Dr. Dobb's Journal September, 2004
Radio frequency identification (RFID) tags can be used as an advanced electronic version of the UPC barcodes that identify just about everything we purchase—from groceries to laptops. An RFID tag consists of a small integrated circuit attached to a small antenna and is capable of transmitting a unique serial number a distance of several meters to a reading device in response to a query. Most RFID tags are passive, meaning they do not contain batteries, relying instead on power obtained from the query signal itself. RFID tags are already quite common. Some popular examples include proximity cards used as replacements for metal door keys, theft-detection tags attached to consumer goods such as clothing, and the small dashboard devices for automating highway toll payments. Improvements in cost and size will encourage the rapid proliferation of RFID tags into many new areas of use. For example, a U.S. consumer goods manufacturer has recently ordered half a billion tags for use in retail environments. Over the next few years, manufacturers and retailers plan to embed or attach RFID tags to all types of products, theoretically reducing theft and making automated check-out, product returns, and inventory audits remarkably fast.
While the many benefits of RFID are attractive, the technology rightfully has some consumers concerned about privacy. The expected surge in use of RFID tags in all aspects of our lives introduces serious threats. The simplest RFID tag broadcasts its ID serial number—that is, its electronic product code (EPC)—to any nearby reader. This presents a clear potential for privacy violations. What happens when a consumer wears his expensive new sneakers with a still functioning RFID tag to the store where he purchased them? Will the store read the tag again and correlate it with his previous purchase? Who's to stop a retailer (or anyone else) from reading RFID tags on any purchased item, tracking consumer behavior or movements? What's to protect anyone from secretly being given tags so they can be tracked or spied on by a private detective, spouse, parent, or even by an employer?
Privacy has been recognized as a potential barrier in the widespread adoption of RFID technology for some time. Along with other researchers, RSA Laboratories (where I work) is developing RFID designs that promote adoption, while protecting the privacy rights of individual consumers. In this article, I explore a "blocker tag" technique that can make significant strides in the fight for privacy protection in relation to RFID tags.
The most straightforward approach to privacy protection is to "kill" RFID tags before they are placed in the hands of consumers. A killed tag can never be reactivated. While the "kill tag on purchase" or deactivation approach may address many or even most instances of potential concern for privacy, it is unlikely to fit the bill in all scenarios. There are many applications for which such simple measures would be undesirable despite the privacy assurances. For example, consumers may wish RFID tags to remain operative while in their possession to facilitate merchandise returns or perhaps to enable a future "electronic medicine cabinet" to verify that they have the correct prescriptions.
With another approach, an RFID tag may be shielded from scrutiny using what is known as a "Faraday Cage"—a container made of metal mesh or foil that is impenetrable by certain frequencies of radio signals. Small-time thieves are already using foil-lined bags in retail shops to avoid detection when shoplifting. In the same spirit, currency notes of the future with active RFID tags could be protected with foil-lined wallets. However, RFID tags will inevitably be deployed in a vast range of applications that cannot be placed conveniently in metal containers. Faraday cages thus represent, at best, a partial solution to consumer privacy.
Active jamming, a low-tech means of shielding RFID tags from "view," is another method of protecting privacy. In this scenario, consumers carry a device that actively broadcasts radio signals to effectively block and/or disrupt the operation of any nearby RFID readers. This approach may be illegal—at least if the broadcast power is too high—and is a most assuredly crude approach, possibly causing severe disruption of all nearby RFID systems (even legitimate applications).
A more high-tech approach would involve the use of cryptographic methods. These techniques are exceptionally challenging to design, given the cost constraints associated with the basic RFID tag. Protocols based on public-key cryptography can readily address privacy concerns, but are likely to be too expensive to implement universally in RFID tags in the foreseeable future. Protocols based on symmetric cryptography may become practical to implement sooner, but they must be carefully designed to preserve privacy. Consider that for a reader to determine which symmetric key to use when communicating with an RFID tag, the tag must somehow identify the key to the reader. This process itself might still enable the RFID tag to be tracked.
Conventional cryptography thus does not immediately suggest a general- purpose, practical solution to the privacy concerns with RFID tags, but research into new approaches is showing promise. One approach is to go beyond protecting the data—the traditional province of cryptography—and instead look directly at the tag-to-reader interactions itself.
