Re: RFIDs

Interesting product. But why a book on the subject?

On Wed, 22 Mar 2006 13:48:54 GMT, "J.C." <jccsplace@xxxxxxxxx> wrote:



Page 1
15Chapter 2UNDERSTANDINGRFID TECHNOLOGYSimson Garfinkel Henry
Holtzman1Introductionhis chapter presents a technical introduction to the
RFID, the ElectronicProduct Code (EPC), and the Object Name Service (ONS).
It then looks attwo specific RFID applications that have been fielded over
the past ten years.RFID TechnologyMost histories of RFID trace the
technology back to the radio-based identifica-tion system used by Allied
bombers during World War II. Because bomberscould be shot down by German
anti-aircraft artillery, they had a strong incen-tive to fly bombing
missions at night because planes were harder for gunnerson the ground to
target and shoot down. Of course, the Germans also tookadvantage of the
cover that darkness provided. Early Identification Friend orFoe (IFF)
systems made it possible for Allied fighters and anti-aircraft systemsto
distinguish their own returning bombers from aircraft sent by the
enemy.These systems, and their descendants today, send coded identification
signalsby radio: An aircraft that sends the correct signal is deemed to be a
friend, andthe rest are foe. Thus, radio frequency identification was born.
1. Henry Holtzman is a research scientist at the MIT Media Laboratory and
the founder ofPresto Technologies.Tgarfinkel.book Page 15 Thursday, June 2,
2005 11:56 PM

Page 2
16CHAPTER2UNDERSTANDINGRFID TECHNOLOGYShortly after the war, an engineer
named Harry Stockman realized that it ispossible to power a mobile
transmitter completely from the strength of areceived radio signal. His
published paper "Communication by Means ofReflected Power" in the
Proceedings of the IRE2introduced the concept of pas-sive RFID systems.Work
on RFID systems as we know them began in earnest in the 1970s. In1972,
Kriofsky and Kaplan filed a patent application for an "inductively cou-pled
transmitter-responder arrangement."3 This system used separate coils
forreceiving power and transmitting the return signal. In 1979, Beigel filed
a newapplication for an "identification device" that combined the two
antennas;many consider his application by to be the landmark RFID
application becauseit emphasized the potentially small size of RFID
devices.4In the 1970s, a group of scientists at the Lawrence Livermore
Laboratory(LLL) realized that a handheld receiver stimulated by RF power
could sendback a coded radio signal. Such a system could be connected to a
simple com-puter and used to control access to a secure facility. They
developed this systemfor controlling access to sensitive materials at
nuclear weapons sites. Today we would call this Livermore system an example
of security throughobscurity: What made the system secure was that nobody
else had a radio capa-ble of receiving the stimulating radio signal and
sending back the properlycoded response. But at the time it was one of the
most secure access controlsystems available. The scientists left LLL a few
years later and created theirown company to commercialize the technology.
This system ultimately becameone of the first building entry systems based
on proximity technology and thefirst commercial use of RFID.The Elements of
an RFID System RFID systems fundamentally consist of four elements: the RFID
tags them-selves, the RFID readers, the antennas and choice of radio
characteristics, andthe computer network (if any) that is used to connect
the readers.52. Harry Stockman, "Communication by Means of Reflected Power,"
Proceedings of the IRE,pp. 1196-1204, October 1948.3. Kriofsky, T.A.,
Kaplan, L.M.: 1975. U.S. Patent No. 38596244. Beigel, M. 1982. U.S. Patent
No. 43330725. Much of the information in this chapter draws on technical
information presented in Finken-zeller, K. RFID-Handbook, Second Edition,
Wiley & Sons, Ltd., April 2003. Translated from thethird German edition by
Wadding, R. www.rfid-handbook.de/english/index.html.garfinkel.book Page 16
Thursday, June 2, 2005 11:56 PM

Page 3
RFID TECHNOLOGY17RFID TagsThe tag is the basic building block of RFID. Each
tag consists of an antennaand a small silicon chip that contains a radio
receiver, a radio modulator forsending a response back to the reader,
control logic, some amount of memory,and a power system. The power system
can be completely powered by theincoming RF signal, in which case the tag is
known as a passive tag. Alterna-tively, the tag's power system can have a
battery, in which case the tag is knownas an active tag. The primary
advantages of active tags are their reading range and reliability.With the
proper antenna on the reader and the tag, a 915MHz tag can be readfrom a
distance of 100 feet or more. The tags also tend to be more reliablebecause
they do not need a continuous radio signal to power their
electronics.Passive tags, on the other hand, can be much smaller and cheaper
than activeones because they don't have batteries. Another advantage is
their longer shelflife: Whereas an active tag's batteries may last only a
few years, a passive tagcould in principle be read many decades after the
chip was manufactured. Between the active and the passive tags are the
semi-passive tags. These tags have abattery, like active tags, but still use
the reader's power to transmit a message backto the RFID reader using a
technique known as backscatter. These tags thus havethe read reliability of
an active tag but the read range of a passive tag. They alsohave a longer
shelf life than a tag that is fully active. Tags come in all shapes and
sizes. The smallest tag that has ever been producedis the Hitachi mu-chip,
which is less than 0.4mm on a side. Designed to beembedded in a piece of
paper and used for tracking documents printed in anoffice environment, the
mu-chip can be read only at a distance of a few centi-meters. Of course, the
mu-chip is a passive tag. With a larger antenna it couldhave a significantly
longer reading range, but that would defeat its purpose. Other small tags
are the implantable tags the size of a grain of rice manufac-tured by
VeriChip. Like the mu-chip, these passive tags have a very limitedreading
range; their intended application is to give machine-readable serialnumbers
to people. The company says that the chips can be used to authenti-cate
people in high-security environments-unlike passwords, the implantedchips
can't be easily shared-and in hospitals, where staff occasionally mix
uppatients and give them the wrong treatments. Implantable chips might
alsowork to identify wandering Alzheimer's patients who go out without any
identi-fication or cognizance of their location or destination. We'll come
back to thetopic of implantable chips later in this chapter.garfinkel.book
Page 17 Thursday, June 2, 2005 11:56 PM

