Abstract:
Power consumption is a key element in the design of secure RFID systems. It is a major resource constraint for cryptographic primitives, a sidechannel that can expose sen...View moreMetadata
Abstract:
Power consumption is a key element in the design of secure RFID systems. It is a major resource constraint for cryptographic primitives, a sidechannel that can expose sensitive data, and a determinant of read ranges for tags. While protocol design for high-powered, networked computing devices can conveniently disregard power considerations, energy consumption is an unavoidable dimension of RFID-tag security. In constrained, battery-powered devices such as sensors, communication is a power-intensive operation; local computation less so. I'll explain how passive RFID tags turn this longstanding wisdom on its head. For "computational" RFID tags, transmitting data consumes less energy than storing it locally. This observation motivates a new approach to protocol design in which tags "outsource" storage to readers. The challenge then is to enforce data integrity and confidentiality without negating energy savings [1]. While the energy limitations of RFID tags can be a liability, surprisingly they can also be exploited in useful ways. I'll describe how EPC Gen-2 tags, the most prevalent form of barcode-type RFID, have a low-power regime that permits a conversion of the "kill" operation (a privacy feature) into a crude challenge-response protocol (an authentication feature). I'll explain why such unorthodox techniques are valuable, particularly for a new generation of EPC-based identity documents in the United States [2]. I'll conclude by arguing that a holistic view of power consumption issues in RFID calls for a reshaping of the academic research agenda around RFID security and privacy. I'll posit, for instance, that protocols for identifier privacy in RFID, i.e., for anti-tracking, could well be a vain pursuit, and should give way to more valuable research on techniques for RFID data privacy.
Published in: 2009 International Conference for Internet Technology and Secured Transactions, (ICITST)
Date of Conference: 09-12 November 2009
Date Added to IEEE Xplore: 29 January 2010
ISBN Information: