www.dbebooks.com - Free Books & magazines Dr. Paul Sanghera Frank Thornton Brad Haines Francesco Kung Man Fung John Kleinschmidt Anand M. Das Hersh Bhargava Anita Campbell This page intentionally left blank Elsevier, Inc., the author(s), and any person or fi rm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profi ts, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and fi les. Syngress Media ® , Syngress ® , “Career Advancement Through Skill Enhancement ® ,” “Ask the Author UPDATE ® ,” and “Hack Proofi ng ® ,” are registered trademarks of Elsevier, Inc. “Syngress: The Defi nition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 How to Cheat at Deploying and Securing RFID Copyright © 2007 by Elsevier, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN 13: 978-1-59749-230-0 Publisher: Andrew Williams Page Layout and Art: SPi Project Manager: Greg deZarn-O’Hare Cover Designer: Michael Kavish For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights, at Syngress Publishing; email m.pedersen@elsevier.com. This page intentionally left blank v Technical Editors Francesco Kung Man Fung (SCJP, SCWCD, SCBCD, ICED, MCP, OCP) has worked with Java, C#, and ASP.net for 6 years. Mainly, he develops Java-based/.net fi nancial applications. He loves to read technical books and has reviewed several certifi cation books. Fung received a Bachelors and a Master Degree in Computer Science from the University of Hong Kong. John Kleinschmidt is a self-taught, staunch wireless enthusiast from Oxford, Michigan. John is a security admin for a large ISP in Oakland County, Michigan. He spends much of his time maintaining personalwireless.org and enjoys reading up on IT security. John is also a moderator for netstumbler.org. Contributing Authors vi Paul Sanghera, an expert in multiple fi elds including computer networks and physics (the parent fi elds of RFID), is a subject matter expert in RFID. With a Masters degree in Computer Science from Cornell University and a Ph.D. in Physics from Carleton University, he has authored and co-authored more than 100 technical papers published in well reputed European and American research journals. He has earned several industry certifi cations including CompTIA Network+, CAPM, CompTIA Project+, CompTIA Linux+, Sun Certifi ed Java Programmer, and Sun Certifi ed Business Component Developer. Dr. Sanghera has contributed to building world-class technologies such as Netscape Communicator and Novell’s NDS. He has taught technology courses at various institutes including San Jose Sate University and Brooks College. As an engineering manager, he has been at the ground fl oor of several startups. He is the author of several books on technology and project management published by publishers such as McGraw-Hill and Thomson Course Technology. Frank Thornton runs his own technology consulting fi rm, Blackthorn Systems, which specializes in wireless networks. His specialties include wireless network architecture, design, and implementation, as well as network troubleshooting and optimization. An interest in amateur radio helped him bridge the gap between computers and wireless networks. Having learned at a young age which end of the soldering iron was hot, he has even been known to repair hardware on occasion. In addition to his computer and wireless interests, Frank was a law enforcement offi cer for many years. As a detective and forensics expert he has investigated approximately one hundred homicides and thousands of other crime scenes. Combining both professional interests, he was a member of the workgroup that established ANSI Standard “ANSI/NIST-CSL 1-1993 Data Format for the Interchange of Fingerprint Information.” He co-authored WarDriving: Drive, Detect, and Defend: A Guide to Wireless Security (Syngress Publishing, ISBN: 1-93183-60-3), as well as contributed to IT Ethics Handbook: Right and Wrong for IT Professionals (Syngress, ISBN: 1-931836-14-0) and vii Game Console Hacking: Xbox, PlayStation, Nintendo, Atari, & Gamepark 32 (ISBN: 1-931836-31-0). He resides in Vermont with his wife. Anita Campbell is a consultant, speaker, and writer who closely follows trends in technology, including the development of the RFID market. She writes for a number of publications, and serves as the Editor for the award-winning RFID Weblog, named to the CNET Blog 100, and syndicated on MoreRFID.com. She is a part-time instructor at the University of Akron and is also the host of her own talk radio program/ podcast series on the VoiceAmerica.com Internet radio network. Anita has held a variety of senior executive positions culminating in the role of CEO of an information technology subsidiary of Bell & Howell. She also has served on a number of Boards, including Vice Chair of the Advisory Board, Center for Information Technology and eBusiness at the University of Akron. Anita holds a B.A. from Duquesne University and a J.D. from the University of Akron Law School. Brad ‘RenderMan’ Haines is one of the more visible and vocal members of the wardriving community, appearing in various media outlets and speaking at conferences several times a year. Render is usually near by on any wardriving and wireless security news, often causing it himself. His skills have been learned in the trenches working for various IT companies as well as his involvement through the years with the hacking community, sometimes to the attention of carious Canadian and American intelligence agencies. A fi rm believer in the hacker ethos and promoting responsible hacking and sharing of ideas, he wrote the ‘Stumbler ethic’ for beginning wardrivers and greatly enjoys speaking at corporate conferences to dissuade the negative image of hackers and wardrivers. His work frequently borders on the absurd as his approach is usually one of ignoring conventional logic and just doing it. He can be found in Edmonton, Alberta, Canada, probably taking something apart. Anand Das has seventeen plus years of experience creating and implementing business enterprise architecture for the Department of Defense (DOD) and the commercial sector. He is founder and CTO of Commerce Events, an enterprise software corporation that pioneered the creation of RFID viii middleware in 2001. Anand is a founding member of EPCglobal and INCITS T20 RTLS committee for global RFID and wireless standards development. He formulated the product strategy for AdaptLink™, the pioneer RFID middleware product, and led successful enterprise wide deployments including a multi-site rollout in the Air Force supply chain. Previously he was Vice President with SAIC where he led the RFID practice across several industry verticals and completed global rollouts of RFID infrastructure across America, Asia, Europe and South Africa. He served as the corporate contact for VeriSign and played a key role in shaping the EPCglobal Network for federal and commercial corporations. Earlier, he was chief architect at BEA systems responsible for conceptualizing and building the Weblogic Integration suite of products. He has been a signifi cant contributor to ebXML and RosettaNet standard committees and was the driving force behind the early adoption of service-oriented architecture. Anand has held senior management positions at Vitria, Tibco, Adept, Autodesk and Intergraph. Anand has Bachelor of Technology (Honors) from IIT Kharagpur and Master of Science from Columbia University with specialization in computer integrated manufacturing. He served as the past chairman of NVTC’s ebusiness committee and is a charter member of TIE Washington, DC. Anand and his wife, Annapurna, and their two children live in Mclean, VA. Hersh Bhargava is the founder and CTO of