Browse Theses

In this thesis, I explore the challenges related to the security of the Electronic Product Code (EPC) class of Radio Frequency Identification (RFID) tags and associated data. RFID systems can be used to improve supply chain performance and automate asset management. However, an antagonist could use the functionality of the RFID tags and the EPC data to invade personal privacy or acquire access to unauthorized corporate information such as inventory levels. In addition, current RFID mechanisms expose secrets to the readers, which opens an avenue for exploits and information leakage. I examined the RFID security and privacy issues and designed a number of systems to improve tag authentication, privacy protection, and secure sharing of EPC data. The specific solutions I propose include TagCheck to protect tags from counterfeiting, JanusTag to allow recoverable dynamic recoding of tags, TagFolio for privacy policy enforcement, and TagDirective for secret management and access control. To prevent leakage at the application level during Object Name System (ONS) resolution, I propose the use of an anonymizing TorONS system. Lastly, to protect tags from being "mass killed", I designed two different categories of RFID tag kill-resistance mechanisms: active protection using Neighborhood Watch communities of readers and Exponential Rampup for tag self-defense. These technologies are combined under one umbrella called TinFoil, creating a comprehensive security solution that successfully protects the data in an EPC-enabled RFID system while minimizing required modifications to existing architecture. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)