Title: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy
1The Blocker TagSelective Blocking of RFID Tags
forConsumer Privacy
- Ari Juels, Ronald Rivest, and Michael Szydlo
- ACM CCS, October 2003
- Presented by Himanshu Pagey
- CDA 6938
- 04/03/2007
2- Content of this presentation has been
adapted/taken from RSA Labs presentation slides
for this paper - http//www.rsa.com/rsalabs/staff/bios/ajuels/publ
ications/blocker/blocker.pdf
3RFID Grand Vision Next Generation Bar Codes
- Line of sight
- Identifies a product.
- Radio Contact ( Fast automated scanning)
- Uniquely identifies a product ( Provides a
pointer to an entry in database)
4Constraints / Privacy Concerns
- Few Thousand Gates
- No Cryptographic function available.
- Static read / Write functions
5Commercial Applications
- Supply Chain Inventory tracking
- Anti counterfeiting
- Parenting logistics (RFID bracelets for children
in water park) - Maintaining shelf stocks in retail environment
- Gillette Mach 3 Razor blades
- Product Recalls
6Reference http//www.rsa.com/rsalabs/staff/bios/a
juels/publications/blocker/blocker.pdf
7Approach 1 Faradays Cage
Reference http//www.rsa.com/rsalabs/staff/bios/a
juels/publications/blocker/blocker.pdf
8Approach 2 Kill Tags
Reference http//www.rsa.com/rsalabs/staff/bios/a
juels/publications/blocker/blocker.pdf
9Usefulness of RFID tags
- Product Return
- Physical Access Control
- Theft Protection
- Intelligent microwaves
- For the success of these applications the
RFID tags cannot be killed.
10Smart Applications
- Smart Microwaves . Ovens that know how to cook
pre-packaged food items. - Smart Refrigerator that can recognize expired
items and create shopping lists. - Closets that can tally the contents.
- Airline tickets that indicate your location in
the airport - Function Creep many more uses unimagined or
unimaginable
11Consumer Backlash
- Walmart Smart shelf project cancelled.
- Benetton RFID plans withdrawn
- Campaigns against RFID usage
- NoCards.org
- BoycottGillette.com
- BoycottBenetton.com
- CASPIAN (Consumers Against Supermarket Privacy
Invasion and Numbering)
12Blocker Tag
Reference http//www.rsa.com/rsalabs/staff/bios/a
juels/publications/blocker/blocker.pdf
13Blocker Tag
Reference http//www.rsa.com/rsalabs/staff/bios/a
juels/publications/blocker/blocker.pdf
14Tree Walking protocol
15Basic Working
- Reader recursively asks the tags
- What is your next bit?
- The tag replies 0 and 1 both
- Reader thinks that all the possible tags are
present. - Reader stalls as number of possibilities are
huge. - Possibilities are at least 264 in most basic
systems. - This is universal blocker tag
16Reference http//www.rsa.com/rsalabs/staff/bios/a
juels/publications/blocker/blocker.pdf
17Selective Blocking
- Blocker Tag can block tags within certain zones.
Such zones are privacy zones - Tags can be moved between zones.
- For Example
- The blocker tag block tags with leading 1
- Retail store items have tags with prefix 0
- At check out counter the leading bit is flipped
from 0 to 1
18Blocking with Privacy Zones
Reference http//www.rsa.com/rsalabs/staff/bios/a
juels/publications/blocker/blocker.pdf
19Polite Blocking
- Singulation protocol can be revised to make it
work efficiently with the blocker tags. - Aim of the blocker is to keep functionality
active when desired by the owner. - If the reader tries to read the tag it will
stall. - The tag informs the reader about its presence.
- Before asking for next bit the protocol asks Is
the sub tree rooted at this node blocked
20Leading bit is flipped to 1 and a blocker tag
is provided to the customer
Tags contain leading 0 bit
21Strengths / Main Contribution
- Low Cost Implementation
- Ordinary consumer RFID-tag may not need to be
modified at all. - Blocker tags can be cheap. ( Around 10 cents per
tag) - Implementation is not resource intensive. Need to
manage passwords for authorizing change to
privacy zones
22Weakness
- Reader can probably sense the existence of two
tags transmitting at close proximity and can
still traverse the privacy zone sub tree. - Consumers must take the step of protecting their
own privacy (opt-out policy). The consumers
might prefer an opt-in Policy
23Suggested Improvements
- Research an Opt in approach like soft blocking.
24