How RFID works
RFID systems
In a typical system tags are attached to objects. Each tag has a certain amount
of internal memory (EEPROM) in which it stores information about the object,
such as its unique ID (serial) number, or in some cases more details including
manufacture date and product composition. When these tags pass through a field
generated by a reader, they transmit this information back to the reader,
thereby identifying the object. Until recently the focus of RFID technology was
mainly on tags and readers, which were being used in systems where relatively
low volumes of data are involved. This is now changing as RFID in the supply
chain is expected to generate huge volumes of data, which will have to be
filtered and routed to the backend IT systems. To solve this problem companies
have developed special software packages called savants, which act as buffers
between the RFID front end an the IT backend. Savants are the equivalent to
middleware in the IT industry.
Communication
The communication process between the reader and tag is managed and controlled
by one of several protocols, such as the ISO 15693 and ISO 18000-3 for HF or
the ISO 18000-6, and EPC for UHF. Basically what happens is that when the
reader is switched on, it starts emitting a signal at the selected frequency
band (typically 860 - 915MHz for UHF or 13.56MHz for HF) . Any corresponding
tag in the vicinity of the reader will detect the signal and use the energy
from it to wake up and supply operating power to its internal circuits. Once
the Tag has decoded the signal as valid ,it replies to the reader, and
indicates its presence by modulating (affecting) the reader field.
Anti-collision
If many tags are present then they will all reply at the same time, which at
the reader end is seen as a signal collision and an indication of multiple
tags. The reader manages this problem by using an anti-collision algorithm
designed to allow tags to be sorted and individually selected. There are many
different types of algorithms (Binary Tree, Aloha....), which are defined as
part of the protocol standards. The number of tags that can be identified
depends on the frequency and protocol used, and can typically range from 50
tags/s for HF and up to 200 tags/s for UHF.
Once a tag is selected, the reader is able to perform a number of operations
such as read the tags identifier number, or in the case of a read/write tag
write information to it. After finishing dialoging with the tag,the reader can
then either remove it from the list, or put it on standby until a later time.
This process continues under control of the anti collision algorithm until all
tags have been selected.
Security in RFID Systems
RFID tags used in the supply chain will contain data ranging from simple ID
numbers (EPC), to more important information about a product. For example in
the health industry, it could be the blood type of a sample. The main goal of
any security system designed to protect data stored in mediums such as tags,
computer disk drives, or smart cards is basically to prevent any unauthorized
person from being able to either;
 |
Obtain access and learn the data contents |
|
Obtain access and modify/corrupt/erase the data contents |
|
Copy the data contents to a similar storage device (duplicate) |
In a complete system, security of data as defined above not only involves the
storage medium, but also how data is created and transferred from a host to the
medium (or vice versa). For example , when an engineer broke the security of a
French bank credit card a few years ago, he did it not by compromising the chip
security ,but by hacking the reader terminal.
The following are scenarios that could happen in the supply chain:
| 1. |
Industrial Sabotage - somebody with a grievance against a
company decides to start corrupting data in tags by using a hand held device
and erasing or modifying the contents.
|
| 2. |
Industrial Espionage - A rather unlawful competitor would like
to know how many, and what type of products are being manufactured and shipped
by your company. He could possibly achieve this in the following ways
|
| |
|
i. |
Eavesdropping - listening in on longer range communication
systems like UHF which broadcast signals (albeit very weak) up to 100 meters -
some protocols have a basic security which ensures that the ID N° is never
transmitted completely in one stream.
|
| ii. |
Placing bogus well-concealed readers linked to a PC somewhere in the proximity
of the tags moving through the production line.
|
| iii. |
Using hand held devices
|
|
| 3. |
Counterfeiting - Being able to read or intercept data being
written into a tag which uniquely identifies or certifies a product. Once the
data is known, similar read/write tags could be purchased and updated with the
authentic data, thus creating the real possibility of counterfeiting products,
which are supposed to be protected by a tag.
|
All the above scenarios are potential risks if no security is implemented in
the tag and reader. The importance attached to protecting data in the supply
chain will depend on the application, and the company's strategy towards
security. In some cases legislation will impose it. Of course bar codes which
are used today, can be easily read,decrypted, and even destroyed, but not on
the wide-spread and automatic scale possible with RFID.
Even the simplest security costs silicon area, and therefore will impact on the
final tag price. This goes against the current trend of trying to produce the
smallest, and cheapest tag possible. Every company is therefore faced with this
tradeoff between cheaper unsecured tags, and the potential security risks they
entail.
|