Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evan Welbourne University of Washington, Dept. of Computer Science & Engineering “ Radio Frequency Identification: What’s.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Evan Welbourne University of Washington, Dept. of Computer Science & Engineering “ Radio Frequency Identification: What’s."— Presentation transcript:

1 http://rfid.cs.washington.edu/ Evan Welbourne University of Washington, Dept. of Computer Science & Engineering “ Radio Frequency Identification: What’s RFID Doing in Your Life?” University of Alaska, Anchorage September 19, 2007

2 http://rfid.cs.washington.edu/ Radio Frequency Identification  Wireless identification and tracking  Information on:  Identity  Location  Time tagtimelocation ……… t1A t2B AB C t3C

3 http://rfid.cs.washington.edu/ Elements of an RFID System RFID ReaderRFID TagsReader Antenna Network Infrastructure Data Management System Applications

4 http://rfid.cs.washington.edu/ RFID Tags – A Wide Variety Consumer Item CasesPalletsTrucks Ships / Trains bar codes passive tags active tags GPS-enabled active tags Cost of tag (logarithmic)

5 http://rfid.cs.washington.edu/ RFID in the Supply-Chain

6 http://rfid.cs.washington.edu/ Today: Outside the Supply Chain

7 http://rfid.cs.washington.edu/ Tomorrow: Pervasive Computing  “Post-desktop era”, “Internet of Things”, “Third wave of computing”

8 http://rfid.cs.washington.edu/ Overview  RFID-based pervasive computing  The RFID Ecosystem project  Specific Applications  Research Challenges

9 http://rfid.cs.washington.edu/ Enabling “The Third Wave”  RFID is a key enabling technology  Cheap  Wireless  No batteries  Already pervasive  But there are many challenges!! 1970198019902000 mainframe era one-to-many PC era one-to-one pervasive computing era many-to-one 1960

10 http://rfid.cs.washington.edu/  Create a microcosm of a world saturated with uniquely identifiable objects  100s of readers and antennas, 1000s of tags  Explore applications, systems, and social implications  Do it while there is still time to learn and adapt  Groups: Database, Security, Ubicomp, and others  Participants include: RFID Ecosystem at UW CSE Magdalena Balazinska Gaetano Borriello Garret Cole Nodira Khoussainova Tadayoshi Kohno Karl Koscher Travis Kriplean Caitlin Lustig Julie Letchner Vibhor Rastogi Chris Re Dan Suciu Justin Vincent-Foglesong Jordan Walke Evan Welbourne

11 http://rfid.cs.washington.edu/ Benefits: Home & Office  Management, information, assistance

12 http://rfid.cs.washington.edu/ Benefits: Healthcare  Use RFID to automatically monitor an elder’s activities  “Activity inference”  Intel Research

13 http://rfid.cs.washington.edu/ Overview  RFID-based pervasive computing  The RFID Ecosystem project  Specific Applications  Research Challenges

14 http://rfid.cs.washington.edu/ Research Challenges  Technology (Hardware) Challenges  Noisy, uncertain sensors  Limited sensor information  Data Management Challenges  “High fan-in” architecture produces a massive amount of data  Data must be “cleaned”  Uncertainty must be represented to applications  Inference and event detection for pervasive computing  Security and Privacy Challenges  Tags are on people and personal objects  Security on tags is often weak  How to manage sensitive information about individuals

15 http://rfid.cs.washington.edu/ Challenges: Technology  RFID is inherently unreliable  Missed and duplicate tag readings  Highly sensitive to environment  Handle at the data management level  RFID provides limited context  Identity, Time, Location only  Some applications need more! Intel Research’s WISP: Wireless Identification and Sensing Platform - Passive tags with limited sensing and computation - Acceleration, light

16 http://rfid.cs.washington.edu/ Challenges: Data Management  StreamClean: constraint-based RFID data stream cleaning  MystiQ: probabilistic database for managing uncertainty  Heuristics assign a probability to each tuple  Interpretation of probabilities passed on to application logic  PEEX: probabilistic event extractor  Specify events in SQL-like language  Detect complex events (“a meeting in room 405”) over RFID streams  Sophisticated learning machinery to improve accuracy

17 http://rfid.cs.washington.edu/ Challenges: Security & Privacy  Security: Protection against unauthorized access, use, disclosure, disruption, modification, or destruction  Privacy: Privacy in the collection and sharing of data  Roughly two areas of concern: 1) Security of reader-tag communication 2) Security and privacy of collected RFID data ( Rigorously defined and evaluated ) ( Definition and evaluation depends on human perception/interpretation )

