Can Jannie verify? Usability of display-equipped RFID tags for security purposes

The recent emergence of RFID tags capable of performing public key operations enables a number of new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access-control badges). While the use of public key cryptography in RFID tags mitigates many difficult s...

Full description

Saved in:
Bibliographic Details
Published in:Journal of computer security 2013-01, Vol.21 (3), p.347-370
Main Authors: Kobsa, Alfred, Nithyanand, Rishab, Tsudik, Gene, Uzun, Ersin
Format: Article
Language:English
Subjects:
Commerce
Computer information security
Devices
Emergence
Privacy
Radio frequency identification
Readers
Tags
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The recent emergence of RFID tags capable of performing public key operations enables a number of new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access-control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly when RFID tags are used for financial transactions or bearer identification.In this paper, we focus exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as pairing of RFID tags with other personal devices. Our approach is based on two factors: (1) recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and (2) high-end RFID tags used in financial transactions or identification are attended by a human user (typically, their owner). Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we conducted comprehensive user studies to assess usability of all considered methods. This paper reports on our findings.
ISSN:0926-227X
1875-8924
DOI:10.3233/JCS-130470