SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices

The simplicity of deployment and perpetual operation of energy harvesting devices provides a compelling proposition for a new class of edge devices for the Internet of Things. In particular, Computational Radio Frequency Identification (CRFID) devices are an emerging class of battery-free, computational, sensing enhanced devices that harvest all of their energy for operation. Despite wireless connectivity and powering, secure wireless firmware updates remains an open challenge for CRFID devices due to: intermittent powering, limited computational capabilities, and the absence of a supervisory operating system. We present, for the first time, a secure wireless code dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic hardware security primitive Static Random Access Memory Physical Unclonable Function (SRAM PUF) to a firmware update protocol. The design of SecuCode: i) overcomes the resource-constrained and intermittently powered nature of the CRFID devices; ii) is fully compatible with existing communication protocols employed by CRFID devices in particular, ISO-18000-6C protocol; and ii) is built upon a standard and industry compliant firmware compilation and update method realized by extending a recent framework for firmware updates provided by Texas Instruments. We build an end-to-end SecuCode implementation and conduct extensive experiments to demonstrate standards compliance, evaluate performance and security.Comment: Accepted to the IEEE Transactions on Dependable and Secure Computin

Pseudo-random Aloha for Enhanced Collision-recovery in RFID

In this letter we motivate the need to revisit the MAC protocol used in Gen2 RFID system in order to leverage receiver structures with Collision Recovery capabilities at the PHY layer. To this end we propose to consider a simple variant of the Framed Slotted Aloha with pseudo-random (deterministic) slot selection as opposite to the classical random selection. Pseudo-random access allows naturally to implement Inter-frame Successive Interference Cancellation (ISIC) without changing the PHY modulation and coding format of legacy RFID standard. By means of simulations we show that ISIC can bring 20-25% gain in throughput with respect to traditional intra-frame SIC. Besides that, we elaborate on the potential of leveraging pseudo-random access protocols in combination with advanced PHY techniques in the context of RFID applications.Comment: This manuscript has been submitted to IEEE on the 19th September 201

Sulautettu ohjelmistototeutus reaaliaikaiseen paikannusjärjestelmään

Asset tracking often necessitates wireless, radio-frequency identification (RFID). In practice, situations often arise where plain inventory operations are not sufficient, and methods to estimate movement trajectory are needed for making reliable observations, classification and report generation. In this thesis, an embedded software application for an industrial, resource-constrained off-the-shelf RFID reader device in the UHF frequency range is designed and implemented. The software is used to configure the reader and its air-interface operations, accumulate read reports and generate events to be reported over network connections. Integrating location estimation methods to the application facilitates the possibility to make deploying middleware RFID solutions more streamlined and robust while reducing network bandwidth requirements. The result of this thesis is a functional embedded software application running on top of an embedded Linux distribution on an ARM processor. The reader software is used commercially in industrial and logistics applications. Non-linear state estimation features are applied, and their performance is evaluated in empirical experiments.Tavaroiden seuranta edellyttää usein langatonta radiotaajuustunnistustekniikkaa (RFID). Käytännön sovelluksissa tulee monesti tilanteita joissa pelkkä inventointi ei riitä, vaan tarvitaan menetelmiä liikeradan estimointiin luotettavien havaintojen ja luokittelun tekemiseksi sekä raporttien generoimiseksi. Tässä työssä on suunniteltu ja toteutettu sulautettu ohjelmistosovellus teolliseen, resursseiltaan rajoitettuun ja kaupallisesti saatavaan UHF-taajuusalueen RFID-lukijalaitteeseen. Ohjelmistoa käytetään lukijalaitteen ja sen ilmarajapinnan toimintojen konfigurointiin, lukutapahtumien keräämiseen ja raporttien lähettämiseen verkkoyhteyksiä pitkin. Paikkatiedon estimointimenetelmien integroiminen ohjelmistoon mahdollistaa välitason RFID-sovellusten toteuttamisen aiempaa suoraviivaisemin ja luotettavammin, vähentäen samalla vaatimuksia tietoverkon kaistanleveydelle. Työn tuloksena on toimiva sulautettu ohjelmistosovellus, jota ajetaan sulautetussa Linux-käyttöjärjestelmässä ARM-arkkitehtuurilla. Lukijaohjelmistoa käytetään kaupallisesti teollisuuden ja logistiikan sovelluskohteissa. Epälineaarisia estimointiominaisuuksia hyödynnetään, ja niiden toimivuutta arvioidaan empiirisin kokein

