Friendly Technologies 2007 Patent Pending
PEARS – Privacy Ensuring Affordable
RFID System
Humberto Moran
Friendly Technologies Ltd
Friendly Technologies 2007 Patent Pending
Internet of Things 101
To have the “Internet of Things”, the first we need is a way of automatically identifying objects.
RFID is one of many ways of doing so. However, it seems that this technology is immature,
mostly due to its social implications (namely privacy and security).
Privacy and security issues do not apply to all objects: only to sensitive and expensive ones!
To solve this, we must first understand these two issues
Friendly Technologies 2007 Patent Pending
RFID Privacy and Security IssuesBefore the POS Security:
Detection Removal Cloning Transplanting
Privacy: Industrial espionage
Only two parties involved
After the POS Security:
Theft Terrorism
Privacy: Snooping Sensitive objects Tracking people
Third parties involved
Data protection legislation only applies when there is a formal contract and the parties are identified – what about third parties?
RFID is different from other existing intrusive technologies – e.g. mobile phones
Friendly Technologies 2007 Patent Pending
The typical post-POS example
Friendly Technologies 2007 Patent Pending
Limitations of proposed solutions The most usual – disabling, removal or “killing” of the tag
Prevents many pre- and post-POS applications Requires additional action by consumers Vulnerable groups (e.g. children, the elderly or technology-
unaware people) might fail to protect themselves Distrusted by consumers
Use of cryptography Tags are either too expensive, too slow or both Public keys can always leak and threat an entire population of
tags Watchdog devices or blocker tags
Complex and unreliable Interfere with RFID networks
Friendly Technologies 2007 Patent Pending
What is the fundamental issue with RFID?
Privacy and security are context-dependent Tags are unaware of their context Tags should not talk to everyone This means control:
User control Control by intelligent readers (or networks)
RFID tags should be designed in such way that they are secure and privacy-friendly by design and by default; yet these essential capabilities should
not increase tag costs
Friendly Technologies 2007 Patent Pending
Introducing the Password Tag (yes, it’s passive and cheap)
RFID Reader
What is your ID?
Silence
Password Tags work with Closed Identification
Friendly Technologies 2007 Patent Pending
The Password Tag only replies when interrogated with the right ID (we call it Identity Password)
RFID Reader
Are you 55667788?
I am 55667788.
Optionally: sensing or other data
Friendly Technologies 2007 Patent Pending
Who invented Password Tags?
Invented by Cardullo and Parks in 1973 and described in their original patent for the passive tag (US-A-3713148):
“Such an answerback signal can take the form of an identification signal indicative of a particular transponder means or, alternatively, the answerback signal could be such that it would only be generated in response to a predetermined interrogation code wherein the device would operate as a verification system”
Friendly Technologies 2007 Patent Pending
The potential of Password Tags
Although invented many years ago, Password Tags have not found commercial applications and there is no commercial version on the market, possible because:
Difficulties distributing Identity Passwords Tags were not designed for public use Privacy and security issues were not that evident
We have undertaken two years of research that demonstrate that this aged and obscure invention has the potential to solve all privacy and security issues around RFID at a very affordable tag cost
Friendly Technologies 2007 Patent Pending
Your questions Privacy-friendly and Secure?
Yes, the tag will not reply unless interrogated with its Identity Password
What about trial and error? It would take an average of 1.26x1016 years to guess a 96-bit
Identity Password by trying 100,000 combinations per second What about eavesdropping?
Wait a few more slides ... Affordable?
Yes, Password Tags are in theory cheaper than the cheapest RFID tags on the market
If their interrogation requires the very information that tags are supposed to provide, how can Password Tags support the typical RFID applications?
Friendly Technologies 2007 Patent Pending
Identification vs. location
Most objects belong to someone, move with their owner or custodian, and are stored in controlled premises – “cloud of objects”
For this reason, objects can only be in a limited number of places or move through a limited number of paths
This means that the main requirement of item-level RFID applications is location, as opposed to identification
Talkative tags address the question: who are you?Password Tags address the question: where are you?
