Security approaches for Radio Frequency Identification systems

Foley, Joseph Timothy, 1976-

Author(s)

Foley, Joseph Timothy, 1976-

DownloadFull printable version (16.54Mb)

Alternative title

Security approaches for RFID systems

Other Contributors

Massachusetts Institute of Technology. Dept. of Mechanical Engineering.

Advisor

Sanjay Sarma.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

In this thesis, I explore the challenges related to the security of the Electronic Product Code (EPC) class of Radio Frequency Identification (RFID) tags and associated data. RFID systems can be used to improve supply chain performance and automate asset management. However, an antagonist could use the functionality of the RFID tags and the EPC data to invade personal privacy or acquire access to unauthorized corporate information such as inventory levels. In addition, current RFID mechanisms expose secrets to the readers, which opens an avenue for exploits and information leakage. I examined the RFID security and privacy issues and designed a number of systems to improve tag authentication, privacy protection, and secure sharing of EPC data. The specific solutions I propose include TagCheck to protect tags from counterfeiting, JanusTag to allow recoverable dynamic recoding of tags, TagFolio for privacy policy enforcement, and TagDirective for secret management and access control. To prevent leakage at the application level during Object Name System (ONS) resolution, I propose the use of an anonymizing TorONS system.

(cont.) Lastly, to protect tags from being "mass killed", I designed two different categories of RFID tag kill-resistance mechanisms: active protection using Neighborhood Watch communities of readers and Exponential Rampup for tag self-defense. These technologies are combined under one umbrella called TinFoil, creating a comprehensive security solution that successfully protects the data in an EPC-enabled RFID system while minimizing required modifications to existing architecture.

Description

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Mechanical Engineering, 2007.

Includes bibliographical references (p. 253-270) and index.

Date issued

2007

URI

http://hdl.handle.net/1721.1/38710

Department

Massachusetts Institute of Technology. Department of Mechanical Engineering

Publisher

Massachusetts Institute of Technology

Keywords

Mechanical Engineering.

Collections

Graduate Theses