An IoT-Aware Architecture for Smart Healthcare Systems

none7Over the last few years, the convincing forward steps in the development of Internet-of-Things (IoT) enabling solutions are spurring the advent of novel and fascinating applications. Among others, mainly Radio Frequency Identification (RFID), Wireless Sensor Network (WSN), and smart mobile technologies are leading this evolutionary trend. In the wake of this tendency, this paper proposes a novel, IoTaware, smart architecture for automatic monitoring and tracking of patients, personnel, and biomedical devices within hospitals and nursing institutes. Staying true to the IoT vision, we propose a Smart Hospital System (SHS) which relies on different, yet complementary, technologies, specifically RFID, WSN, and smart mobile, interoperating with each other through a CoAP/6LoWPAN/REST network infrastructure. The SHS is able to collect, in real time, both environmental conditions and patients’ physiological parameters via an ultra-low-power Hybrid Sensing Network (HSN) composed of 6LoWPAN nodes integrating UHF RFID functionalities. Sensed data are delivered to a control center where an advanced monitoring application makes them easily accessible by both local and remote users via a REST web service. The simple proof of concept implemented to validate the proposed SHS has highlighted a number of key capabilities and aspects of novelty which represent a significant step forward compared to the actual state of art.restrictedCATARINUCCI L.; DE DONNO D.; MAINETTI L.; PALANO L.; PATRONO L.; STEFANIZZI M.; TARRICONE L.Catarinucci, Luca; DE DONNO, Danilo; Mainetti, Luca; Palano, L.; Patrono, Luigi; Stefanizzi, MARIA LAURA; Tarricone, Lucian

Theoretical Findings and Measurements on Planning a UHF RFID System inside a Room

This paper investigates the problem of improving the identification performance of a UHF RFID system inside a room. We assume static reader, passive tags and availability of commodity antennas. A ray-tracing propagation model is developed that includes multipath in 3D space. It is found that careful selection of reader antenna placement and tilting must be performed to control destructive interference effects. Furthermore, 3D coverage performance gains on the order of 10% are observed by implementing tags’ diversity. A device that successfully manipulates destructive interference is introduced. All theoretical findings are verified by measurements. Finally, a method to perform propagation measurements with commodity RFID hardware is demonstrated

RF-MVO: Simultaneous 3D object localization and camera trajectory recovery using RFID Devices and a 2D monocular camera

© 2018 IEEE. Most of the existing RFID-based localization systems cannot well locate RFID-tagged objects in a 3D space. Limited robot-based RFID solutions require reader antennas to be carried by a robot moving along an already-known trajectory at a constant speed. As the first attempt, this paper presents RF-MVO, which fuses battery-free RFID and monocular visual odometry to locate stationary RFID tags in a 3D space and recover an unknown trajectory of reader antennas binding with a 2D monocular camera. The proposed hybrid system exhibits three unique features. Firstly, since the trajectory of a 2D monocular camera can only be recovered up to an unknown scale factor, RF-MVO combines the relative-scale camera trajectory with depth-enabled RF phase to estimate an absolute scale factor and spatially incident angles of an RFID tag. Secondly, we propose a joint optimization algorithm consisting of coarse-to-fine angular refinement, 3D tag localization and parameter nonlinear optimization, to improve real-time performance. Thirdly, RF-MVO can determine the effect of relative tag-antenna geometry on the estimation precision, providing optimal tag positions and absolute scale factors. Our experiments show that RF-MVO can achieve 6.23cm tag localization accuracy in a 3D space and 0.0158 absolute scale factor estimation accuracy for camera trajectory recovery

Innovative RFID Sensors for Internet of Things Applications

Radio-Frequency IDentification (RFID) devices and sensors are among the main innovations of the last years, with an enormous impact on the Internet of Things (IoT) physical communication layer as well as on logistics and robotics. The aim of the present paper is to review the main technologies available for RFID sensors, and to identify the corresponding state-of-the-art when these technologies are applied to realistic IoT scenarios. Firstly, the concepts of radio backscattering and harmonic backscattering are analyzed, highlighting the pros and cons of each approach. Then, state-of-the-art solutions are reported, and the performance of each of them are discussed, to provide an overview of the potential of RFID-based sensing in different scenarios