An RFID reader is really only able to communicate with a single RFID tag at a time. If more than one tag responds to a query by the reader, the reader detects a "collision" and cannot accurately read the information transmitted by the tags. The reader and RFID tags then need to engage in some sort of protocol so the reader can communicate with the conflicting tags one at a time. Such a protocol is called a "singulation protocol."
This is the premise behind RSA Laboratories simple "blocker tag" scheme for RFID tag privacy protection (for more information, see the accompanying text box entitled "Blocker Tag Details"). Blocker tags selectively exploit the standard tree-walking singulation protocol. The blocker tag does not actively engage in jamming. Rather, by participating in the tag-reading process in a noncompliant manner, the blocker initiates passive jamming.
When carried by consumers, blocker tags thus "block" RFID readers. To avoid interfering with the legitimate business uses of RFID tags, a blocker tag blocks selectively by jamming only selected subsets of ID codes, such as those in a designated "privacy zone." We believe that this approach, when used with appropriate care, provides an attractive alternative for addressing privacy concerns raised by the widespread use of RFID tags in consumer products.
It is possible that the blocker tag concept be used for malicious purposes, for instance, as a tool for mounting denial-of-service attacks. Such a blocker tag might shield either the full spectrum of serial numbers from reading or might target a particular range; for example, the set of serial numbers assigned to a particular manufacturer. A blocker tag of this form might be used to disrupt business operations or to help perpetrate petty theft by shielding merchandise from inventory control mechanisms. However, mechanisms—such as detecting blocker tags by monitoring for reports of unusually high numbers of tags—can be put in place to protect against fraudsters. Moreover, by design and intent, the blocker tag solutions that RSA Laboratories is developing are limited to privacy protection and do not facilitate such malicious uses.
Our blocker tag approach to RFID privacy protection is particularly attractive because of the low cost associated with the implementation of such an effective privacy solution.
At the 2004 RSA Conference, RSA Laboratories publicly demonstrated the use of blocker tags as a method for protecting consumer privacy. The demonstration took the form of a mock pharmacy, whose visitors received RFID-tagged prescription bottles filled with jelly beans offering "tranquility," "wisdom," and "happiness." ("Wisdom" was the most popular, favored by about 40 percent of visitors.)
After explaining the initial tradeoff between convenience and privacy engendered by RFID tags, the mock "pharmacists" then showed how technologies such as blocker tags can help, by enclosing the RFID-tag bottle in a paper prescription bag, affixed to which was a demonstration version of the blocker tag. When a purchased bottle was scanned apart from the bag, the "checkout" display indicated the bottle's identifier (and if the prescription had been purchased, the visitor's name or pseudonym). But when the bottle and bag were scanned together, the display read "blocked."
The demonstration offered the same "customer experience" as with the "full" blocker tag described earlier, but used another type of tag that RSA Laboratories is working on—the "soft" blocker. Although it should be possible to implement the full blocker tag in fairly straightforward fashion, the soft blocker is even easier to implement because it is a standard RFID tag. Rather than interfering with the tag-to-reader protocol, though, the soft blocker relies on the reader or the application to enforce a privacy policy—somewhat like the Platform for Privacy Preferences protocol (P3P) for privacy on the Web. The soft blocker is a low-cost method for honest merchants to add privacy protection to their systems. Also, because it is in software, it supports a flexible set of privacy policies.
The use of selective blocking by blocker tags lets consumers choose when to hide certain RFID tags from scanning, and when to reveal those same tags for scanning. By allowing RFID prefixes to be rewritten, tags can be moved in or out of privacy zones protected by various blocker tags. The scientists at RSA Laboratories believe that blocker tags are a potent and useful tool for protecting consumer privacy, and recommend their incorporation into the portfolio of tools for building confidence into the promising new RFID infrastructure.
A. Juels, R.L. Rivest, and M. Szydlo. "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy" in 8th ACM Conference on Computer and Communications Security: ACM Press, 2003 (http://www.rsasecurity.com/go/rfid/).
A. Juels. "Soft Blocking: Flexible Blocker Tags on the Cheap." Unpublished Manuscript. 2003. (http://www.rsasecurity.com/go/rfid/).
DDJ