Simulation of RFID platform on NS-2

Arini Balakrishnan, Swetha Krishnan

CS740 Advanced Computer Networks, Instructor: Suman Banerjee

Computer Sciences Department

University of Wisconsin, Madison

December 19th, 2005

Abstract

RFID (Radio Frequency Identification) Systemshave gained popularity in recent times and havefound large-scale deployment in commercial andenterprise domains. However, there is a dearthof publicly available robust simulation platformsfor RFID networks. The ns-2 simulation environ-ment is a flexible tool for network engineers toinvestigate how various protocols perform withdifferent configurations and topologies. This pa-per describes how we extended the ns-2 frame-work to include support for RFID systems, andillustrates their utility with an implementationof Localized Probabilistic Algorithm (LPA) usedfor load balancing in RFID systems.

1 Introduction

Radio frequency identification (RFID) is a gen-eral term for technology that uses radio waves toautomatically identify individual items. RFID ishitting the mainstream now for a number of rea-sons. The recently developed electronic productcode (EPC) and drive to lower tag costs are cer-tainly a couple of the reasons. Another factorcontributing to its increasing popularity is thatmajor retailers like Wal-Mart and Tesco (in theU.K.) are mandating that all their suppliers usedRFID tags on their products.

The most basic RFID system has a tag (ortransponder), a reader (or interrogator) and soft-ware to control the data flowing through the sys-

tem. The tag is the device that is affixed to theitem being tracked and it has an integrated cir-cuit (IC) that has all the electronics. The readeris the device that reads the information from thetag. The software transforms the data read intomeaningful information. Tags can be classifiedas active/ passive and as read-only/read-write.Active tags are battery-driven and can reply tothe reader using their own power, whereas pas-sive tags use the energy beamed by the reader tosend their reply.

RFID systems are a lot like barcodes in thatboth are used to identify objects. However,RFID systems are different from barcodes inmany ways:

• They have no line-of-sight restrictions likebarcodes.

• A single reader can read multiple items si-multaneously.

• RFID tags can be used in harsh environ-ments. RFID systems can withstand ex-treme heat, cold and even chemical expo-sure. The tag can be read through up totwo inches of non-metallic debris includingpaint, plastic, cloth and concrete.

• Placement Flexibility.

• Speed of reading.

• Data Capacity.

• Read/Write capability

1

The primary purpose of this project is to es-tablish a foundation in ns-2 for simulating RFIDsystems. The platform developed models thebasic RFID protocol for identification of tagsby readers. This work is a small contributionthat should benefit RFID research where sim-ulation is appropriate. It is an effort to aidthe analysis of various RFID system configura-tions under the demands of specific RFID basedproblems like Redundant Reader Elimination(RRE)[4],schemes for RFID Privacy [5, 6] andLoad Balancing Algorithms. The paper beginswith an overview of the RFID EPC standards fordifferent radio frequencies, given by MITs Auto-ID Center. Section 3 gives an overview of the ns-2 simulation environment, followed by Section 4that describes our extensions to ns-2 and guide-lines for using them in simulations. In Section 5,we describe a load-balancing algorithm that weimplemented on our platform. The evaluationof our platform has been conducted through cer-tain experiments, the results of which are givenin Section 6. We conclude with a final sectionto list relevant areas for future extensions to thisplatform.

2 EPC Global Specifications

for RFID

EPCglobal specifications formulated by theAuto-ID Center at MIT form the foundation forthe EPC/RFID technology that the EPCglobalcommunity has begun implementing worldwideEPC Global (www.epcglobalinc.org) has definedvarious classes of RFID tags .

2.1 900 MHz Class 0 Radio Frequency(RF) Identification Tag Specifica-tions

reference Class 0 tags are the factory-programmed tags that are used in supply-chain management applications. Class 0 tagsmust have the functions of: - Being factoryprogrammed with EPC, 24 bit kill code, and

optimally other data. Being read by the reader.- Being selected as part of a related groupof tags, and - Being individually destroyed.The tag contains an EPC (Electronic ProductCode) used for item identification, a CyclicRedundancy Check (CRC) and a destruct code.In the EPCs so far defined there are four fieldswhich are, in order: a version number, definingthe variety of EPC among a number of possiblestructures; a domain manager number, whichis effectively a manufacturer number; an object

class, which is equivalent to a product number;and a serial number.

2.1.1 Protocol

This specification [3] uses singulation as a meansto identify tags.

