Transcript Snímek 1

RFID technology
in mobile applications
Karol Hrudkay
Transport Research Institute, Žilina, Slovak Republic
RFID technology - introduction





2
Radio Frequency Identification means to efficiently and quickly
auto-identify objects, assess,
people, ...
Real-time tracking of inventory in the
supply chain
RFID tag – tiny computer chip with
very small antenna – passive/active
The chip contain Electronic product
code (EPC) – uniquely identify the
object
The antenna transmits EPC to RFID
reader – within a certain RF range,
without requiring line-of-site
22 Feb 2007
Budapest
Current RFID applications

Transport and logistics


Security and access control


tracking of animals, quality control, …
Public sector, government

3
streamlining assembly line process, …
Agriculture


identification and location of staff and patients, asset tracking,
counterfeit protection for drugs, …
Manufacturing and processing


item tagging, theft-prevention, product life cycle, …
Medical and pharmaceutical applications


tracking people, controlling access to restricted areas
Supply chain management


toll management, tracking of goods, …
passports, driver’s licenses, library systems, …
22 Feb 2007
Budapest
RFID technology - properties

Advantages:






Results:





4
rough conditions,
long read ranges,
portable databases,
multiple tag read/write,
tracking items in real-time
quick scanning of products in large bulks,
automated supply chain management
significant savings
accuracy of shipment sent and received,
check on product theft, counterfeiting, product recall, ...
22 Feb 2007
Budapest
Mobile RFID technology

Vision of automatic identification and ubiquitous
computing – „Internet of objects“





Handheld portable devices – mobile phones,
PDAs – behaves as RFID readers and tags

5
highly connected network
dispersed devices, objects, items can communicate
each other
real-time information about objects, location,
contents, destination, ambient conditions
efficient and easy M2M identification, communication
and decision-making
conventional RFID closer to common user
22 Feb 2007
Budapest
Applications of mobile RFID technology

Major tasks:

download and view information represented by RFID
tag:


M2M identification and communication


e.g. RFID mobile device behaves as a RFID tag (authenticate
to access, carry out payments, download multimedia content
from kiosk, quick call and instant message, ...)
Mobile RFID application zones:



6
quickly and easily download info represented by RFID tag
and view that info via device's display
LBS (Location-based services) zone
enterprise zone
private zone
22 Feb 2007
Budapest
LBS zone




Services „related to“ and „available at“ customer's current
location
Coverage: public places, roads, shopping centres,
cinemas, ...
Service provider deploy RFID tagged items/devices
Various security threats




7
most of tags respond to every mobile phones
usually tag-reader mutual authentication and strong secure
communication tag-phone is not considered
publicly available tags can be fake or illegally modified – one-way
authentication mechanism needed (tag -> phone)
Items/product tagged with low-cost passive RFID tags
(EPCGlobal Gen. 2 UHF tags) assumed
22 Feb 2007
Budapest
Mobile RFID security at LBS zone

Security threats and security requirements:

Secure job delegation and trust model


Malicious tag information servers


Identity and location of user, user profile
Data integrity and confidentiality

8
categorisation which user is entitled to download what kind of
information - authentication, authorisation, access-control
User privacy protection


it is essential to authenticate and authentic tag information
server to be accessed
Authorised tag information access


identity and authenticity of provider’s information server,
security of transaction, protection of privacy – security
delegated to mobile operator
22 Feb 2007
secure electronic data interchange is required (MP – SP IS)
Budapest
Mobile RFID security assessment at LBS zone
Threat
Security requirement
MP – SP IS
User ID privacy Pseudonyms
Anonym. credentials
0
0
0
0
Illegal info.
access
0
X
X
0
0
0
Eavesdropping Encryption/decryption
Digital certificate
X
X
0
0
Key/pwd.
compromise
X
X
0
0
Authentication
Authorisation
Access control list
Trust model
Key/Pwd. management
MP: mobile phone
SP IS: service's provider IS
9
Tag - MP
22 Feb 2007
Budapest
X: not required
0: required
Mobile RFID at LBS zone – building blocks

Mobile RFID (M-RFID)