Design and Analysis of Security Schemes for Low-cost RFID Systems

With the remarkable progress in microelectronics and low-power semiconductor technologies, Radio Frequency IDentification technology (RFID) has moved from obscurity into mainstream applications, which essentially provides an indispensable foundation to realize ubiquitous computing and machine perception. However, the catching and exclusive characteristics of RFID systems introduce growing security and privacy concerns. To address these issues are particularly challenging for low-cost RFID systems, where tags are extremely constrained in resources, power and cost. The primary reasons are: (1) the security requirements of low-cost RFID systems are even more rigorous due to large operation range and mass deployment; and (2) the passive tags' modest capabilities and the necessity to keep their prices low present a novel problem that goes beyond the well-studied problems of traditional cryptography. This thesis presents our research results on the design and the analysis of security schemes for low-cost RFID systems. Motivated by the recent attention on exploiting physical layer resources in the design of security schemes, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers. To this end, we propose a novel physical layer scheme, called Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement (BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier's phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer, since BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed from a resilient vector Boolean function. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof-of-concept implementation and testing. Eavesdropping the communication between a legitimate reader and a victim tag to obtain raw data is a basic tool for the adversary. However, given the fundamentality of eavesdropping attacks, there are limited prior work investigating its intension and extension for passive RFID systems. To this end, we firstly identified a brand-new attack, working at physical layer, against backscattered RFID communications, called unidirectional active eavesdropping, which defeats the customary impression that eavesdropping is a ``passive" attack. To launch this attack, the adversary transmits an un-modulated carrier (called blank carrier) at a certain frequency while a valid reader and a tag interacts at another frequency channel. Once the tag modulates the amplitude of reader's signal, it causes fluctuations on the blank carrier as well. By carefully examining the amplitude of the backscattered versions of the blank carrier and the reader's carrier, the adversary could intercept the ongoing reader-tag communication with either significantly lower bit error rate or from a significantly greater distance away. Our concept is demonstrated and empirically analyzed towards a popular low-cost RFID system, i.e., EPC Gen2. Although active eavesdropping in general is not trivial to be prohibited, for a particular type of active eavesdropper, namely a greedy proactive eavesdropper, we propose a simple countermeasure without introducing extra cost to current RFID systems. The needs of cryptographic primitives on constraint devices keep increasing with the growing pervasiveness of these devices. One recent design of the lightweight block cipher is Hummingbird-2. We study its cryptographic strength under a novel technique we developed, called Differential Sequence Attack (DSA), and present the first cryptanalytic result on this cipher. In particular, our full attack can be divided into two phases: preparation phase and key recovery phase. During the key recovery phase, we exploit the fact that the differential sequence for the last round of Hummingbird-2 can be retrieved by querying the full cipher, due to which, the search space of the secret key can be significantly reduced. Thus, by attacking the encryption (decryption resp.) of Hummingbird-2, our algorithm recovers 36-bit (another 28-bit resp.) out of 128-bit key with $2^{68}$ ($2^{60}$ resp.) time complexity if particular differential conditions of the internal states and of the keys at one round can be imposed. Additionally, the rest 64-bit of the key can be exhaustively searched and the overall time complexity is dominated by $2^{68}$. During the preparation phase, by investing $2^{81}$ effort in time, the adversary is able to create the differential conditions required in the key recovery phase with at least 0.5 probability. As an additional effort, we examine the cryptanalytic strength of another lightweight candidate known as A2U2, which is the most lightweight cryptographic primitive proposed so far for low-cost tags. Our chosen-plaintext-attack fully breaks this cipher by recovering its secret key with only querying the encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop

Analyse et exploitation des non linéarités dans les systèmes RFID UHF passifs

Powered by the exploding popularity of the Internet-of-Things (IoT), the demand for tagged devices with labels capable to ensure a reliable communication with added functions beyond the identification, such as sensing, location, health-care, among others, is growing rapidly. Certainly this growing is headed by the well-established Radio Frequency Identification (RFID) technology, and the use of wireless low-cost self-powered tags, in other words passive RFID tags, is the most widespread used alternative. In the constant evolution on this field, usually new software treatments are offered at the application layer with the objective to processing data to produce some new information. Further works aimed at improving the physical layer around the tag antenna miniaturization and matching techniques. So far, little or no work had been done on the exploitation of the communication channel, and certainly none has been done on the exploitation of the non-linear behavior of RFID chips.After presenting the RFID technology and phenomena produced by Radio Frequency (RF) non-linear devices, and leaning in some nearby works on the field, the core of this thesis starts by exposing two characterization platforms for the evaluation of non-linear phenomena presented during the reader-tag communication. One is specialized in radiating measurements considering the whole tag (antenna and chip) under test. The other is specialized in conducted measurements directly over RFID chips, allowing performing different parametric studies (power dependency, impedance, harmonic production, sensitivity). The characterization results show that harmonic signals generated from the passive RFID chip carry information.By exploiting the characterization results and to verify the hypothesis of exploitation of non-linearities in RFID, i.e. the use of harmonic signals, the research is pursued by designing, fabricating, and measuring four different configurations of RFID tags. The new RFID tags operate at the fundamental frequency in the UHF band and at its 3^{rd} harmonic in the microwave band. Antenna design policies, fabrication details, and parametric studies on the performance of the new prototypes are presented. The parametric study takes special care in the antenna structure, kind of chip used, received power, and read range.Finally, some alternatives approaches for the exploitation of non-linear effects generated by rectifying devices are presented. Some theoretical aspects and experimental results are discussed linking the passive RFID technology to the theories of Wireless Power Transfer (WPT) and Electromagnetic Energy Harvesting (EEH). The solution takes advantage of the non-linear nature of rectifying elements in order to maximize the RF-to-DC conversion efficiency of EEH devices and increase the read range of passive RFID tags. The solution triggers on the design of a RF multi-device system. The design procedure and tests consider three non-linear phenomena: (1) the impedance power dependency, (2) the harmonic production, and (3) the rectifying dependence on the RF waveform.Avec l'explosion de l'Internet des Objets (IoT), de nouveaux dispositifs permettant de tagguer les objets sont nécessaires afin de permettre non seulement leur identification mais aussi d'assurer des communications fiables et de nouvelles fonctionnalités comme la détection, la localisation ou la capture d'informations. Cette tendance s'appuie sur la technologie bien établie qu'est la radiofréquence par identification (RFID) et donc l'utilisation d'étiquettes (ou tags) faibles coûts et télé-alimentés. Dans ce contexte, de nombreux travaux au niveau de la couche d'application se tournent vers la mise au point de traitements logiciels complémentaires visant à produire de nouveaux types d'information. D'autres travaux visent à améliorer la couche physique avec l'objectif de miniaturiser encore le tag mais aussi de le doter de nouvelles capacités. Jusqu'à présent, il n'existe quasiment pas de travaux concernant la transmission du signal et aucun sur l'exploitation du comportement non-linéaire des puces RFID. Cette thèse vise à étudier les phénomènes non-linéaires produits lors d'une communication RFID.Dans la première partie, deux plateformes de mesure et de caractérisation spécifiques ont été développées : la première vise à observer les signaux au cours d'une communication RFID, et alors caractériser et analyser les effets liés aux phénomènes non linéaires ; la seconde permet d'effectuer différentes mesures directement sur les puces et les caractériser en termes d'impédance, production d'harmoniques et sensibilité. Ces plateformes ont permis : 1) de mettre en évidence que les fréquences harmoniques sont porteuses d'informations qui peuvent être exploitées et même offrir de nouvelles fonctionnalités ; 2) d'obtenir de nombreuses informations sur les propriétés des puces et d'en établir un modèle électrique précis ; 3) de déterminer des critères permettant d'évaluer la performance des tags dans le contexte étudié.Dans la deuxième partie, plusieurs nouveaux tags RFID ont été conçus, fabriqués, mesurés et évalués. Ces nouveaux tags fonctionnent non seulement dans la bande UHF mais aussi sont adaptés à la troisième harmonique dans la bande des microondes. Une méthodologie et des lignes directives d'aide à la conception de ce type de tags ont été établies et s'appuient sur les deux plateformes développées afin de caractériser les différents éléments. Dans un même temps, les effets liés à la fabrication ont aussi été étudiés et des études paramétriques ont permis de mettre en évidence l'effet sur les performances de la géométrie de l'antenne et du type de puce utilisée.Dans une troisième partie, les études se sont focalisées à exploiter les effets non-linéaires des dispositifs de redressement. L'idée générale est de coupler la RFID passive avec les dispositifs de transferts de puissance et de récupération d'énergie avec pour objectifs 1) de maximiser l'efficacité de conversion RF – continu 2) et d'augmenter la distance de lecture des tags passifs. Plusieurs prototypes ont été réalisés et leurs performances ont été démontrées.L'ensemble de ces travaux a mis en évidence un nouveau concept de communication RFID exploitant les non-linéarités générées par les puces RFID. Ce concept ouvre la voie à de nouvelles applications. et a fait l'objet d'une demande de brevet international