18-759: Wireless Networks L

greasycornerquickestElectronics - Devices

Nov 27, 2013 (3 years and 8 months ago)

95 views





What is RFID ?
Radio Frequency IDentification (RFID) is a method of
remotely storing and retrieving data using devices
18-759: Wireless Networks
called RFID tags and RFID Readers
Lecture 14: RFID
An enabling technology with many applications
» Tags can be read in bulk
» Tags can be read without line of sight restrictions
» Data can be stored and retrieved from the tag automatically with a Reader
Peter Steenkiste and Hedda R. Schmidtke
» Tags can be write once read many (WORM) or rewritable
» Tags can require Reader authentication before exchanging data
Departments of Computer Science and
(Generation 2, Class1)
» Other sensors can be combined with RFID
Electrical and Computer Engineering
Technology has been around for a long time
Spring Semester 2012
Also has critics, e.g. privacy concerns
http://www.cs.cmu.edu/~prs/wirelessS12/
1 2
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
How Does It Work?
Internet of Things
UIA ntP e-r2 m 1e 0c 0
What is RFID?
Objects in our environment equipped with
Reader A means of identifying a
networking capabilities
unique object or person using
a radio frequency transmission
Interaction types
Tags (or transponders) that
» between objects: Wireless Sensor/Actuator Networks
Tags store information, which can
be transmitted wirelessly in an » of a user or infrastructure with a (passive) object: reader
automated fashion device (dedicated device or mobile phone) and RFID tags
How does it operate?
Readers (or interrogators) both
Requires unique addressing scheme
RFID tags are affixed to objects and stored
stationary and hand-held
information may be written and rewritten
» Electronic Product Code:
read/write information from/to
to an embedded chip in the tag
“ “ “ “unique across all physical objects in the world, over all
tags
time, and across all categories of physical objects ” ” ” ”
Tags can be read remotely when they
detect a radio frequency signal from a
– urn:epc:id:sgtin:0614141.012345.62852
reader over a range of distances
10cc Syringe #62852 (trade item)
Readers display tag information or send it
over the network to back-end systems
3 4
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 1



Automated Identification
Applications
Technology Suite
CMB
Linear Bar Code
Operational Efficiencies Contact Memory Button
Shrinkage, counterfeit
» Shipping and Receiving » Reduce internal theft
» Warehouse management
» Reduce process errors
2D Symbol
Smart Card/CAC
» Distribution » Avoid defensive QR Code
merchandizing
» Asset management
» Product verification
» Origin, transit verification
Total Supply Chain
OMC
Optical Memory Card
RFID - Active
Visibility
Radio Frequency ID
» Inventory visibility in
Security, Regulations
warehouses
» Total asset tracking
STS
» In-transit visibility, asset
» Defense supplies
Satellite-Tracking Systems
RFID- Passive
tracking
Radio Frequency ID
» Container tampering
» Pallet, case level
» Animal Tracking
» Item, instance level
5 6
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
RF ID Types A Bit of History
Early technology was developed in the 40s
Passive Tags: rely on an external energy
» Originally used as eaves dropping devices
source to transmit
» Used reflected power to transmit (transponder), e.g. the
» In the form of a reader that transmits energy
membrane of a microphone
» Relative short range
First RF IDs were developed in the 70s
» Very cheap
» Combines transmission based on reflected energy with
memory – can now distinguish devices
Active Tags: have a battery to transmit
» Has longer transmission range
Dramatic growth in last decade as a result of
» Can initiate transmissions and transmit more information
mandates
» A bit more like a sensor
» Big organizations (DOD, Walmart) requiring the use of
RFIDs from their vendors for inventory control
Battery Assisted Passive tags are a hybrid
Now used in increasingly larger set of
» Have a battery transmit
applications
» But need to be woken up by an external source
7 8
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 2

