1 / 28

PEARS – Privacy Ensuring Affordable RFID System

"PEARS is a system that addresses the privacy and security concerns of RFID technology. By using password tags, it ensures only authorized entities can access information, making it suitable for industrial and domestic applications. The system utilizes a network of polling readers to monitor the movement of objects, ensuring their location is accurately tracked."

jbaez
Télécharger la présentation

PEARS – Privacy Ensuring Affordable RFID System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PEARS – Privacy Ensuring Affordable RFID System Humberto Moran Friendly Technologies Ltd

  2. Internet of Things 101 • To have the “Internet of Things”, the first we need is a way of automatically identifying objects. • RFID is one of many ways of doing so. • However, it seems that this technology is immature, mostly due to its social implications (namely privacy and security). • Privacy and security issues do not apply to all objects: only to sensitive and expensive ones! • To solve this, we must first understand these two issues

  3. Before the POS Security: Detection Removal Cloning Transplanting Privacy: Industrial espionage Only two parties involved After the POS Security: Theft Terrorism Privacy: Snooping Sensitive objects Tracking people Third parties involved RFID Privacy and Security Issues Data protection legislation only applies when there is a formal contract and the parties are identified – what about third parties? RFID is different from other existing intrusive technologies – e.g. mobile phones

  4. The typical post-POS example

  5. Limitations of proposed solutions • The most usual – disabling, removal or “killing” of the tag • Prevents many pre- and post-POS applications • Requires additional action by consumers • Vulnerable groups (e.g. children, the elderly or technology-unaware people) might fail to protect themselves • Distrusted by consumers • Use of cryptography • Tags are either too expensive, too slow or both • Public keys can always leak and threat an entire population of tags • Watchdog devices or blocker tags • Complex and unreliable • Interfere with RFID networks

  6. What is the fundamental issue with RFID? • Privacy and security are context-dependent • Tags are unaware of their context • Tags should not talk to everyone • This means control: • User control • Control by intelligent readers (or networks) RFID tags should be designed in such way that they are secure and privacy-friendly by design and by default; yet these essential capabilities should not increase tag costs

  7. Introducing the Password Tag (yes, it’s passive and cheap) What is your ID? RFID Reader Silence Password Tags work with Closed Identification

  8. The Password Tag only replies when interrogated with the right ID (we call it Identity Password) Are you 55667788? RFID Reader I am 55667788. Optionally: sensing or other data

  9. Who invented Password Tags? • Invented by Cardullo and Parks in 1973 and described in their original patent for the passive tag (US-A-3713148): “Such an answerback signal can take the form of an identification signal indicative of a particular transponder means or, alternatively, the answerback signal could be such that it would only be generated in response to a predetermined interrogation code wherein the device would operate as a verification system”

  10. The potential of Password Tags • Although invented many years ago, Password Tags have not found commercial applications and there is no commercial version on the market, possible because: • Difficulties distributing Identity Passwords • Tags were not designed for public use • Privacy and security issues were not that evident • We have undertaken two years of research that demonstrate that this aged and obscure invention has the potential to solve all privacy and security issues around RFID at a very affordable tag cost

  11. Your questions • Privacy-friendly and Secure? • Yes, the tag will not reply unless interrogated with its Identity Password • What about trial and error? • It would take an average of 1.26x1016 years to guess a 96-bit Identity Password by trying 100,000 combinations per second • What about eavesdropping? • Wait a few more slides ... • Affordable? • Yes, Password Tags are in theory cheaper than the cheapest RFID tags on the market • If their interrogation requires the very information that tags are supposed to provide, how can Password Tags support the typical RFID applications?

  12. Identification vs. location • Most objects belong to someone, move with their owner or custodian, and are stored in controlled premises – “cloud of objects” • For this reason, objects can only be in a limited number of places or move through a limited number of paths • This means that the main requirement of item-level RFID applications is location, as opposed to identification Talkative tags address the question: who are you? Password Tags address the question: where are you?

  13. PEARS – Privacy Ensuring Affordable RFID System • Special software and network of readers to use the Privacy-friendly and Secure Password Tags in the industrial and domestic environments • Consists of a network of readers (Polling Readers) deployed to monitor storage places and paths through which objects might move • Polling Readers interrogate in quick sequence the Identity Passwords of objects likely within their interrogation field • The Identity Passwords of moving objects are distributed by specialised “intelligent” software based on a technique that predicts object movement (Predictive RFID)

  14. O O R R R R R O MO R R R Predictive RFID Technique solely based on readers layout

  15. Other input for the Predictive RFID technique • Layout • Business Workflow • Heuristics and “learning” algorithms • Reader workload • Security considerations • Timeouts to broaden polling area • Dynamic input for mobile readers • Anti-interference and anti-eavesdropping mechanisms

  16. Eavesdropping is not an issue! No protocol-level anti-eavesdropping mechanisms. However, privacy and security threats from eavesdropping are prevented through other mechanisms. Non-trusted Environments (e.g. public places) Trusted Environment (TE) ( e.g. Warehouse) Example of some mechanisms to allay eavesdropping threats: Weak: nothing. Except for expensive or sensitive items, eavesdropping poses little privacy or security threats due to anonymity, control and limited reading distance. Medium: swamp eavesdroppers with fake ID Passwords (poison pills). This complicates “trial-and-error” attempts and enhances the use of watchdog devices. Strong: assign temporary ID Passwords to objects when in Trusted Environments. This allays all possible threats from eavesdropping. T.E. Anonymous Environment ( e.g. Supermarket) Eavesdropping T.E. Trusted Environment ( e.g. Home or Car)

  17. Password dissemination strategies • Global level • An independent organisation can generate unique, confidential Identity passwords. • These can be distributed to tag manufacturers to be individually pre-assigned to tags. • Inter-organisational or inter-facility (SC) level • Identity Passwords will follow objects as they move: • Online secure connexions, routed by the Predictive RFID SW. • In some cases, memory of active RFID tags on bundling devices. • Facility level • Predictive RFID SW as described. • To consumers - whoever owns the object, owns its identity • Near Field Communications • Online services • Temporary passwords (reusable) • Distributed online to end users. • Automatically or manually changed in Trusted Environments.

