A Scientific Approach to UHF RFID Systems Characterization 231 4.2 Results and pallet readability We apply this approach to two different portal setups, one is operated according to EU (European) and the other according to US regulations. The EU setup consists of four individual Kathrein 25-180 circularly polarized directional antennas, 10.5 dBic, 70° H-plane 3dB-beamwidth and 30° E-plane beam width, arranged in [0.7, 1.4, 1.4, 0.7] meters from ground plus a Sirit Infinity 510 UHF RFID interrogator set to 27 dBm conductive power, 866 MHz, and continuous wave output. The US setup consists of 4 individual Symbol Andrew RFID-900-SC high performance area antennas, 6.0 dBi, 70° in both H and E-plane 3dB- beamwidth, arranged in [0.65, 1.75, 1.75, 0.65] meters and the Sirit Infinity 510 set to 27 dBm conductive power, 915 MHz, and continuous wave output. 4.2.1 TAG plane fading model results According to the proposed method, the TAG-plane measurements are accomplished by means of the FSR devices. A set of 18 measurements where taken per antenna. Therefore, the FSR position is varied in dimensions of a typical pallet outline and moved through the portal under test utilizing an automated transportation device (see Muehlmann & Witschnig, 2007). The CDFs derived from the measurement data show similar characteristics and do not depend on the antenna position (see figure 12). Hence, it can be concluded that the portal interrogation zone does not depend on the portal surroundings. It can be noted, that the free space field coverage is a bit higher in the US setup, 50% achieved at around -10 dBm compared to -15dBm achieved in the EU setup. This is probably caused by the broader antenna beam width used in the US setup (the broader beam width combined with scattering from metal object surrounding thus the portal may generate a higher level of reflections and resulting in an increasing of the field). -40 -30 -20 -10 0 0 0.5 1 Antenna 1 P [dBm] p(P) -40 -30 -20 -10 0 0 0.5 1 Antenna 2 P [dBm] p(P) -40 -30 -20 -10 0 0 0.5 1 Antenna 3 P [dBm] p(P) -40 -30 -20 -10 0 0 0.5 1 Antenna 4 P [dBm] p(P) -40 -30 -20 -10 0 0 0.5 1 Antenna 1 P [dBm] p(P) -40 -30 -20 -10 0 0 0.5 1 Antenna 2 P [dBm] p(P) -40 -30 -20 -10 0 0 0.5 1 Antenna 3 P [dBm] p(P) -40 -30 -20 -10 0 0 0.5 1 Antenna 4 P [dBm] p(P) Fig. 12. (a) CDF of the used US portal derived from the FSM measurements and fitted model function showing p(P) as probability of power level greater a threshold and (b) CDF of the used EU portal derived from the FSM measurements and fitted model function showing p(P) as probability of power level greater a threshold. 4.2.2 LOS-plane mean power model results According to the proposed method, the LOS-plane mean power model is used to describe the field strength distribution on the portal cross-section. Figure 13a shows the simulation result of the EU setup where antenna 3 is the interrogation antenna and which defines the x- axes origin. The simulation result matches well to the real life situation. The comparison is Development and Implementation of RFID Technology 232 performed by taking the field strength values of the TAG-plane measurement data when the FSM is passing through the portal cross-section. The US setup is analyzed in an equal manner. The simulation result is illustrated in figure 13b and shows a slightly lower mean power distribution compared to the EU setup. Fig. 13. (a) LOS-plane mean power model of the EU portal setup. Antenna 3 is used as interrogation antenna and defines the x-axes (vertical) origin and (b) LOS-plane mean power model of the US portal setup. Antenna 3 is used as interrogation antenna and defines the x-axes origin 4.2.3 Pallet readability 840 845 850 855 860 865 870 875 880 -80 -70 -60 -50 -40 -30 -20 S21 NA measurements Freq [MHz] S21 [dB] A1->A4 FS A1->A3 FS A2->A4 FS A2->A3 FS A1->A4 "Low" Reflective A1->A3 "Low" Relefctive A2->A4 "Low" Relefctive A2->A3 "Low" Relefctive 840 845 850 855 860 865 870 875 880 -60 -50 -40 -30 -20 -10 LOSSES Freq [MHz] LOSSES [dB] A1->A4 Relefctive A1->A3 Relefctive A2->A4 Relefctive A2->A3 Relefctive Fig. 14. S 21 measurement results of a pallet with dimensions 1.2m x 1.4m x 2.2m by using opposite antenna pairs for radiation and reception. A network analyzer is used to determine S 21 versus frequency. A Scientific Approach to UHF RFID Systems Characterization 233 The pallet readability depends not only on the prevalent field coverage of the interrogation zone and the pallet density but also on the operational sequence of the anti-collision protocol (see ISO Standards, 2007). There has been extensive research carried out in the optimization of such ALOHA anti-collision protocols (see Jin et al., 2007; Floerkemeier & Wille, 2006; Vogt, 2002; Wang & Liu, 2006) which impact on the reading performance is beyond the scope of this study. A practical test of these two portals with a pallet (1.2m,1.4m,2.2m) containing 200 tagged items (see figure 5) has shown that the EU portal setup reaches 86.8% read-rate whereas the US portal setup 80%. Referring to figure 13, the mean LOS power level is about 2dB higher in the EU compared to the US setup which explains the different read-rates. The pallet loss characteristic was measured and illustrated in figure 14b. Assuming a linear path-loss through the portal and that all four antennas are in the interrogation sequence involved, a path loss of -11dB can be expected from the pallet outline to its centre. 