RafCore Systems, a company that provides RFID Application Development and Analytics platform. He is the visionary behind RafCore’s mission of making enterprises respond in real–time using automatic data collection techniques that RFID provides. Prior to RafCore Systems, he founded AlbumNet Technologies specializing in online photo sharing and printing. With 15 years of experience in building enterprise strength application, he has worked in senior technical positions for Fortune 500 companies. He earned a Bachelor of Technology in Computer Science and Engineering from IIT-BHU. Contents ix Chapter 1 Physics, Math, and RFID: Mind the Gap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Some Bare-Bones Physics Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Understanding Electricity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Understanding Magnetism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Understanding Electromagnetism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Electromagnetic Waves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Types of Electromagnetic Waves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 The Electromagnetic Spectrum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 The Mathematics of RFID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Scientifi c Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Logarithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Decibel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 An Overview of RFID: How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Chapter 2 The Physics of RFID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Understanding Radio Frequency Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Elements of Radio Frequency Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Modulation: Don’t Leave Antenna Without It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 The Propagation Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 The Transmission Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Frequency Bands in Modulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Understanding Modulation Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Amplitude Modulation and Amplitude Shift Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Frequency Modulation and Frequency Shift Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Phase Modulation and Phase Shift Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 On-Off Keying (OOK) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 RFID Communication Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Communication Through Coupling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Communication Through Backscattering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Understanding Performance Characteristics of an RFID System . . . . . . . . . . . . . . . . . . . . . . . . . 35 Cable Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Impedance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 The Voltage Standing Wave Ratio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Noise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Beamwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Directivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 [...]... The Mathematics of RFID ■ An Overview of RFID: How It Works ˛ Summary 1 2 Chapter 1 • Physics, Math, and RFID: Mind the Gap Introduction What do the U.S Department of Defense, Wal-Mart, and you have in common? Radio frequency identification, or RFID! Whether you choose to know about it or not, RFID affects you and the world around you in a ubiquitous way So, congratulations that you have chosen to learn... thing to understand about RFID is that it is an application of physics to the extent that the core functioning of RFID technology is governed by the laws of physics You don’t need to have a Ph.D in physics to become a successful RFID professional, but an understanding of the physics of RFID will enable you to design, deploy, and operate RFID systems in an optimal way In this chapter, we attempt to ease... way into physics as it relates to RFID by explaining some basic physics concepts As they say, mathematics is the language of physics, or of any science for that matter The good news is that you need only very simple math to understand RFID: powers of 10, logarithms, and some unit conversions Before you dive into the book, we take a bird’s-eye view of RFID in this chapter The goal is to provoke you to. .. the reader communicates with the tag and gets the information that the tag has about the object 4 The reader passes the information to a host computer, which is typically part of a network connected to the Internet 5 The host computers from several localities send the information about tagged objects to a central location 6 The information is integrated at the central location into database management... contain much information other than the product type code ■ A barcode is a read-only technology; that is, you cannot change the information on the barcode or add new information to it So, the basic promise of barcodes is to provide identification of products at the class level RFID is replacing those barcodes with a greater promise: automatic and global identification and tracking of objects (at the individual... physics and math concepts, you are now ready to explore the RFID field Let’s start by taking the bird’s-eye view of the RFID landscape An Overview of RFID: How It Works The story of RFID starts with one word: identification RFID is here to replace existing identification technologies such as the barcode, which is used to identify an item by assigning it a unique number An example of the barcode is shown in... tag, you can change the information on it ■ The objects can be tracked globally, automatically, and in real time, if needed In other words, an RFID tag attached to an object is an intelligent barcode that can communicate through readers to a global network system to inform it where the object is RFID technology can support a wide spectrum of applications, from tracking cattle to tracking trillions of consumer... Interrogator 78 What an Interrogator Is Made Of 79 Interrogator Types 79 Fixed-Mount Interrogators 80 Handheld Interrogators 80 Vehicle-Mount Interrogators ... you and if you have forgotten all about scientific notation, units of measurement, and logarithms, you will need to brush up on these math-related concepts to make your journey through this book smoother Physics, Math, and RFID: Mind the Gap • Chapter 1 The Mathematics of RFID This section discusses some math-related concepts such as scientific notation, units, and logarithm Understanding these concepts... create the current through the second circuit due to Faraday’s Law This effect, called inductive coupling, is used in RFID systems.You will see in this book that readers use inductive coupling to communicate with passive tags in an RFID system.You will be introduced to readers and tags later in this chapter Electricity and magnetism are related to each other and can be looked upon as two facets of what . Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 How to Cheat at Deploying and Securing RFID Copyright © 2007 by Elsevier, Inc. All rights reserved. Printed in the United States of America. Except. . . . . . . . . 201 Automated Label Applicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Pneumatic Piston Label Applicators . . . . . . . . respond in real–time using automatic data collection techniques that RFID provides. Prior to RafCore Systems, he founded AlbumNet Technologies specializing in online photo sharing and printing.