Document Sample
05_RFID_Middleware_intro Powered By Docstoc
					               RFID Middleware

                                         Vlad Krotov
                                   University of Houston
                                 Bauer College of Business
                                      Summer 2006

                                                 Wen-Nung Tsai

Source: Forrester, 2004;
• Introduction to Middleware
    – EPCglobal Network
    – Savant and ONS
•   Types of RFID Vendors
•   Middleware Functionality
•   RFID Middleware
•   Threats to RFID Middleware
•   RFID Privacy
• Middleware – software that connects two
  disparate applications, allowing them to
  communicate with each other and to
  exchange data (Laudon & Laudon, 2002)
• Middleware – Software that provides a link
  between separate software applications.
  Middleware sits "in the middle" between
  application software that may be working
  on different operating systems. (wikipedia)

Middleware Layers


  RPC, RMI, and events
  Request reply                       layers
eXternal Data Representation(XDR)

   Operating System

分層負責, 分工合作
   RFID systems: logical view
                                                                                                 ONS                 Information
                                                                                                Server              (PML Format)

Write data     Items with                      Reader        Read         Transaction     Application
to RF tags       RF Tags                                    Manager       Data Store       Systems
                                                                                                           EDI /     Systems
       1           2                       3            4     5       6      7                      8      XML

                                                                                  Tag/Item                 10
                                                                                  Database      9

             Tag Interfaces                                 RFID Middleware                               Other Systems
        Underlying Drivers of RFID
• Standards
• Integration
•Auto-ID Center is a Non-profit organization
supported by major software, consulting, tag and
reader manufacturers and by MIT, Cambridge
University and Adelaide University
In October 2003, the Auto-ID Center was
replaced by the Auto-ID Labs and EPCglobal.

Auto-ID : Methods of collecting data and entering it directly into
computer systems without human involvement.                          6
• Level I:主要規範RFID使用之無線通訊頻道
  – ISO 18000系列:ISO 18000-2到ISO 18000-7定義了
    135 KHz、13.56MHz、2.45GHz、5.8GHz、860-

• Level II:規範RFID電子標籤內資料結構
  – EPCglobal:EPC (產品電子代碼;電子條碼)

• Level III:系統整合
  – Global Data Synchronization Network, GDSN (全球資
  – EPCglobal Network
Tags     The data carriers

Reader   The data capture device; portable or fixed (installed), connected to a
         Savant or network.

EPC      Electronic Product Code: the code carried by the data carrier; the
         globally unique pointer for making enquiries about the item
         associated with the EPC.
Savant   Servers which act as local repositories for EPCs and associated
         information, and which support sophisticated, flexible middleware for
         serving PML queries.
         Object Name Service; the distributed resource that “knows” where
         information about EPCs is held (just like DNS).

         Physical Markup Language; like XML, with XQL query structure to
PML      allow structured querying and reporting of EPCs and attributed data.

            EPCglobal Network
• The EPCglobal Network is a set of global
  technical standards aimed at enabling
  automatic and instant identification of items in
  the supply chain and sharing the information
  throughout the supply chain. (AutoID)
• The EPCglobal NetworkTM consists of five
  fundamental elements:
   –   ID System (EPC Tags and Readers),
   –   Electronic Product Code (EPC)
   –   Object Name Service (ONS)
   –   Physical Markup Language (PML)
   – Savant
RFID Middleware Structure
Tag Data Standard / Air Interface
• Designed to process the streams of tag or sensor data
• Accommodates different reader vendors
ALE (Application Level Events)
• Application interface to filter, aggregate, reduce the volume of data prior to
  sending events to the back end business application
• Standardizes interfaces between readers, ONS, XML, and Enterprise
EPCIS (EPC Information Services)
• Recording and exchange of business-level EPC data (PML)
• Describe how the EPC information can be stored and accessed via the Network