5. Conclusion Two quality factors for gate and portal applications are proposed in this text, which are defined as field coverage and readability. Both indicators are in reference to the dedicated interrogation zone specified as sections with defined boundaries on the pallet moving path. The expected field coverage of different setups has similar tendency associated with the section boundaries and depends on the damping characteristics of the different pallet configurations and on the sensitivity threshold of the tag. It can be enhanced up to 10% by increasing the sensitivity from -13dBm to -15dBm. However, the sensitivity improvement is insufficient in reference to the absolute field coverage that is achieved in particular pallet arrangements. In contrary, the readability of tags at particular positions can be achieved by increasing their sensitivity. The readability as well as the field coverage depends on the section boundaries. The closer the section boundaries to the centre of the gate the higher the expected field coverage and readability will be. This characteristic is mainly caused by the gain pattern of the interrogator antenna, which shows normally a dominant main lobe in the direction to the portal centre. The probability of missing reads from the perspective of field coverage and readability can be reduced by defining the appropriate interrogator triggering position in combination with the main lobe of the interrogator antennas on the one hand. On the other hand, the improvement of the tag sensitivity will lead to higher readability and increases the probability of a successful inventory accordingly. However, this experimental study has shown that the readability is not guaranteed at certain positions on the pallet with state of the art technology, where extreme conditions prevent the activation of the affected tags. The sensitivity enhancement up to a certain level must be investigated properly. Therefore, two conflicting factors that influence the overall system performance must be considered. These factors are the receiver sensitivity and dynamic range of the interrogator and the occurrence of unwanted reads in close proximity. In conclusion, a novel interrogator-to-tag channel model has been presented that describes the field strength distribution in the portal interrogation zone. The model parameters are derived from the measurement data and a custom-made FSR is used to determine the actual field strength along typical tag trajectories. Development and Implementation of RFID Technology 234 Further investigations are needed on how to interpret the model parameters p, μ 1 , σ 1 , μ 2 , and σ 2 with respect to an optimization of the portal setup, beam-width and selection of the antenna, etc. Furthermore, the reflection characteristic of the opposite chamber needs to be studied in different setups to derive general numbers. Based on the LOS-model it should be possible to predict this reflection characteristic out of the measurement data. In order to predict the read-rate out of the model parameters, it is essential to know absorption and reflection figures of possible pallet configurations as well as actual tag locations on the tagged items. These parameters are mainly customer related and no work to this subject is presented in this text accordingly. In addition, it is essential to incorporate the influence of the anti-collision algorithm in order to make a statement about the overall read-rate. 6. References Aroor, S. R. & Deavours, D. D. (2007). Evaluation of the State of Passive UHF RFID: An Experimental Approach. IEEE Systems Journal, vol 1(2), December 2007, pages 168- 176 Bosselmann, P. & Rembold, B. (2006a). Ray Tracing Simulations for UHF Passive RFID Applications, 15th IST Mobile and Wireless Communications Summit, Mykonos, Greece, 4-8 June 2006 Bosselmann, P. & Rembold, B. (2006b). Ray Tracing Method for System Planning and Analysis of UHF-RFID Applications With Passive Transponders, 2nd ITG/VDE Workshop on RFID, Erlangen, Germany, 4-5 July CISC. (2006). RFID Field Recorder R 1.0, www.cisc.at. De Vita, G. & Iannaccone, G. (2005). Design