Database Reference
In-Depth Information
becomes a unique identifier for that person. The information about
object movement can be used either to track the whereabouts of the
person, or even for corporate espionage in a product supply chain.
The simplest solution to privacy with RFID data is the use of the
kill
command. The Auto-Id Center designed the “kill” command, which are
intended to be executed at the point of sale. The kill command can be
triggered by a signal, which explicitly disables the tag [63, 64]. If de-
sired, a short 8-bit password can be included with the “kill” command.
The tag is subsequently “dead” and no longer emits the EPC, which is
needed to identify it. However, the killing of a tag, was mostly designed
for cases where tags were associated with products, which have a limited
lifespan (before point of sale) for tracking purposes. This may not work
with smart products, where the tags are essential to its functioning over
the entire lifetime [40]. Another mechanism is to use a locking and un-
locking mechanism for the tags [111], if the data collection from the tag
is known to be needed only in specific periods, where the data collection
is relatively secure from eavesdropping. This can work in some smart
applications, where such periods are known in advance.
More robust solutions are possible with cryptographic methods. For
example, it is possible to encrypt the code in a tag before transmission.
However, such a solution may not be very effective, because this only
protects the
content
of the tag, but not the ability to
uniquely identify
the tag. For example, the encoded tag is itself a kind of meta-tag, which
can be used for the purposes of tracking. Another solution is to embed
dynamic encryption ability within the tag. Such a solution, however,
comes at a cost, because it requires the chip to have the ability to perform
such an encryption computation. Therefore, a recent solution [58] avoids
this by performing the cryptographic computations at the reader end,
and store the resulting information in the tags. This solution of course
requires careful modification of the reader-tag protocols. A number of
cryptographic protocols for privacy protection of library RFID activity
are discussed in [78]. Some of the cryptographic schemes [62, 69, 82]
work with
re-writable
memory in the tags in order to increase security.
The tags are encrypted, and the reader is able to decrypt them when
they send them to the server, in order to determine the unique meta-
information in the tag. The reader also has the capability to re-encrypt
the tag with a different key and write it to its memory, so that the
(encrypted) tag signal for an eavesdropper is different at different times.
Such a scheme provides additional protection because of repeated change
in the encrypted representation of the tag, and prevents the eavesdropper
from uniquely identifying the tag at different times.
