Security approaches for Radio Frequency Identification systems
Author(s)
Foley, Joseph Timothy, 1976-
DownloadFull printable version (16.54Mb)
Alternative title
Security approaches for RFID systems
Other Contributors
Massachusetts Institute of Technology. Dept. of Mechanical Engineering.
Advisor
Sanjay Sarma.
Terms of use
Metadata
Show full item recordAbstract
In this thesis, I explore the challenges related to the security of the Electronic Product Code (EPC) class of Radio Frequency Identification (RFID) tags and associated data. RFID systems can be used to improve supply chain performance and automate asset management. However, an antagonist could use the functionality of the RFID tags and the EPC data to invade personal privacy or acquire access to unauthorized corporate information such as inventory levels. In addition, current RFID mechanisms expose secrets to the readers, which opens an avenue for exploits and information leakage. I examined the RFID security and privacy issues and designed a number of systems to improve tag authentication, privacy protection, and secure sharing of EPC data. The specific solutions I propose include TagCheck to protect tags from counterfeiting, JanusTag to allow recoverable dynamic recoding of tags, TagFolio for privacy policy enforcement, and TagDirective for secret management and access control. To prevent leakage at the application level during Object Name System (ONS) resolution, I propose the use of an anonymizing TorONS system. (cont.) Lastly, to protect tags from being "mass killed", I designed two different categories of RFID tag kill-resistance mechanisms: active protection using Neighborhood Watch communities of readers and Exponential Rampup for tag self-defense. These technologies are combined under one umbrella called TinFoil, creating a comprehensive security solution that successfully protects the data in an EPC-enabled RFID system while minimizing required modifications to existing architecture.
Description
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Mechanical Engineering, 2007. Includes bibliographical references (p. 253-270) and index.
Date issued
2007Department
Massachusetts Institute of Technology. Department of Mechanical EngineeringPublisher
Massachusetts Institute of Technology
Keywords
Mechanical Engineering.