passive tags are used, this can be a way to

prevent spoofing attempts. Readers can also use random frequencies with tags designed

to follow a frequency dictated by the reader. Readers can change frequencies randomly so

that unauthorised users cannot easily detect and eavesdrop on traffic. On top of this, data

transmitted between the reader and the RFID application server could require verification

of the readers identity. Authentication mechanisms can be implemented between the reader

and the back end application to ensure that information is passed to the valid processor.

Read Detectors

RFID environments can be equipped with special devices to detect unauthorized read at-

tempts or transmissions on tag frequencies. These read detectors may be used to detect

unauthorized read/update attempts on tags, if they are used together with specially de-

signed tags that can transmit signals over a reserved frequencies, indicating any attempts to

kill or modify tags


4.3.3 SOLUTIONS FOR PERSONAL PRIVACY

Kill Tag

By executing a special kill command on a tagged product, the RFID tag will be killed and

can never be re-activated. This kill command may disconnect the antenna or short-circuit a

fuse. This ensures that the tag cannot be detected any further, and thus protects the privacy

of the individual who possesses the product.

However, there may be instances where tags should not be killed. A store may wish for

example to re-detect the tags on defective products returned by customers. Also, smart-cards

embedded with RFID chips for access control will need to be activated continuously.

Faraday Cage

An RFID tag can be shielded with a container made of metal mesh or foil, known as a

Faraday Cage. This foil-lined container can block radio signals of certain frequencies and

thus protect tagged products from being detected. However, this approach might not work

in some situations. For example, it is difficult to wrap foil-lined containers around tags used

in clothing for pets and people.

Active Jamming

Active jamming of RF signals refers to the use of a device that actively broadcasts radio

signals in order to disrupt the operation of any nearby RFID readers. This physical means

of shielding may disrupt nearby RFID systems.

However, the use of such a device may be illegal, depending on the broadcasting power

of the device and government regulations in force. There is a risk of severe disruption to all

nearby RFID systems if the jamming power is too strong.

RSA Selective Blocker Tag

A blocker tag is a passive RFID device that uses a sophisticated algorithm to simulate

many ordinary RFID tags simultaneously. It provides an endless series of responses to RFID

readers through the use of two antennas to reflect back two bits simultaneously, thereby

preventing other tags from being read, performing a kind of passive jamming.


However, this approach gives individuals a lot of control. In addition, a blocker tag

may be used maliciously to circumvent RFID reader protocols by simulating multiple tag

identifiers.

Logical Hash-lock

When a tag is locked, it is given a value (or meta-ID) that is a hash value of the corresponding

key or PIN. The tag will refuse to reveal its ID until it can be unlocked by presenting the value

of the key or PIN value. For example, tags may be locked at check out time in a supermarket

and then unlocked by the individual using a given meta-ID and PIN after returning home.

These meta-ID and PINs may be read optically by individuals, and be printed on the interior

of the package or on the payment bill after purchasing, rather than transmitted by radio.

The limitation of this approach is that individuals need to manage the lock/unlock

features and the associated PINs for a whole collection of tags and purchases, and need to

keep track of which objects carrying which RFID tags. This approach also incurs additional

cost as it involves a cryptographic operation on tags.


Chapter 5

Analysis

In this Chapter, section 5.1 explains some Advantages and Disadvantages of RFID and

section 5.2 Explains How it differs from Traditonal Barcode

5.1 Some Advantages and Disadvantages

5.1.1 Advantages

• The RFID tags can store data up to 2 kb.

• Cannot be easily replicated and therefore, it increases the security of the product.

• Simple to install/inject inside the body of animals/human beings

• Fast and Robust

5.1.2 Disadvantages

• Doesnt work properly on liquids and metal products.

• More expensive than barcode system

• Harder to understand

• Tags are usually larger than barcode labels

• Possibility of unauthorized reading of passports and credit cards

5.2 How it differs from Traditonal Barcode

• RFID is more effective

• Barcodes have limited information


Figure 5.1: Comparision RFID vs BarCode

• Read/write capability

• RFID tags can be read at much distance


Chapter 6

Conclusion

While the use of RFID technology is increasing across a range of different industries,

the associated security and privacy issues need to be carefully addressed. Because RFID tags

come in different flavours, there is no overall, generic RFID security solution. Some low-cost

passive and basic tags cannot execute standard cryptographic operations like encryption,

strong pseudorandom number generation, and hashing. Some tags cost more than basic

RFID tags, and can perform symmetric-key cryptographic operations. Organisations wishing

to use RFID technology need to therefore evaluate the cost and security implications as well

as understand the limitations of different RFID technologies and solutions.

We have been able to discuss a few aspects of RFID security and privacy, as well as the

enormous scope RFID offers. It is hoped that we have been able to give a flavor of the work

that is currently being done, and that we have also shown how much work is still required.

