Embedded Wireless Embedded Wireless SensorsSensors

Tony ArousTony Arous

Vincent YuVincent Yu

RecapRecap

RFID– Radio Frequency IdentificationRFID– Radio Frequency Identification Sensors help to easily keep track of Sensors help to easily keep track of

various informationvarious information• PeoplePeople• ProductsProducts• Chemical CompositionChemical Composition

Each application requires a different Each application requires a different type of sensortype of sensor

Possible Uses on HumansPossible Uses on Humans

IdentificationIdentification SecuritySecurity TrackingTracking Monitoring vital signsMonitoring vital signs Diabetes monitoringDiabetes monitoring Medical purposesMedical purposes

Focuses on SecurityFocuses on Security

How secure is RFID?How secure is RFID?• Encryption is weak and can easily be Encryption is weak and can easily be

spoofed in hoursspoofed in hours Example: Exxon Speedpass and FordExample: Exxon Speedpass and Ford

• 40bit encryption made by TI40bit encryption made by TI• With a microreader and laptop, these With a microreader and laptop, these

information can be extracted from these information can be extracted from these devicesdevices

Cracking the CodeCracking the Code

Security ProblemsSecurity Problems

A more secure system is neededA more secure system is needed

Must limit what people have access Must limit what people have access to vital, secret informationto vital, secret information

Some RFID tags can be read at any Some RFID tags can be read at any time with no notificationtime with no notification

Security ProblemsSecurity Problems

Unique ID for every individual item in Unique ID for every individual item in storesstores• ID’s will then be tied to credit cardsID’s will then be tied to credit cards• Security problems if tags are stolen, lost Security problems if tags are stolen, lost

or removed from the productsor removed from the products An effective method of destroying An effective method of destroying

stored information after some time is stored information after some time is neededneeded

Privacy IssuesPrivacy Issues

Current Security ProblemsCurrent Security Problems

Today’s RFID systems use a simple Today’s RFID systems use a simple encryption techniqueencryption technique

Over 150 million RFID tags made by Over 150 million RFID tags made by TI are being used todayTI are being used today

All tags are based on the same All tags are based on the same encryptionencryption

Researchers cracked the SpeedPass Researchers cracked the SpeedPass technology in 16 minutestechnology in 16 minutes

ResolutionsResolutions

Key length of the encryption should Key length of the encryption should be the standard Advanced Encryption be the standard Advanced Encryption Standard (AES) in its 128-bit form Standard (AES) in its 128-bit form

Shielding the RFID from scannersShielding the RFID from scanners Scanners to deactivate RFID chips Scanners to deactivate RFID chips

when leaving the storewhen leaving the store

Problems with the ResolutionsProblems with the Resolutions

Longer encryption lengths means higher costs, Longer encryption lengths means higher costs, more power consumption and a possibility that it more power consumption and a possibility that it will not be backwards compatible with older will not be backwards compatible with older devicesdevices

Shielding the device is not a good method due to Shielding the device is not a good method due to added size and potentially be an inconvenience to added size and potentially be an inconvenience to users. This would also not be workable if the RFID users. This would also not be workable if the RFID would be implanted into humanswould be implanted into humans

Deactivating tags is not wanted for some tags Deactivating tags is not wanted for some tags (Speedpass & Fast Lane)(Speedpass & Fast Lane)

Integrating SolutionsIntegrating Solutions

The scanners read encrypted The scanners read encrypted information from RFID chip which information from RFID chip which sends it to a computer to decrypt. sends it to a computer to decrypt.

The computer will thenThe computer will thendetermine what information todetermine what information topass to the scannerpass to the scanner

Integrating SolutionsIntegrating Solutions

A computer will be able to process A computer will be able to process more information and stronger more information and stronger encryption codes than the scanner encryption codes than the scanner cancan

More ConceptsMore Concepts

Other methods may work to achieve Other methods may work to achieve the same goal, but each one offers the same goal, but each one offers its own disadvantages.its own disadvantages.