Page 4
18CHAPTER2UNDERSTANDINGRFID TECHNOLOGYRFID tags can also be quite large. The
semipassive RFID tag used in the Fast-Lane and E-ZPass electronic toll
collection systems is the size of a paperbackbook and includes an antenna
and a five-year battery. The battery gives the sys-tem a longer read range
and also makes reads more reliable-at least until thebattery dies. In
practice, the instrumented toll crossings have a large light thatflashes
green if the tag is read successfully, red if no tag is detected, and
amberor yellow if the tag cannot be read properly. When the light flashes
amber, thedriver is supposed to call the program's administrator and arrange
to have thetag sent in for service. RFID tags can be promiscuous, in which
case they will communicate with anyreader. Alternatively, they can be
secure, requiring that the reader provide apassword or other kind of
authentication credential before the tags respond.The vast majority of RFID
tags that have been deployed are promiscuous. Notonly are these tags
cheaper, but the systems also are much easier to manage.Systems that employ
passwords or encryption codes require that the codes bedistributed in
advance and properly controlled. This is an exceedingly difficultmanagement
problem.The simplest RFID chips contain only a serial number-think of this
as a 64-bit or 96-bit block of read-only storage. Although the serial number
can beburned into the chip by the manufacturer, it is also common for the
chips to beprogrammed in the field by the end user. Some chips will accept
only a singleserial number, while other chips allow the serial number to be
changed after itis burned in. More sophisticated RFID chips can contain
read-write memorythat can be programmed by a reader. Chips can also have
sensors, an exampleof which is an air pressure sensor to monitor the
inflation of a tire. The chipsmight store the results of the sensor in a
piece of read-write memory or simplyreport the sensor's reading to the RFID
reader. Chips can also have a self-destruct, or "kill" feature. This is a
special code that, when received by the chip,causes the chip to no longer
respond to commands. For financial applications,the full capabilities of
smart cards have been combined with the wireless proto-cols and passive
powering used in RFID. The result is a class of high-capabilityRFID tags
also called contactless smart cards.RFID tags can interfere with each other.
When multiple tags are present in areader's field, the reader may be unable
to decipher the signals from the tags.For many applications, such as raising
the gate in a parking lot, this is not aproblem. The systems are optimized
so that only one tag is within range at atime. However, for other
applications, reading multiple tags at once is essential.For these
applications, the tags need to support either an anticollision protocolor,
more commonly, a singulation protocol. A singulation protocol allows areader
to determine that multiple tags are visible and to iterate through
thegarfinkel.book Page 18 Thursday, June 2, 2005 11:56 PM

Page 5
RFID TECHNOLOGY19tags, getting them to take turns responding so that each
may be read withoutinterference from the others.Electronic Product Code
(EPC) tags are a special kind of tag that follows theEPC standard developed
by the MIT Auto-ID Center and is now managed bythe trade organization
EPCglobal. Sanjay Sarma, cofounder of the Auto-IDCenter, discusses the
history of the EPC standard in Chapter 3.EPCglobal has defined a series of
RFID tag "classes" and "generations" ofRFID devices (see Tables 2.1 and
2.2). Table 2.1 EPC RFID ClassesEPC Device ClassDefinitionProgrammingClass 0"Read
only" passive tagsProgrammed by the manufacturerClass 1"Write-once,
read-many" passive tagsProgrammed by the customer; cannot be
reprogrammedClass 2Rewritable passive tagsReprogrammableClass 3Semipassive
tagsClass 4Active tagsClass 5ReadersTable 2.2 EPC RFID Chip
GenerationsFeatureGeneration 1Generation
2Frequency860-930MHz860-960MHzMemory capacity64 or 96 bits96-256
bitsField-programmabilityYesYesReprogrammabilityClass 0-read onlyClass
1-write once/ready manyNAOther featuresNAFaster and more reliable reads than
Generation 1Better compliance with other global standardsgarfinkel.book Page
19 Thursday, June 2, 2005 11:56 PM

Page 6
20CHAPTER2UNDERSTANDINGRFID TECHNOLOGYReadersThe RFID reader sends a pulse
of radio energy to the tag and listens for thetag's response. The tag
detects this energy and sends back a response that con-tains the tag's
serial number and possibly other information as well. In simple RFID
systems, the reader's pulse of energy functioned as an on-offswitch; in more
sophisticated systems, the reader's RF signal can contain com-mands to the
tag, instructions to read or write memory that the tag contains,and even
passwords.Historically, RFID readers were designed to read only a particular
kind of tag,but so-called multimode readers that can read many different
kinds of tags arebecoming increasingly popular.RFID readers are usually on,
continually transmitting radio energy and await-ing any tags that enter
their field of operation. However, for some applications,this is unnecessary
and could be undesirable in battery-powered devices thatneed to conserve
energy. Thus, it is possible to configure an RFID reader sothat it sends the
radio pulse only in response to an external event. For example,most
electronic toll collection systems have the reader constantly powered upso
that every passing car will be recorded. On the other hand, RFID
scannersused in veterinarian's offices are frequently equipped with triggers
and powerup the only when the trigger is pulled.Like the tags themselves,
RFID readers come in many sizes. The largest read-ers might consist of a
desktop personal computer with a special card and multi-ple antennas
connected to the card through shielded cable. Such a readerwould typically
have a network connection as well so that it could report tagsthat it reads
to other computers. The smallest readers are the size of a postagestamp and
are designed to be embedded in mobile telephones.Antennas and RadioThe RFID
physical layer consists of the actual radios and antennas used to cou-ple
the reader to the tag so that information can be transferred between the
two.Radio energy is measured by two fundamental characteristics: the
frequencies atwhich it oscillates and the strength or power of those
oscillations. CommercialFM broadcast stations in the United States transmit
with energy at a frequencybetween 88MHz and 108MHz, or 1 million isolations
per second. The AMspectrum, by contrast, transmits at 500,000 to 1,500,000
oscillations per sec-ond, or between 500KHz and 1500KHz. Microwave ovens
cook with RFenergy that vibrates 2.4 billion times each second, which is
2.4GHz. garfinkel.book Page 20 Thursday, June 2, 2005 11:56 PM

