Friendly Technologies 2007 Patent Pending

Friendly Technologies 2007 Patent Pending

PEARS – Privacy Ensuring Affordable

RFID System

Humberto Moran

Friendly Technologies Ltd


Internet of Things 101

To have the “Internet of Things”, the first we need is a way of automatically identifying objects.

RFID is one of many ways of doing so. However, it seems that this technology is immature,

mostly due to its social implications (namely privacy and security).

Privacy and security issues do not apply to all objects: only to sensitive and expensive ones!

To solve this, we must first understand these two issues


RFID Privacy and Security IssuesBefore the POS Security:

Detection Removal Cloning Transplanting

Privacy: Industrial espionage

Only two parties involved

After the POS Security:

Theft Terrorism

Privacy: Snooping Sensitive objects Tracking people

Third parties involved

Data protection legislation only applies when there is a formal contract and the parties are identified – what about third parties?

RFID is different from other existing intrusive technologies – e.g. mobile phones


The typical post-POS example


Limitations of proposed solutions The most usual – disabling, removal or “killing” of the tag

Prevents many pre- and post-POS applications Requires additional action by consumers Vulnerable groups (e.g. children, the elderly or technology-

unaware people) might fail to protect themselves Distrusted by consumers

Use of cryptography Tags are either too expensive, too slow or both Public keys can always leak and threat an entire population of

tags Watchdog devices or blocker tags

Complex and unreliable Interfere with RFID networks


What is the fundamental issue with RFID?

Privacy and security are context-dependent Tags are unaware of their context Tags should not talk to everyone This means control:

User control Control by intelligent readers (or networks)

RFID tags should be designed in such way that they are secure and privacy-friendly by design and by default; yet these essential capabilities should

not increase tag costs


Introducing the Password Tag (yes, it’s passive and cheap)

RFID Reader

What is your ID?

Silence

Password Tags work with Closed Identification


The Password Tag only replies when interrogated with the right ID (we call it Identity Password)

RFID Reader

Are you 55667788?

I am 55667788.

Optionally: sensing or other data


Who invented Password Tags?

Invented by Cardullo and Parks in 1973 and described in their original patent for the passive tag (US-A-3713148):

“Such an answerback signal can take the form of an identification signal indicative of a particular transponder means or, alternatively, the answerback signal could be such that it would only be generated in response to a predetermined interrogation code wherein the device would operate as a verification system”


The potential of Password Tags

Although invented many years ago, Password Tags have not found commercial applications and there is no commercial version on the market, possible because:

Difficulties distributing Identity Passwords Tags were not designed for public use Privacy and security issues were not that evident

We have undertaken two years of research that demonstrate that this aged and obscure invention has the potential to solve all privacy and security issues around RFID at a very affordable tag cost


Your questions Privacy-friendly and Secure?

Yes, the tag will not reply unless interrogated with its Identity Password

What about trial and error? It would take an average of 1.26x1016 years to guess a 96-bit

Identity Password by trying 100,000 combinations per second What about eavesdropping?

Wait a few more slides ... Affordable?

Yes, Password Tags are in theory cheaper than the cheapest RFID tags on the market

If their interrogation requires the very information that tags are supposed to provide, how can Password Tags support the typical RFID applications?


Identification vs. location

Most objects belong to someone, move with their owner or custodian, and are stored in controlled premises – “cloud of objects”

For this reason, objects can only be in a limited number of places or move through a limited number of paths

This means that the main requirement of item-level RFID applications is location, as opposed to identification

Talkative tags address the question: who are you?Password Tags address the question: where are you?


PEARS – Privacy Ensuring Affordable RFID System

Special software and network of readers to use the Privacy-friendly and Secure Password Tags in the industrial and domestic environments

Consists of a network of readers (Polling Readers) deployed to monitor storage places and paths through which objects might move

Polling Readers interrogate in quick sequence the Identity Passwords of objects likely within their interrogation field

The Identity Passwords of moving objects are distributed by specialised “intelligent” software based on a technique that predicts object movement (Predictive RFID)


Predictive RFID Technique solely based on readers layout

R R R

R R

R R

R

MO

O

O

O


Other input for the Predictive RFID technique

Layout Business Workflow Heuristics and “learning” algorithms Reader workload Security considerations Timeouts to broaden polling area Dynamic input for mobile readers Anti-interference and anti-eavesdropping

mechanisms


Eavesdropping is not an issue!

No protocol-level anti-eavesdropping mechanisms. However, privacy and security threats from eavesdropping are prevented through other mechanisms.

This is possible because of certain characteristics of our system:

* Control on communication.* Limited reading range.

* Random ID Passwords.

* Polling Readers must “talk first”.

Trusted Environment (TE)( e.g. Warehouse)

AnonymousEnvironment

( e.g. Supermarket)

Non-trusted Environments (e.g.

public places)

T.E.

Trusted Environment( e.g. Home or Car)

Eavesdropping

Example of some mechanisms to allay eavesdropping threats:

Weak: nothing. Except for expensive or sensitive items, eavesdropping poses little privacy or security threats due to anonymity, control and limited reading distance.

Medium: swamp eavesdroppers with fake ID Passwords (poison pills). This complicates “trial-and-error” attempts and enhances the use of watchdog devices.

Strong: assign temporary ID Passwords to objects when in Trusted Environments. This allays all possible threats from eavesdropping.