Tag/Reader CombinationsTag/Reader Combinations

Potential Solution:Potential Solution:• Restrict a tag to communicate to Restrict a tag to communicate to

specific readersspecific readers Tags would maintain static information Tags would maintain static information

about which readers have accessabout which readers have access

Problems:Problems:• Upgraded technologyUpgraded technology• Expensive to require specific readersExpensive to require specific readers

Proposed SolutionProposed Solution

Follow the method used in medical Follow the method used in medical RFID technologyRFID technology

Communicate with authentication Communicate with authentication server to verify informationserver to verify information

Internet connection will be necessaryInternet connection will be necessary• Additional technology neededAdditional technology needed

WiFi, Ethernet, BluetoothWiFi, Ethernet, Bluetooth

• Create a more efficient and secure Create a more efficient and secure reader/tag systemreader/tag system

Proposed SolutionProposed Solution

InternalsInternals

RequirementsRequirements• Power consumption: < 20 uAPower consumption: < 20 uA• Chip size: < 1 mmChip size: < 1 mm22

• Low cost: 5 to 50 centsLow cost: 5 to 50 cents• CompatibilityCompatibility

InternalsInternals

AES ModuleAES Module

On-demand and live calculationOn-demand and live calculation 8 bit architecture8 bit architecture

InternalsInternals

Microcontroller:Microcontroller:• RISC Machine:RISC Machine:

12 bit instructions12 bit instructions 4 bit data bus4 bit data bus 32 registers32 registers

AES:AES:• Pre-existing technologyPre-existing technology

Questions from Last TimeQuestions from Last Time

Can IDs or the information they transmit Can IDs or the information they transmit be spoofed?be spoofed?• Yes, we need to include preventative measures Yes, we need to include preventative measures

in our encryption techniques.in our encryption techniques. How can you ensure encryption when only How can you ensure encryption when only

a limited amount of data can be stored on a limited amount of data can be stored on a RFID tag?a RFID tag?• Data is either permanently stored or generated Data is either permanently stored or generated

on-demand.on-demand.• Encryption device will be permanent and then Encryption device will be permanent and then

transmit modified data, reducing the need for transmit modified data, reducing the need for more storage space.more storage space.

More QuestionsMore Questions

How will you reduce the number of How will you reduce the number of collisions?collisions?• We’ll discuss in more detail next time We’ll discuss in more detail next time

based on some new techniques being based on some new techniques being researched.researched.

What is our goal?What is our goal?• We are looking at this project from an We are looking at this project from an

investigative/research point of view. We investigative/research point of view. We hope to make suggestions to existing hope to make suggestions to existing technology.technology.

Next Time…Next Time…

Discuss some security techniques Discuss some security techniques being researched nowbeing researched now• Juels-Pappo Banknote Protection Juels-Pappo Banknote Protection

SchemeScheme• El Gamal cryptosystemEl Gamal cryptosystem• Interleaved protocolInterleaved protocol

ReferencesReferences http://star-techcentral.com/tech/story.asp?file= http://star-techcentral.com/tech/story.asp?file=

/2005/1/31/technology/10046004&sec=technology/2005/1/31/technology/10046004&sec=technology http://lasecwww.epfl.ch/~gavoine/rfid/http://lasecwww.epfl.ch/~gavoine/rfid/ http://www.iaik.tu-graz.ac.at/aboutus/people/feldhofer/papers/http://www.iaik.tu-graz.ac.at/aboutus/people/feldhofer/papers/

melecon_slides.pdfmelecon_slides.pdf http://lasecwww.epfl.ch/~gavoine/download/avoine-cardis-http://lasecwww.epfl.ch/~gavoine/download/avoine-cardis-

banknote-slides.pdfbanknote-slides.pdf http://www.rfidanalysis.orghttp://www.rfidanalysis.org