Page 7
RFID TECHNOLOGY21Most RFID systems use the so-called unlicensed spectrum,
which is a specificpart of the spectrum set aside for use without a radio
license. Popular bandsare the low-frequency (LF) band at 125-134.2KHz, the
high-frequency bandat 13.56MHz, the ultrahigh-frequency (UHF) band at 915MHz
(in NorthAmerica; varies in other regions), and the industrial, scientific,
and medical(ISM) band at 2.4GHz. The names of the LF, HF, and UHF bands
reflect the history of radio's devel-opment: Radio systems first transmitted
at the lower frequencies and moved tothe higher frequencies only as
technology advanced. For this reason, lower-frequency radio gear was
traditionally cheaper than equipment that operated athigher frequencies.
Today, however, the difference in radio prices more oftenreflects market
sizes, the cost of patents and other licenses, and the result ofsubsidies or
cross-marketing agreements from equipment manufacturers.Radio energy moves
in waves, and each radio wave has not only a frequency butalso a wavelength.
The wavelength is like the distance between two wave crestson the ocean.
With radio energy, the wavelength of a radio wave multiplied byits frequency
is equal to the speed of light: 3 ×108meters per second (roughlyequal to
186,000 miles per second). The size of waves for each of the unli-censed
bands is presented in Table 2.3.Building proximity cards, automobile
immobilizer chips, and implantable RFIDampoules tend to operate in the LF
band. The FDA has adopted the HF band forRFID systems used for prescription
drugs. The EPC system operates in the HFand UHF bands, although early
deployments are favoring the UHF band.When analyzing the energy that is
radiated from an antenna, electrical engi-neers divide the field into two
parts: the near field, which is the part of radiationthat is within a small
number of wavelengths of the antenna, and the far field,which is the energy
that is radiated beyond the near field. Because the wave-length of LF and HF
devices tends to be much larger than the ranges at whichTable 2.3 Band
Frequency, Wavelength, and Classical UsageBandUnlicensed
FrequencyWavelengthClassical UseLF125-134.2KHz2,400 metersAnimal tagging and
keyless entryHF13.56MHz22 metersUHF865.5-867.6MHz (Europe)915MHz
(U.S.)950-956MHz (Japan)32.8 centimetersSmart cards, logistics, and item
managementISM2.4GHz12.5 centimetersItem managementgarfinkel.book Page 21
Thursday, June 2, 2005 11:56 PM

Page 8
22CHAPTER2UNDERSTANDINGRFID TECHNOLOGYRFID systems typically operate, these
systems operate in the near field, whileUFH and ISM systems operate in the
far field.As with most radio systems, the larger the antenna on the reader
and the tag,the better an RFID system will work because large antennas are
generally moreefficient at transmitting and receiving radio power than are
small antennas.Thus, a large antenna on the reader means that more power can
be sent to theRFID tag and more of the tag's emitted energy can be collected
and analyzed. Alarge antenna on the tag means that more of the power can be
collected andused to power the chip. Likewise, a large antenna on the chip
means that morepower can be transmitted back to the reader.The NetworkMost
RFID tags transmit a number and nothing more. So what does a typicalreader
do with a typical 96-bit number like
79,228,162,514,264,337,593,543,950,335?6In most cases, the reader sends it
to a computer. What the computer does with the RFID code depends on the
application.With an access-control system, the computer might look to see if
the RFIDnumber is present on a list of numbers that's allowed access to a
particular dooror location. If the number is present, the computer might
energize a solenoidthat would unlock the door. In the case of the Mobil
Speedpass system, the tag'sserial number and its response to the random
challenge that was generated bythe reader are sent over Mobil's payment
network. If the challenge responsematches the token, Mobil's computers
approve the user of the customer'scredit-card number to complete the
transaction.With the EPC, the serial number will be sent to a network of
computers thatmake up the Object Name Service (ONS), a large distributed
database that willtrack a variety of pieces of information about objects
that have been assignedEPC codes. The database consists of both central
"root" servers and distrib-uted servers at each company that creates
products labeled with EPC tags.Given any EPC code, the root servers would
tell a computer which company'sservers to go to, and then the company's
servers would explain what the EPCcode means. The overall design of the ONS
is similar to that of another distrib-uted database, the Domain Name System
(DNS), which maps Internet host-names to Internet Protocol (IP) addresses.
In fact, VeriSign, the company thathas the contract to run the global DNS,
was also awarded the contract by EPC-global to run the ONS.76. This number
is actually 296-1, the largest number that can be represented with an
unsigned96-bit integer.7. "VeriSign to Run EPC Directory," RFID Journal,
January 13, 2004.
www.rfidjournal.com/article/articleview/735/1/1.garfinkel.book Page 22
Thursday, June 2, 2005 11:56 PM

Page 9
RFID TECHNOLOGY23Here's how it might work. A computer at Wal-Mart that
receives an EPC codewould send that code to one of the ONS root servers and
learn that the partic-ular code space is operated by a manager at Gillette.
The computer might thenquery the ONS server operated by Gillette and learn
that the code is for a boxof Mach3 razors, which was manufactured on a
particular date and is autho-rized for sale in the United States. Coupling,
Range, and PenetrationAs mentioned previously, active and passive RFID
systems have very differentreading ranges. With batteries and high-gain
antennas, active RFID systemshave ranges roughly equivalent to those of any
other system operating underthe rules for unlicensed radio systems. In the
United States, for example, anunlicensed system can transmit with up to 1
watt of power; under these condi-tions, a signal can be received over a mile
if directional antennas are used andthere are no obstructions. CouplingWhile
it is possible to build RFID systems such that both the tag and
readercontain a radio transmitter and a radio receiver, this method of
operation isideal only for active systems attempting to communicate over the
longest dis-tances. Because placing and powering a transmitter on the tag is
an expensiveproposition, passive tag systems are usually chosen for
applications that areextremely sensitive to the cost of the tag. Either the
passive tag will have tohave some form of energy storage, for example a
capacitor, to provide powerwhen the reader stops transmitting and starts
receiving or the reader mustalways transmit, meaning the tag has to reply on
a different frequency.Instead, passive RFID systems typically couple the
transmitter to the receiverwith either load modulation or backscatter,
depending on whether the tags areoperating in the near or far field of the
reader, respectively.In the near field, a tag couples with a reader via
electromagnetic inductance.The antennas of both the reader and the tag are
formed as coils, using manyturns of small gauge wire. The current in the
reader's coil creates a magneticfield. This field, in turn, induces a
current in the coil of the tag. A transformerworks by the same principle,
and in essence the coils of the reader and tagtogether form a transformer.
The reader communicates with the tag by modu-lating a carrier wave, which it
does by varying the amplitude, phase, or fre-quency of the carrier,
depending on the design of the RFID system in question.This modulation can
be directly detected as current changes in the coil of thegarfinkel.book
Page 23 Thursday, June 2, 2005 11:56 PM

