| RFID is likely to emerge as a very important tool in electronically documenting the physical world to generate powerful information. In order to label millions of objects with RFID tags economically, the cost of a single tag has to be inexpensive enough. An inexpensive tag costing just a few cents would not have the necessary infrastructure to secure the data it stores and transmits. RFID has been drawing attention from privacy advocates and skeptics for the loopholes it can create in the information security infrastructure and consumer privacy. To overcome these shortcomings, security measures such as public key cryptography have been incorporated on the tag. However, the implementation of these security measures requires complex hardware. The cost of each such tag would be too high for a successful large scale adoption of RFID. This thesis explores an alternative approach to security and privacy. We suggest that the intelligence required to provide sufficient security be moved to the server, where the computational resources may already be available. When RFID systems are supported by server-centric authentication protocols, the tag hardware can yet be simple enough to facilitate economic large scale production. This thesis presents two authentication protocols that conceptualize this philosophy, they are multiple ID protocol and Q&A protocol. Any number of authentication protocols can be designed based on the concept proposed here. One protocol is not suggested to be better than the other; they just belong to the same genre. To validate the workability of these protocols, the thesis develops software that simulates an RFID system that implements these protocols. The data obtained from the software is analyzed parametrically to develop an empirical model to represent the system. Further, the thesis uses Design of Experiments (DOE) to understand the effect of the combined variation of the independent variables on the magnitude of output and also to understand the amount of influence exercised by each independent variable on the magnitude of output. Future work would involve the design and development of the hardware required to build a physical prototype. It would also involve the development of the software required to manage the communication between the server and the RFID hardware. |
