View
216
Download
0
Tags:
Embed Size (px)
Citation preview
RFID technology in mobile applications
Karol HrudkayTransport Research Institute, Žilina, Slovak Republic
22 Feb 2007 Budapest2
RFID technology - introduction
Radio Frequency Identification - means to efficiently and quickly auto-identify objects, assess, people, ...
Real-time tracking of inventory in the supply chain
RFID tag – tiny computer chip with very small antenna – passive/active
The chip contain Electronic product code (EPC) – uniquely identify the object
The antenna transmits EPC to RFID reader – within a certain RF range, without requiring line-of-site
22 Feb 2007 Budapest3
Current RFID applications Transport and logistics
toll management, tracking of goods, … Security and access control
tracking people, controlling access to restricted areas Supply chain management
item tagging, theft-prevention, product life cycle, … Medical and pharmaceutical applications
identification and location of staff and patients, asset tracking, counterfeit protection for drugs, …
Manufacturing and processing streamlining assembly line process, …
Agriculture tracking of animals, quality control, …
Public sector, government passports, driver’s licenses, library systems, …
22 Feb 2007 Budapest4
RFID technology - properties Advantages:
rough conditions, long read ranges, portable databases, multiple tag read/write, tracking items in real-time
Results: quick scanning of products in large bulks, automated supply chain management significant savings accuracy of shipment sent and received, check on product theft, counterfeiting, product recall, ...
22 Feb 2007 Budapest5
Mobile RFID technology Vision of automatic identification and ubiquitous
computing – „Internet of objects“ highly connected network dispersed devices, objects, items can communicate
each other real-time information about objects, location,
contents, destination, ambient conditions efficient and easy M2M identification, communication
and decision-making Handheld portable devices – mobile phones,
PDAs – behaves as RFID readers and tags conventional RFID closer to common user
22 Feb 2007 Budapest6
Applications of mobile RFID technology
Major tasks: download and view information represented by RFID
tag: quickly and easily download info represented by RFID tag
and view that info via device's display
M2M identification and communication e.g. RFID mobile device behaves as a RFID tag (authenticate
to access, carry out payments, download multimedia content from kiosk, quick call and instant message, ...)
Mobile RFID application zones: LBS (Location-based services) zone enterprise zone private zone
22 Feb 2007 Budapest7
LBS zone
Services „related to“ and „available at“ customer's current location
Coverage: public places, roads, shopping centres, cinemas, ...
Service provider deploy RFID tagged items/devices Various security threats
most of tags respond to every mobile phones usually tag-reader mutual authentication and strong secure
communication tag-phone is not considered publicly available tags can be fake or illegally modified – one-way
authentication mechanism needed (tag -> phone)
Items/product tagged with low-cost passive RFID tags (EPCGlobal Gen. 2 UHF tags) assumed
22 Feb 2007 Budapest8
Mobile RFID security at LBS zone Security threats and security requirements:
Secure job delegation and trust model identity and authenticity of provider’s information server,
security of transaction, protection of privacy – security delegated to mobile operator
Malicious tag information servers it is essential to authenticate and authentic tag information
server to be accessed Authorised tag information access
categorisation which user is entitled to download what kind of information - authentication, authorisation, access-control
User privacy protection Identity and location of user, user profile
Data integrity and confidentiality secure electronic data interchange is required (MP – SP IS)
22 Feb 2007 Budapest9
Mobile RFID security assessment at LBS zoneThreat Security requirement Tag - MP MP – SP IS
User ID privacy Pseudonyms
Anonym. credentials
0
0
0
0
Illegal info. access
Authentication
Authorisation
Access control list
0
X
X
0
0
0
Eavesdropping Encryption/decryption
Digital certificate
X
X
0
0
Key/pwd. compromise
Trust model
Key/Pwd. management
X
X
0
0
MP: mobile phone X: not required
SP IS: service's provider IS 0: required
22 Feb 2007 Budapest10
Mobile RFID at LBS zone – building blocks Mobile RFID (M-RFID)
Mobile phone with RFID reader and tag RFID tags
every tag contains its unique EPC number company identification, product number, object unique
