Embed Size (px)
Citation preview
http://rfid.cs.washington.edu/
Evan WelbourneUniversity of Washington,
Dept. of Computer Science & Engineering
“Radio Frequency Identification: What’s RFID Doing in Your Life?”
University of Alaska, AnchorageSeptember 19, 2007
http://rfid.cs.washington.edu/
Radio Frequency Identification
Wireless identification and tracking Information on:
Identity Location Time
tag time location
… … …
t 1 A
t 2 B
A B C
t 3 C
http://rfid.cs.washington.edu/
Elements of an RFID System
RFID ReaderRFID Tags Reader Antenna
Network Infrastructure
Data ManagementSystem
Applications
http://rfid.cs.washington.edu/
RFID Tags – A Wide Variety
Consumer Item Cases Pallets Trucks Ships / Trains
barcodes
passive tags
active tags
GPS-enabledactive tags
Cos
t of
tag
(loga
rithm
ic)
http://rfid.cs.washington.edu/
RFID in the Supply-Chain
http://rfid.cs.washington.edu/
Today: Outside the Supply Chain
http://rfid.cs.washington.edu/
Tomorrow: Pervasive Computing
“Post-desktop era”, “Internet of Things”, “Third wave of computing”
http://rfid.cs.washington.edu/
Overview
RFID-based pervasive computing
The RFID Ecosystem project
Specific Applications
Research Challenges
http://rfid.cs.washington.edu/
Enabling “The Third Wave”
RFID is a key enabling technology Cheap Wireless No batteries Already pervasive
But there are many challenges!!
1970 1980 1990 2000
mainframe eraone-to-many
PC eraone-to-one
pervasive computing eramany-to-one
1960
http://rfid.cs.washington.edu/
Create a microcosm of a world saturated with uniquely identifiable objects
100s of readers and antennas, 1000s of tags
Explore applications, systems, and social implications
Do it while there is still time to learn and adapt
Groups: Database, Security, Ubicomp, and others
Participants include:
RFID Ecosystem at UW CSE
• Magdalena Balazinska
• Gaetano Borriello
• Garret Cole
• Nodira Khoussainova
• Tadayoshi Kohno
• Karl Koscher
• Travis Kriplean
• Caitlin Lustig
• Julie Letchner
• Vibhor Rastogi
• Chris Re
• Dan Suciu
• Justin Vincent-Foglesong
• Jordan Walke
• Evan Welbourne
http://rfid.cs.washington.edu/
Benefits: Home & Office
Management, information, assistance
http://rfid.cs.washington.edu/
Benefits: Healthcare
Use RFID to automatically monitor an elder’s activities “Activity inference” Intel Research
http://rfid.cs.washington.edu/
Overview
RFID-based pervasive computing
The RFID Ecosystem project
Specific Applications
Research Challenges
http://rfid.cs.washington.edu/
Research Challenges
Technology (Hardware) Challenges Noisy, uncertain sensors Limited sensor information
Data Management Challenges “High fan-in” architecture produces a massive amount of data Data must be “cleaned” Uncertainty must be represented to applications Inference and event detection for pervasive computing
Security and Privacy Challenges Tags are on people and personal objects Security on tags is often weak How to manage sensitive information about individuals
http://rfid.cs.washington.edu/
Challenges: Technology
RFID is inherently unreliable Missed and duplicate tag readings Highly sensitive to environment Handle at the data management level
RFID provides limited context Identity, Time, Location only Some applications need more!
Intel Research’s WISP: Wireless Identification and Sensing Platform
- Passive tags with limited sensing and computation - Acceleration, light
http://rfid.cs.washington.edu/
Challenges: Data Management
StreamClean: constraint-based RFID data stream cleaning
MystiQ: probabilistic database for managing uncertainty Heuristics assign a probability to each tuple Interpretation of probabilities passed on to application logic
PEEX: probabilistic event extractor Specify events in SQL-like language Detect complex events (“a meeting in room 405”) over RFID streams Sophisticated learning machinery to improve accuracy
http://rfid.cs.washington.edu/
Challenges: Security & Privacy
Security: Protection against unauthorized access, use, disclosure, disruption, modification, or destruction
Privacy: Privacy in the collection and sharing of data
Roughly two areas of concern:
1) Security of reader-tag communication
2) Security and privacy of collected RFID data
( Rigorously defined and evaluated )
( Definition and evaluation depends on human perception/interpretation )
http://rfid.cs.washington.edu/
Security of Tags and Readers
Promise: Provides a faster, easier payment option
Problem: Name, #, expiration sent as plaintext
$150 homemade device can steal and replay credit cards
Next generation of cards includes better security
Promise: Faster border-crossings, improved security
Problem: Identity, nationality sent in the clear
Malicious parties can easily identify / target U.S. citizens
Revised passport includes faraday shielding and BAC
First generation RFID credit card vulnerabilities (UMass Amherst, RSA labs)
Security and Privacy Risks of the U.S. e-Passport (UC Berkeley)
http://rfid.cs.washington.edu/
Security of Tags and Readers
Many attacks:
Crypto can improve security but… Increases cost and power consumption, slows down read rate and to be useful RFID tags have to be fast and cheap!
Physical security Foil-lined wallet: works, but you have to remove your tag sometime RFID Guardian: experimental device that jams readers, audits reads
Our approach: Store little on tags, secure the EPC-PII link Incorporate cryptographic techniques as they emerge
Skimming Cloning
Replay attack Eavesdropping
Ghost leech
http://rfid.cs.washington.edu/
Data Privacy and Security
RFID and Contactless Smart Card Transit Fare Payment
Promise: Streamlines transit experience and book keeping
Problem: Massive databases with transit traces of individuals
Not entirely clear what data is private and how it can be used
Oyster card data is the new law enforcement tool in London
Increasing # of requests for Oyster data: 4 in all of 2004 61 in Jan. 2007
ORCA Card: RFID-Based Transit Card for Seattle Area (August 2008)
Promise: Streamlines transit experience and book keeping Integrated with easy pay and institutional partners
Problem: The word “privacy” appears twice in 500 pages of early docs…
http://rfid.cs.washington.edu/
Data Privacy and Security
From RFID Ecosystem user studies: “How do I know if I have a tag on me?”, “How do I opt out?” Users must be carefully educated before consenting There should be equal, available alternatives to the RFID option
If personal RFID data is stored:
Clearly define how each piece of information can and will be used
Define and enforce appropriate access control policies• May depend on user, application, and context of use (PAC)
Formal data privacy techniques to further ensure privacy (K-anonymity)• Store only the information you need, and add noise!
Provide users with direct access to and control of their data
http://rfid.cs.washington.edu/
Privacy & Security Discussion…
Just having an RFID tag could be a privacy risk
Pseudonymity not Anonymity Each RFID tag you carry has a unique number Sequential readings of your tags create a trace Over time this trace can be used to identify you-“The person who: wears this sweater, takes this bus, uses this bus stop, shops at this grocery, …”
U.S. privacy law doesn’t consider these traces to be PII European and Canadian law does a better job
Important to discuss these issues RFID is increasingly ubiquitous, may be in the REAL ID cards
http://rfid.cs.washington.edu/
Thank you!
Thanks!
Questions?
