By Mary Catherine O'Connor
Feb. 14, 2008—Three technologists have developed a process that they think can protect
tag data and address consumers' privacy concerns without derailing existing efforts to integrate
RFID throughout the supply chain. Ravi Pappu, cofounder and head of
ThingMagic's Advanced Development Group, Ari Juels, principal research scientist at
RSA Laboratories (the research center of computer security firm
RSA) and Bryan Parno, a graduate student at
Carnegie Mellon University, have published a paper describing their proposed approach to
EPC data privacy protection. The technologists presented their findings at a recent RFID security workshop at
Johns Hopkins University.
The scheme is based on what is known as a threshold or secret-sharing cryptography, which uses a secret key to encrypt a number, then splits that key into multiple shares. The party attempting decryption must collect a specific number of those shares to figure out the key. The three researchers have dubbed their approach privacy-through-dispersion.
|
|
Ravi Pappu
|
The major thrust of the research behind this approach has been in finding a means of shrinking the size of the key shares. Since secret-sharing cryptography has, thus far, been deployed only in applications where the
memory size of each key share could be upwards of 128 bits—greatly exceeding the memory available on an EPC tag for this function—the researchers needed to find a method for boiling down each share's bit size. The technologists believe privacy-through-dispersion could be implemented to protect data encoded to EPC
Gen 2 UHF passive tags without requiring any changes to the Gen 2 standard, and with just a
firmware upgrade to
Electronic Product Code (EPC) readers.
The EPC Gen 2 air-interface
protocol allows for the use of a password to protect data encoded to a tag from being altered by an unauthorized party. The password, however, does not prevent the tag data from being interrogated by any EPC Gen 2
reader. That makes the protocol's kill command the only means of ensuring an EPC Gen 2 tag won't be
read by an unauthorized party. But the problem with the kill command, Pappu says, is obvious: It kills the tag. This negates any value the tag holds in terms of authenticating a product warranty, return or exchange.
The approach Pappu and his collaborators have developed is predicated on a critical premise: that as a tagged product moves through the supply chain, its proximity to other tagged products of its ilk decreases. Let's take a single unit of a name-brand shaving razor, for instance, and call it Item A. At the manufacturer's facility, Item A is tagged and packed into a case carrying many other identical tagged razors; the case is then packed onto a pallet carrying multiple cases of this same product. At a distribution center, the pallet is broken down, and the case carrying Item A is shipped to a single store location. There, the case is stored in the back room until Item A is placed on a store shelf, along with a handful of other, identical and tagged units. Once Item A is purchased, it is carried out of the store—thus, it goes from being in the company of many other identical tagged razors to, most likely, being completely isolated from others.
THE WORLD'S RFID AUTHORITY
PREMIUM = Requires Subscription. Learn More