18 http://rfid.cs.washington.edu/ Security of Tags and Readers Promise: Provides a faster, easier payment option Problem: Name, #, expiration sent as plaintext  $150 homemade device can steal and replay credit cards  Next generation of cards includes better security Promise: Faster border-crossings, improved security Problem: Identity, nationality sent in the clear  Malicious parties can easily identify / target U.S. citizens  Revised passport includes faraday shielding and BAC First generation RFID credit card vulnerabilities (UMass Amherst, RSA labs) Security and Privacy Risks of the U.S. e-Passport (UC Berkeley)

19 http://rfid.cs.washington.edu/ Security of Tags and Readers  Many attacks:  Crypto can improve security but…  Increases cost and power consumption, slows down read rate  and to be useful RFID tags have to be fast and cheap!  Physical security  Foil-lined wallet: works, but you have to remove your tag sometime  RFID Guardian: experimental device that jams readers, audits reads  Our approach:  Store little on tags, secure the EPC-PII link  Incorporate cryptographic techniques as they emerge  Skimming  Cloning  Replay attack  Eavesdropping  Ghost leech

20 http://rfid.cs.washington.edu/ Data Privacy and Security RFID and Contactless Smart Card Transit Fare Payment Promise: Streamlines transit experience and book keeping Problem: Massive databases with transit traces of individuals  Not entirely clear what data is private and how it can be used  Oyster card data is the new law enforcement tool in London  Increasing # of requests for Oyster data: 4 in all of 2004 61 in Jan. 2007 ORCA Card: RFID-Based Transit Card for Seattle Area (August 2008) Promise: Streamlines transit experience and book keeping Integrated with easy pay and institutional partners Problem: The word “privacy” appears twice in 500 pages of early docs…

21 http://rfid.cs.washington.edu/ Data Privacy and Security  From RFID Ecosystem user studies:  “How do I know if I have a tag on me?”, “How do I opt out?”  Users must be carefully educated before consenting  There should be equal, available alternatives to the RFID option  If personal RFID data is stored:  Clearly define how each piece of information can and will be used  Define and enforce appropriate access control policies May depend on user, application, and context of use (PAC)  Formal data privacy techniques to further ensure privacy (K-anonymity) Store only the information you need, and add noise!  Provide users with direct access to and control of their data

22 http://rfid.cs.washington.edu/ Privacy & Security Discussion…  Just having an RFID tag could be a privacy risk  Pseudonymity not Anonymity  Each RFID tag you carry has a unique number  Sequential readings of your tags create a trace  Over time this trace can be used to identify you - “The person who: wears this sweater, takes this bus, uses this bus stop, shops at this grocery, …”  U.S. privacy law doesn’t consider these traces to be PII  European and Canadian law does a better job  Important to discuss these issues  RFID is increasingly ubiquitous, may be in the REAL ID cards

23 http://rfid.cs.washington.edu/ Thank you! Thanks! Questions?

Download ppt "Evan Welbourne University of Washington, Dept. of Computer Science & Engineering “ Radio Frequency Identification: What’s."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Mobile Computing and Commerce And Pervasive Computing

Mobile Computing and Commerce And Pervasive Computing
Emerging Threats, RF-ID and eCrime issues. Pascal Chauvaud 28/06/2006.

Emerging Threats, RF-ID and eCrime issues. Pascal Chauvaud 28/06/2006.
Configuration management

Configuration management
RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
TPS – UNIQUE HARDWARE (WWW.HOWSTUFFWORKS.COM) Option 1: Transaction Processing Systems.

TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
RFIDs and the Future Logistic System Dr. Hayden So Department of Electrical and Electronic Engineering 17 Sep, 2008.

RFIDs and the Future Logistic System Dr. Hayden So Department of Electrical and Electronic Engineering 17 Sep, 2008.
The RFID Ecosystem Project Longitudinal Study of a Building-Scale RFID Ecosystem Evan Welbourne with Karl Koscher, Emad.

The RFID Ecosystem Project Longitudinal Study of a Building-Scale RFID Ecosystem Evan Welbourne with Karl Koscher, Emad.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
The RFID Ecosystem Project Studying Next Generation RFID Applications in the Workplace Evan Welbourne University of Washington,

The RFID Ecosystem Project Studying Next Generation RFID Applications in the Workplace Evan Welbourne University of Washington,
RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.

RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Privacy Research In the RFID Ecosystem Project Evan Welbourne joint work with Magdalena Balazinska, Gaetano Borriello, Tadayoshi.

Privacy Research In the RFID Ecosystem Project Evan Welbourne joint work with Magdalena Balazinska, Gaetano Borriello, Tadayoshi.
Security and Privacy in Ubiquitous Computing. Agenda Project issues? Project issues? Ubicomp quick overview Ubicomp quick overview Privacy and security.

Security and Privacy in Ubiquitous Computing. Agenda Project issues? Project issues? Ubicomp quick overview Ubicomp quick overview Privacy and security.

Similar presentations

Ads by Google