RFID - GBV · RFID APPLICATIONS, SECURITY, AND PRIVACY Edited by Simson Garfinkel Beth Rosenberg V...
Transcript of RFID - GBV · RFID APPLICATIONS, SECURITY, AND PRIVACY Edited by Simson Garfinkel Beth Rosenberg V...
RFIDAPPLICATIONS, SECURITY, AND PRIVACY
Edited by
Simson GarfinkelBeth Rosenberg
VV Addison-Wesley
Upper Saddle River, NJ • Boston • San FranciscoNew York • Toronto • Montreal • London • Munich • Paris • MadridCapetown • Sydney • Tokyo • Singapore • Mexico City
CONTENTS
Foreword xxiPreface xxvAcknowledgments xlvii
Part I Principles l
Chapter 1 Automatic Identification and Data Collection:What the Future Holds 3Dan Müllen, Bert Moore
Introduction 3A Brief History of AIDC 4
Bar Codes 4Magnetic Stripes and MICR 5Radio Frequency Identification 5
The "Industry" That Isn't 6The Interconnected World 7Clear and Present Benefits 8
Manufacturing 8Distribution and Inventory 8Retail 9Document Tracking 9Security 9Food Supplies 10Healthcare 10
vi CONTENTS
Future Applications 11Sensor-Enabled RFID 11Pharmaceutical Authenticity 11Product Authenticity 12Intelligent Items 12Data Exchange 12
Conclusions 13
Chapter 2 Understanding RFID Technology 15Simson Garfinkel, Henry Holtzman
Introduction 15RFID Technology 15
The Elements of an RFID System 16Coupling, Range, and Penetration 23
RFID Applications 27Supply Chain Visibility and Inventory Management 27Implants 29VeriChip and Mark of the Beast 35
Conclusions 35
Chapter 3 A History of the EPC 37Sanjay Sarma
Introduction 37The Beginning 37
The Distributed Intelligent Systems Center 38Meanwhile, at Procter & Gamble 39
A Mini-Lecture: The Supply Chain 40The Auto-ID Center 41
The Cheap Tag 43"Low-Cost" RFID Protocols 44"Low-Cost" Manufacturing 46The Software and the Network 47Privacy 48Summary: The Ultimate Systems Problem 50
Harnessing the Juggernaut 50The Six Auto-ID Labs 51The Evolution of the Industry 52The Creation of EPCglobal 53
Conclusions 54
CONTENTS vii
Chapter 4 RFID and Global Privacy Policy 57Stephanie Perrin
Introduction 57Definitions of Privacy 58
Definitions of Personal Information 58History of Current Privacy Paradigm 59
Mapping the RFID Discovery Process 62Functions and Responsibilities for Chips, Readers, and Owners . . . . 64
Privacy as a Fundamental Human Right 65Constitutional Rights 68
Privacy Through Data Protection Law and Fair Information Practices... 69A Brief History of FIPS 69Accountability 71
Responsibility in Individual RFID Scenarios 71
Identifying Purposes 73Consent 74Limiting Collection 75Limiting Use, Disclosure, and Retention 75
Accuracy 76Safeguards 77Challenging Compliance 80
Conclusions 80
Chapter 5 RFID, Privacy, and Regulation 83Jonathan Weinberg
Introduction 83Some Current and Proposed RFID Applications 84Whither Item-Level Tagging? 86Understanding RFID's Privacy Threats 88Conclusions 92
Chapter 6 RFID and the United States Regulatory Landscape 99Doug Campbell
Introduction 99Current State of RFID Policy 101
Individuais 103Business 103Government 104Miscellaneous 104
viii CONTENTS
RFID Policy Issues 105Privacy 105Integrity and Security of the System 108Government Access 108Health Impact 109Labor Impact 109Spectrum Conflicts 110Use of RFID Technology to Limit Product Functionality 110
Government Versus Individual Context 111Business Versus Individual Context 114
Policy Dialogue Dynamic 116Industry Leadership 119Options for Government Leadership 120
Congress 120Federal Trade Commission 122
Snapshot of Current Status 124Policy Prescriptions 126The Case for, and Limits of, EPCglobal Leadership 130
Other Industry Alternatives? 131Current EPCglobal Policy 132
Conclusions 133
Chapter 7 RFID and Authenticity of Goods 137Marlena Erdos
Introduction 137A Few Important Concepts in Authentication 138
Authentication Involves Secret Data 138The "Key Distribution" Problem 139Stolen Keys and Revocation 139Comment on Authentication Costs 139
Authenticity of Tags and Authenticity of Goods 140Authenticity of Goods and Anticounterfeiting Measures 141
Injection of Counterfeit Goods into the Supply Chain:Two Scenarios 141
How Authenticatable Tags Could Help 143Switching the Security Bürden 143
Authentication of Readers 144Authenticating Readers to Tags 144
CONTENTS IX
Authenticating Readers Within an Enterprise 145Authentication of Users Across the Supply Chain (Federation) 145
Bürden on System Administrators 146Bürden on Users 146The Answer Is Federation 147
Conclusions 147
Chapter 8 Location and Identity: A Brief History 149Michael Curry
Introduction 149Place and Identity in a World of Habits and Symbols 150Locational Technologies 152
Ptolemy and the Development of Classified Space 152Getting Addressed 154
Rethinking Identity: Beyond Traits and Names 157On RFID 160Conclusions 161
Chapter 9 Interaction Design for Visible Wireless 163Chris Noessel, Simona Brusa Pasque, Jason Tester
Introduction 163The Role of Interaction Design 164A Common Vocabulary 164Designing and Modifying WID Systems 166
Disclosure at Read 166Disclosure of Use 170Read Range 171Identifiable Readers 172Permissions-Based Tags 174Physical Remedies to Opt Out 175
Conclusions 176
Part II Applications 177
Chapter 10 RFID Payments at ExxonMobil 179Simson Garfinkel
Introduction 179Interview with Joe Giordano, ExxonMobil Corporation 182
CONTENTS
Chapter 11 Transforming the Battlefield with RFID 189Nicholas Tsougas
Introduction 189Logistics and the Military 190Conclusions 198
Chapter 12 RFID in the Pharmacy: Q&A with CVS 201Simson Garfinkel, Jack DeAlmo, Stephen Leng,Paul McAfee, Jeffrey Puddington
Introduction 201CVS and Auto-ID 202Project Jump Start 203RFID in the Store 205Making RFID Work: The Back End 205
Chapter 13 RFID in Healthcare 211Kenneth Fishkin, Jay Lundell
Introduction 211The Hospital 212
Tracking People and Objects 212Safeguarding Equipment Use 213Assisting Medical Personnel 214
Home Eldercare 216Activity Monitoring and "OKness" Checking 217Criteria for Different Types of "OKness" Systems 219Applications for Assisting the Elderly 220
Challenges 221Radio Frequency Health Issues 221Standards 223Privacy, Security, and HIPAA 223
Conclusions 226
Chapter 14 Wireless Tracking in the Library: Benefits,Threats, and Responsibilities 229Lori Bowen Ayre
Introduction 229RFID System Components and Their Effects in Libraries 230
Tag 230Reader 231
CONTENTS XI
Application 232RFID Standards 233RFID in U.S. Libraries 234
Penetration 234Library Problems Addressed by RFID 234Cost of Implementing RFID System in Libraries 235Role of Librarians 236Privacy Protections for RFID by Industry and
the Government 237Best-Practices Guidelines for Library Use of RFID 239
Educating the Public 240Conclusions 241
Chapter 15 Tracking Livestock with RFID 245Clint Peck
Introduction 245RFID Has to Prove Itself 247Putting RFID to Work 248RFID and Livestock Marketing 249
Traceback and RFID Standardization with Livestock 250Auction Markets: A Critical Component 251
RFID World Livestock Roundup 253Australia 253Brazil 253Canada 254European Union 254France 255Japan 255New Zealand 256United Kingdom 256
Part III Threats 257
Chapter 16 RFID: The Doomsday Scenario 259Katherine Albrecht
Introduction 259RFID Tags and the EPC Code 260A Ubiquitous RFID Reader Network 263
xii CONTENTS
Watching Everything: RFID and the Four Databases It Will Spawn . . . 265
Database #1: The "Where-Did-This-Come-From?"Manufacturer's Database 266
Database #2: The "What-Is-This?" EPC Database 267Database #3: The "Who-Bought-It?" Point-of-Sale Database . . . 268Database #4: The "Where-Has-It-Been-Seen?" Post-Sale
Surveillance Database 270Corporate Abuse 271Government Abuse 272Conclusions 273
Chapter 17 Multiple Scenarios for Private-Sector Use of RFID 275Ari Schwartz, Paula Bruening