Standards RFID Today
Passive tags operate in the LF, HF, and UHF
unlicensed spectrum
Transmission consists of a bit stream and a
CRC
Many standards exist, mostly incompatible
» Early standards mostly defined by the ISO
Research within
international
In 2003 EPCGlobal was formed to promote
Auto-ID Labs
RFID standards
network
» Defined a standard for the Electronic Product Code (EPC)
» Also defined standards for coding and modulation
Standardization
by EPCGlobal
9 10
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Primary Application Types Example: Smart Card
Identification and Localization Public transport system in
Singapore
» Readers monitoring entering and exiting a
closed region
FeliCa Smart Card
– security (RFID in identification cards)
2001 – 2009
– automatic ticketing (NFC on mobile
phone)
faster boarding times
» Readers tracking an RFID-tagged object
Other uses
– business process monitoring (RFID
tags on pallets)
» small payments retail
» Tags marking a spatial location
» identification
– an NFC enabled mobile phone passes
Replaced by contactless card
tags in the infrastructure whose
(RFID)
location is known
11 12
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 3


Near Field Communication
Example: NFC Shopping Zone (NFC)
Three month trial in Seoul
Combines the functionality of
Payments in shops » an RFID reader device
» and an RFID transponder into one integrated circuit.
Smart ordering in restaurants: tap a
tag to order a drink
Integral part of mobile devices (e.g. mobile phones),
Smart posters to download coupons NFC components can be accessed by software to
and advertising information
» act as a reading/writing device
Movie ticket purchasing and ticket
» or to emulate a RFID tag.
checking
Operates at 13.56 MHz (High frequency band)
Bus timetable information and real-
N-Mark trademark
and is compatible to international standards:
time service status of NFC Forum
» ISO/IEC 18092 (also referred to as NFCIP-1),
Loyalty stamps from a store
» ISO/IEC 14443 (smart card technology, “ “ “ “proximity coupling devices ” ” ” ”),
» ISO/IEC 15693 ( “ “ “ “vicinity coupling devices ” ” ” ”).
Electronic receipts delivered directly
to NFC phones as a legal
Projected (2008): in 2012 20% of phones NFC enabled
replacement for paper receipts
Driven by NFC Forum (founded by Nokia, Philips, and
Sony in 2004
13 14
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
NFC Devices Comparison: Technologies
Example: contactless
payment applications
Modes of operation
RFID EPC Gen-2 NFC device
Sony FeliCa, Asia
MIFARE, Europe
Smart Card emulation tag (NFCIP-2)
Google Wallet
(ISO 14443):
UHF, electro- HF inductive
» phone can act as a contactless credit card
magnetic coupling
Peer-to-peer (ISO 18092)
coupling
Phone memory +
» transfer electronic business cards between devices
Identifier EPC 96 bytes – 8kb
(c) Google
Read/Write
global code locable for read-
» allows NFC devices to access data from an object with an
embedded RFID tag
only
Kill command
» enables the user to initiate data services such as the
retrieval of information or rich content (e.g. trailers and
ring tones).
15 16
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 4


