Computer ScienceComputer ScienceDepartment ofDepartment of

University of VirginiaUniversity of Virginia

Voltage on a tag

Radio Frequency Identification SystemsRadio Frequency Identification SystemsNew Ideas and AlgorithmsNew Ideas and Algorithms

Introduction to Radio Frequency Identification (RFID) Systems Introduction to Radio Frequency Identification (RFID) Systems

Multi-Tag RFID SystemsMulti-Tag RFID Systems

Randomized PRF Tree Walking AlgorithmRandomized PRF Tree Walking AlgorithmRandomized Tree Walking Algorithm Randomized Tree Walking Algorithm

lb9xk@cs.virginia.edu, robins@cs.virginia.edu School of Engineering & Applied ScienceSchool of Engineering & Applied Science

Attach more than one tag to an objectRedundant TagsDual-Tags

Private memory onlyShared memory onlyShared and private memory

n-Tags

Dual-Tags Coordinated Reply

Reader-Tag CommunicationRFID PrimerThree types of RFID tags

Passive Active Semi-Active

Operational Frequencies 125KHz - 5.8GHz

Operational Range 5mm - 15m

Standardization Bodies International Organization for

Standardization EPCglobal, Inc

EPC System Architecture

Tag ID

Applications

Traverse(i, count) := Read random bit if collision on detected: Suspend all tags with == 1 Each suspended tag stores Traverse(i+

i

i

i

b ib

bi

1, 0) Wake up tags suspended on bit Traverse(i+1, 0) else if no collision on detected: if(count > threshold) Tree-Walk rem

i

i

b

aining tags else Traverse(i+1, count+1) Secure Binary Tree-Walking

i. Each tag generates a random numberii. Reader performs a tree-walkiii. Selected tag transmits its real ID

Major questions:How to deal with collisions on the tags’ real-IDs?How to choose the optimal length for random numbers?How to select the threshold?

Optimal Random Number LengthUse average n over many traverse runs

Goal: Efficiently solve reader-tag authentication problem in the presence of many tags

Traverse(i, count) := Read random bit if collision on detected: Suspend all tags with == 1 Each suspended tag stores Traverse(i+

i

i

i

b ib

bi

1, 0) Wake up tags suspended on bit Traverse(i+1, 0) else if no collision on detected: if(count > threshold) Proceed to st

i

i

b

1ep 2 with ,..., Tree-Walk remaining tags else Traverse(i+1, count+1)

ir b b

Applications of Multi-Tags Supply chain management

to increase chances of object detection Luggage tracking

regulations require different algorithms Preventing illegal deforestation

tagging of trees to prevent illegal logging

Binary No Effect No EffectBinary Variant No Effect No EffectRandomized Doubles Time** No Effect*STAC Causes DOS No Effect*Slotted Aloha Doubles Time** No Effect** If Dual-Tags communicate to form a single response** Assuming an object is tagged with two tags

Effect on Singulation AlgorithmsAlgorithm Redundant Tags Dual-Tags

Reliability and DependabilityObject’s detection is more likelyFailure of a redundant tag

leaves the system functional is detectable in some systems

1. Each tag generates a random number, and the reader performs a tree-walk on these numbers

2. Once a tag is selected, the reader and the tag engage in a tree-waking private authentication protocol

3. The reader moves the tag to a different position in a tree.

( )O n (log )O n ( )treeO depth ( )treeo depth (1)O

Time and Space Complexityn is the total number of tags in the system

Steps of the algorithm

Security Enhancement n-Tags send “chaff” hiding the real IDsRecycled IDs are good “chaff” source“Chaffing and winnowing” has a cost

extra tag functionalityoverhead to create and filter “chaff”

Optimal Tag Positioning

Benefits of Multi-tagsIncreased expected voltage on a tagIncreased expected communication rangeIncreased memoryIncreased reliabilityIncreased durability

Major Research IssuesReducing the cost of tagsProviding security and privacyStandardizing the technology