Introduction 275Scenario 1: "No One Wins" 277Scenario 2: "Shangri-La" 278Scenario 3: "The Wild West" 279Scenario4: "TrustbutVerify" 280Conclusions 281
Chapter 18 Would Macy's Scan Gimbels?: CompetitiveIntelligence and RFID 283Ross Stapleton-Gray
Introduction 283
In-Store Scenarios 283
Consumer Technology as a Means of Intelligence Gathering . . . . 284Other Sources of Competitive Intelligence 285
So, Who Wants to Know? 286The Value of Functional Tags on the Shelves 286Qui Bono? 288
Dead Tags Teil No Tales 289
A Recoding Strategy 289Conclusions 290
Chapter 19 Hacking the Prox Card 291Jonathan Westhues
Introduction 291Reverse-Engineering the Protocol 292
WhyltWasn'tVeryHard 294
CONTENTS XIII
Security Implications 295Protecting Against These Types of Attacks 297Conclusions 300
Chapter 20 Bluejacked! 303Pius Uzamere II, Simson Garfinkel, Ricardo Garcia
Introduction 303Bluetooth 303
Bluetooth's Background 306Bluetooth Profiles 309Untrusted Versus Trusted Pairing and Discoverability 312Current and Speculative Bluetooth Implementations 315
Bluetooth Security and Privacy Attacks 316Cracking Bluetooth 317Bluetapping 322Locational Surveillance 323
Conclusions 325
Part IV Technical Solutions 327
Chapter 21 Technological Approaches to the RFIDPrivacy Problem 329Ari Juels
Introduction 329The Technical Challenges of RFID Privacy 331Blocker Tags 332Soft Blocking 335Signal-to-Noise Measurement 336Tags with Pseudonyms 336Corporate Privacy 337Technology and Policy 338Conclusions 338
Chapter 22 Randomization: Another Approach to RobustRFID Security 341Michael Arneson, William Bandy
Introduction 341The Problems in RFID Security 341Conclusions 343
xiv CONTENTS
Chapter 23 Killing, Recoding, and Beyond 347David Molnar, Ross Stapleton-Gray, David Wagner
Introduction 347RFID Recoding and Infomediaries 349
Applications Prevented by Killing 349Recoding and Electronic Product Codes 350
Infrastructure Issues 352Protecting the Kill Switch 352Recoding, Rewritable Tags, and Vandalism 353The "Subthreshold" Retailer 354Who Pays? 354
Conclusions 355
Part V Stakeholder Perspectives 357
Chapter 24 Texas Instruments: Lessons from SuccessfulRFID Applications 359Bill Allen
Introduction 359Toll Tracking: Who Knows Where You Are Going? 360Contactless Payment: Are Safeguards Already in Place? 361RFID and Automotive Anti-Theft: Staying Ahead of the
Security Curve 363How and What We Communicate 364
Listen to the Consumer 365Protect Data 365Empower the Consumer 365
Conclusions 366
Chapter 25 Gemplus: Smart Cards and Wireless Cards 367Christophe Mourtel
Introduction 367What Is a Smart Card? 367Smart Card Communication and Command Format 370Card Life Cycle 371Smart Card Applications 372
PayTV 372Mobile Communications 372
CONTENTS xv
Electronic Cash 373OtherApplications 373
"Contactless" Cards 373Protocols and Secure Communication Schemes 374Constraints of Contactless Products 375
Speed and Working Distance 376Interoperability 376
Contactless Products and the Contact Interface 377Communication 377Physical Security 379Software Security 380
Conclusions 380
Chapter 26 NCR: RFID in Retail 381Dan White
Introduction 381PaymentApplications 381
Current Installations 382Food Ordering 382
Inventory Management Applications 383Out-of-Stocks 384Theft Prevention 384Electronic Shelf Labels 385Technical Limitations 385Cost and Installation Limitations 386Misplaced Inventory 386Product Locator 387Back Room 388Mobile Systems 388
Hybrid Scanners 389Traceability 389Perishable Products 390Recalls 390No More Receipts 390Technology Analysis 391
Privacy Concerns 392RFID Portal 393Conclusions 395
xvi CONTENTS
Chapter 27 P&G: RFID and Privacy in the Supply Chain 397Sandy Hughes
Introduction 397Procter & Gamble's Position 398RFID Technology and the Supply Chain 399
