In today’s world, the ability to quickly and easily retrieve large amounts of information is undoubtedly valued. Every year, developments are being made to create convenient and compact media for storing, transmitting and protecting certain data.
Today mankind has made a big step into the digital age, providing almost everyone with the ability to access the Internet. Everything from old handwritten books to documents to money is being digitized. People are using less and less cash, preferring contactless bank cards, and government agencies are talking more and more about introducing single electronic passports with access to any information about a person in two clicks. You no longer need to spend hours in line to get this or that piece of paper – you can simply apply through the website. There is no denying that such changes make life easier for ordinary people. And these conveniences don’t just apply to things like documents. It concerns entire industries.
In this article, we will discuss RFID indexing – a technology which has been widely used in dozens of industries and, most importantly, which is used almost every day by every one of you.
What is RFID and what does it do?
RFID (Radio-frequency identification) means radio-frequency identification. In other words, it is a way of identifying objects, in which radio signals record or read information stored on RFID tags (also called transponders).
RFID refers to a wireless system consisting of two components: a tag and a reader. The reader is a device that has one or more antennas that emit radio waves and receive signals back from the RFID tag.
RFID tags can store a variety of information ranging from a single serial number to several pages of data. Readers can be mobile (hence the name “transponders”) so that they can be carried in the hand, or they can be mounted on a pole or overhead.
In principle, RFID transponders can be provided in virtually all shapes, materials, sizes and colors. Their particular design depends on how they are used. What all the different RFID transponders have in common is that they consist of two components. Inside, each RFID transponder consists of at least one microchip and one printed, stacked or etched antenna. The chip and antenna (also called the insert) are very sensitive, which means that their resistance to mechanical, thermal and chemical influences is limited. Consequently, a special “package” of these electronic components becomes necessary. The simplest form of packaging is an RFID label.
“Single-chip” transponder consists of a substrate containing an antenna and a chip, short for tab. The transponder system consists of the reader, the software and the application process, including the corresponding service.
Type of RFID
By type of power supply
There are two main types of transponders – active and passive.
Active RFID transponders have their own power supply, e.g. a built-in battery, and can transmit data over long distances (up to 100 m).
Passive RFID transponders receive the energy for data transfer only from the electromagnetic field of the RFID reader-recorder.
In addition, there is an intermediate type represented by semi-active or semi-passive transponders, which, on the one hand, have their own power source but do not themselves function as senders. The RFID transponder is powered via a battery and therefore does not need to rely on the characteristics of the electromagnetic field, but the response is created through field modulation, which does not amplify the field further.
According to the type of memory used
RO (Read Only) – in these tags the information is written only once. They are very convenient to use for one-time identification.
WORM (Write Once Read Many) – contains a block of single writeable memory that can be read many times.
RW (Read and Write) – Transponders that can be written to and read from many times.
By operating frequency
Low Frequency (LF = 125 kHz)
This freely available frequency band is characterized by low transmission rates and short transmission distances. In most cases, the creation of these systems is cheap, easy to handle and requires no registration or additional fees. RFID transponders use near-field electromagnetic waves and receive their energy via inductive coupling. The advantage is that RFID transponders in this frequency band are relatively resistant to metals or liquids, making them suitable for use in animal and human identification. Collisions are characteristic of these transponders – single-signature transmission errors in a shared environment.
High frequency (HF 13.56 MHz)
High-frequency transponders are universal and are characterized by high transmission speeds and high clock frequencies. The corresponding RFID transponders operate at a frequency of 13.56 MHz. This is a short wavelength and requires only a few coils of the antenna. Consequently, RFID antennas can be smaller and simpler. This allows the use of etched or printed antennas, which in turn means that inlays (= chip + antenna) can be manufactured as a continuous coil, and this greatly simplifies downstream processing as long as a large number of products in a role -role process.
Ultra-high frequency (UHF 860 – 950 MHz, divided into partial bands)
These systems do have very high transmission speeds and ranges. Because of the shorter wavelengths, a dipole is sufficient as an antenna instead of a coil, for beam optics there is enough field expansion, which in turn provides targeted propagation. In addition, UHF transponders are mostly manufactured in foil form, which is useful for handling large volumes in the role-playing process.