T.E.


Password dissemination strategies Global level

An independent organisation can generate unique, confidential Identity passwords.

These can be distributed to tag manufacturers to be individually pre-assigned to tags.

Inter-organisational or inter-facility (SC) level Identity Passwords will follow objects as they move: Online secure connexions, routed by the Predictive RFID SW. In some cases, memory of active RFID tags on bundling devices.

Facility level Predictive RFID SW as described.

To consumers - whoever owns the object, owns its identity Near Field Communications Online services

Temporary passwords (reusable) Distributed online to end users. Automatically or manually changed in Trusted Environments.


Advantages of PEARS Privacy and Security by Design and by Default

Before POS: impossible to read, locate, clone or transplant by distrusted partners

After POS: impossible to read by unauthorised parties, user control

Cheaper tags Simpler (no anti-collision, authentication, cryptography, killing or

disabling mechanisms) Can be built directly into products As they are in the public domain, no royalties

Tags can be used beyond the POS Hundred of domestic applications The Internet of Things for consumers

Potentially, tags perform better in challenging electromagnetic media Answer is a simple “I am here” signal


Current situation of PEARS Although theoretically possible, more R&D is

required to prove feasibility in high-volume applications

Research challenges include reading (polling) speed and reliability

We have put together a number of funding proposals which have rated high but failed to secure funding – too risky, too early

We have received some private funding We are working with a number of renowned

European research centres and RFID leaders Help is welcomed!


Some applications under research: monitoring of sensitive products

Company A: Trusted

environment

Company B: Trusted

environment

Transport network: Non-trusted environment

Tagged sensitive products

Internet

ASN + Identity Passwords

Monitoring by security forces

Enterprise systems –

reception of goods

PEARSmonitoring and authentication

Enterprise systems –

ASN

PEARSIssuing of Identity

Passwords


... Authentication of origin at the POS

The customer chooses products in the retail

store – e.g. supermarket.

Upon scanning of the barcode of a product, PEARS automatically and quickly scans all valid Identity

Passwords for the type of product. If the tag on the product replies to one of these passwords the origin is

authenticated. PEARS will also issue several invalid Identity Passwords to detect random replies from fake

tags. The customer knows that the product is authentic, and his/her privacy and security are not exposed because

Password Tags cannot be read without authorisation.

Polling Reader PEARS


... Airport security(1) The

passenger arrives at check-in.

(2) The luggage is tagged with a

Password Tag, which improves handling

and tracking

(3) The luggage receipt given to the passenger (usually stuck on the

Boarding Pass) is also tagged with a Password Tag

(4) The passenger waves the luggage

receipt upon arrival at the boarding gate. This indicates that his/her luggage can be safely

loaded into the airplane

(5) Upon arrival, IDs of luggage and collecting person are automatically

compared for security purposes

(6) During all this process and afterwards – even if tags are not removed, security and privacy of

passengers are protected


... And many other applications!

Item-level tagging of sensitive products in the retail environment (clothing, jewellery, drugs, books, consumer electronics etc.)

Authentication of legally farmed trees (combining two tags: one talkative and one Password Tag)

Authentication and monitoring of documents Creation of secure, affordable and privacy-friendly

seals Domestic self-replenishment Selective recycling Finding objects at home – where are the keys?


IPR & Standars

Friendly Technologies has filed international patent applications for the supporting system (Predictive RFID and network of Polling Readers)

The patents are in a very advanced status (search and examination) and have already been published

We will keep our IPR on the system (not on the interfaces)

Existing standards are too slow for such a system There are no standards for the air interface –

opportunity for innovators We also need standards for the number of bits and

upper layers (middleware and beyond)


Interoperability possibilities

No clash: Object tagged with Password Tags will be able to coexist with object tagged with other tags.

Readers

HW Infrastructure sharing: the possibility of interoperating Password Tags with other readers by using singulation in low-volume applications.

Readers

HW Infrastructure sharing: backwards compatibility by Polling Readers, which might talk to talkative and Password Tags.

SW Infrastructure sharing: Identity Passwords could be mapped to other numbering codes and use other architecture and services – e.g. existing middleware.

Example: EPCglobal ↔ PEARS

Predictive RFID SW

No clash: the Predictive RFID SW can coexist with other reader drivers, and interoperate with other services.


Conclusions

PEARS shows that there are alternatives where no trade-off between social-impact and economic benefits is necessary

PEARS can be used where privacy and security are important (expensive or sensitive products; identity proxies)

Although the system does not exist commercially, its potential to solve all issues around item-level tagging deserves R&D investment

Since there are no commercial versions of Password Tags, there is a need for thorough standardisation

PEARS can be developed as a privacy-friendly, secure extension of existing standards for products where privacy and security are important


Invitations

European Commission: funding for PET Regulators: require user control when privacy and

security are at stake Technology developers: help us to create Password

Tags and Polling Readers Industry: help us to develop and trial this technology Standardisation bodies: create standards for

Password Tags; interoperate Investors: help us to make it happen Privacy advocates: challenge this solution and (if

happy) help us to clean the face of RFID


Thank you!

Humberto Moran

Friendly [email protected]

Questions?

Friendly Technologies 2007 Patent Pending

Business

Transcript of Friendly Technologies 2007 Patent Pending