Page 10
24CHAPTER2UNDERSTANDINGRFID TECHNOLOGYtag. The tag communicates with the
reader by varying how much it loads itsantenna. This in turn affects the
voltage across the reader's antenna. By switch-ing the load on and off
rapidly, the tag can establish its own carrier frequency(really a
subcarrier) that the tag can in turn modulate to communicate its reply.Tags
that operate in the far field (UHF and ISM bands) couple with their read-ers
using backscatter. Backscatter results when an electromagnetic wave hits
asurface and some of energy of that wave is reflected back to the
transmitter, andit is one of the fundamental physics behind RADAR. The
amount of energyreflected depends on how well the surface resonates with the
frequency of theelectromagnetic wave. RFID tags that use backscatter to
reply to their readershave antennas that are designed to resonate well with
the carrier put out by thereader. The tag can throw a switch that changes
the resonant properties of itsantenna so that it reflects poorly instead,
thus creating a pattern in its backscat-ter that is detected at the reader.
The return communication is encoded in thebackscatter pattern.There is a
third, less common type of coupling between reader and tag: electro-static
coupling. With electrostatic coupling, the reader and tag antennas
arecharged plates. Adding electrons to the plate on the reader will push
electronsoff the plate onto the tag, and vice versa. The plate area
determines range withelectrostatic coupling. An advantage to electrostatic
coupled systems is that theantenna patches can be printed with conductive
ink, making their design veryflexible and inexpensive.Reading Range of
Passive RFID SystemsPassive systems operate under far more limiting
circumstances. To be read, apassive RFID tag must be provided with
sufficient power to both run the elec-tronics and generate a return signal
that the reader can detect. Thus, the readrange of a passive system depends
onPr: The reader transmitter power (typically 1 watt)Sr: The reader receiver
sensitivity (typically -80dBm or 10-11watts)Gr:The reader antenna gain
(typically 6dBi)Gt: The tag antenna gain (1dBi is an omnidirectional
antenna)Pt: The tag's power requirement (typically 100 microwatts
or -10dBm)Et: The tag modulator efficiency (typically -20dB)8A system can be
limited either by the power available to power the tag or by thereader's
ability to detect the tag's transmissions. Since the goal of RFID systems8.
This example was presented by Matthew Reynolds of ThingMagic at the MIT
Privacy Work-shop in November 2003.garfinkel.book Page 24 Thursday, June 2,
2005 11:56 PM

Page 11
RFID TECHNOLOGY25is to make the chips as cheap as possible, lots of money
can be invested intoreaders to make them very sensitive. Thus, a
well-designed RFID system willbe limited by the power available to the
tag.The power available to the tag, Pt, is given by the formula:Pt = Pr ×Gr
×Gt ×?(4?)2d2Where ? is the wavelength of the radio waves used by the
system.Crunching the numbers for a 915MHz system, dmax = 5.8 meters. In
otherwords, 19.4 feet is the greatest distance that a typical EPC tag can be
read by areader with the parameters given previously. On the other hand, if
someonecould build a tag that could be powered with only 1 microwatt-100
times bet-ter than is possible today-dmaxwould increase to 194 meters.
However, thereturn signal would have energy of -99dBm because the RFID tag
would betransmitting its limited amount of power in all directions. A signal
at -99dBm ison the edge of what can be detected with even the best amplifier
and radio avail-able today. (The noise power in 50 ohms at 500KHz
is -109dBm; with a practi-cal receiver that has an NF of 3dB, the power of
noise is raised to -106dBm.Distinguishing a -99dBm signal from a -106dBm
noise floor requires areceiver that has a signal-to-noise ratio of just
7dB.)One way to improve the reading range of such a system is to use a
largerantenna that can collect more power from the tag. For example, a
proximitycard system manufactured by Indala (www.indala.com) has a read
range ofeight inches with the company's lowest-cost reader, but that range
jumps to24 inches with the company's more expensive reader that has a larger
antennaand more expensive electronics. Researchers at the MIT Computer
Scienceand Artificial Intelligence Laboratory (CSAIL) have created a
one-of-a-kindreader with a very large antenna that can read cards more than
four feet away.Although greater reading ranges are theoretically possible,
background noiseand other real-world factors make it difficult to construct
readers with signif-icantly longer range.Penetration, Screening, and
ShieldingThe calculations in the previous section assume that both the RFID
readerand the tag are in a vacuum. This is rarely the case, of course. Most
tags areread through the air, but sometimes there is intervening material,
such aswater, plastics, cans, or people. As with all radio signals, the
range of an RFIDgarfinkel.book Page 25 Thursday, June 2, 2005 11:56 PM

