Radio frequency identification (RFID) technology is poised to pervade each and every aspect of our daily lives. Low-cost RFID tags have potential applications in a wide variety of settings such as the military, commercial, and medical domains. Proposed RFID deployment scenarios include supply chain management, retail checkout, libraries, access control systems, payment systems, medical records, animal tracking, vehicle immobilizers, and most recently, electronic passports. RFID enabled devices promise to benefit our lives in a plethora of ways.

Unfortunately, along with its potential benefits, RFID technology brings serious privacy and security concerns. In particular, RFID tags may transmit sensitive personal data that users would prefer to keep private. RFID transmissions could also be used to locate or track individuals. Furthermore, authentic RFID tags could be copied by a malicious user, leading to counterfeiting and forgery issues. Concerns such as these have slowed large scale RFID deployment and will continue to do so in the absence of mitigating security measures.

The problem of RFID privacy can be solved, to a certain extent, by establishing a secret channel (in other words, through key agreement) between the RFID tag and reader. This secret channel can then be used to transmit encrypted data. In situations where unlinkability is desired, once a key has been established it can also be used to refresh the tag identifier Similarly, RFID tag forgery can be addressed using an authentication mechanism that ensures that only genuine tags can be read. Since RFID tags possess very limited computation, storage, power, and communication resources, however, standard cryptographic solutions for key agreement (such as the Diffie-Hellman key exchange) and authentication (including those based on message authentication codes) may be infeasible.

RFID is a relatively new technology and as such there is a great deal of uncertainty over the computation and communication capabilities of various RFID tags. It is also not yet clear what adversarial model most accurately represents RFID usage. Most security and privacy solutions proposed in research literature thus far exist only in theory. That is, they lack any implementation and real world testing. We are conducting ongoing research in order to better understand RFID technology, related security threats, and to work torward practical security solutions to these problems. The primary goals of our research are as follows:

• Understanding RFID Capabilities and Limitations: We aim to investigate what different types of existing RFID tags are capable of doing and what their limitations are, especially in terms of security operations. We also wish to measure the cost of basic tag functionalities through benchmarking.
• Adversarial Modeling of RFID Systems: We desire to execute known attacks and explore new attacks that will help provide a realistic model of an adversary in an RFID setting. To be safe, researchers often err on the side of adversarial models that are stronger than what is required in practice. This can lead to innefficient and impractical security solutions. Note that an attacker in the RFID context is certainly subject to some practical limitations, such as the distance over which she is capable of communicating.
• Benchmarking Existing Security and Privacy Mechanisms: Numerous RFID security mechanisms have been proposed, but none of these have been implemented and empirically evaluated. Out goal is to investigate the practicality of these mechanisms by implementing and testing them in a realistic usage setting.
• Adapting Traditional Security Mechanisms for Low-Cost RFID Tags:We wish to determine to what extent traditional security primitives, such as encryption, can be adapted for use with low-cost RFID tags and what is the best way to do so.
• Designing New Security and Privacy Protocols and Mechanisms. Based on our current research we will create, implement, and test new security mechanisms that take the limitations of RFID tags into account. For example, RFID security solutions should only require RFID tags to perform basic logical operations due to the computational constraints of basic RFID tags.

In a nutshell, we intend to use our RFID facilities to investigate two overall approaches to provide RFID communications with security and privacy. First, we will adapt traditional cryptographic solutions to work in the setting of low-cost RFID tags. Second, we will build new efficient security mechanisms using frugal applications of cryptography; ideally no cryptography will be used whatsoever due to its high computational costs. Specifically, we will be developing and testing our research prototypes on Wireless Identification and Sensing Platforms (WISPs), which are fully programmable passive RFID tags developed by Intel Research. The latest version of WISP tags are depicted below.

Four Intel WISP RFID Tags with a U.S. quarter included for scale.

An Intel WISP RFID Tag connected to a TI MSP430 Debugging Interface.