Introduction

 Radio Frequency Identification (RFID) is a technology based on wireless communication between a transponder and a reader to remotely identify an object to which the transponder is attached. The transponder (the RFID tag), consists of a small chip with an antenna. It is foreseen that this technology will replace e.g. the widespread bar code, which is currently used to identify objects, and that it will enable a whole range of new applications, from logistics to security Indeed, a new paradigm, the internet of things, has been coined to describe the connection between the physical and virtual world enabled by these inexpensive communication means.

The problem

RFIDs not only introduce new business models, but also new threats. Privacy is at stake if the movements of a person can be traced because he is wearing clothes identifiable through RFID tags. A breach of confidentiality may occur because an eavesdropper can tune in on the communications between a tag and a reader. Furthermore, the integrity of an RFID-based system may be compromised because RFID tags may be spoofed or due to a, so-called, man-in-the-middle attack. Recent research even indicates that (fake) RFID tags can be used to spread computer viruses. Lower-end tags, typically priced at a few cents each, have no batteries and very limited processing, storage and communication capacity. Because standard approaches to ensure security and privacy require rather powerful processors, these approaches are not directly applicable to the RFID setting. The development and deployment of light-weight cryptographic algorithms and dedicated security protocols is mandatory for the success of RFID-based systems. Furthermore, it is well-known that the design of security controls is an error-prone activity. Therefore, security solutions for RFID systems must be validated before deployment. Formal verification has proved to be an essential tool in the verification of security protocols, because with informal reasoning it is hard to consider all possible actions that an adversary may perform to breach security. The challenge is to develop formal models specifically tailored to the characteristics of RFID-based systems.

Project goal

 Summarizing, the goal of the PEARL project is to develop practical security controls for RFID-based systems, and a corresponding assessment methodology. The PEARL project addresses these two topics in two strongly connected themes. Theme A concerns the design of security and privacy controls and theme B concerns the assessment of the security and privacy properties of an RFID system. Both themes involve the development of novel methods and models, which will be validated through the interaction with our industrial partners. Due to resource constraints a roaming agent faces a dilemma between legitimate use and hostile tracking. Therefore, the first challenge concerns the modeling of privacy properties in this setting. A sound engineering of a privacy respecting architecture requires a formal definition of the involved privacy notions. Such a formalisation precisely documents the requested privacy properties and lays the ground for further analysis and certification. A formal model of the involved privacy properties will be based on an analysis of the problem domain and a literature study.

The second research challenge is to develop new privacy enhancing protocols for the extremely resource constrained RFID environment, where in principle only hashes or custom encryption routines are available. Several problems need to be solved. For one thing, RFID tags should implement a simple yet reliable access control mechanism to limit access to authorised parties only. Current RFID tags respond predictably when queried by a transceiver, enabling invasive tracking opportunities, that have to be prevented. The so called "blocker tags" provide only a primitive solution to the privacy problem, useless for many applications in the ambient world that require RFIDs to be continuously present.

The third research challenge is to shape a context in which the user can check the privacy policies enforced by the RFID-based application. To tackle this, first we have to investigate which sort of privacy policies can be deployed given the kind of hardware. Secondly, we need to design new specific privacy languages and to investigate the possibility of automatically checking when two policies are (ir)reconcilable.

The fourth challenge concerns securing the integration of RFID tags and the backoffice applications that will support them. To this end we need to design and verify new secure protocols for data access. This will lead to a combination of two research fields, namely cryptography and datamining.

Utilisation

It is clear that RFID technology will have a large impact on our society. However, its wide acceptance will depend on the extent to which security and privacy will be guaranteed. This is of importance not only for the citizens, but also for RFID manufacturers, merchants and other users of RFID technologies. As such the PEARL project is of interest both for providers and users of RFID technology. Our design solutions and validation methodology will allow manufacturers to build more secure systems and will support the assessment of security aspects of RFID-based systems. Things which are also important from the user's point of view.

Funding

 The PEARL project is currently in the startup phase. Funding for the project has been obtained through the SENTINELS research programme.

Project team

 Research institutes.
  • Security group, TU/e (S. Etalle).
  • SoS group, Radboud University Nijmegen (J.-H. Hoepman).
  • Faculty of Electrical Engineering, Delft University of Technology (J.C.A v.d. Lubbe).
  • Computer Science Department, University of Eindhoven (S. Mauw).

Industrial partners.

Contact information

 For further information please contact:
Sandro Etalle
s.etalle@utwente.nl
phone: +31 53 4891195

Last Version - $Revision: 47 $ / $Date: 2008-02-16 22:28:19 +0100 (Sat, 16 Feb 2008) $ Maintained by Jaap-Henk Hoepman Email: Email address