Page 12
26CHAPTER2UNDERSTANDINGRFID TECHNOLOGYsystem is dramatically affected by the
environment through which the radiosignals travel.Two of the most potent
barriers for radio signals in the HF and UHF regionsof the spectrum are
water and metal, and they can profound impacts on RFIDin typical operations.
For example, cardboard is normally transparent to radiowaves. But if a
cardboard box picks up moisture, the water in the cardboard willattenuate
the radio signal from an RFID reader, perhaps to the point that theRFID tag
inside the box will not receive enough power to send back a response.Metal
blocks radio waves, so there's no hope of reading a tag inside a can.
Whatabout a tag that's on a can? The answer depends on where the reader is
in rela-tionship to the tag and the can, how far away the tag is from the
can, and evenwhat kind of antenna is built into the tag. In some cases, the
can will block theradio waves, but in other cases, the can will focus the
waves and make it easierto read the tag. This is especially a possibility if
several cans are packed tightlytogether, as might be the case on a
supermarket shelf.Another phenomenon to be considered is dielectric
coupling. Dielectric cou-pling can take place between antennas and
dielectric materials like cardboardor, in some cases, the human body. Using
this coupling will result in detuningthe antenna, which will make the
antenna less efficient and, consequently, willdecrease read range. This is
why some proximity cards can be read if they are ina wallet but can't be
read if that wallet is in a person's pocket. In other cases,two proximity
cards placed next to each other can cause mutual interferencebecause of this
kind of coupling.If the intention is to shield an RFID tag against an RFID
reader, it is quiteeasy to do. A single layer of aluminum foil is sufficient
to shield most low-power RF devices. For RFID, aluminum needs to be only 27
microns thick,according to Matthew Reynolds at ThingMagic
(www.thingmagic.com), toeffectively shield a tag. And just 1mm of dilute
salt water (also a conductor)provides similar protection.All of this math
and physics have caused some interesting reflections by jour-nalists. In
Wired News, for instance, Mark Baard wrote this technically accuratelead for
his article about the MIT RFID Privacy Workshop:You may need to read the
following sentence twice: Aluminum foilhats will block the signals emitted
by the radio tags that will replacebar-code labels on consumer
goods.garfinkel.book Page 26 Thursday, June 2, 2005 11:56 PM

Page 13
RFID APPLICATIONS27That is, of course, if you place your tin-foil hat
between the radiotag and the device trying to read its signal.9RFID
ApplicationsIn this section, we look at a few specific applications of RFID
technology thathave been deployed and see how the technical underpinnings of
the technologyhave a direct impact on the applications.Supply Chain
Visibility and Inventory ManagementThe largest use of RFID anticipated
within the next ten years is in tags to track themovement of consumer
product goods from the manufacturer to the point of sale. The international
manufacture and movement of goods is a huge business.Many items sold in the
United States are actually manufactured in China,loaded into containers,
sent by truck to a port, and then shipped on a freighterto a port in the
United States. Once in the country, the containers are sent todistribution
points where they are unloaded, repackaged onto trucks, and sentto stores
such as Wal-Mart, where their contents are unloaded, put on storeshelves,
and sold to consumers.At least, that's the way that the process is supposed
to work. In practice, manythings can go wrong. For example, boxes that are
supposed to be loaded intoone container can be accidentally loaded into
another one and sent to thewrong customer. Product can be lost in port for
days-or weeks-or sent to thewrong distribution center. Boxes can be lost in
distribution centers or, evenworse, sent to a store and then misplaced in a
storage room. As a result, a prod-uct could be out of stock on the store
shelves, which means that a customerwho wants to buy a particular razor or
battery won't be able to do so. The num-ber and cost of lost sales can add
up.Equally troublesome for companies like Gillette are product
counterfeiting andproduct diversion. This problem starts in China, where a
look-alike product canbe manufactured in "bandit" factories. (Sometimes a
bandit factory is authorizedto make genuine goods but creates extra product
that it doesn't report to the U.S.company.) Legitimate product with
packaging in Chinese and designed to be sold9. Baard, M. "Is RFID Technology
Easy to Foil?" Wired News, November 18,
2003.www.wired.com/news/privacy/0,1848,61264,00.html.garfinkel.book Page 27
Thursday, June 2, 2005 11:56 PM

Page 14
28CHAPTER2UNDERSTANDINGRFID TECHNOLOGYin Hong Kong or Taiwan at a low price
can be sent to New York and sold on theso-called gray market in which the
intermediaries reap big profits and the Amer-ican consumers get their razors
or batteries at a lower price, but the brand ownermisses out on the higher
profits that are supposed to result from U.S. sales. Andsometimes there is
just out-and-out theft: Cases of product disappear out of"sealed" containers
or "fall off" the back of trucks.Finally there is shoplifting, increasingly
an activity of organized gangs whoempty stores of dozens or hundreds of
packages of razors or batteries at a clip.Sometimes insiders facilitate
shoplifting and receive a commission or cut fromthe perpetrators.
Shoplifting causes many problems, of which the actual theft isjust one.
Consumers who see shoplifting taking place feel uncomfortable andmay not
return to the store. Shoplifting also results in out-of-stock conditionsthat
are not detected by the store's inventory management system because theitems
were never actually sold.It is into this supply chain that RFID is likely to
make the largest impact over thenext decade. If every package of razors or
batteries manufactured in China had itsown embedded and individually
serialized RFID tag, it would be possible to trackit as it moves through the
entire supply chain. RFID readers at the factory wouldverify that the cases
left the factory and got onto the truck. RFID readers builtinto the shipping
container would verify that the products left the truck and wereput in the
container. RFID readers in the U.S. port could verify that every pack-age
coming into the country contained product that was both legitimate
andlicensed for sale in the United States. Readers at the distribution
center wouldrecord the arrival of every package and note which packages went
to whichstores. In those stores, RFID readers would be on every shelf. They
would keeptrack of which product was in the back rooms and which was on the
store shelves. RFID readers on store shelves would give stores a degree of
visibility that todaycan only be dreamed of. For starters, they would pick
up when product wasmis-shelved-perhaps when a consumer picked up a box of
razors, had achange of heart, and put it down on another shelf a few minutes
later. The tagscould detect "out-of-stock" conditions caused by theft. It
would even be possi-ble to have the system generate an alert when there is a
suspicious removal ofproduct, such as the simultaneous removal of 12 razor
packages, and put anotation on the surveillance video.Once this RFID
infrastructure is deployed, it could be used for additional pur-poses. For
example, a special light-sensing RFID tag might detect if the con-tainer was
opened between the times that it left a port in China and arrived at aport
in San Francisco; such containers could be subject to extra scrutiny by
theDepartment of Homeland Security or simply rejected out of hand. The
CustomsService, meanwhile, could automatically impound and destroy any
products thatgarfinkel.book Page 28 Thursday, June 2, 2005 11:56 PM

