1. Fall 2011

2. 2

3. Stands for Radio Frequency Identification Uses radio waves for identification New frontier in the field of information technology One form of Automatic Identification Provides unique identification or serial number of an object (pallets, cases, items, animals, humans) 3

4. 4 reader tag database application server

5. RFID means a world with billions of ant-sized, five-cent computers Highly mobile Contain personal information Subject to surreptitious scanning no cryptography… Access control difficult to achieve Data privacy difficult to achieve 5

6. Earliest Patent: John Logie Baird (1926) “Identify Friend or Foe” (IFF) systems developed by the British RAF to identify friendly aircraft. Both sides secretly tracked their enemy’s IFF. How do you identify yourself only to your friends? 6 Oh. We’re British too! Don’t shoot! We’re British!

7. IFF still used today for aircraft and missiles. Obviously classified. Could envision an IFF system for soldiers. Lots of military interest in pervasive networks of cheap, RFID-like sensors. Monitoring pipelines, detecting biological agents, tracking munitions, etc. 7

8. Mobil Speedpass systems Automobile Immobilizer systems Fast-lane and E-Zpass road toll system Secure Entry cards Animal Identification Humans Supply chain management 8

9. 9 … and a chip attached to it … on a substrate e.g. a plastic foil... an antenna, printed, etched or stamped... A paper label with RFID inside

10. 10 1500 Euros in wallet Serial numbers: 597387,389473 … Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist- party handbook Replacement hip medical part #459382 Here’s Mr. Jones in 2020…

11. More efficient mugging 11 “Just in case you want to know, she’s got 700 Euro and a Rolex…”

12. 12 1. Tags can’t distinguish between authorized and unauthorized readers  Tag responds to every reader 2. Readers can’t distinguish between tags they’re allowed to identify, and those they aren’t  Readers scan every tag; privacy protection left to the tag database  #1 threatens privacy; #2 undermines confidence

13. 1. Hidden placement of tags. Integrated into cardboard boxes Hidden in inaccessible location on product Slipped between layers of paper Sewn into clothing Embedded in plastic Printed onto product packaging Seamlessly integrated into paper 2. Unique identifiers for all objects worldwide. 3. Massive data aggregation. 4. Hidden readers. 5. Individual tracking and profiling 13

14. A bomb in a restaurant explodes when there are five or more Americans with RFID-enabled passports detected. A mugger marks a potential victim by querying the tags in possession of an individual. A fixed reader at any retail counter could identify the tags of a person and show the similar products on the nearby screen to a person to provide individualized marketing. A sufficiently powerful directed reader reads tags in your house or car. The ISO 14443 standard proposed for passports specifies about 4 inches (10 cm) as the typical range. However, NIST with a special purpose antenna read it at 30 feet (10 meters)! RFID enables tracking, profiling, and surveillance of individuals on a large scale 14

15. Tracking – Determine where individuals are and where they have been Hotlisting – Single out certain individuals because of the items they possess Profiling – Identifying the items an individual has in their possession 15

16. Corporate Espionage: Identify Valuable Items to Steal Monitor Changes in Inventory Personal Privacy Leaking of personal information (prescriptions, brand of underwear, etc.). Location privacy: Tracking the physical location of individuals by their RFID tags. 16

17. RFID casino chips, Mobil SpeedPass, EZ-Pass, FasTrak, prox cards, designer clothing. Skimming: Read your tag, make my own. Swapping: Replace real tags with decoys. Producing a basic RFID device is simple. A hobbyist could probably spoof most RFID devices in a weekend for under $50. 17

18. Mandel, Roach, and Winstein @ MIT Took a “couple weeks” and $30 to figure out how produce a proximity card emulator. Can produce fake cards for a few dollars. Can copy arbitrary data, including TechCash. Could read cards from several feet. 18

19. If we can’t eavesdrop or forge valid tags, can simply attack the RFID infrastructure. Wiping out inventory data. Vandalization. Interrupting supply chains. Seeding fake tags – difficult to remove. 19

20. The US Food and Drug Administration (FDA) recently recommended tagging prescription drugs with RFID “pedigrees”. Problems: “I’m Oxycontin. Steal me.” “Bob’s Viagra sales are really up this month.” “Hi. I’m Alice’s anti-fungal cream.” 20

21. 21 Tags can be sewn into clothing

22. 22 Alien/RAFSEC “I” tag in lid of Pantene shampoo bottle

23. 23 Embedded in plastic

24. 24 Hitachi’s mu-chip contrasted with grains of rice

25. 25 Inkode’s “chipless tag”: Closeup of Inkode metal fibers embedded in paper

26. 26 “Alien envisions [conductive] ink being mixed with regular packaging ink to create antennas on boxes of cereal and other disposable packaging…” "With these things you could literally tag a pack of chewing gum.” - Jacobsen, Alien Technology