  18. Advantages of PEARS • Privacy and Security by Design and by Default • Before POS: impossible to read, locate, clone or transplant by distrusted partners • After POS: impossible to read by unauthorised parties, user control • Cheaper tags • Simpler (no anti-collision, authentication, cryptography, killing or disabling mechanisms) • Can be built directly into products • As they are in the public domain, no royalties • Tags can be used beyond the POS • Hundred of domestic applications • The Internet of Things for consumers • Potentially, tags perform better in challenging electromagnetic media • Answer is a simple “I am here” signal

  19. Current situation of PEARS • Although theoretically possible, more R&D is required to prove feasibility in high-volume applications • Research challenges include reading (polling) speed and reliability • We have put together a number of funding proposals which have rated high but failed to secure funding – too risky, too early • We have received some private funding • We are working with a number of renowned European research centres and RFID leaders • Help is welcomed!

  20. Some applications under research: monitoring of sensitive products Internet Monitoring by security forces ASN + Identity Passwords Enterprise systems – ASN PEARS Issuing of Identity Passwords PEARS monitoring and authentication Enterprise systems – reception of goods Tagged sensitive products Company A: Trusted environment Transport network: Non-trusted environment Company B: Trusted environment

  21. Polling Reader ... Authentication of origin at the POS PEARS The customer chooses products in the retail store – e.g. supermarket. Upon scanning of the barcode of a product, PEARS automatically and quickly scans all valid Identity Passwords for the type of product. If the tag on the product replies to one of these passwords the origin is authenticated. PEARS will also issue several invalid Identity Passwords to detect random replies from fake tags. The customer knows that the product is authentic, and his/her privacy and security are not exposed because Password Tags cannot be read without authorisation.

  22. ... Airport security (1) The passenger arrives at check-in. (3) The luggage receipt given to the passenger (usually stuck on the Boarding Pass) is also tagged with a Password Tag (4) The passenger waves the luggage receipt upon arrival at the boarding gate. This indicates that his/her luggage can be safely loaded into the airplane (2) The luggage is tagged with a Password Tag, which improves handling and tracking (6) During all this process and afterwards – even if tags are not removed, security and privacy of passengers are protected (5) Upon arrival, IDs of luggage and collecting person are automatically compared for security purposes

  23. ... And many other applications! • Item-level tagging of sensitive products in the retail environment (clothing, jewellery, drugs, books, consumer electronics etc.) • Authentication of legally farmed trees (combining two tags: one talkative and one Password Tag) • Authentication and monitoring of documents • Creation of secure, affordable and privacy-friendly seals • Domestic self-replenishment • Selective recycling • Finding objects at home – where are the keys?

  24. IPR & Standars • Friendly Technologies has filed international patent applications for the supporting system (Predictive RFID and network of Polling Readers) • The patents are in a very advanced status (search and examination) and have already been published • We will keep our IPR on the system (not on the interfaces) • Existing standards are too slow for such a system • There are no standards for the air interface – opportunity for innovators • We also need standards for the number of bits and upper layers (middleware and beyond)

  25. Interoperability possibilities SW Infrastructure sharing: Identity Passwords could be mapped to other numbering codes and use other architecture and services – e.g. existing middleware. No clash: the Predictive RFID SW can coexist with other reader drivers, and interoperate with other services. Predictive RFID SW HW Infrastructure sharing: backwards compatibility by Polling Readers, which might talk to talkative and Password Tags. HW Infrastructure sharing: the possibility of interoperating Password Tags with other readers by using singulation in low-volume applications. Readers Readers No clash: Object tagged with Password Tags will be able to coexist with object tagged with other tags. Example: EPCglobal ↔ PEARS

  26. Conclusions • PEARS shows that there are alternatives where no trade-off between social-impact and economic benefits is necessary • PEARS can be used where privacy and security are important (expensive or sensitive products; identity proxies) • Although the system does not exist commercially, its potential to solve all issues around item-level tagging deserves R&D investment • Since there are no commercial versions of Password Tags, there is a need for thorough standardisation • PEARS can be developed as a privacy-friendly, secure extension of existing standards for products where privacy and security are important

  27. Invitations • European Commission: funding for PET • Regulators: require user control when privacy and security are at stake • Technology developers: help us to create Password Tags and Polling Readers • Industry: help us to develop and trial this technology • Standardisation bodies: create standards for Password Tags; interoperate • Investors: help us to make it happen • Privacy advocates: challenge this solution and (if happy) help us to clean the face of RFID

  28. Thank you! Humberto Moran Friendly Technologies hmoran@friendlytechnologies.eu Questions?

More Related