Despite their increasingly ubiquitous deployment, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise due to the tag?s promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading. It also incites different forms of relay attacks whereby a colluding pair, by relaying information between a legitimate tag and reader, can successfully impersonate the legitimate tag without actually possessing it.
This research explores novel context-aware security and privacy mechanisms by leveraging the newly-equipped sensing capabilities on the next generation (passive) RFID tags. The goal is to provide improved protection against unauthorized reading and relay attacks without undermining the usability and efficiency offered by the RFID systems. The project also includes a feasibility study of the proposed mechanisms in terms of both economical and power constraints, and a systematic analysis of possible (new) sensor-centric attacks. The overall proposed activities range from system design and analysis to implementation and performance measurements.
More broadly, this exploratory work intends to arrive at a better understanding of the feasibility of utilizing parameters derived from the physical world to solve security and privacy issues of the cyber systems. In terms of educational activities, new security courses focusing on resource-constrained devices and lightweight cryptographic tools will be developed.