Mobile phone with RFID reader and tag
RFID tags

every tag contains its unique EPC number



Mobile operator (MO)


trust is concentrated at the site of MO – ,trusted proxy’
EPC network


10
company identification, product number, object unique
identifier
related product information is stored on EPC network
specifically to look up EPC data (like DNS) – further
information is stored on databases and servers of EPC
network
communication can be encrypted
22 Feb 2007
Budapest
Mobile RFID at LBS zone – security solutions

Mutual authentication M-RFID – MO


Mutual authentication MO – EPC IS


M-RFID can request anonymous certificate from MO
M-RFID privacy



11
MO takes responsibility so select, identify and
authenticate only genuine SP (and its servers)
Certification for identity management,
authentication and authorisation


secure job delegation, trust model, data integrity and
confidentiality
kill the tag
lock the tag
blocker tag
22 Feb 2007
Budapest
Mobile RFID at enterprise zone

Mobile phone assists mobile staff


Different areas


real-time inventory management, work attendance,
instructions on how to operate tagged items, identification
of and access control to tagged equipments and secure
enclosures, presence of staff on monitored places, …
Security framework


12
inventory checkers, field engineers, maintenance and
repair staff, security guards, …
list of employees and items/products,
designing and implementing of key/psw. distribution, data
integrity and confidentiality, identification, authentication,
and access control among staff, RFID reader, RFID
tagged items and EPC network
22 Feb 2007
Budapest
Mobile RFID security assessment - enterprise zone
Threat
Security requirement
Tag - MP
MP – E-EPC
User ID privacy Pseudonyms
Anonym. credentials
X
X
X
X
Illegal info.
access
0
0
X
0
0
0
Eavesdropping Encryption/decryption
Digital certificate
X
X
0
0
Key/pwd.
compromise
X
0
X
0
Authentication
Authorisation
Access control list
Trust model
Key/Pwd. management
MP: mobile phone
E-EPC: Enterprise's EPC network
13
22 Feb 2007
Budapest
X: not required
0: required
Mobile RFID at private zone

Mobile phone assists user in the private space


Characterisation





14
instant call or instant message by scanning RFID
tagged items
small zone, simple security model – easily deployed
and maintained
off-the-shelf mobile RFID kits
possible obtain storage space on the EPC network
reader to tag authentication needed (within home)
user identity and access control list
22 Feb 2007
Budapest
RFID and standardisation



Need for harmonisation at national and international level
Standardisation ensures compatibility and interoperability
Various players










15
Automotive Industry Action Group (AIAG)
European Article Numbering (EAN),
EPCglobal
European Radiocommunication Office (ERO)
European Telecommunication Standard Institute (ETSI)
International Air Transport Association (IATA)
International Civil Aviation Organisation (ICAO)
International Organisation for Standardisation (ISO), International
Electrotechnical Commission (IEC)
International Telecommunication Union (ITU)
Universal Postal Union (UPU)
22 Feb 2007
Budapest
Areas of RFID standardisation

Air interface, protocols
Data structure
Conformance
Applications

Existing standards focus on specific area or sector



16
22 Feb 2007
Budapest
RFID based mobile telecommunication services



Information retrieval
Data transmission
Automated messaging




17
22 Feb 2007
Budapest
Voice services
Device integration
Presence indication
Mobile payment
RFID and SIM card



18
SIM card with embedded RFID capabilities
benefits of contactless cards into the MP using SIM cards
as a storage device
installed, updated cancelled over the air (GSM)
22 Feb 2007
Budapest
Practical issues


Mobile RFID technology - privacy/security issues
Impact on networks

new services will generate more traffic in fixed and mobile
networks


Internetworking technologies

how RFID technology can integrate into existing network


19
context of RFID applications in MP with other technologies
RFID – (Internet protocol) IP mapping


how big this impact is, how network design has to change
evolution towards active RFID tags with networking capability –
large number of tag will need network addresses
Service capabilities, architecture at network and
service levels, signalling protocols, QoS, business
model
22 Feb 2007
Budapest
Conclusion






20
RFID enables ubiquitous computing –
integrating computation into environment
MP and RFID – potential for mobile
telecommunication services
Broad range of services, attractive for
customers
Variety of technical questions
Security and privacy issues
Impact on fixed and mobile networks
22 Feb 2007
Budapest
Thank you for your attention!
Karol Hrudkay
Transport Research Institute
Žilina, Slovakia
[email protected]
21
22 Feb 2007
Budapest