More RFID Journal Sites: RFID Journal Espanol
Home / Supply Chain / Security and Access Control / Privacy / Inventory/Warehouse Management / Asset Tracking / Retail / Pharmaceutical / Manufacturing / Labeling / Consumer Packaged Goods
Manufacturing NEWS
Text size:
T
T
T
Researchers Say Sharing Is the Key to Privacy for EPC Tags
Three computer scientists say they have devised a means of protecting tag data by using a method that disperses pieces of a decryption key among multiple RFID tags.
By Mary Catherine O'Connor
Feb. 14, 2008—Three technologists have developed a process that they think can protect tag data and address consumers' privacy concerns without derailing existing efforts to integrate RFID throughout the supply chain. Ravi Pappu, cofounder and head of ThingMagic's Advanced Development Group, Ari Juels, principal research scientist at RSA Laboratories (the research center of computer security firm RSA) and Bryan Parno, a graduate student at Carnegie Mellon University, have published a paper describing their proposed approach to EPC data privacy protection. The technologists presented their findings at a recent RFID security workshop at Johns Hopkins University.
The scheme is based on what is known as a threshold or secret-sharing cryptography, which uses a secret key to encrypt a number, then splits that key into multiple shares. The party attempting decryption must collect a specific number of those shares to figure out the key. The three researchers have dubbed their approach privacy-through-dispersion.
The major thrust of the research behind this approach has been in finding a means of shrinking the size of the key shares. Since secret-sharing cryptography has, thus far, been deployed only in applications where the memory size of each key share could be upwards of 128 bits—greatly exceeding the memory available on an EPC tag for this function—the researchers needed to find a method for boiling down each share's bit size. The technologists believe privacy-through-dispersion could be implemented to protect data encoded to EPC Gen 2 UHF passive tags without requiring any changes to the Gen 2 standard, and with just a firmware upgrade to Electronic Product Code (EPC) readers.
The EPC Gen 2 air-interface protocol allows for the use of a password to protect data encoded to a tag from being altered by an unauthorized party. The password, however, does not prevent the tag data from being interrogated by any EPC Gen 2 reader. That makes the protocol's kill command the only means of ensuring an EPC Gen 2 tag won't be read by an unauthorized party. But the problem with the kill command, Pappu says, is obvious: It kills the tag. This negates any value the tag holds in terms of authenticating a product warranty, return or exchange.
The approach Pappu and his collaborators have developed is predicated on a critical premise: that as a tagged product moves through the supply chain, its proximity to other tagged products of its ilk decreases. Let's take a single unit of a name-brand shaving razor, for instance, and call it Item A. At the manufacturer's facility, Item A is tagged and packed into a case carrying many other identical tagged razors; the case is then packed onto a pallet carrying multiple cases of this same product. At a distribution center, the pallet is broken down, and the case carrying Item A is shipped to a single store location. There, the case is stored in the back room until Item A is placed on a store shelf, along with a handful of other, identical and tagged units. Once Item A is purchased, it is carried out of the store—thus, it goes from being in the company of many other identical tagged razors to, most likely, being completely isolated from others.
more Manufacturing articles
Feb. 14, 2008—Three technologists have developed a process that they think can protect tag data and address consumers' privacy concerns without derailing existing efforts to integrate RFID throughout the supply chain. Ravi Pappu, cofounder and head of ThingMagic's Advanced Development Group, Ari Juels, principal research scientist at RSA Laboratories (the research center of computer security firm RSA) and Bryan Parno, a graduate student at Carnegie Mellon University, have published a paper describing their proposed approach to EPC data privacy protection. The technologists presented their findings at a recent RFID security workshop at Johns Hopkins University.
The scheme is based on what is known as a threshold or secret-sharing cryptography, which uses a secret key to encrypt a number, then splits that key into multiple shares. The party attempting decryption must collect a specific number of those shares to figure out the key. The three researchers have dubbed their approach privacy-through-dispersion.
|
| Ravi Pappu |
The EPC Gen 2 air-interface protocol allows for the use of a password to protect data encoded to a tag from being altered by an unauthorized party. The password, however, does not prevent the tag data from being interrogated by any EPC Gen 2 reader. That makes the protocol's kill command the only means of ensuring an EPC Gen 2 tag won't be read by an unauthorized party. But the problem with the kill command, Pappu says, is obvious: It kills the tag. This negates any value the tag holds in terms of authenticating a product warranty, return or exchange.
The approach Pappu and his collaborators have developed is predicated on a critical premise: that as a tagged product moves through the supply chain, its proximity to other tagged products of its ilk decreases. Let's take a single unit of a name-brand shaving razor, for instance, and call it Item A. At the manufacturer's facility, Item A is tagged and packed into a case carrying many other identical tagged razors; the case is then packed onto a pallet carrying multiple cases of this same product. At a distribution center, the pallet is broken down, and the case carrying Item A is shipped to a single store location. There, the case is stored in the back room until Item A is placed on a store shelf, along with a handful of other, identical and tagged units. Once Item A is purchased, it is carried out of the store—thus, it goes from being in the company of many other identical tagged razors to, most likely, being completely isolated from others.
READER'S COMMENTS
what about identification issue?
Even if someone couldn't tell what product a tag belongs to that an unsuspecting person carries, couldn't the item holder's movements still be semi-tracked if the stored value in the chip is semi-unique (and "unique enough" for item description purposes under the proper circumstances)?
Posted By: M. SIEGEL 2/25/2008 at 4:36:49 PM
what about identification threat?
I don't have much expertise in the area, but... Okay, even if someone couldn't tell what product a tag belongs to that an unsuspecting person carries, couldn't the item holder's movements still be semi-tracked if the stored value in the chip is even semi-unique (and "unique enough" for item description purposes under the proper circumstances)?
Posted By: M. SIEGEL 2/25/2008 at 4:46:57 PM
what about identification issue?
Even if someone couldn't tell what product a tag belongs to that an unsuspecting person carries, couldn't the item holder's movements still be semi-tracked if the stored value in the chip is semi-unique (and "unique enough" for item description purposes under the proper circumstances)?
Posted By: M. SIEGEL 2/25/2008 at 5:06:45 PM
Give us your comments
> Even if someone couldn't tell what product a tag belongs to > that an unsuspecting person carries, couldn't the item > holder's movements still be semi-tracked if the stored > value in the chip is semi-unique (and "unique enough" for > item description purposes under the proper circumstances)? Good comments and questions, would you like to give us your comments on our Active tags, here is our web site: www.eslabeling.com and my email: jaoj@earthlink.net , thanks.
Posted By: J. JAO 7/17/2008 at 5:24:44 PM