Criteria for the RF Section of UHF and Microwave Passive RFID Transponders, IEEE Transactions on Microwave Theory and Techniques, vol. 53, No. 9, September 2005, pages 2978-2990 ETSI. (2007a). European Telecommunications Standards Institute (ETSI), EN 300 220 (all parts): Electromagnetic compatibility 2007 EPCglobal Inc. Page 6 of 41, 11 June 2007, and Radio spectrum Matters (ERM); Short Range Devices (SRD); Radio equipment to be used in the 25 MHz to 1000 MHz frequency range with power levels ranging up to 500 mW ETSI. (2007b). European Telecommunications Standards Institute (ETSI), EN 302 208: Electromagnetic compatibility and radio spectrum matters (ERM) – Radio- frequency identification equipment operating in the band 865 MHz to 868 MHz with power levels up to 2 W, Part 1 – Technical characteristics and test methods ETSI. (2007c). European Telecommunications Standards Institute (ETSI), EN 302 208: Electromagnetic compatibility and radio spectrum matters (ERM) – Radio- frequency identification equipment operating in the band 865 MHz to 868 MHz with power levels up to 2 W, Part 2 – Harmonized EN under article 3.2 of the R&TTE directive FCC. (2007). Federal communication commission, Radio Frequency Devices Intentional Radiators, Radiated emission limits, general requirements, Part 15 Subpart C, § 15.245, 15.246, 15.247 Fenn, A. J. & Lutz, J. E. (1993). Bistatic radar cross section for a perfectly conducting rhombus-shaped flat plate: simulations and measurements, IEEE transactions on antennas and propagation, vol. 41, pages 47-51 A Scientific Approach to UHF RFID Systems Characterization 235 Finkenzeller, K. (1999). RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd ed. New York: Wiley Fletcher, R.; Marti, U.P. & Redemske, R. (2005). Study of UHF RFID Signal Propagation through Complex Media, IEEE Antennas and Propagations Society International Symposium, vol. 1B, July 2005, pages 747-750 Floerkemeier, C. & Wille, M. (2006). Comparison of transmission schemes for framed ALOHA based RFID protocols, Applications and the Internet Workshops, 2006. SAINT Workshops 2006, International Symposium on, Jan. 2006, pages 23-27 Glidden, R. & Schroeter, J. (2005). Bringing long-range UHF RFID tags into mainstream supply-chain applications, RFDESIGN, RF and Microwave Technology for Design Engineers, www.rfdesign.com Glidden, R. et al. (2004). Design of ultra-low-cost UHF RFID tags for supply chain applications, Communications Magazine, IEEE, vol. 42, pages 140-151 Han, Y.; Li, Q. & Min, H. (2004). System modeling and simulation of RFID, In Auto-ID Labs Research Workshop, Zurich, Switzerland Hashemi, H. (1993). The Indoor Radio Propagation Channel, Proceedings of the IEEE, vol. 81, no. 7 IDA. (2008). Infocom Development Authority of Singapore (IDA), IDA TS SRD Technical Specification for Short Range Devices, Issue 1 Rev 3, January 2008, Singapore ISO Standards. (2007). ISO 18000-6C Standard – RFID UHF Air Interface, Information technology – Radio frequency identification for item management – Part 6: Parameters for air interface communications at 860 MHz to 960 MHz Jin, C.; Cho, S. H. & Jeon, K. Y. (2007). Performance Evaluation of RFID EPC Gen2 Anti- collision Algorithm in AWGN Environment, International Conference on Mechatronics and Automation, 5-8 Aug 2007, pages 2066-2070 Kajiwara, A. (2000). Circular polarization diversity with passive reflectors in indoor radio channel, IEEE Transactions on Vehicle Technology, May 2000, vol. 49, no. 3, pages 778–782 Karthaus, U. & Fischer, M. (2003). Fully integrated passive UHF RFID transponder IC with 16.7 uW minimum RF input power, IEEE Journal of Solid-State Circuits, vol. 38, No. 10, October 2003, pages 1602-1608 Kim, D.; Ingram, M.A. & Smith, W.W., Jr. (2003). Measurements of small-scale fading and path loss for long-range RF Tags, IEEE Transactions on Antennas and Propagation, vol. 51, No. 8, August 2003, pages 1740-1749 Leong, K. S.; Ng, M. L. & Cole, P. H. (2006). Positioning Analysis of Multiple Antennas in a Dense RFID Reader Environment, International Symposium on Applications and the Internet Workshop 2006, 23-27 Jan 2006, pages 56-59 Mayer, L. W.; Wrulich, M. & Caban, S. (2006). Measurements and Channel Modeling for Short Range Indoor UHF Applications, Proceedings of The European Conference on Antennas and Propagation, EuCAP 2006, 6-10 Nov. 2006, Nice, France Mitsugi, J. & Hada, H. (2006). Experimental Study on UHF passive RFID Readability Degradation, SAINT Workshops 2006, pages 52-55 Mitsugi, J. & Shibao, Y. (2007). Multipath Identification using Steepest Gradient Method for Dynamic Inventory in UHF RFID, International Symposium on Applications and the Internet Workshops 2007 (SAINT Workshops 2007) Development and Implementation of RFID Technology 236 