The term singulation refers to a process of ne-gotiation which culminates in a single tag beingselected by the interrogator for further process-ing via interrogator commands” [3]

To perform singulation this standard uses abinary tree walking anti-collision protocol wherethe reader initiates the singulation. There maybe contention i.e. simultaneous replies from mul-tiple tags yet this does not result in a loss of in-formation. The reasons for this behavior are asfollows. Firstly, the bits 0 and 1 are encoded withtwo different sub-carrier frequencies. Hence, thereader can simultaneously receive a zero and one.Also, it is not important that the reader receivingmultiple zeros (or multiple ones) should be ableto distinguish one zero (or one) from the other.This is evident from the way tree-walking worksas described in Section 4. Secondly, destructiveinterference between tag replies of equal strengthis very unlikely and can only be intermittent.This can be attributed to the changes in thereader-tag carrier frequency and drift in the in-ternal tag sub-carrier tones.

2

2.1.2 Communication channel specifica-tion

The reader-to-tag communication is carried outby an AM pulse-width modulation of the reader-transmitter carrier, operating at 900 MHz. Thetag (passive) replies to the reader using the en-ergy of the readers beam, by the method of mod-ulated RF Backscatter. Modulated backscatterrequires no transmission power and is achievedby alternately changing the chip port impedanceand thus the reflectivity of the tag antenna. Thebackscatter can result in either of two frequencies-2.2 MHz and 3.3 MHz - which are the tag sub-carrier tones for 0 and 1 respectively. Thus, allcommunications happen through three reader-to-tag symbols (data 0, data 1 and a null symbol) and two tag-to-reader tones(0 and 1).

Due to FCC requirements, the reader is re-quired to change its frequency of operation peri-odically (every 50 to 400 milliseconds), by theprocess of Frequency Hopping. The new fre-quency jumped to is within 1 MHz of the ear-lier frequency. However, no assumptions can bemade that the tags will remain powered aftera frequency hop and so such tags which tem-porarily go out of power shall be negotiated onlythrough subsequent frequency hops.

If allowed according to the jurisdictions ofthe region, Direct Sequence Spread Spectrumtechnology can also be exploited by the readerand tags. Using this broadband direct spread-ing method, the reader is not required to hop

through frequencies, thereby overcoming the tagpower loss issues caused by moving to a differentfrequency.

2.1.3 Tag Identification Numbers

According to this specification [3], each tag isassociated with three ID numbers, ID0, ID1 andID2. ID2 (with a total length of 80/112 bits) isthe one that contains the actual user EPC data(version, domain manager, product class and se-rial number), which is of 64 or 96 bits, followedby a 16-bit CRC calculated using all the bits ofthe EPC data.

Singulation if carried out using ID2 becomesinefficient and expensive as it would require thetag to send out and the reader to keep track ofall the 64 or 96 bits of the EPC data. How-ever there may actually be only about 1000 tagsin the system and so a 12-bit number used forsingulation will easily suffice to distinctly iden-tify each of those tags. Also, sending out bits ofEPC data may pose security issues.

To avoid using ID2 for the above stated rea-sons, the tag is provided with two other IDs ID1and ID0, which are used in singulation by negoti-ating a minimum number of random bits. ID1 isa static pseudo random number that is generatedfrom a seed based in ID2s CRC. It consists of 64bits thus generated, plus 16 interspersed paritybits, thus giving a total of 80 bits (one parity bitfor every 4 bit). ID1 is required to be the samefor every singulation of tag, irrespective of the

3

reader that is querying the tag and irrespectiveof the environments the tag is in. ID0 is a fullyrandomized dynamically generated number thatchanges each time a tree traversal process begins(or even while in midst of one). It is used whenvery a high level of security is desired.

ID1 and ID0 are divided into 10-bit blocks tofacilitate singulation. The idea behind this is touse lesser number of bits than the complete ID2to ease singulation. However, considering thefact that the reader does not know how manytags there are in the system prior to singulation,it is not possible to decide upon a fixed numberof bits to use out of the 80 bits of these 2 IDs. In-stead, the singulation is carried out at the gran-ularity of a block (10 bits) and depending uponthe readers requirement to isolate each tag touniqueness, the reader decides how many blockswill be used. Each block is always read com-pletely (10 bits) by the reader. But after readinga block, the reader may or may not go further toanother block depending upon whether it is ableto differentiate between the tags currently in thesystem.