Friendly Technologies 2007 Patent Pending
PEARS – Privacy Ensuring Affordable RFID System
Special software and network of readers to use the Privacy-friendly and Secure Password Tags in the industrial and domestic environments
Consists of a network of readers (Polling Readers) deployed to monitor storage places and paths through which objects might move
Polling Readers interrogate in quick sequence the Identity Passwords of objects likely within their interrogation field
The Identity Passwords of moving objects are distributed by specialised “intelligent” software based on a technique that predicts object movement (Predictive RFID)
Friendly Technologies 2007 Patent Pending
Predictive RFID Technique solely based on readers layout
R R R
R R
R R
R
MO
O
O
O
Friendly Technologies 2007 Patent Pending
Other input for the Predictive RFID technique
Layout Business Workflow Heuristics and “learning” algorithms Reader workload Security considerations Timeouts to broaden polling area Dynamic input for mobile readers Anti-interference and anti-eavesdropping
mechanisms
Friendly Technologies 2007 Patent Pending
Eavesdropping is not an issue!
No protocol-level anti-eavesdropping mechanisms. However, privacy and security threats from eavesdropping are prevented through other mechanisms.
This is possible because of certain characteristics of our system:
* Control on communication.* Limited reading range.
* Random ID Passwords.
* Polling Readers must “talk first”.
Trusted Environment (TE)( e.g. Warehouse)
AnonymousEnvironment
( e.g. Supermarket)
Non-trusted Environments (e.g.
public places)
T.E.
Trusted Environment( e.g. Home or Car)
Eavesdropping
Example of some mechanisms to allay eavesdropping threats:
Weak: nothing. Except for expensive or sensitive items, eavesdropping poses little privacy or security threats due to anonymity, control and limited reading distance.
Medium: swamp eavesdroppers with fake ID Passwords (poison pills). This complicates “trial-and-error” attempts and enhances the use of watchdog devices.
Strong: assign temporary ID Passwords to objects when in Trusted Environments. This allays all possible threats from eavesdropping.
T.E.
Friendly Technologies 2007 Patent Pending
Password dissemination strategies Global level
An independent organisation can generate unique, confidential Identity passwords.
These can be distributed to tag manufacturers to be individually pre-assigned to tags.
Inter-organisational or inter-facility (SC) level Identity Passwords will follow objects as they move: Online secure connexions, routed by the Predictive RFID SW. In some cases, memory of active RFID tags on bundling devices.
Facility level Predictive RFID SW as described.
To consumers - whoever owns the object, owns its identity Near Field Communications Online services
Temporary passwords (reusable) Distributed online to end users. Automatically or manually changed in Trusted Environments.
Friendly Technologies 2007 Patent Pending
Advantages of PEARS Privacy and Security by Design and by Default
Before POS: impossible to read, locate, clone or transplant by distrusted partners
After POS: impossible to read by unauthorised parties, user control
Cheaper tags Simpler (no anti-collision, authentication, cryptography, killing or
disabling mechanisms) Can be built directly into products As they are in the public domain, no royalties
Tags can be used beyond the POS Hundred of domestic applications The Internet of Things for consumers
Potentially, tags perform better in challenging electromagnetic media Answer is a simple “I am here” signal
Friendly Technologies 2007 Patent Pending
Current situation of PEARS Although theoretically possible, more R&D is
required to prove feasibility in high-volume applications
Research challenges include reading (polling) speed and reliability
We have put together a number of funding proposals which have rated high but failed to secure funding – too risky, too early
We have received some private funding We are working with a number of renowned
European research centres and RFID leaders Help is welcomed!