Mitsugi, J. & Tokumasu, O. (2008). A Practical Method for UHF RFID Interrogation Area Measurement Using Battery Assisted Passive Tag, IEICE Transactions on Communications, vol. E91-B, No.4, pages 1047-1054 Muehlmann, U. & Witschnig, H. (2007). Hard to read tags: an application-specific experimental study in passive UHF RFID systems, elektrotechnik und informationstechnik, vol. 11, pp. 391-396, Vienna, Austria: Springer Nikookar, H. & Hashemi, H. (1993). Statistical Modeling of Signal Amplitude Fading Of Indoor Radio Propagation Channels, Proc. of Int. Conf. on Universal Personal Communications, vol. 1, pages 84-88 Ramakrishnan, K. & Deavours, D. (2006). Performance benchmarks for passive UHF RFID tags, Proceedings of the 13th GI/ITG Conference on Measurement, Modeling, and Evaluation of Computer and Communication Systems, pages 137-154 Rappaport, T. S. (2002). Wireless Communications – Principles and Practice, Prentice Hall, Second Edition Rappaport, T.S. & McGillem, C.D. (1989). UHF fading in factories, IEEE Journal Selected Areas of Communications, Vol. 7, No. 1, January 1989, pages 40-48 Redemske, R. & Fletcher, R. (2005). The Design of UHF Tag Emulators with Applications to RFID testing and Data Transport, Proceedings of 4th IEEE Conference on Automatic Identification Technologies, October 2005 Ross, R.A. (1966). Radar cross section of rectangular flat plates as a function of aspect angle, IEEE Transactions on Antennas and Propagation, July 1966, vol. 14, no. 3, pages 329– 335 Sato, K.; Manabe, T., Polivka, J., Ihara, T., Kasashima, Y. & Yamaki, K. (1996). Measurement of the Complex Refractive Index of Concrete at 57.5 GHz, IEEE Transactions on Antennas and Propagation, vol. 44, no. 1, pages 35-40. Saunders, S. R. (1999). Antennas and Propagation for Wireless Communication Systems, ISBN: 978-0-471-98609-6, 426 pages, 10/1999 SRRC. (2007). State Radio Regulation Committee (SRRC), Ministry of Informatics Industry (MII), P.R.China, 800/900 MHz Radio Frequency Identification (RFID) Vogt, H. (2002). Multiple object identification with passive RFID tags, IEEE International Conference on Systems, Man and Cybernetics, vol: 3, 6-9 Oct. 2002 Wang, L. C. & Liu, H. C. (2006). A Novel Anti-Collision Algorithm for EPC Gen2 RFID Systems, Wireless Communication Systems, 2006. ISWCS '06, Sept. 2006, pages 761- 765 13 Security and Privacy in RFID Applications Paweł Rotter Joint Research Centre of the European Commission, Institute for Prospective Technological Studies Seville, Spain Currently at: AGH-University of Science and Technology, Automatics Department Kraków, Poland 1. Introduction RFID technology raises a number of security and privacy concerns, which may substantially limit its deployment and reduce potential benefits. Public consultations led by the European Commission with citizens, RFID manufacturers, system integrators, academic institutions and public bodies confirm that privacy and security is a major concern (www.rfidconsultation.eu). Features which make RFID especially vulnerable among information systems are: 1. Wireless transmission between tag and reader: Most of the attacks on RFID systems described in the next part of this chapter exploit the air interface. 2. The limited resources of the tag: The low power supply and small memory of low-cost passive tags limit the extent to which security measures can be applied. 3. The small size of tags: RFID tags can be almost invisible, 1 which allows them to be attached to items carried by people without their consent or even their knowledge. The most common threat is unauthorised access to the data stored on the tag or sent via the air interface. Attackers can achieve this either by reading the tag with an unauthorized reader (rogue scanning) or by eavesdropping on a legitimate communication. Access to the data on the tag is a threat in itself, but it can also be the first step to other types of attack. For example, in a replay attack, the attacker repeats the authentication sequence captured when it was emitted by an authorized tag, and in this way he may usurp the identity of another person. The attacker can also make a duplicate of the tag, with has the same functionality. Another threat is the malicious modification of the memory content of the RFID tag, with a view to changing attributes reported by the tag or using the tag as a carrier of malware. Denial of service can be avoided by blocking (putting the anti-collision protocol in a practically infinite loop) and frequency jamming. By reverse engineering and side channel attack, the attacker may discover algorithms and data on the tag (including the cryptographic key). Moreover, 1 The smallest passive tags commercially available in 2006 are of size 0.15×0.15×0.0075 mm (Harrop et al. 2008). Development and Implementation