2.2 13.56 MHz ISM Band Class 1 Ra-dio Frequency Identification TagInterface specification

The EPC structure of this specification is similarto that of the 900 MHz specification. The differ-ences between the specifications are in the fre-quency of operation and the protocol used. The900MHz (UHF) specification uses tree-walkingalgorithm that has frequent and brief periods ofcommunication between the tag and the reader.In such types of communication the number oftags read per second depends on the turn aroundtime. Since at UHF, large bandwidths are avail-able very less turn around times can be achieved.This is not the case in the 13.56 MHz (HF) spec-ification where the bandwidths are significantlyless and the turn around times are high. Hence,this specification [1] describes a different algo-rithm for the basic operation.

2.2.1 Slotted Terminating Adaptive Col-lection Protocol (STAC)

STAC is a reader-initiated protocol. STAC pro-tocol has some notion of rounds which is ex-plained below. In STAC, tags reply at randompositions or time intervals referred to as slots. Acollection of such slots form a reply round. Thereader initiates the protocol by sending a Be-

gin Round message which has a number of pa-rameters like the number of slots in the forth-coming round, a selection that selects the labelswhich will participate in the round and a hash

value which are used to generated random replypositions in the round, using the tag memorycontents. Also, within each round and amongrounds the tags occupy random positions, so col-lisions between replies are neither frequent norrepeated. The selection parameter of the Be-

gin Round message when present represents thenumber of bits and the bits to be compared withthe EPC in the selection process. If the selec-tion parameter is not present then all the tagsin the readers vicinity will be selected. The Be-gin Round causes the tags to set the round sizeparameter, the selected or not selected bit anda reply slot position. It also sets counter of re-ply slot positions to zero. Also the tags movefrom READY state to SLOTTED READ state,in which state the tags calculate for themselvesa proposed slot and wait until the slot counterreaches the proposed slot calculated. The slotcounter will increment every time a reader indi-cates the end of the slot and the beginning ofa new slot. The tag replies with the remainingbits in its EPC omitting all or most of the bitswhich were in the selection parameter. The re-ply conditions of the slot can be any one of thefollowing

1. no tag reply present

2. one tag reply present

3. two or more replies present

If the reader detects that no tag reply is presentthen it issues a Close slot sequence that causes

4

all the tags in the SLOTTED READ state toincrement their slot number. If the reader de-tects that one / more of the tags are replyingit will try to keep the slot open for a time suf-ficient for the reply/replies to conclude and beevaluated. The reader checks the CRC presentin the reply, against an expected value that maybe calculated from information present in readerto tag and tag to reader signaling. If these checksreveal that the data is not collected properly, thereader sends a Close Slot sequence to the tag andthe tag returns to the READY state. If the labelis collected correctly the slot is closed by giving aFix Slot command. The tag upon receiving thiscommand moves from SLOTTED READ stateto the FIXED SLOT state, in which state thetag continues to reply once per round, but al-ways in the fixed slot.

2.2.2 Communication Channel specifica-tion

The reader carrier frequency falls within 13.56MHz and ± 7 Khz. The tag receives its power,and instructions which regulate its behavior fromthe interrogator. The baud rate in the reader totag link is 26.48 kbit/sec (fc/512) The tag re-ply is generated though amplitude modulation ofthe oscillation in the tuned circuit containing thetag antenna coil, wherein the tuned circuit loadis switched by sub-carrier frequency fs. The fre-quency of the sub carrier, fs is fc/32(423,75kHz).The tag reply data of 0 is coded with 4 pulsesof fc/32( 423,75 kHz) sub-carrier, followed byan un-modulated time of 128/fc( 9.94us). Thetag reply of data 1 starts with an um-modulatedtime of 128/fc(-9.94us) followed by 4 pulses offc/32( 423,75kHz) sub-carrier. The baud rate inthe tag-to-reader link is 52.969 kbit/s (fc/256).

2.3 860MHz – 930 MHz Class 1 Ra-dio Frequency (RF) IdentificationTags

The class 1 tag in this specification [2] is designedto communicate only with its unique identifier.

The reader carrier frequency is in the range of860 MHz 930 Mhz. The The tag replies withbackscatter modulation. The tags will modulatetheir back scatter only when they receive a com-mand from a reader, which they can properlydecode and interpret. The intended free spacecommunication of a tag is more than 3m . Itis 2m in worst case and 10m in best case. Thetag contents of the class 1 tags are slightly dif-ferent from class 0 tags in that these tags havea short password in addition to the EPC andCRC. Password is a 8 bit string used by the killcommand.