Page 15
RFID APPLICATIONS29did not have RFID serial numbers from an approved list of
"genuine merchan-dise" or any products that had been manufactured for
another market. In theory, RFID is great. When a product is made, the tags
can be applied in away that they can't be removed. (Checkpoint, for example,
has developed aseries of RFID tags that are on the back of designer clothing
labels.) RFID letsa retailer see what's inside a pallet or carton without
actually opening it. RFIDeliminates counterfeiting. RFID eliminates the
problems that result when peo-ple mistype product numbers or mis-scan
optical barcodes. Lost shipments canbe automatically tracked or traced. In
addition, companies can get better visi-bility into their operations by
simply adding more RFID readers: A reader on aforklift, for instance, would
make it possible to figure out precisely how manypackages per hour a
forklift operator is moving and would probably make itpossible to pinpoint
specifically which forklift operator was responsible forskewering an
expensive case of HP printers. (Assuming, of course, that theforklift
operator's union consented to this degree of worker monitoring.)That's the
theory. In practice, those trying to deploy RFID into the supplychain have
discovered many problems. As we'll see in later chapters, althoughit's
possible to read 75 or more tags per second, it has been remarkably
difficultto design systems that can read 100% of the cases on a pallet, let
alone all of theindividual cartons inside a case. Metal and water inside the
packaging add tothe difficulty of reading. Readers sometimes interfere with
each other. One ofthe greatest problems has been the cost of the tags
themselves; the tags couldeven cost more money than they would possibly
save.There are other problems, as well. Most organizations deploying RFID
assumethat serial numbers on tags can't be counterfeit (they can) and that
they can't beread by competitors (they can). So U.S. Customs needs more than
a read-onlylist of all the valid RFID tags allowed to enter the country: It
also needs to crossitems off the list when they come into the country. A
read-write database sys-tem is dramatically more difficult to operate than
one that is read-only. As forthe competitive intelligence problem, it's one
that is addressed in Chapter 18,Would Macy's Scan Gimbels?: Competitive
Intelligence and RFID, so wewon't dwell on it here. Suffice it to say that
there are a lot of opportunities forcompetitors to snoop on each other. As
evidenced by Appendix F, Realizing theMandate: RFID at Wal-Mart, many
organizations haven't even considered thispossibility.ImplantsPerhaps no
single application of RFID technology has generated more contro-versy than
the implantation of RFID chips into people. garfinkel.book Page 29 Thursday,
June 2, 2005 11:56 PM

Page 16
30CHAPTER2UNDERSTANDINGRFID TECHNOLOGYImplantable RFID transponders are
typically small glass cylinders approxi-mately 2 or 3mm wide and between 1
and 1.5cm long. Inside the glass cylinderare a microchip, a coiled antenna,
and a capacitor for energy storage. Micro-chips are typically implanted
under the skin of the arm (in human beings) orthe back of the neck (in
laboratory animals) with a 12-gauge needle.10Someonewith proper training can
implant a device in less than 20 seconds. Implantable RFID chips are
typically read through use of an intense magneticfield operating at a radio
frequency of 100KHz to 15MHz. The alternatingmagnetic field induces a
current in the transponder's coil, which in turns pow-ers the chip.
Stimulated in this manner, the chip transmits a low-powerresponse that is
then detected on a different radio frequency by the reader.On October 14,
2004, an article titled "Identity Chip Planted Under SkinApproved for Use in
Health Care"11ran on the front page of the New YorkTimes and many other
publications. The photograph beneath the headlineshowed a human index finger
and, on top of the clearly visible fingerprint, atiny glass cylinder
containing an RFID chip and antenna manufactured byApplied Digital.What
readers of the New York Times may not have realized is that the technol-ogy
is more than 20 years old. In 1986, four inventors had filed a series
ofpatent applications for a Syringe-Implantable Identification
Transponder.Despite being abandoned three times, the patent was finally
refiled in 1991 andissued in 1993.12According to the patent, the system was
designed for the iden-tification of horses. The patent was assigned to
Destron/Identification DevicesInc. and Hughes Aircraft. One of the early
uses, according to Troyk, was fortracking fish passing through dams on the
Colorado River. Patent applicationsfiled by other inventors anticipated RFID
devices augmented with sensors toreport back information such as body
temperature.In the mid-1990s, implantable chips were initially marketed to
scientistsseeking to keep track of laboratory animals and to zoos that
wanted a way totrack exotic animals. Soon they were being marketed to
veterinarians and ani-mal shelters that wanted a way to identify pets that
were stray but had beenpreviously owned. According to an article in the
January 1997 issue of PetBird Magazine:10. Much of the technical information
in this section is from Troyk, P. "Injectable ElectronicIdentification,
Monitoring and Stimulation Systems," Annual Review of Biomedical
Engineering,1999.01:177-209.11. Feder, B.J., and Zeller, Jr., T. "Identity
Chip Planted Under Skin Approved for Use in HealthCare," The New York Times,
October 14, 2004. A1.12. Taylor V., Koturov D., Bradin J., Loeb, G.E. 1993.
U.S. Patent No. 5211129.garfinkel.book Page 30 Thursday, June 2, 2005 11:56
PM

Page 17
RFID APPLICATIONS31"Loss of a beloved pet or valued bird is a painful
experience. However,there are some measures you can take to help find or
identify your birdif this happens to you. One of these is the use of a
microchip, a tinydevice which can be inserted into your pet by means of a
simple injec-tion. Bird breeders and pet owners across the country are
implantingmicrochips in their birds as a means of positive identification.
The chipis implanted under the skin and resides there as a small
non-intrusiveand foolproof method of permanently identifying a bird."13A
variety of incompatible chips were sold during this time, including the
AVID,Destron, and Trovan, which sold items under the AVID, Home Again, and
Info-PET brands, respectively. In Canada, another system called PetNet was
popular.This multiplicity of players only created confusion in the industry:
The Ratiteindustry and SeaWorld endorsed AVID, the American Kennel Club
endorsedHome Again, and the American Society for the Prevention of Cruelty
to Animals(ASPCA) endorsed Trovan. Trovan was also adopted by the
International Unionof Conservation of Nature for captive breeding programs.
Although a so-calleduniversal scanner could read any chip, such scanners
were not available initiallyand were always more expensive than a
single-mode scanner.Simply having a chip implanted in an animal did not
guarantee its recoverybecause the chips contained a serial number, not a
name, address, or phonenumber. To map the serial number to an owner's name
required looking up theserial number in a registry. Although all registries
allowed owners to list theirnames, addresses, and phone numbers, some
registries allowed alternativenames and contact numbers to be listed. In
most cases, registration required aone-time fee of $7 to $25 per chip.
Although any of these chips could be implanted into a person, this use was
spe-cifically prohibited by the chip manufacturers. One reason, presumably,
wasliability; although the chips had been tested in animals, they were
notapproved as medical devices. But conversations I had with chip
manufacturersat this time revealed another reason that implantation was
prohibited: Thevendors didn't want the negative publicity that could result
from having theirchips implanted in human beings. To paraphrase one
manufacturer's represen-tative who spoke to me on condition of anonymity,
"We are trying to stay clearof the creepy factor."One company didn't share
this view. To the contrary, Applied Digital Solutions(ADS) positively
courted the creepy factor. 13. Highfill, C. "Microchips: An Idea Whose Time
has Come," Pet Bird Magazine, January 1997.Archived at:
www.birdsnways.com/wisdom/ww7eiii.htm. garfinkel.book Page 31 Thursday, June
2, 2005 11:56 PM