of RFID Technology 238 protection measures for RFID-based cards are more difficult to apply than for contact cards. Finally, RFID systems may be the subject of attack to backend, like any other information system. Depending on the application in which an RFID system is commercialized, security and privacy threats should be differently treated. Some applications demand high levels of security (like access control systems) and privacy (like e-documents), while for others, like livestock tracking or some manufacturing processes, these concerns are less important. Also, types of risk depend on the application. For presentation in this chapter, we have selected the set of application areas where the most relevant privacy and security issues arise. (However, where the same issues appear in different applications, we have not tried to discuss all of them.) We have looked especially at those applications which are large in economic terms and involve a large number of users. Detailed criteria are presented at the beginning of Section 3. The four selected application areas are: item-level tagging, electronic ID documents, contactless smart card and RFID implants. Item-level tagging is foreseen to be the main RFID application in terms of market value and number of tags, and the most pervasive one. The main privacy concern here is unauthorized tag reading. When tagging at item level becomes common, if appropriate countermeasures are not applied, attackers will be able to find out what items a person has in a bag (e.g. what type of medicine), the price and brand of clothes, etc. A set of tags attached to items usually carried by a person may allow his identification and tracking. There are many countermeasures, which can reduce and even eliminate the risk, but just the possibility of massive invasions of privacy and a “big brother” scenario has an important impact on image of RFID and its social acceptance. Electronic identity documents may use different technologies. Nevertheless, for electronic passports, RFID has been selected, as it is more appropriate for the booklet form of e- passports than, for example, contact smart cards. The combination of two privacy-sensitive technologies – i.e. RFID and biometrics – brings particular concerns about privacy. The main threats are: secret reading of personal data and biometrics, copying the passport, tracking the passport’s owner, and theoretically even the construction of a bomb which could be triggered by a passport of a specific nation or individual. Though several security measures have been proposed in the ICAO specification (Basic Access Control, Active Authentication, and Extended Access Control) there is ongoing discussion as to whether the protection they offer is sufficient. Contactless smart cards and single-use RFID-based tickets increase convenience and efficiency in public transport and allow additional services to be offered. They provide detailed information about traffic patterns which can be used in traffic management (schedule optimisation) and enable new payment plans, like fee per kilometre. Apart from security risks typical to each RFID application based on wearable tokens, privacy is a special issue for public transport applications, since travel patterns of individuals can be recorded and stored in a central database. RFID implants for identification and authentication of people are probably the most controversial among RFID technologies. They provide a permanent and physical link between the person and the tag. The first implant was approved for commercial use by the FDA in 2004. Since then, about two thousand people were injected with tags, mostly in order to be included in a healthcare information system. This system provides online access to medical record of a patient based on ID number communicated by the implant. In the future RFID implants may have a wide range of applications. However, privacy and security issues, as well as possible health risks, may limit or even stop further deployment of this technology. Security and Privacy in RFID Applications 239 Our purpose was not to give a complete discussion of all applications where privacy and security is important, which would be rather repetitive. Instead, we provided four examples, which cover the most of issues. Threats and measures in, for example, access control systems or electronic payment will be similar to those which are discussed here. In this chapter, we focus mostly on the technical aspects of security and privacy and the technical countermeasures, but there are also legal, social and economic challenges related to security issues. Moreover it is important to bear in mind that security and privacy protection need to be followed by the creation of user trust and awareness. Even a secure system will not be successful if the user’s perception of security and privacy protection is low. This chapter is structured as follows: in Section 2, we present in more detail the threats mentioned above and corresponding countermeasures. In Section 3, we discuss selected applications. We provide a summary and conclusions in Section 4. 