3 Overview of NS-2 environ-

ment

The NS-2 environment [7, 8] provides supportfor mobile wireless nodes using the 802.11 speci-fication. It also includes support for node move-ments and energy constraints. In the NS-2 en-vironment RFID systems can be built with thesame set of protocols and characteristics as thoseavailable in the real world. To implement anRFID system in NS-2 environment would requirethe following modifications:

1. The physical layer should be modeled insuch a way that nodes that are tags do nothave power of their own.

2. The MAC layer should be modeled to sup-port RFID systems. The changes herewould include, disabling RTS/CTS, dis-abling SIFS/DIFS and disabling the conges-tion window mechanism to avoid delays.

3. Adding agents to model the tags and readers

4. Modifying the appropriate files in NS-2 tosupport the changes made.

4 Extended NS-2 Architecture

One fundamental aspect of RFID systems, whichis missing in NS-2 is the protocol for singulation

5

of tags by readers. We implemented the tree-walking singulation protocol as described in [6].A RFID reader is able to communicate with onlyone tag at a time. If multiple tags reply to arequest from the reader, the reader detects col-lision and in this case the RFID tags and readershould engage in some sort of protocol so thata reader can communicate with conflicting tagsone at a time. The tree-walking protocol is anegotiation between the readers and the tags inthe system, which allows the reader to identifyall the tags in its range singly. The tree-walkingalgorithm is a bit-by-bit depth first search per-formed by the reader in the following way:

• Starting at a subtree at depth d the readerqueries all the tags in the system with theprefix b0b1 . . . b2bd.

• The queried tags reply with the d + 1st bitif the prefix matches with the prefix queriedby the reader. A tag broadcasts ’0’ if it isin the left subtree of the singulation tree ora ’1’ if it is in the right subtree.

• If there are tags both in the left and rightsubtree of the tree, both 1 and 0 is trans-mitted resulting in a collision.

• When the reader B detects collision, thereader recurses beginning at its child nodeB‖0 and B‖1. The reader starts its queryfrom the root of the singulation tree. Anexample of a singulation tree for 3 bits isshown below

4.1 Modeling Tags and readers

We modeled tags and readers as agents. Agentsrepresent the endpoints in NS-2 where the net-work layer packets are consumed or constructedand used in the implementation of protocols invarious layers. We developed two agents: aReader agent, to model the RFID reader; anda tag agent, to model the RFID tags. ReaderAgent is modeled like a class that inherits fromthe Agent class. The reader agent class has thefollowing members: A reader ID A set of tags Avector of events A Reader Timer class that in-herits from Timer Handler and is a friend to theReader Agent. Tag Agent is modeled like a classthat inherits from the Agent class. The tag agentclass has the following members: A tag ID ASingulation ID A set to hold reader information.The singulation protocol is implemented in theNS-2 environment using reader agents and tagagents. The singulation implementation worksas below: 1. Reader agent starts the singula-tion by broadcasting a 0 and schedules this eventwith the Reader Timer. 2. In the mean time thereader receives replies from the tags. 3. When areader receives a ’0’ from a tag it inserts the eventof broadcasting the prefix in the left sub-tree tothe vector of events 4. When a reader receives a’1’ from a tag it inserts the event of broadcast-ing the prefix in the right sub-tree to the vectorof events. 5. When the reader receives both’1’ and ’0’ in the scheduled time, it inserts theprefix in both the left and right sub-tree to thevector of events. 6. When the timer expires thecontrol reaches the expire function of the readertimer which in turn calls the tree walk functionwith the event in the top of the vector. 7. Alsoto enable this broadcast by the readers we setthe destination address to IP BROADCAST andttl() to ’1’ in the message sent by the reader. Onthe tag agent side, 1. When a tag agent receivesa singulation packet, it compares its SingulationID with the prefix received and if it matches, thetag replies with the next bit in the SingulationID. 2. If the prefix received does not match itssingulation ID, then the tag does not reply. We

6

also created new packet headers for RFID readerand RFID tag packets. The packet headers con-tain a field type which is used to identify thetype of packet being sent. We used three differ-ent packet types in our system:

1. Singulation packets with packet type 100

2. LPA packets with packet type 101

3. Query packets with packet type 102.

The use of LPA and query packets will be de-tailed in the Section 5. Colloboration diagramfor ReaderAgent class is shown in Figure 2

4.2 Files Modified

In addition to this, we needed to make modifica-tions to various existing files in ns-2, as follows:

1. trace/cmu-trace.cc,h: The CMUTrace classis used to print important parts of a packetto the simulations trace file, for wireless sim-ulations. Since we introduced new packettypes for the Reader and the Tag, we hadto describe the corresponding packet formatin this class. In the CMUTrace::format()function, we added cases to handle the 2new packet types PT RFIDREADER andPT RFIDTAG , whereby the format msg()function is invoked just as in the case ofPT MESSAGE packet type.

2. common/packet.h: This file contains allthe functions related to packets allocate,

free packets, access the packet at a par-ticular offset etc. Each packet in ns-2is associated with a unique type that as-sociates it with the protocol that it be-longs to, such as TCP, ARP, AODV, FTP,etc. Since we created a new RFID Pro-tocol, we defined its corresponding packettypes in the packet.h header file. Thepacket t enumeration list of this file wasmodified to include PT RFIDREADER andPT RFIDTAG also, and the Enumerationconstants to-Name mappings defined inthe p info class were enhanced to includethe mapping for PT RFIDREADER andPT RFIDTAG

3. tcl/lib/ns-default.tcl: This file contains Otclcommands to set the default values for thevarious parameters of Tcl Objects. We in-corporated the setting of the packet size pa-rameter for the the two new Agents we cre-ated - ReaderAgent and the TagAgent - tothe default values of 1000 and 64.

4. tcl/lib/ns-packet.tcl: This tcl file containscommands and procedures dealing with cre-ating and accessing of packet headers. Weadded references to our new protocol typesRFIDREADER and RFIDTAG here so asto be able to add and manage packet head-ers for all packets of these protocols.

4.3 Features Incorporated in the TCLscript used for simulations

1. Disabling of Wireless routing- The RFIDProtocol involves direct communication be-tween readers and tags and so does not re-quire routing of any form since any packetwill travel only one hop, from reader to tagor vice-versa. Hence, in the node configura-tions in our TCL script, we set the routingagent to DumbAgent which is an agent thatsimply passes packets between the node at-tached to it and the source; it does no for-warding of packets.

7

2. Disabling of RTS/CTS Mechansims in802.11 Mac layer : Since ns-2 uses 802.11mac layer for wireless nodes, that is theunderlying Mac layer we have used, how-ever many mechanisms of this mac are nota part of the RFID protocol. Hence, we dis-abled the RTS/CTS handshake mechasnimof 802.11 by setting the RTSThreshold toa high value of ’3000’ in the tcl script. Thisis done because, in ns-2, an RTS/CTS ex-change will be performed only if the size ofthe packet is larger than RTSThreshold, sosetting this threshold to a very high value,bigger than the size of packets in our proto-col, will ensure that RTS/CTS exchange isdisabled.

3. Also the transmission range of the readercan be changed by setting different valuesto RXThresh . RXThresh is used to setthe RXThreshold or the receiver threshold.If the power level of the packet arriving ata node is less than RXThreshold, the nodewill receive the packet with error. This RX-Thresh value can also be used to set thetransmission range of the reader. To deter-mine the RXThresh for a particular trans-mission range, we used the program /indep-utils/propagation/threshold.cc.

5 Load Balancing Algorithm

Implemented

5.1 Localized Probabilistic Assign-ment(LPA)

Localized Probabilistic Assignment (LPA) is aproposed scheme for load balancing in RFID sys-tems with probabilistic assignment of tags toreaders. We implemented the algorithm to testand validate the robustness of the RFID Plat-form that we have developed over ns2.

LPA runs on an existing system of readers andtags with each reader having identified the tagsit covers (i.e those in its range). LPA calculatesthe probabilistic binding vector (PBV) for eachtag as follows:PBV = [p1j , p2j , p3j . . . pdj ] where each pij iscalculated aspij = ((Σlk)li)/lk) ∗ (1/|N(vj)| − 1)

where|N(vj)| is the total number of readers in thevicinity of tag vj

lk the total cost of a reader k’s incident edgesthis value is approximated by the total numberof tags covered by reader k i.e. the load on readerk.

