Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Researchers Say Sharing Is the Key to Privacy for EPC Tags

Three computer scientists say they have devised a means of protecting tag data by using a method that disperses pieces of a decryption key among multiple RFID tags.
By Mary Catherine O'Connor
Feb 14, 2008Three technologists have developed a process that they think can protect tag data and address consumers' privacy concerns without derailing existing efforts to integrate RFID throughout the supply chain. Ravi Pappu, cofounder and head of ThingMagic's Advanced Development Group, Ari Juels, principal research scientist at RSA Laboratories (the research center of computer security firm RSA) and Bryan Parno, a graduate student at Carnegie Mellon University, have published a paper describing their proposed approach to EPC data privacy protection. The technologists presented their findings at a recent RFID security workshop at Johns Hopkins University.

The scheme is based on what is known as a threshold or secret-sharing cryptography, which uses a secret key to encrypt a number, then splits that key into multiple shares. The party attempting decryption must collect a specific number of those shares to figure out the key. The three researchers have dubbed their approach privacy-through-dispersion.

Ravi Pappu
The major thrust of the research behind this approach has been in finding a means of shrinking the size of the key shares. Since secret-sharing cryptography has, thus far, been deployed only in applications where the memory size of each key share could be upwards of 128 bits—greatly exceeding the memory available on an EPC tag for this function—the researchers needed to find a method for boiling down each share's bit size. The technologists believe privacy-through-dispersion could be implemented to protect data encoded to EPC Gen 2 UHF passive tags without requiring any changes to the Gen 2 standard, and with just a firmware upgrade to Electronic Product Code (EPC) readers.

The EPC Gen 2 air-interface protocol allows for the use of a password to protect data encoded to a tag from being altered by an unauthorized party. The password, however, does not prevent the tag data from being interrogated by any EPC Gen 2 reader. That makes the protocol's kill command the only means of ensuring an EPC Gen 2 tag won't be read by an unauthorized party. But the problem with the kill command, Pappu says, is obvious: It kills the tag. This negates any value the tag holds in terms of authenticating a product warranty, return or exchange.

The approach Pappu and his collaborators have developed is predicated on a critical premise: that as a tagged product moves through the supply chain, its proximity to other tagged products of its ilk decreases. Let's take a single unit of a name-brand shaving razor, for instance, and call it Item A. At the manufacturer's facility, Item A is tagged and packed into a case carrying many other identical tagged razors; the case is then packed onto a pallet carrying multiple cases of this same product. At a distribution center, the pallet is broken down, and the case carrying Item A is shipped to a single store location. There, the case is stored in the back room until Item A is placed on a store shelf, along with a handful of other, identical and tagged units. Once Item A is purchased, it is carried out of the store—thus, it goes from being in the company of many other identical tagged razors to, most likely, being completely isolated from others.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations