SmartTags are inexpensive wireless devices that identify and authenticate objects and people - in short, devices that must label things securely. SmartTags include Radio-Frequency Identification (RFID) tags, contactless smartcards, and low-resource sensors - a class of computing devices that promises to be the most numerous in the world. A unifying characteristic of SmartTags is that they do not perform autonomous computation and often lack internal power sources. Nomadic tags respond automatically to reader interrogation, and thus have highly sporadic network connectivity. Extending the network to new physical dimensions, SmartTags promise to serve as the "fingertips" of the next-generation Internet. Yet this growth at the edge of the network presents new challenges in security and privacy unresolved by standard approaches and not captured by existing threat models. The research goals of this project are threefold. First, to develop new cryptographic constructs and protocols that take into account both the constrained resources and the unique operating environments inherent in SmartTag operation. Additionally, new methods to synthesize security for existing tags by leveraging non-security features are being developed. Second, because SmartTag capabilities and limitations are closely tied to the underlying hardware of both the tag and the reader, a prototype SmartTag chip is being developed and fabricated. This allows for validation of theoretical results and an investigation of side channel attacks and defenses for SmartTags. Finally, system level design issues will be investigated by building privacy-preserving protocols for SmartTags used in public transportation.