The summations are done over all u such thatu belongs to N (vj). The tag chooses to associateitself with a certain reader among the d readersof its PBV, by generating a random number be-tween 0 and 1. The 0 to 1 probability scale is di-vided into intervals sized according to the prob-abilities calculated in the PBV. It is checked asto which interval this random number generatedfalls in, and the reader that has the probabilityvalue corresponding to that interval in the PBVis chosen as the holder or rightful reader for thistag.

5.2 NS-2 Implementation of LPA

The first change needed was to incorporatea message type field in the ReaderHeader ofreader.cc, since now the reader was required

8

to send its tag count (a different message tobe processed differently) rather than the sin-gulation prefix. The following functions wereadded/modified to implement the algorithm:

1. reader.cc/ sendLPAmsg(): Each readerbroadcasts an LPAMsg to all the tags it cov-ers. The data of this message consists of theReader ID, and the number of tags it has de-tected (through singulation carried out priorto this) in its vicinity. The message type forsuch a message is set to 101 to identify it asan LPA message at the receiver and processit accordingly.

2. rfidtag.cc/recv (): Here, the message typefield of the packet header is checked and ifit is 101, then the message data is parsedto extract the reader ID and the tag count.This information is then stored in a set.

3. rfidtag.cc/calcprobs (): When all readershave finished the sending of LPAMsgs, thetags are intimated of this by sending eachtag a completed command from the tclscript. Upon receipt of the completed com-mand, the tags start the LPA probabil-ity computation phase in this function cal-cprobs(). Each tag computes the probabil-ity of reporting to each reader in the set con-structed through LPA messages (as per theexpression for pij given in section 5.1).Af-ter all pij values are computed, the tag gen-erates a random number between 0 and 1,and compares this number to the pij prob-ability values. It then associates with thereader whose probability value correspondsto the interval in which the random numberfalls on the probability line. (as explainedin section 5.1). It stores the Reader ID ofthis reader as its Holder.

5.3 Querying the Tag

We test whether each tag has been appropriatelyassociated with a holder that will henceforth bethe only reader that can communicate with the

tag among the existing readers. This test is doneby sending out Query messages from a reader toa random tag and checking whether a reply isreceived or not. For this, the following functionswere added/modified:

1. reader.cc/ sendQueryMsg(): After the com-pletion of LPA, we send a QueryMsg (witha message type of 102) from any reader toany tag. The message data consists of theReaders ID.

2. rfidtag.cc/recv(): The tag that is sent aQueryMsg, if in the range of this reader, willreceive the message. It will check whetherthe message type is 102 and if so, it willcheck whether this reader (whose ID is men-tioned in the message) is its Holder (thereader it has associated itself with). If so,it will invoke sendReplyMsg(). Otherwise,if there is no match between the holder IDand the given reader ID, the tag will refrainfrom sending any reply.

3. rfidtag.cc/sendReplyMsg(): This function isused by the tag to send a reply to its validreader(holder) . The tag will send a Re-plyMsg with the message data being its TagID.

6 NS-2 Simulation Experi-ments and Results

There were 4 kinds of simulation experiments(defined in TCL scripts) that we ran our simu-lations upon to test the robustness of our RFIDplatform:

• Experiment 1: We defined a system of 100tags and 5 readers in a well-defined topogra-phy with an 800 x 800 grid. 4 readers wereplaced at the corners of a rectangle withinthis grid and the 5th was placed at the cen-tre of the rectangle. The tags were placeddensely around the central reader (some 60tags were placed in its range) and the rest

9

of the tags were scattered uniformly aroundthe other 4 readers (note that there was sig-nificant overlap in the regions covered by thereaders). We found out the Holder of eachtag from the simulation. We then computedthe N, the number of readers that hold ¿= Ttags, with T varying from 1 to 60 in incre-ments of 5. The result of this experimentis presented in Fig 4, where we have plot-ted the N values for the various T values.The plot shows that while all readers werethe holders for at least 10 tags, there wasonly 1 reader that held more than 20 tagsthis was the central reader that had a densepopulation of tags in its vicinity.

• Experiment 2 (a), (b) and (c): Hereagain the system comprised of 100 tags andnumber of readers = 5, 10, 15 (for parts (a),(b) and (c) respectively) in an 800 x 800grid, but with random distribution of tagsand readers. The random distribution wasachieved by generating random numbers forthe X and Y co-ordinates of tags and read-ers using the RNG agent of ns-2. The resultsfor this experiment are depicted in Figs. 5,6and 7, with the same metric (N vs T as de-fined above) was plotted. From Fig 5, for5 readers, we can observe that the trend isslightly different from that observed in Ex-periment 1. Here, the decrease in the no. ofreaders from T=5 to T=25 is smooth andthe value of N does not stay at 1 for a large

number of values of T as in experiment 1.