It is also worth mentioning in this context that some bands in the microwave spectrum have not yet become financially viable and, furthermore, they may be subject to local permitting restrictions.
Application of RFID
Perhaps we should consider applications in the medical field.
RFID systems use radio waves on several different frequencies to transmit data. In medical facilities and hospitals, RFID technologies include the following applications:
- Inventory management
- Equipment tracking
- Bedside exit detection and fall detection
- Staff tracking
- Ensuring that patients receive the correct medications and medical devices.
- Preventing the distribution of counterfeit medications and medical devices.
- Patient Surveillance.
- Providing data for electronic medical record systems
- Transport and warehouse logistics, shoplifting prevention;
- Access control and management systems
- Baggage Management Systems
The FDA is not aware of any side effects associated with RFID. However, there are concerns about the potential danger of electromagnetic interference (EMI) to electronic medical devices from radio frequency transmitters such as RFID. Electromagnetic interference is the degradation of equipment or systems (such as medical devices) caused by electromagnetic interference.
Advantages of using the technology
- Each chip has a unique serial number which is assigned only once worldwide (UID or TID). This guarantees clear assignability within the individual product and ensures individualization of the entire product range.
- Rewritable data memory on the chip. Information on the RFID data carrier can be changed, erased or supplemented at any time. Product, service, production or maintenance data is available directly on the product. (Advantage over conventional barcodes)
- The communication that occurs between the RFID data carrier and the read-write system without requiring a visual contact makes it resistant to contamination by placing it in protected locations, as well as invisible integration into existing products and simplifying the process.
- High data transfer rate of 100% first pass in the case of bar codes.
- Capable of simultaneously reading multiple RFID data carriers in a single work step (mass capture), which speeds up processes.
Is everything so good?
The use of RFID has caused considerable controversy, and some consumer privacy advocates have initiated product boycotts. Consumer protection experts Catherine Albrecht and Liz McIntyre, two prominent critics, have identified two major privacy concerns about RFID, which are
If the tagged item is paid for by credit card or in conjunction with the use of a loyalty card, it will be possible to indirectly identify the buyer by reading the global unique identifier of that item contained in the RFID tag. This is possible if the person watching also had access to the loyalty card and credit card data, and the person with the equipment knows where the customer will be.
When discussing the safety properties of various RFID designs, it is useful to articulate clear safety goals.
- Tags (hereafter “tags”) should not compromise the privacy of their owners.
- The information should not be shared with unauthorized readers and should not enable long-term tracking associations between tags and their owners.
- To prevent tracking, owners should be able to detect and disable any tags they carry.
- Public tag output should be random or easily changeable to avoid long-term associations between tags and holders.
- Private tag content should be protected by access controls and, if polling channels are assumed to be insecure, by encryption.
- Both tags and readers must trust each other. Spoofing by either party should be virtually impossible.
- In addition to providing an access control mechanism, mutual authentication between tags and readers also provides a degree of trust. Session hijacking and replay attacks are also a concern. Failure induction or power interruption should not break protocols or open windows for tampering attempts. Both tags and readers must be resistant to replay or attacker-in-the-middle attacks.
Ways to secure the use of RFID technology
With these security goals in mind, consider the security properties of the read-only passive factory tags. Each tag contains a unique identifier. Although there is nothing more “messy” than an optical barcode, automatic monitoring of RF tags is possible. This basic pattern clearly defeats the purpose of privacy, because tracking tag owners and reading the contents of tags is possible if the tag is properly represented in the reader’s request field. Neither tags nor readers are authenticated – hence there is no concept of trust.
Suppose we apply a policy of removing unique serial numbers at the point of sale to address these shortcomings. Tags kept by consumers would still contain product code information, but not unique identification numbers. Unfortunately, tracking is still possible by linking “aggregations” of certain types of tags to the holder IDs. For example, the unique tendency to RFID-tagged Gucci shoes, Rolex watches and Cohiba cigars can give away your anonymity. Moreover, this pattern still offers no trust mechanism.
