Karol Hrudkay

RFID technology in mobile applications

Karol HrudkayTransport Research Institute, Žilina, Slovak Republic

22 Feb 2007 Budapest2

RFID technology - introduction

Radio Frequency Identification - means to efficiently and quickly auto-identify objects, assess, people, ...

Real-time tracking of inventory in the supply chain

RFID tag – tiny computer chip with very small antenna – passive/active

The chip contain Electronic product code (EPC) – uniquely identify the object

The antenna transmits EPC to RFID reader – within a certain RF range, without requiring line-of-site


Current RFID applications Transport and logistics

toll management, tracking of goods, … Security and access control

tracking people, controlling access to restricted areas Supply chain management

item tagging, theft-prevention, product life cycle, … Medical and pharmaceutical applications

identification and location of staff and patients, asset tracking, counterfeit protection for drugs, …

Manufacturing and processing streamlining assembly line process, …

Agriculture tracking of animals, quality control, …

Public sector, government passports, driver’s licenses, library systems, …


RFID technology - properties Advantages:

rough conditions, long read ranges, portable databases, multiple tag read/write, tracking items in real-time

Results: quick scanning of products in large bulks, automated supply chain management significant savings accuracy of shipment sent and received, check on product theft, counterfeiting, product recall, ...


Mobile RFID technology Vision of automatic identification and ubiquitous

computing – „Internet of objects“ highly connected network dispersed devices, objects, items can communicate

each other real-time information about objects, location,

contents, destination, ambient conditions efficient and easy M2M identification, communication

and decision-making Handheld portable devices – mobile phones,

PDAs – behaves as RFID readers and tags conventional RFID closer to common user


Applications of mobile RFID technology

Major tasks: download and view information represented by RFID

tag: quickly and easily download info represented by RFID tag

and view that info via device's display

M2M identification and communication e.g. RFID mobile device behaves as a RFID tag (authenticate

to access, carry out payments, download multimedia content from kiosk, quick call and instant message, ...)

Mobile RFID application zones: LBS (Location-based services) zone enterprise zone private zone


LBS zone

Services „related to“ and „available at“ customer's current location

Coverage: public places, roads, shopping centres, cinemas, ...

Service provider deploy RFID tagged items/devices Various security threats

most of tags respond to every mobile phones usually tag-reader mutual authentication and strong secure

communication tag-phone is not considered publicly available tags can be fake or illegally modified – one-way

authentication mechanism needed (tag -> phone)

Items/product tagged with low-cost passive RFID tags (EPCGlobal Gen. 2 UHF tags) assumed


Mobile RFID security at LBS zone Security threats and security requirements:

Secure job delegation and trust model identity and authenticity of provider’s information server,

security of transaction, protection of privacy – security delegated to mobile operator

Malicious tag information servers it is essential to authenticate and authentic tag information

server to be accessed Authorised tag information access

categorisation which user is entitled to download what kind of information - authentication, authorisation, access-control

User privacy protection Identity and location of user, user profile

Data integrity and confidentiality secure electronic data interchange is required (MP – SP IS)


Mobile RFID security assessment at LBS zoneThreat Security requirement Tag - MP MP – SP IS

User ID privacy Pseudonyms

Anonym. credentials

0

0

0

0

Illegal info. access

Authentication

Authorisation

Access control list

0

X

X

0

0

0

Eavesdropping Encryption/decryption

Digital certificate

X

X

0

0

Key/pwd. compromise

Trust model

Key/Pwd. management

X

X

0

0

MP: mobile phone X: not required

SP IS: service's provider IS 0: required


Mobile RFID at LBS zone – building blocks Mobile RFID (M-RFID)

Mobile phone with RFID reader and tag RFID tags

every tag contains its unique EPC number company identification, product number, object unique

identifier related product information is stored on EPC network

Mobile operator (MO) trust is concentrated at the site of MO – ,trusted proxy’

EPC network specifically to look up EPC data (like DNS) – further

information is stored on databases and servers of EPC network

communication can be encrypted


Mobile RFID at LBS zone – security solutions Mutual authentication M-RFID – MO

secure job delegation, trust model, data integrity and confidentiality

Mutual authentication MO – EPC IS MO takes responsibility so select, identify and

authenticate only genuine SP (and its servers) Certification for identity management,

authentication and authorisation M-RFID can request anonymous certificate from MO

M-RFID privacy kill the tag lock the tag blocker tag


Mobile RFID at enterprise zone Mobile phone assists mobile staff

inventory checkers, field engineers, maintenance and repair staff, security guards, …

Different areas real-time inventory management, work attendance,

instructions on how to operate tagged items, identification of and access control to tagged equipments and secure enclosures, presence of staff on monitored places, …

Security framework list of employees and items/products, designing and implementing of key/psw. distribution, data

integrity and confidentiality, identification, authentication, and access control among staff, RFID reader, RFID tagged items and EPC network


Mobile RFID security assessment - enterprise zone

Threat Security requirement Tag - MP MP – E-EPC

User ID privacy Pseudonyms

Anonym. credentials

X

X

X

X

Illegal info. access

Authentication

Authorisation

Access control list

0

0

X

0

0

0

Eavesdropping Encryption/decryption

Digital certificate

X

X

0

0

Key/pwd. compromise

Trust model

Key/Pwd. management

X

0

X

0

MP: mobile phone X: not required

E-EPC: Enterprise's EPC network 0: required


Mobile RFID at private zone

Mobile phone assists user in the private space instant call or instant message by scanning RFID

tagged items Characterisation

small zone, simple security model – easily deployed and maintained

off-the-shelf mobile RFID kits possible obtain storage space on the EPC network reader to tag authentication needed (within home) user identity and access control list


RFID and standardisation

Need for harmonisation at national and international level Standardisation ensures compatibility and interoperability Various players

Automotive Industry Action Group (AIAG) European Article Numbering (EAN), EPCglobal European Radiocommunication Office (ERO) European Telecommunication Standard Institute (ETSI) International Air Transport Association (IATA) International Civil Aviation Organisation (ICAO) International Organisation for Standardisation (ISO), International

Electrotechnical Commission (IEC) International Telecommunication Union (ITU) Universal Postal Union (UPU)


Areas of RFID standardisation Air interface, protocols Data structure Conformance Applications

Existing standards focus on specific area or sector


RFID based mobile telecommunication services

Information retrieval Data transmission Automated messaging

Voice services Device integration Presence indication Mobile payment


RFID and SIM card SIM card with embedded RFID capabilities benefits of contactless cards into the MP using SIM cards

as a storage device installed, updated cancelled over the air (GSM)


Practical issues Mobile RFID technology - privacy/security issues Impact on networks

new services will generate more traffic in fixed and mobile networks how big this impact is, how network design has to change

Internetworking technologies how RFID technology can integrate into existing network

context of RFID applications in MP with other technologies

RFID – (Internet protocol) IP mapping evolution towards active RFID tags with networking capability –

large number of tag will need network addresses

Service capabilities, architecture at network and service levels, signalling protocols, QoS, business model


Conclusion

RFID enables ubiquitous computing – integrating computation into environment

MP and RFID – potential for mobile telecommunication services

Broad range of services, attractive for customers

Variety of technical questions Security and privacy issues Impact on fixed and mobile networks


Thank you for your attention!

Karol Hrudkay

Transport Research InstituteŽilina, Slovakia

[email protected]

Business

Karol Hrudkay