Page 18
32CHAPTER2UNDERSTANDINGRFID TECHNOLOGYIncorporated in May 1993, ADS is a
holding company that owns other compa-nies involved in the high-tech area.
The company's two best-known productsare the Digital Angel and the VeriChip.
Unfortunately, these two products arefrequently confused with one another.
Digital Angel is device that monitors the wearer's location using a Global
Posi-tioning System (GPS) receiver and then reports the position back to a
centralmonitoring facility using a cellular telephone network. One version
of the Dig-ital Angel is designed to be worn around a child's wrist. Another
versiondesigned to be implanted in the chest cavity is marketed to
businesspeople inSouth and Central American who are fearful that they might
be kidnapped.ADS's second major product is the VeriChip, an implantable RFID
device thatADS markets for a variety of security, safety, and healthcare
applications. Consider security, which has long been promoted by ADS as a
natural use ofthe technology. As it is promoted, the implanted chip is the
ultimate securitydevice: an unforgeable identification number that cannot be
lost or stolen.Each VeriChip has a unique serial number. The serial numbers
are pro-grammed into the computer that controls access to a building or a
set of confi-dential files, and if the person whose hand waves in front of a
reader has anapproved serial number, the computer grants access. This
application is sotransparent and so easy to understand that it is not just
promoted by VeriChip,it's also a staple of science fiction, having appeared
in works such as Arthur C.Clark's 3001 and the 1995 Sylvester Stallone
movie, Judge Dredd. Perhapsbecause of the high-tech appeal, the Attorney
General of Mexico recently hadhimself and 16 people in his office implanted
with the VeriChip to gain accessto sensitive areas and files in the country's
fight against organized crime.14A second application that is promoted for
the VeriChip is for trackingpatients and medical records. Once again, the
advantage of the chip is that,unlike a dog tag, it cannot be lost. Alzheimer
patients often become disorientedand wander off, sometimes after taking off
all their clothes (dissatisfaction withclothes is another symptom of the
disease). A study of caregivers in Massa-chusetts found that 69 percent of
wandering cases are associated with severeconsequences, with 3 percent (24
out of 700) of them resulting in a lengthysearch that ends with the death of
the patient. In theory, an implanted RFIDchip interacting with a long-range
reader could be used to lock the door orsound an alarm if an Alzheimer
patient approached it. When a patient isrecovered, the chip could be used to
find contact information for the patient,much as with the chips that are
implanted in dogs and cats.14. Greene, T.C. "Anti-RFID Outfit Deflates
Mexican VeriChip Hype," The Register, November30, 2004.
www.theregister.co.uk/2004/11/30/mexican_verichip_hype.garfinkel.book Page
32 Thursday, June 2, 2005 11:56 PM

Page 19
RFID APPLICATIONS33The serial number on the implanted chip can also be used
as an index intomedical records. ADS operates a "Global VeriChip Subscriber
Registry" thatreportedly will act as a password-protected centralized
database of medicalrecords for any VeriChip user. The company is also
promoting VeriChip as apayment system. The Baja Beach Club in Barcelona,
Spain, has given itspatrons the option of having a chip implanted in their
hands so that they canpay for drinks.15So far 35 patrons have signed up for
the service.16According to the company's 2003 Annual Report: 17"VeriChip .
can be used in a variety of security, financial,
personalidentification/safety and other applications.. About the size of
agrain of rice, each VeriChip product contains a unique verificationnumber.
Utilizing our proprietary external RFID scanner, radio fre-quency energy
passes through the skin energizing the dormant Veri-Chip, which then emits a
radio frequency signal transmitting theverification number contained in the
VeriChip. VeriChip technologyis produced under patent registrations
#6,400,338 and #5,211,129.This technology is owned by Digital Angel
Corporation andlicensed to VeriChip Corporation under an exclusive product
andtechnology license with a remaining term until March 2013."On October 22,
2002, the US Food and Drug Administrationissued a ruling that the VeriChip
is not a regulated device. As aresult, the FDA reasoned, the FDA had no say
as to whether or notpeople could implant the device in their bodies for
financial andpersonal identification purposes-just in the same way,
presumably,that the FDA has no say on whether or not people pierce their
earsto wear earrings. After receiving this approval ADS began aggres-sively
marketing its device not just for these applications, but appar-ently also
as for linking to a database of medical records. OnNovember 8, 2002, the
company "received a letter from the FDA,based upon correspondence from us to
the FDA, warning us not tomarket VeriChip for medical applications."15.
Gossett, S. "Paying for Drinks with the Wave of the Hand,"
WorldNetDaily.com, April 14,2004.
http://worldnetdaily.com/news/article.asp?ARTICLE_ID=38038. 16. Crawley, A.
"FDA Clears VeriChip for Medical Applications in the United States,"
findBiomet-rics.com, October 14, 2004.
www.findbiometrics.com/Pages/feature%20articles/verichip-fda.html.17.
"Annual Report Pursuant to Section 13 or 15(d) of the Securities Exchange
Act of 1934, Forthe fiscal year ended December 31, 2003," Applied Digital
Solutions, Inc. March 15, 2004,amended on March 16, 2004, May 21, 2004, and
September 24, 2004.
http://www.sec.gov/Archives/edgar/data/924642/000114420404015032/v06849_10ka.txt.garfinkel.book
Page 33 Thursday, June 2, 2005 11:56 PM