identifier related product information is stored on EPC network
Mobile operator (MO) trust is concentrated at the site of MO – ,trusted proxy’
EPC network specifically to look up EPC data (like DNS) – further
information is stored on databases and servers of EPC network
communication can be encrypted
22 Feb 2007 Budapest11
Mobile RFID at LBS zone – security solutions Mutual authentication M-RFID – MO
secure job delegation, trust model, data integrity and confidentiality
Mutual authentication MO – EPC IS MO takes responsibility so select, identify and
authenticate only genuine SP (and its servers) Certification for identity management,
authentication and authorisation M-RFID can request anonymous certificate from MO
M-RFID privacy kill the tag lock the tag blocker tag
22 Feb 2007 Budapest12
Mobile RFID at enterprise zone Mobile phone assists mobile staff
inventory checkers, field engineers, maintenance and repair staff, security guards, …
Different areas real-time inventory management, work attendance,
instructions on how to operate tagged items, identification of and access control to tagged equipments and secure enclosures, presence of staff on monitored places, …
Security framework list of employees and items/products, designing and implementing of key/psw. distribution, data
integrity and confidentiality, identification, authentication, and access control among staff, RFID reader, RFID tagged items and EPC network
22 Feb 2007 Budapest13
Mobile RFID security assessment - enterprise zone
Threat Security requirement Tag - MP MP – E-EPC
User ID privacy Pseudonyms
Anonym. credentials
X
X
X
X
Illegal info. access
Authentication
Authorisation
Access control list
0
0
X
0
0
0
Eavesdropping Encryption/decryption
Digital certificate
X
X
0
0
Key/pwd. compromise
Trust model
Key/Pwd. management
X
0
X
0
MP: mobile phone X: not required
E-EPC: Enterprise's EPC network 0: required
22 Feb 2007 Budapest14
Mobile RFID at private zone
Mobile phone assists user in the private space instant call or instant message by scanning RFID
tagged items Characterisation
small zone, simple security model – easily deployed and maintained
off-the-shelf mobile RFID kits possible obtain storage space on the EPC network reader to tag authentication needed (within home) user identity and access control list
22 Feb 2007 Budapest15
RFID and standardisation
Need for harmonisation at national and international level Standardisation ensures compatibility and interoperability Various players
Automotive Industry Action Group (AIAG) European Article Numbering (EAN), EPCglobal European Radiocommunication Office (ERO) European Telecommunication Standard Institute (ETSI) International Air Transport Association (IATA) International Civil Aviation Organisation (ICAO) International Organisation for Standardisation (ISO), International
Electrotechnical Commission (IEC) International Telecommunication Union (ITU) Universal Postal Union (UPU)
22 Feb 2007 Budapest16
Areas of RFID standardisation Air interface, protocols Data structure Conformance Applications
Existing standards focus on specific area or sector
22 Feb 2007 Budapest17
RFID based mobile telecommunication services
Information retrieval Data transmission Automated messaging
Voice services Device integration Presence indication Mobile payment
22 Feb 2007 Budapest18
RFID and SIM card SIM card with embedded RFID capabilities benefits of contactless cards into the MP using SIM cards
as a storage device installed, updated cancelled over the air (GSM)
22 Feb 2007 Budapest19
Practical issues Mobile RFID technology - privacy/security issues Impact on networks
new services will generate more traffic in fixed and mobile networks how big this impact is, how network design has to change
Internetworking technologies how RFID technology can integrate into existing network
context of RFID applications in MP with other technologies
RFID – (Internet protocol) IP mapping evolution towards active RFID tags with networking capability –
large number of tag will need network addresses
Service capabilities, architecture at network and service levels, signalling protocols, QoS, business model
22 Feb 2007 Budapest20
Conclusion
RFID enables ubiquitous computing – integrating computation into environment
MP and RFID – potential for mobile telecommunication services
Broad range of services, attractive for customers
Variety of technical questions Security and privacy issues Impact on fixed and mobile networks
22 Feb 2007 Budapest21
Thank you for your attention!
Karol Hrudkay
Transport Research InstituteŽilina, Slovakia