Internal P&G Protocols 406External P&G Protocols 406Supply Chain Dependencies 407
Global Guidelines for EPC Usage 408Consumer Notice 408Consumer Education 409Consumer Choice 410Record Use, Retention, and Security 411
Conclusions 412
Chapter 28 Citizens: Getting at Our Real Concerns 413Robert Ellis Smith, Mikhail Zolikoff
Introduction 413Prior to the Point of Säle 414After the Point of Säle: Nonconsumer Goods 414After the Point of Säle: Consumer Goods 415After the Point of Säle: Privacy Interests 416
Possible Scenarios 418Eliminating the RFID Threats to Privacy 419
Mitigating the Threats: "Continue Activation" as theDefault for Nonconsumer Goods 420
Mitigating the Threats: "Continue Activation" as theDefault for Certain Consumer Goods 421
Mitigating the Threats: "Deactivation" as the Defaultfor Sensitive Products 422
Hybrid Products 422Enforcing This Scheine by Law 42 3The CALEA Experience 423On the Other Hand: The Electronic-Funds Experience 425Mitigating the Threats: Different Frequencies 426An Additional Consideration: Chip Security 427
Conclusions 428
CONTENTS XVII
Chapter 29 Activists: Communicating with Consumers,Speaking Truth to Policy Makers 431Beth Givens
Introduction 431RFID Characteristics That Threaten Privacy 432
Proposed Technology-Based Solutions 43 3Is Consumer Education the Answer? 434
Calling for a Technology Assessment 434
Conclusions 437
Chapter 30 Experimenting on Humans Using AlienTechnology 439Peter de Jager
Introduction 439The Surveillance Society: It's Already Here 440A Trick to Overcome Resistance 440
Constituents to Change—and to Stasis 442Privacy Advocates Own This Story 444Privacy, Change, and Language 444How to Make Consumers Demand Change (and RFID) 447
Conclusions 448
Chapter 31 Asia: Billions Awaken to RFID 451Bimal Sareen
Introduction 451Factors Separating Western and Asian RFID Experience 451
Privacy: Western Luxury or Western Construct? 452RFID as the Lightning Rod of Privacy Activists 453The Indian Perspective on Personal Privacy 453Other Asian Countries' Views on Privacy 454
The Extant Paper Database and Electronic Credit Card Systems . . . . 45 5A Cultural Predisposition to Technology Adoption? 455Establishment of National Identities 455
A Complex Interplay of Social Systems and Technology 456
RFID in India 456Local Deployments of RFID in India 457A Positive Outlook for Retail and Industry 458E-Governance Applications 458
xviii CONTENTS
A Strategie Position 459Government Adoption, Not Regulation, for RFID 459India-Specific RFID Deployment Concerns 460RFID in India: Summary 461
RFID Across Asia 461China 461Hong Kong 462Japan 463South Korea 464Malaysia 464Singapore 464
Conclusions 465
Chapter 32 Latin America: Wireless Privacy, Corporations,and the Struggle for Development 467Jennifer Torres-Wernicke
Introduction 467An Overview of Wireless Services Penetration into
Central America 468Spread Spectrum 468WiFi 469RFID 469
Pervasiveness of Telecommunications in Central America 470Panama 470El Salvador 471Costa Rica 471Guatemala 471Honduras 472Nicaragua 472
Privacy Concerns 473Old Assumptions in a New World 473The Author's Experience Living in El Salvador 474
An Overview of Privacy Across Latin America 475A Word on the U.S.-Mexican Border 476What About the United States? 477
Conclusions: Privacy, Poverty, and the Future 477
CONTENTS xix
Appendixes 479
Appendix A Position Statement on the Use of RFID onConsumer Products 481
Appendix B RFID and the Construction of Privacy:Why Mandatory Kill Is Necessary 497
Appendix C Guidelines for Privacy Protection on ElectronicTags of Japan 507Takato Natsui
Appendix D Adapting Fair Information Practices toLow-Cost RFID Systems 515Simson Garfinkel
Appendix E Guidelines on EPC for Consumer Products 525EPCglobal, Inc.
Appendix F Realizing the Mandate: RFID at Wal-Mart 529Gus Whitcomb, interviewed by Simson Garfinkel
Index 535