2. Threats to RFID systems – state of the art In this section, we present the threats to RFID and corresponding countermeasures – see Fig. 1. We focus on those risks which are not an issue in other information systems. We do not Fig. 1. Threats to RFID systems and number of subchapters where they are discussed Change of tag content (2.7) Eavesdropping ( 2.2 ) Relay attack (2.3) Rogue scannin g ( 2.1 ) Replay attack (2.6) Jamming ( 2.9 ) Attacks typical for all information systems Blocking ( 2.9 ) RFID Tag Radio interface Reader Networ k Backend Unauthorized False tag Legend: Reverse engineering Tag cloning ( 2.4 ) Tracking of people (2.5) Side channel attack (2.11) Physical tag destruction (2.8) Development and Implementation of RFID Technology 240 discuss attacks on the backend of the RFID system, which are similar to attacks on non-RFID information systems. Exhaustive information about risks and countermeasures in information systems can be found in, for example (Hansche et al., 2004). It is interesting to observe that one type of attack may be a preparatory step for another one. For example, eavesdropping may enable cloning of the tag; this may then result in a replay attack and the final consequence may be unauthorized access to a restricted area. These kinds of relations imply that a single vulnerability of the system, even if it is not perceived as a problem in itself, may threaten security and privacy in areas which are not directly related to it. 2.1 Rogue scanning A fake reader can be used for unauthorized reading of information from a tag. The range of a reader may be extended several times beyond the standard communication distance. For example for standard ISO 14443, used in proximity cards like MIFARE and in electronic passports, the standard communication range is 10 cm. Kirschenbaum & Wool (2006) built a “home-made” reader able to operate from 25 cm at a cost of $100. Further extension of the range up to about 35 cm is possible, probably at a similar cost. Fortunately, range increase is not only a matter of reader parameters. Simulations led by Kfir & Wool (2005) show that ISO 14443 cards can be read from maximum distance of 55 cm in the worst-case scenario, where there is only man-made noise and sophisticated signal processing by the attacker. For larger distances, it is not possible to separate the signal from the noise. However, even 25 cm is enough to read a card in someone’s pocket. Using short-range tags wherever possible makes rogue scanning more difficult. Shielding with an anti-skimming material (e.g. aluminium foil) when the tag is not in use, protects it from scanning. A specific and common countermeasure against unauthorized tag reading is the authentication of the reader. Risk can also be reduced by moving sensitive information to a protected database in the system’s backend. In this case, in order to retrieve information based on an ID number read from the tag, the user must authenticate himself to access the backend part of the system, where authentication methods are not limited by the constraints of RFID technology. However, it should be noted that keeping personal data in a central database is generally perceived as more privacy invasive than when they are kept only on tokens owned by users. Moreover, although the back office can include stronger security than RFID tags, there is always some risk of compromising all the records in one attack. Other concerns related to central vs. local storage are discussed in Section 5.1 of the report (Snijder 2007). Another countermeasure against rogue scanning is to let the tag send information only when it is activated by the user (e.g. by pressing a button), thus the possibility of unauthorized reading is limited to moments when a legitimate communication is demanded. This solution is appropriate for active tags, like car remotes, where the communication can be initiated by the tag. However, for most low-cost passive tags or smart cards, this solution is not practical. Also, in many applications, the full automation of the process is RFID’s main asset. Many privacy concerns can be avoided by permanent deactivation of tags which are not going to be used any more. This possibility has been foreseen in the EPC Global standard and will probably become common with the massive deployment of RFID in retail. 2.2 Eavesdropping Eavesdropping on a legitimate communication is a secret monitoring of data sent via the air interface between an RFID tag and a reader. The attacker does not need to power the tag, [...]