Comparison: Main Applications Electronic Product Code (EPC)
"A Universal identifier for physical objects"
RFID NFC
» EPC is designed to be unique across all physical objects
Retail mobile payment
in the world, over all time, and across all categories of
physical objects.
Logistics mobile ticketing
» It is expressly intended for use by business applications
that need to track all categories of physical objects,
Supply chain pairing of devices
whatever they may be.
management (esp. Bluetooth
Combine
devices)
» accurate
» EPC data located on the RFID tag
inventories » reader ’ ’s middleware
’ ’
download of
» locate EPC Information Services (EPCIS), using Web
» product safety
information from
Services like SOAP and WSDL
and quality
"smart posters"
17 18
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
EPC Network Concept (2001) EPC Standards (2012)
external software application
DNS
PML
Object
EPC Information
Name
PML
Service (EPCIS)
Service
(ONS)
PML
Savant
reader interface
protocol & PML Core
reader device
RFID protocols UHF
Class 0/1 & HF Class 1
RFID transponder
19 20
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 5
What information does a RFID tag contain?
Gen 2 tags have four memory banks
Bank 0 Bank 1 Bank 2 Bank 3
Reserved Memory EPC Memory Tag Identification Memory * User Memory *
•32-bit Kill Password •16-bit CRC •8-bit Class Identifier •User-defined format
•32-bit Access Password •16-bit Protocol Control •12-bit Tag Designer
•96-bit EPC •12-bit Tag Model Number
•32-bit Serial Number (optional)
(64 bits) (128 bits) (0, 32, or 64 bits) (0 or more bits)
The CBP “ “ “ “GDTI-96” ” ” ” bit
A 64-bit TID memory bank contains a tag serial number that
unique number
uniquely identifies a tag.
* TID and User Memory banks are not initialized on some Gen 2 tags
21 22
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
What information does RFID tag contain?
Object Name Service (ONS)
Memory Bank 1 of the RFID Tag
Design objective: based on DNS
An organization could define and filter up to
EPCglobal/GS1
Purpose: resolve tag queries by accessing
10,000 document types. Example: the number
allocated and managed.
relevant databases and internet pages
1 = motorcycle , 2 = auto, etc.
Defined by Card/Tag Issuer
Operation: given EPC return one or more
URLs
Filter Partition Document
Header Company Prefix Serial Number
Steps:
Value Value Type
» Bit-sequence containing the EPC is transmitted by
8 bits 3 bits 3 bits 27 bits 14 bits 41 bits
transponder to reader
0010 1100 High-level Determines Equates to eight digits Equates to four Allows for over 2
» Reader send sequence to local server
[Static, filter option Company to uniquely identify an digits, allowing trillion unique
» local server translates sequence into EPC URI format and
Binary value] Prefix organization such as up to 10,000 values
length DHS/CBP, DoS, document types sends it to ONS resolver
WA State, etc.
» resolver translates URI into DNS name and retrieves DNS
resource record containing corresponding addresses
23 24
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 6

Object Name Service (ONS) Passive RFID Tags
Purpose: resolve tag queries by accessing
relevant databases and internet pages
Power supply
Operation: given EPC return one or more
» passive: no on-board power source, transmission power
from signal of the interrogating reader
URLs
» semi-passive: batteries power the circuitry during
Tag Encoded EPC
RFID TAG Local System
interrogation
7
TAG Reader 2
3 URI Conversion 4 ONS Resolver
1
» active: batteries power transmissions (can initiate
communication, ranges of 100m and more, 20$ or more)
5
8
Frequencies
Local caching
nameserver
» low frequency (LF): 124kHz – 135 kHz, read range ~50cm
EPC-IS Server
» high frequency (HF): 13.56 MHz, read range ~1m
HTML Page
6
» ultra high-frequency (UHF): 860 MHz – 960 MHz (some
also in 2.45GHz), range > 10m
DNS Cloud

25 26
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Source: ONS 1.0.1 Standard (2008)
Standards Transmission methods
LF and HF: inductive coupling
ISO 18000: multipart standard for protocols in
» coil in the reader antenna and a coil in the tag antenna
LF, HF, and UHF bands
form an electromagnetic field
UHF: EPCglobal Class1 Gen-2 » tag changes the electric load on the antenna.
UHF: propagation coupling: backscatter
HF:
» ISO 14443 (A and B) for "proximity" RFID » tag gathers energy from the reader antenna
» microchip uses the energy to change the load on the
» ISO 15693 for "vicinity" RFID (basis for ISO 18000 part 3)
antenna and reflect back an altered signalDifferent
Near-Field Consortium (NFC): NFCIP-
modulations used by reader and tag
1/ECMA340, ISO 18092) compatible with
above:
» transcends tag-reader model
» NFC device can operate as reader or tag
» in particular: mobile phones that support NFC
27 28
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
From: http://www.highfrequencyelectronics.com/Archives/Aug05/HFE0805_RFIDTutorial.pdf
Page 7