Nevertheless, RFID researchers have already presented numerous solutions to some of

the most pressing concerns. It will be fascinating to see which of these proposals (and when)

are incorporated into the next generations of industrial RFID systems. Finally, we see that

RFIDs individual advantages adhere perfect to the idea of ubiquitous computing and look

out for further development of this complex topic.


Chapter 7

Bibliography

7.1 References

[1] D. Anthony, T. Henderson, and D. Kotz, Privacy in location aware computing environ-

ments, IEEE Pervasive Computing,2007.

[2] S. Lederer, J. I. Hong, X. Jiang, A. K. Dey, J. A. Landay, and J. Mankoff, Towards

everyday privacy for ubiquitous computing, Computer Science Division, University of Califor-

nia, Berkeley, Tech. Rep. UCB-CSD-03-1283, 2003. [Online]. Available: http://www.cs.berkeley.edu/projects/

io/publications/privacy-techreport03a.pdf

[3] A. Beresford and F. Stajano, Location privacy in pervasive computing, IEEE Pervasive

Computing, 2003.

[4] A. R. Beresford and F. Stajano, Mix zones: User privacy in location-aware services,

in Pervasive Computing and Communications Workshops (PERCOMW), 2004.

[5] U. Hengartner and P. Steenkiste, Access control to people location information, ACM

Trans. Inf. Syst. Secur., 2005.

[6] J. I. Hong and J. A. Landay, An architecture for privacy sensitive ubiquitous com-

puting, in International conference on Mobile systems, applications, and services (MobiSys),

2004.

[7] G. Myles, A. Friday, and N. Davies, Preserving privacy in environments with location-

based applications, IEEE Pervasive Computing, 2003.

[8] A. Kapadia, T. Henderson, J. J. Fielding, and D. Kotz, Virtual walls: Protecting dig-

ital privacy in pervasive environments, in Proceedings of the Fifth International Conference

on Pervasive Computing (Pervasive), 2007. [9] T. Kriplean, E. Welbourne, N. Khous-

sainova, V. Rastogi, M. Balazinska, G. Borriello, T. Kohno, and D. Suciu, Physical access

control for captured rfid data, IEEE Pervasive Computing, 2007.

[10] V. Rastogi, E. Welbourne, N. Khoussainova, T. Kriplean, M. Balazinska, G. Borriello,

T. Kohno, and D. Suciu, Expressing privacy policies using authorization views, in Workshop


on Ubicomp Privacy, (Ubicomp), 2007.

[11] T. Rodden, A. Friday, H. Muller, and A. Dix, A lightweight approach to managing

privacy in location-based services, equator- 02-058, University of Nottingham and Lancaster

University and University of Bristol, Tech. Rep. CSTR-07-006, 2002.

[12] S. Weis, S. Sarma, R. Rivest, and D. Engels, Security and, Privacy Aspects of Low-

Cost Radio Frequency Identification Systems, in International Conference on Security in

Pervasive Computing, 2003.

[13] D. Molnar and D. Wagner, Privacy and Security in Library RFID: Issues, Practices,

and Architectures, in Conference on Computer and Communications Security, 2004.

[14] K. Ouafi and R. C.-W. Phan, Privacy of Recent RFID Authentication Protocols, in

4th International Conference on Information Security Practice and Experience ISPEC 2008,

2008.

[15] D. X. Song, D. Wagner, and A. Perrig, Practical techniques for searches on encrypted

data, in IEEE Symposium on Security and Privacy, 2000.

[16] D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, Public key encryption

with keyword search, in EUROCRYPT, 2004.

[17] S. Wang, X. Ding, R. H. Deng, and F. Bao, Private information retrieval using

trusted hardware, in European Symposium On Research In Computer Security (ESORICS),

2006.

[18] Z. Yang, S. Zhong, and R. N. Wright, Privacy-preserving queries on encrypted data,

in European Symposium On Research In Computer Security (ESORICS), 2006.

[19] Marc Langheinrich. A survey of rd privacy approaches. Personal and Ubiquitous

Computing, 13(6):413421, 2009.

[20] Eun-Kyung Ryu and Tsuyoshi Takagi. A hybrid approach for privacy-preserving

rd tags. Computer Standards and Interfaces, 31(4):812815, 2009 [21] Ray Cronin. Rd

versus barcode. Pharmaceutical Technology, 32(11):178+177178+177, 2008.

[22] S. P. Singh, M. McCartney, J. Singh, and R. Clarke. Rd research and testing for

packages of apparel, consumer goods and fresh produce in the retail distribution environment.

Packaging Technology and Science, 21(2):91102, 2008

[23] E.W.T. Ngai, K.K.L. Moon, F.J. Riggins, and Y.Y. Candace. Rd research: An

academic literature review (1995-2005) and future research directions. International Journal

of Production Economics, 112: 510520, 2008.

[24] Mustafa Alani, Widad Ismail, and Js Mandeep. Active rd system and applications.

Electronics World, 115(1877):2224, 2009.