Friendly Technologies 2007 Patent Pending
Some applications under research: monitoring of sensitive products
Company A: Trusted
environment
Company B: Trusted
environment
Transport network: Non-trusted environment
Tagged sensitive products
Internet
ASN + Identity Passwords
Monitoring by security forces
Enterprise systems –
reception of goods
PEARSmonitoring and authentication
Enterprise systems –
ASN
PEARSIssuing of Identity
Passwords
Friendly Technologies 2007 Patent Pending
... Authentication of origin at the POS
The customer chooses products in the retail
store – e.g. supermarket.
Upon scanning of the barcode of a product, PEARS automatically and quickly scans all valid Identity
Passwords for the type of product. If the tag on the product replies to one of these passwords the origin is
authenticated. PEARS will also issue several invalid Identity Passwords to detect random replies from fake
tags. The customer knows that the product is authentic, and his/her privacy and security are not exposed because
Password Tags cannot be read without authorisation.
Polling Reader PEARS
Friendly Technologies 2007 Patent Pending
... Airport security(1) The
passenger arrives at check-in.
(2) The luggage is tagged with a
Password Tag, which improves handling
and tracking
(3) The luggage receipt given to the passenger (usually stuck on the
Boarding Pass) is also tagged with a Password Tag
(4) The passenger waves the luggage
receipt upon arrival at the boarding gate. This indicates that his/her luggage can be safely
loaded into the airplane
(5) Upon arrival, IDs of luggage and collecting person are automatically
compared for security purposes
(6) During all this process and afterwards – even if tags are not removed, security and privacy of
passengers are protected
Friendly Technologies 2007 Patent Pending
... And many other applications!
Item-level tagging of sensitive products in the retail environment (clothing, jewellery, drugs, books, consumer electronics etc.)
Authentication of legally farmed trees (combining two tags: one talkative and one Password Tag)
Authentication and monitoring of documents Creation of secure, affordable and privacy-friendly
seals Domestic self-replenishment Selective recycling Finding objects at home – where are the keys?
Friendly Technologies 2007 Patent Pending
IPR & Standars
Friendly Technologies has filed international patent applications for the supporting system (Predictive RFID and network of Polling Readers)
The patents are in a very advanced status (search and examination) and have already been published
We will keep our IPR on the system (not on the interfaces)
Existing standards are too slow for such a system There are no standards for the air interface –
opportunity for innovators We also need standards for the number of bits and
upper layers (middleware and beyond)
Friendly Technologies 2007 Patent Pending
Interoperability possibilities
No clash: Object tagged with Password Tags will be able to coexist with object tagged with other tags.
Readers
HW Infrastructure sharing: the possibility of interoperating Password Tags with other readers by using singulation in low-volume applications.
Readers
HW Infrastructure sharing: backwards compatibility by Polling Readers, which might talk to talkative and Password Tags.
SW Infrastructure sharing: Identity Passwords could be mapped to other numbering codes and use other architecture and services – e.g. existing middleware.
Example: EPCglobal ↔ PEARS
Predictive RFID SW
No clash: the Predictive RFID SW can coexist with other reader drivers, and interoperate with other services.
Friendly Technologies 2007 Patent Pending
Conclusions
PEARS shows that there are alternatives where no trade-off between social-impact and economic benefits is necessary
PEARS can be used where privacy and security are important (expensive or sensitive products; identity proxies)
Although the system does not exist commercially, its potential to solve all issues around item-level tagging deserves R&D investment
Since there are no commercial versions of Password Tags, there is a need for thorough standardisation
PEARS can be developed as a privacy-friendly, secure extension of existing standards for products where privacy and security are important
Friendly Technologies 2007 Patent Pending
Invitations
European Commission: funding for PET Regulators: require user control when privacy and
security are at stake Technology developers: help us to create Password
Tags and Polling Readers Industry: help us to develop and trial this technology Standardisation bodies: create standards for
Password Tags; interoperate Investors: help us to make it happen Privacy advocates: challenge this solution and (if
happy) help us to clean the face of RFID
Friendly Technologies 2007 Patent Pending
Thank you!
Humberto Moran
Friendly [email protected]
Questions?