27. 27 The card in your wallet could transmit data about you

28. Reader devices can be invisibly embedded in: 28 Walls Doorways Floor tiles Carpeting Floor mats Vehicles Roads Sidewalks Shelving Furniture Backpacks

29. Broken Arrow. Wal-Mart and P&G conducted secret trials involving live consumers, then tried to cover it up Gillette “Spy Shelf.” Gillette caught taking mugshots of unsuspecting customers with shelf cameras, then shifted responsibility to partner Tesco Brockton Wal-Mart Trial. Gillette and Wal-Mart both denied existence of smart shelf until CASPIAN provided photos to the press. Auto-ID Center Confidential Documents. PR strategy involved conveying the “inevitability” of RFID, “pacifying” consumers, and relying on consumer “apathy” Benetton/Philips. Benetton misled consumers about its clothing tracking chip, telling them the chips could be “killed” at checkout 29

30. Wal-Mart and P&G conducted a 4-month secret RFID experiment using live consumers. Distant P&G executives used a video camera triggered by an RFID device trained on the shelf to observe shoppers. Both Wal-Mart and P&G repeatedly denied the trials until evidence was produced. 30

31. Gillette was caught taking mugshots of unsuspecting customers using RFID- triggered shelf cameras. Gillette initially denied the trials, then shifted responsibility to partner Tesco.

32. 32 MfgrTypeFrequencyRead RangeComments Transponder Technologies Intellitag 500 Passive 915 MHz11 feet “Read range up to 3.5m (11.48 ft) using unlicensed 915 MHz reader with one antenna; read range up to 7m (22.96 ft) with two antennas" Telenexus Passive 915 MHz15 feet “Telenexus has developed a reader and antenna for the 915 MHz long-range RFID system...with a read range of over 15 feet. The tag is a low- cost passive transponder.” Alien Passive 915 MHz17 feet “The maximum freespace read range of these emulator tags is 5 meters, consistent with the performance of other known UHF passive tags.” iPico Passive 915 MHz 66 feet USA licensed 20-26 feetUSA unlicensed 3 – 7 feet EU Read range “depends on reader configuration and tag enclosure.30 W EIRP (USA site licensed):> 20m4 W EIRP (USA unlicensed): 6- 8m500 mW ERP (Europe): 1-2m” Matrics/Savi Passiveunspecified 33 feet “The first product to come from the collaboration will be a handheld device that reads Matrics' passive EPC tags…The unit will be able to read passive tags from up to 33 feet (10 meters) away”

33. Team at Johns Hopkins University reverse engineer Texas Instrument’s Digital Signature Transponder Paid for gas with cloned RFID tag Started car with cloned RFID tag 33

34. All new US passports contain RFID chips In 2009 the system was cracked It is possible to read and copy the data from a distance of 30 feet using $250 worth of equipment 34

35. Tags can be used to uniquely identify objects (this is why the keen interest in RFID in commercial supply chain) with a vast name space – the Electronic Product Code (EPC) 96-bit value could uniquely identify every object you’d care to, with a lot of space left over. When tags are seen, they’ll often uniquely identify objects: “That same thing passed by this reader just now, Monday morning, and Tuesday evening.” When the wearer/bearer of a tagged object presents additional information, e.g., a driver’s license or passport, that now-revealed identity can be bound to any tags present. The next time we see a given tag, “that’s Alice’s thing... maybe we’re seeing Alice again.” This works for historical data: “We know now that that was probably Alice at all these points over the past year.” 35

36. Human implantable RFID tag operating at about 134 KHz because at these frequencies the RF can penetrate mud, blood, and water About the size of uncooked grain of rice Oct. 22, 2002 – US Food and Drug Administration ruled VeriChip not regulated device Oct. 2004 – FDA ruled serial number in VeriChip could be linked to healthcare information Healthcare applications Implanted medical device identification Emergency access to patient-supplied health information Portable medical records access including insurance information In-hospital patient identification Medical facility connectivity via patient Disease/treatment management of at-risk populations (such as vaccination history) 36

37. The RFID Bill of Rights: 1) The right to know whether products contain RFID tags. 2) The right to have RFID tags removed or deactivated when they purchase products. 3) The right to use RFID-enabled services without RFID tags. 4) The right to access an RFID tag’s stored data. 5) The right to know when, where and why the tags are being read. 37