What does an RFID tag look like
PHY Layer inside a card?
Depends on the frequency band used
Different modulations used by reader and tag
» Different constraints, e.g. power and complexity
» E.g. cannot used amplitude modulation for HF tag (why?)
Example of EPCGlobal symbols for UHF
29 30
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
From: http://www.highfrequencyelectronics.com/Archives/Aug05/HFE0805_RFIDTutorial.pdf
Binary Tree Resolution
MAC Layer
Send requests to tags with ids that start with a
Typically assumed that only one reader is
certain string
present, i.e. no need for MAC on the reader
Narrow down search until one tag responds
MAC for tags is a challenge: in many
contexts, very high concentrations of tags are
present
» And tags are dumb, i.e. cannot have sophisticated
protocols
Two types of schemes used (standard):
» Binary tree resolution: reader explores a tree of relevant
tag values
» Aloha: tags transmit with a random backoff
31 32
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 8


Reader Networks: Colorwave Privacy
Channel assignment in a multiple reader
Tracking Inventorying
network: coloring the network graph with a
» depends only on » Invisible items
greedy coloring algorithm
unique id (even if become visible
» Frame-based protocol:
random)
» Libraries
– short reader network coordination slots where
“colors” (channels) are negotiated (color selection) » today:
» Passports
– long reader-to-tag transmission slots
– automated toll-
» Human
» Distributed Color Selection (DCS) payment
implantation:
transponders
– if (timeslot ID % max colors) == current color
VeriChip
then transmit to tags
– loyalty cards
– if collision occurred
– medical record
» future: pervasive
then choose new random color and kick (off wave)
indexing
availability of
– if kick received then choose new random color
– physical access
readers
» Adjust # of channels: variable-maximum DCS
control
33 34
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Privacy for Business Networks Reading ranges
Major concern for industry: Nominal read range (RFID standards and
product specifications):
» supply chain visibility
» supply chains and business networks are business » 10cm for contactless smartcards (ISO 14443)
assets
Rogue scanning range: sensitive reader with
Example provenance checking: competitors
more powerful antenna or antenna array
could know
» 50cm
» depending on how detailed the information associated is:
Tag-to-reader eavesdroppeing range: range
– where an object and its parts where manufactured
limitations for passive RFID result primarily
– when it was manufactured
from the need to power the tag
– by which sub-contractors
» eavesdropping on communication while another reader is
» who are the suppliers of a company
powering the smartcard: > 50cm
» which companies are the customers of a company
Reader-to-tag eavesdropping: readers
transmit at much higher power
35 36
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 9



Authentication Security Concerns
Specific But also specific
RFID tags Attacks
disadvantages due advantages:
uniquely identify
» Counterfeiting:
to limitations
» Tags are slow to
objects scanning and
respond, maximum
» Encryption
replicating tags
no. of read-out
Many proposals algorithms are too
operations
complex to be
Proposals
to use tags for
implemented on tags
» Adversary has to be
authentication » EPC:
physically close
» Low-cost RFID might
– simple bitstring
be identifiable by a
» Passport or » Unique radio
unique “radio
fingerprint could
– no access-control
driver's licence
fingerprint”
strengthen
» VeriSign:
» Identification of
authentication
stolen goods
– digital signing
– against forging
but not cloning
37 38
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Privacy Protection Concepts Literature
J. Waldrop et al. (2003). Colorwave: A MAC for RFID
Kill and sleep commands
reader networks. In: IEEE Wireless Communications
Renaming
and Networking Conference 2003, pp. 1701-1704.
Relabeling and separation of identifier and T. Wiechert et al. (2008). Connecting Mobile Phones to
the Internet of Things: A Discussion of Compatibility
product type
Issues between EPC and NFC, AutoID-Labs Tech.
Pseudonym set
Report.
A. Juels (2006). RFID Security and Privacy: A Research
Periodic re-encryption of unique identifiers
Survey. IEEE Jour. on Selected Areas in
Activity monitoring and proxying: Watchdog
Communications.
Tag, RFID Guardian
H. Vogt (2002). Efficient Object Identification with
Passive RFID Tags. In: Pervasive 2002, pp. 98-113.
Distance measurement for determining trust
Blocking
39 40
Peter A. Steenkiste, Hedda R. Schmidtke, CMU Peter A. Steenkiste, Hedda R. Schmidtke, CMU
Page 10