A conventional RFID tag typically comprises an integrated circuit transceiver capable of transmitting a unique serial number or other identifying information to a nearby reader in response to a query from the reader. Many RFID tags are “passive” in that they do not include a battery or other power source, but instead obtain the power necessary to operate from the query signal itself. RFID tags are expected to replace printed barcodes in consumer product applications. Also, ongoing RFID tag development efforts have led to significant cost and size reductions, which should result in a rapid proliferation of RFID tags into many new areas of use. For example, proposals have recently been made to integrate RFID tags into currency.
The impending ubiquity of RFID tags, however, also poses a potentially widespread threat to consumer privacy. The simplest RFID tag will broadcast its unique identifying information to any nearby reader. The movements of a given consumer or other user can therefore be readily tracked by simply monitoring the RFID tags in goods carried by or otherwise associated with that user.
A number of conventional approaches attempt to address the privacy threats associated with RFID tags.
A straightforward approach for the protection of consumer privacy is to “kill” RFID tags before they are placed in the hands of consumers. More specifically, an RFID tag can be killed upon purchase of the tagged product, by sending a special kill command to the tag. A killed tag is truly dead, and can never be re-activated. As an example, a supermarket might use RFID tags to facilitate inventory management and monitoring of shelf stocks. To protect consumer privacy, checkout clerks would kill the tags of purchased goods, such that no purchased goods would contain active RFID tags. There are many environments, however, in which simple measures like kill commands are unworkable or undesirable for privacy enforcement. For example, consumers may wish RFID tags to remain operative while in their possession, so as to be utilizable by home appliances or other user devices equipped with RFID tag readers.
Another approach involves shielding an RFID tag from scrutiny by enclosing it in a Faraday cage, that is, a container made of metal mesh or foil that is impenetrable by RF signals. RFID tags will inevitably see use, however, in a vast range of objects, including clothing and wristwatches, that cannot be placed conveniently in containers. Faraday cages thus represent at best only a partial solution to the consumer privacy problem.
Active jamming of RF signals is another, related physical means of shielding RFID tags from view. A consumer could carry a device that actively broadcasts RF signals so as to block or otherwise disrupt the operation of any nearby RFID tag readers. This crude approach raises legal issues relating to broadcast power levels, and could cause severe disruption of all nearby RFID systems, even those in legitimate applications where privacy is not a concern.
Another general approach is to make the RFID tags “smarter,” so that they interact with readers in a way that better protects privacy, while still providing the desired active functionality. This would typically involve the use of cryptographic methods. More particular examples requiring cryptographic functionality implemented on the tags themselves include the “hash-lock” and “silent tree-walking” techniques described in S. A. Weis et al., “Security and privacy aspects of low-cost radio frequency identification systems,” Proceedings of the First International Conference on Security in Pervasive Computing, 2003, and S. A. Weis, “Radio-frequency identification security and privacy,” Master's thesis, MIT, June 2003. However, the severe cost constraints on basic RFID tags may preclude implementation of such tag-based cryptographic functionality in practical applications.
Other techniques of this type which avoid the need for tag-based cryptographic functionality include the external agent re-encryption technique described in A. Juels and R. Pappu, “Squealing Euros: Privacy protection in RFID-enabled banknotes,” Financial Cryptography '03, R. Wright, editor, Springer-Verlag, 2003; and the universal re-encryption technique described in P. Golle et al., “Universal re-encryption for mixnets,” 2002. However, these re-encryption techniques require significant computational infrastructure external to the tags, and are thus likely to be unduly burdensome in practice.
It is therefore apparent that a need exists for improved techniques for providing cost-effective consumer privacy protections in practical RFID tag applications, in such a manner that the legitimate tracking capabilities of the tags are not undermined, and without requiring the use of tag-based cryptographic functionality or additional computational infrastructure external to the tags.