... Demand for security Demand for security depends mostly on two factors: a) the size of potential damage, in terms of loss of money, loss of customers or, for example, disclosure of 246 Development and Implementation of RFID Technology privacy-sensitive information, and b) the level of motivation of attackers, related to the potential prize they could win if they are successful These two factors are often... 2006) 4 250 Development and Implementation of RFID Technology Countermeasures The standard security mechanisms offered by electronic passports is called Basic Access Control (BAC) The data printed on the last page of a passport (passport number, expiry date, name and date of birth of the owner) are scanned at the checkpoint and, on the basis of this data, the 128-bit key is calculated The size of the key... privacy and security aspects and the low acceptance of RFID technology are sufficient arguments against its use The situation is different in the case of electronic passports The booklet form of the passport makes the use of contact solutions difficult On the other hand, although the air interface of Security and Privacy in RFID Applications 2 49 RFID creates potential threats, this technology, due to data... implication of privacy and security issues for the RFID market is the need for the application of technical and legal measures, which make RFID (both single tags and whole systems) more complex, and therefore more expensive On the other hand, the demand for security can be seen as a market opportunity Apart from the need for security to be built into RFID systems, we can foresee the demand for personal... privacy and security may limit the deployment of RFID technology and its benefits, therefore it is important they are identified and adequately addressed System developers and other market actors are aware of the threats and are developing a number of countermeasures RFID systems can never be absolutely secure but effort needs to be made to ensure a proper balance between the risks and the costs of countermeasures... approach taken to privacy and security should depend on the application area and the context of a specific application In this chapter, we selected and discussed four application areas, but there are many others where privacy and security issues are relevant In Table 1, we list the main threats and the application areas in which they arise 256 Development and Implementation of RFID Technology Threats Application... they exist and the main countermeasures Security and Privacy in RFID Applications 257 Security and privacy must be considered in the early stages of RFID system development; a large part of technical security measures should be taken into account at the stage of tag design Developers should consider not only present but also future levels of risk resulting from foreseen improvements in the technology. .. 2 RFID Specification Alien Technology Whitepaper 2005 Atkinson, R (2006) RFID - There's Nothing To Fear Except Fear Itself Opening Remarks at the 16th Annual Computers, Freedom and Privacy Conference, 4 May 2006, Washington DC 258 Development and Implementation of RFID Technology Avoine, G (2004) Privacy Issues in RFID Banknote Protection Schemes International Conference on Smart Card Research and. .. Development and Implementation of RFID Technology 2.8 Physical tag destruction Physical tag destruction, e.g by heating in a microwave or hitting with a hammer, is the easiest and the cheapest way to disrupt RFID systems This is a particular issue for applications where RFID tags are used not only for identification purposes, but also for the protection of items against theft, like in retail or in libraries RFID. .. period of time and b) increasing the entropy of BAC keys by random numbering of passports and by filling in the optional (usually not used) field on the last page of a passport with a random number Apart from sophisticated cryptographic measures, shielding seems a simple, effective and inexpensive solution It has already been introduced in the United States: one passport cover contains the chip and the . ( 199 6). Measurement of the Complex Refractive Index of Concrete at 57.5 GHz, IEEE Transactions on Antennas and Propagation, vol. 44, no. 1, pages 35-40. Saunders, S. R. ( 199 9). Antennas and. 97 8-0-471 -98 6 09- 6, 426 pages, 10/ 199 9 SRRC. (2007). State Radio Regulation Committee (SRRC), Ministry of Informatics Industry (MII), P.R.China, 800 /90 0 MHz Radio Frequency Identification (RFID) . Currently at: AGH-University of Science and Technology, Automatics Department Kraków, Poland 1. Introduction RFID technology raises a number of security and privacy concerns, which may