1 3 42

tag tag

antenna antenna

signal

Inductive Coupling

Far-Field Propagation

signal

Threshold SelectionStart the threshold at 2Increase threshold by 1 if a collision occursDecrease threshold by 1 if no collisions occur for entire traversal

: represents our improvement as shown: represents our improvement with some modifications

: represents related work improvement

Tag

B-field

Inductive Coupling:Far-Field Propagation:

Future WorkField testing of Multi-tagsIdentifying new applications of Multi-tagsImproving hardware complexity of the algorithmDeveloping new efficient authentication algorithms

sin(90 )Voltage 2sin (90 )Voltage

0 0

2

0

2 cos

where: = frequency of the arrival signal = number of turns of coil in the loop

area in the loop in meters ( )= strength of the arrival signal

= angle of the arrival signal

V fNSB

fN

S mB

32.7

47.98

58.11

61.86

30

35

40

45

50

55

60

65

1 2 3 4

Number of Tags

Angl

e (in

Deg

rees

)

4 2

40[ (2 cos ) ( ) (2 cos ) ] /

2x x dx x x dx

2

0[ (2 cos ) ] /(2 )x x dx

Expected Absolute Voltage Increase Factor

1

1.9

2.482.66

1

1.631.571.37

1

1.5

2

2.5

3

1 2 3 4

Number of TagsIn

crea

se F

acto

r

Far-Field Propagation

Inductive Coupling

Expected Factor of Distance Increase

1

1.37

1.571.63

11.06 1.08 1.09

1

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1 2 3 4

Number of Tags

Incr

ease

Fac

tor

Far-Field Propagation

Inductive Coupling

Reader Tag Eavesdropper

Backward Range

Forward Range

ONS ServerInfrastructure

ObjectServer

Server IP

Tag ID

ID Info

Tag IDTag ID

ONS Server

TagsReaderLocal Server

Random Number Generation Hardware

The voltage signal is amplified, disturbed, stretched, and sampled, resulting in random bits.

Properties Allows tags addition and removal from the systemProvides security against active eavesdroppersOffers security against active readersEnables dynamic tradeoff between security, privacy,

and singulation timeEffective against active attacks:

stealing a tag tracking and hotlisting

1 2 n

1, 2, ,, , ..., {0,1}kb b k bs s s

n1 {0,1}i

Rr 1ir

,,2 1 2, (0, , )i bii i i

i s ir b f r r

,*

1 2(1, , )i bii i

s if r r

n2 {0,1}i

Rr

Hello, rt

for 1 to i k

, 1 2(0, , )i bii i

s if r r check that

,*

1 2(1, , )i bii i

s if r r check that

Reader Tag

1r

0 1

1 1 2 1

1

(0,0, )(0,1, ) ', (0,2, ) ',(0, , ) 2, 3 secrets 2

k

k k

k

s

s s

i s i

ID f rf r t f r bf i r s i

1 1

2 1

1

(0,1, )(0,2, )(0, , )

k

k

k

s

s

i i s

t f rb f rs f i r

compute

Reader Tag

0 1(0,0, )ksf r ID check that

Tag1

Reader Tag1, Tag2

Tag2

Request

Data1, Power1

Tag2 Tag1Data2, Power2

Tag1: if(Data1 == Data2) { if(Power1 >= Power2) { Reader

Data1

}else { Reader

Data1, Error}

Tag2: Same procedure as Tag1(note: probability that the Power1 == Power2 is tiny)

}

Expected Relative Voltage Increase Factor

1.9

1.31

1.071.37

1.15 1.040.9

11.11.21.31.41.51.61.71.81.9

2

1 2 3

Number of Tags

Incr

ease

Fac

tor

Far-Field Propagation

Inductive Coupling

V

Random Bits

NoConnect

Expected Largest Angle of Incidence

www.cs.virginia.edu/robins

Leonid Bolotnyy and Gabriel RobinsLeonid Bolotnyy and Gabriel Robins

1 21, 2, ,, ,..., shared secrets family of pseudo-random functions

random number tree identifier tag's position in a tree

kb b k bs s sfrtb