Page 20
34CHAPTER2UNDERSTANDINGRFID TECHNOLOGYThe annual report continues:"Examples
of personal identification and safety applications arecontrol of authorized
access to government installations and private-sector buildings, nuclear
power plants, national research laborato-ries, correctional facilities and
sensitive transportation resources.VeriChip is able to function as a
stand-alone, tamper-proof personalverification technology or it can operate
in conjunction with othersecurity technologies such as standard
identification badges andadvanced biometric devices (for example, retina
scanners, thumb-print readers or face recognition devices). The use of
VeriChip as ameans for secure access can also be extended to include a range
ofconsumer products such as personal computers, laptop computers,cars, cell
phones and even access into homes and apartments.Financial applications
include VeriChip being used as a personalverification technology that could
help prevent fraudulent access tobanking, especially via automated teller
machines, and credit cardaccounts. VeriChip's tamper-proof, personal
verification technologycan provide banking and credit card customers with
the added pro-tection of knowing their account could not be accessed unless
theythemselves initiated and were physically present during the
transac-tion. VeriChip can also be used in identity theft protection."In
October 2004, the FDA ruled that the serial number inside the VeriChipcould
be linked to healthcare information. It's important to note that the FDAhas
never actually ruled on the safety of the VeriChip device itself. The FDA'sruling
gave ADS the green light to move forward on its attempts to market
theVeriChip to the healthcare arena. Quoting once again from the company'sannual
report:"Examples of the healthcare information applications for
VeriChipinclude, among others:Implanted medical device
identificationEmergency access to patient-supplied health
informationPortable medical records access including insurance
informationIn-hospital patient identificationMedical facility connectivity
via patientDisease/treatment management of at-risk populations (such
asvaccination history)"Evaluating VeriChip's security claims is remarkably
difficult; the company hassurprisingly little technical information on its
Web site. garfinkel.book Page 34 Thursday, June 2, 2005 11:56 PM

Page 21
CONCLUSIONS35VeriChip and Mark of the Beast The Revelations of St. John the
Divine, popularly known as the Book of Rev-elation or The Apocalypse, is the
final book of the Christian Bible. The booktells the story of the end of the
world, including the final battle between goodand evil. According to
Revelations, God wins this final battle and restorespeace to the world.
Revelations is relevant to discussions of RFID, and especially the
VeriChip,because of three verses that discuss the Beast from the Earth. The
Beast isintroduced in Revelations 13:11; the sections relevant to a
discussion of RFIDare verses 13:16, 13:17, and 13:18: Revelations 13:16: And
he causeth all, both small and great, rich andpoor, free and bond, to
receive a mark in their right hand, or in theirforeheads. Revelations 13:17:
And that no man might buy or sell, save he thathad the mark, or the name of
the beast, or the number of his name. Revelations 13:18: Here is wisdom. Let
him that hath understandingcount the number of the beast: for it is the
number of a man; and hisnumber is Six hundred threescore and six. When bar
codes were introduced in the 1970s, some Christians were opposedto the
technology, noting that the UPC bar code could be considered to besome kind
of "mark" that was being used to buy and sell. Credit cards weresimilarly
attacked-especially in the late 1990s run-up to the change of the
mil-lennium-on the grounds that they enabled people to use numbers to buy
andsell and that this could be considered a fulfillment of the visions of
Revelations.To those who held this belief, the VeriChip, an electronic mark
that is receivedin a hand, is an even closer fulfillment. Whether or not the
Beast's mark is a VeriChip or a credit card number isbeyond the scope of
this chapter. What's important, though, is that a number ofindividuals
believe that RFID may be an instrument of Beast-that is, of theDevil-and
have decided to fight against it for that reason. As Peter de Jagerargues in
Chapter 30, whether or not you personally subscribe to this view-point, it
is important to remember that other people do and that their opinionsmust be
considered when and if this technology is deployed. ConclusionsADS
representatives declined requests to submit a chapter to this volume or tobe
interviewed for this chapter. Nevertheless, many of the claims made by
ADSgarfinkel.book Page 35 Thursday, June 2, 2005 11:56 PM

Page 22
36CHAPTER2UNDERSTANDINGRFID TECHNOLOGYcan be evaluated in the context of
RFID technology in general. The firstimportant point is that just as the
chip can be easily implanted with a 12-gaugeneedle, it can be easily removed
with a penknife or a machete, provided that theperson removing the device is
not concerned about any damage that may be doneto the surrounding tissue. It
thus seems advisable that the chip not be used forguarding access to
high-security areas unless a secondary form of identificationis used;
otherwise, an attacker could simply hack off a person's arm, recover
thechip, and implant it in him or herself.In fact, it may not be necessary
to engage in such gruesome exploits. If the ADSannual report on file with
the U.S. Securities and Exchange Commission iswithout error, the VeriChip
transmits a simple serial number when it is stimu-lated with an RF beam and
does not participate in a challenge-response proto-col. Therefore, the chip
can be cloned or otherwise hacked by someone usingtechnology described in
Chapter 19, Hacking the Prox Card. VeriChip says that its chip might be
usable in deterring identity theft, but thisclaim is unsubstantiated. One of
the mechanisms fueling identity theft is theuse of unchangeable identifiers
such as Social Security numbers as keys intoonline databanks. Once a person's
VeriChip number is compromised, presum-ably the same sort of access could
take place. For example, a home computerrunning a financial application
might be equipped with a VeriChip reader toguard against unauthorized
access, but if this number is transmitted to a remoteWeb site, it would be
very difficult for the remote Web site to distinguishbetween a number that
had been read by the scanner and one that had beentyped on the computer's
keyboard and then sent over the Internet through useof a hacked device
driver. Although RFID devices have been used for identifying laboratory
animals andlivestock for nearly 20 years, no one is experienced in using
these devices in anadversarial environment against an active attacker. Just
as numerous privacyand security problems surfaced when Microsoft's Internet
Explorer made itstransition from the laboratory to the marketplace, we are
likely to find numer-ous problems with the VeriChip and the computational
infrastructure on whichthe identification system depends. garfinkel.book
Page 36 Thursday, June 2, 2005 11:56 PM

.