Ensuring the stated security objectives requires the implementation of access control and authentication. Public key cryptography offers a solution. A specific (type of) reader public key and a unique private key can be embedded in each tag. During polling, tags and readers can mutually authenticate each other with these keys using well-understood protocols. To prevent eavesdropping in the polling area, tags can encrypt their content using a random one-time number to prevent tracking. Unfortunately, support for strong public-key cryptography is beyond the resources of low-cost ($0.05-$0.10) tags, although solutions exist for more expensive tags.
Symmetric message authentication requires that each tag have a unique key for the reader or that the key be shared by the tag packet. To support a unique key for each tag requires complex key management overhead. If the keys are to be shared, the tags must be resistant to the physical attacks described in; otherwise, the compromise of one effective tag puts the entire batch at risk. Implementing secure memory on an inexpensive tag with a number of logical vents in the hundreds is challenging, especially in light of the difficulty of protecting memory on relatively high resource smart cards. Even supporting robust symmetric encryption is a challenge in the short term.
Considering the short-term resource constraints of low-cost tags, we discuss a simple RFID security scheme based on a one-way hash function. In practice, a hardware-optimized cryptographic hash function will suffice, assuming it can be implemented with significantly less resources than symmetric encryption. In this scheme, each hash-enabled tag contains a portion of memory reserved for the “meta-identifier” and operates in either the unlocked or locked state. In the unlocked state, all of the tag’s features and memory are available to everyone in the polling area.
To lock a tag, the owner calculates the hash value of a random key and sends it to the tag as a lock value, i.e. lock = hash (key). In turn, the tag stores the lock value in the meta-id’s memory area and goes to the locked state. As long as the tag is locked, it responds to all queries with the current meta-identifier value and restricts all other functions. To unlock the tag, the owner sends the tag the original key value. The tag then hashes that value and compares it to the lock stored under the meta-id. If the values match, the tag is unlocked.
Each tag always responds to requests in one form or another and thus always reveals its existence. Tags will be equipped with a physical self-destruct mechanism and will only be unlocked during communication with an authorized reader. In case of power loss or transmission interruption, the tags will return to the default locked state. A trusted channel can be set for control functions such as key management, tag disablement, or even tag writing, requiring physical contact between the control device and the tag. Requiring physical contact for critical functions helps protect against wireless network sabotage or denial-of-service attacks.
A hash-based locking mechanism solves most of our privacy concerns. Access control to tag content is restricted to key holders.
While this design option partially satisfies some desired security properties, more secure implementations require several developments. One key area of research is the further development and implementation of low-cost cryptographic primitives. These include hash functions, random number generators, and symmetric and public key cryptographic functions. Inexpensive hardware should minimize circuit area and power consumption without negatively impacting computation time. RFID security can benefit from improvements to existing systems as well as new developments. More expensive RFID devices already offer symmetric encryption and public key algorithms. Adapting these algorithms for low-cost passive RFID devices should be a reality in a matter of years.
Protocols using these cryptographic primitives must be resistant to power interruptions and malfunctions. Compared to smart cards, RFID tags are more vulnerable to these types of attacks. Protocols must account for wireless channel disruption or attempted communications interception. The tags themselves must smoothly recover from power loss or communication interruption without compromising security. Continuous improvements in technology are steadily blurring the lines between RFID devices, smart cards and ubiquitous computers. Research to improve the security of RFID devices will help pave the way for a universal, secure ubiquitous computing system. All developments related to RFID tags and other embedded systems can contribute to a reliable and secure infrastructure, offering many interesting potential applications.
Thus, the undoubted advantages of RFID identification are:
- No need for direct contact or visibility
- Quickness and accuracy
- Unlimited lifespan
- Large volume of stored information on a small medium
- Possibility of multiple rewriting
Thanks to the use of this technology, we have already succeeded:
- Reduce the number of errors caused by manual data entry
- Increase the efficiency of many industrial processes through automation
- Automate entire production processes
- Improve quality control of operations
Along with the positive qualities come the negative ones:
- Exposure to interference
- Effects on human health
- Confidentiality of read data