• Experiment 3: This was same as Exper-iment 1, but with a number of node move-ments deliberately introduced to see whichtags are getting singulated by which read-ers when the tags move about in the grid.There were 2 cases tested :

1. A node moved out of range of a readerx, but moved into the range of anotherreader y that had not yet gone throughthe singulation process.

10

2. A node moved out of range off all read-ers

The result of the simulation was as follows:Node in case 1 was being singulated byreader y. Node in case 2 was not being iden-tified by any reader.

• Experiment 4: Here the system modeledwas a large-scale, dense, deployment of 1000tags and 50 readers in a 500 X 500 grid, withnode positions assigned randomly. This ex-periment was mainly to test the scalabil-ity of our platform to handle large-sizedsystems. Though the ns-2 simulation con-sumed long hours, it went through the en-tire singulation and LPA process for everyreader and came up with an exhaustive listof holders for tags.

• Experiment 5: This experiment had thesame system configuration as in Experiment1 but there were random node movementsgenerated at specific times following whichthe singulation and LPA phases were re-runwithin the tcl script to observe the behaviorof a dynamically changing system over time.We computed Jains fairness index (FI) fromthe results of the simulations, which is de-fined as follows: FI = Σ(Nk)

2/(d ∗ (N2

k ))Where Nk = number of tags held by readerk d = total number of readers in the system

Both summations are over values of k rang-ing from 1 to d. The result of the fairnessindex computed over time is shown in figure

8. The index dips initially and then tendsto increase at a slow rate over time

7 Future Work

The simulation platform we have implemented isa basic platform that models the tags and read-ers in a RFID system. We have used the NS-2wireless nodes and attached the tags and read-ers as agents to those nodes. But NS-2 wirelessnodes work on mac-802.11 which is different fromthe way the RFID systems operate. One of ourfuture works includes simulating the MAC layerbehavior on NS-2. This would include modifyingthe mac/mac802-11.cc,h files to disable the con-gestion window mechanism. The other relevantmac changes like disabling RTS/CTS and dis-abling DIFS/SIFS could be done from the Tclscripts itself. Also the physical layer charac-teristics of mobile nodes are different from thatof the RFID readers and tags. Our next stepwould be to modify the physical layer providedby NS-2 to reflect the physical layer of RFID sys-tem. This would necessitate modifications in thePhy/WirelessPhy.cc,h that would model a tag asa node with no operating power.

References

[1] 13.56 mhz ism band class 1 radio fre-quency identification tag interface specifica-tion: Candidate recommendation, version 1.0.0.http://www.epcglobalinc.org/standards technology/Secure/v1.0/HF-class1.pdf, February 2003.

[2] 860 mhz - 930 mhz class 1 radio frequencyidentification tag radio frequency and log-ical communication interface specificationcandidate recommendation,version 1.0.1.http://www.epcglobalinc.org/standards technology/Secure/v1.0/UHF-Class1.pdf, November 2002.

[3] 900 mhz class 0 rfid tag specification.http://www.epcglobalinc.org/standards technology/Secure/v1.0/UHF-class0.pdf, February 2003.

[4] B. Carbunar, M. K. Ramanathan, M. Koyuturk,C. Hoffmann, and A. Grama. Redundant reader elim-ination in rfid systems. 2005. CERIAS TR 2005-63.

[5] A. Juels and J. Brainard. Soft blocking: Flexibleblocker tags on the cheap. In S. De Capitani di Vimer-

11

cati and P. Syverson, editors, Workshop on Privacy in

the Electronic Society – WPES, pages 1–7, Washing-ton, DC, USA, October 2004. ACM, ACM Press.

[6] A. Juels, R. Rivest, and M. Szydlo. The blocker tag:Selective blocking of RFID tags for consumer privacy.In V. Atluri, editor, Conference on Computer and

Communications Security – ACM CCS, pages 103–111, Washington, DC, USA, October 2003. ACM,ACM Press.

[7] The network simulator- ns.http://www.isi.edu/nsnam/ns/.

[8] The ns manual. http://www.isi.edu/nsnam/ns/nsdocumentation.html.

12