| The recent emergence of RFID tags that are capable of performing high level cryptographic operations (including public key operations) motivates new RFID applications, including electronic travel documents, identification cards, and payment instruments. This has introduced a new class of RFID tags which store sensitive owner specific data (e.g., biometrics) -- i.e., personal RFID tags. The primary task of these tags is to identify and authenticate their authorized holders to authorized RFID readers. In such settings, we observe an important feature that distinguishes these tags from the more traditional RFID tags used in supply chain and inventory management is the involvement of a human user and the sensitive nature of data contained in the tags.;We take advantage of the user's awareness and presence to construct simple, efficient, secure, feasible, and (most importantly) usable solutions for important, yet largely ignored problems in such RFID systems. These include RFID reader revocation status checking in RFID public key infrastructures and transaction verification in RFID enabled payment instruments.;We also evaluate the usability and practical security of each of our solutions via usability studies which include on line surveys and actual tests using prototypes. Our approach to solving the above mentioned problems takes advantage of new low-power technologies such as OLED, ePaper, and other more recent advances in hardware integration on RFID tags. We use these technologies to improve security by applying them to establish secure I/O channels for communication between the tag owner, the personal tag, and the reader. |