                                                                   ECP IS
    Tag Reads

                       EPC Tags
    64 and 96 bit EPC tags have been defined
        01     0000A21 00015E 000189DF0
      Header EPC Manager Object Class Serial Number
      8 Bits  8 – 35 bits 39 – 56 bits 60 – 95 bits

• Allows for unique IDs for 268 million companies
• Each company can then have 16 million object classes
• Each object or SKU can have 68 billion serial numbers assigned to it

      Header (8 bits):標頭
      Manufacturer (28 bits):廠商代碼
      Product (24bits):產品代碼
      Serial Number (36 bits):序號;一物一碼
                                             GTIN: Global Trade Item Number

           EPC-96: GTIN in an EPC
Element   Header   Type   Part.    EPC Manager     Object Class      Serial Number
Bits        8       3      3            27             17                  38
Value10    016      3      4       0-134,217,727    0-131,071       0-274,877,906,943

                                  EAN•UCC CP       Item Reference

                    EAN•UCC                                            New element for
                                    0037000         06524              individual item

          Procter & Gamble Bounty® paper
                   towels 15 pack
             EPC and PML
• EPC – Electronic Product Code
  –   Header – handles version and upgrades
  –   EPC Manager – Product Manufacturer Code
  –   Object Class – Class/Type of Product
  –   Serial Number – Unique Object Identity
• PML – Physical Markup Language
  – Extension of XML
  – Representation of Tagged Object Information
  – Interaction of Tagged Object Information

           Savant and PML
• Physical Markup Language (PML) is used
  as a common language in the EPCglobal
  Network to define data on physical objects.
• Savant is is a software technology that acts
  as the central nervous system of the
  EPCglobal Network. Savant manages and
  moves information in a way that does not
  overload existing corporate and public

• Savant is a middleware developed by Auto-ID to
  provide middleware between RFID reader and
• Savant sits between tag readers and enterprise
  applications in order to manage the vast amount of
  information retrieved from the tags
• Savant manages and moves information in a way that
  does not overload existing networks
• Savant has a hierarchical architecture that directs the
  flow of data by gathering, storing, and acting on
  information and communicating with other Savants
• In a Savant system, lower level Savants process, filter
  and direct information to the higher level ones and,
  consequently, massive flow of information and network
  traffic is reduced
            Savant and ONS
• Savants
  – Manage the flow of EPC data from RFID readers
     •   Data smoothing
     •   Reader coordination
     •   Data forwarding
     •   Data storage
  – Interact with the ONS network
• ONS Servers
  – Directory for EPC information, similar to Internet DNS
  – Uses the object manager number of the EPC to find
    out how to get more information about the product

        DNS vs. ONS
Would Wide Web                EPCglobal Network
          DNS             ONS
主導網路位置及郵件的途徑              主導產品製造資訊記錄之途徑

       WEB Sites          EPC Information Services
 包含一特定主題資訊來源              特定產品資訊來源
       Search Engines     EPC Discovery Services
       蒐尋網頁的工具            蒐尋EPCIS之工具

      Security Services   EPC Trust Services
     提供一資料交換及             提供EPC產品資料之
         分享信任機制           安全性及流通控制

  Types of RFID Vendors (1/4)
• RFID Pure Plays – offer products that
  integrate with RFID readers, filter and
  aggregate data, and may incorporate
  some business rules
  – ConnectTerra
  – GlobeRanger
  – OATSystems
  – RF Code

  Types of RFID Vendors (2/4)
• Application Vendors – offer software ranging
  from RFID-enabled applications for warehouse
  and asset management to more robust RFID
  middleware solutions for reader coordination,
  data filtering, and business logic capabilities
  –   Povia Software
  –   Manhattan Associates
  –   RedPrairie
  –   SAP

  Types of RFID Vendors (3/4)
• Platform Giants – extend their existing
  platforms and middleware to
  accommodate RFID
  – Sun Microsystems
  – IBM
  – Oracle
  – Microsoft

  Types of RFID Vendors (4/4)
• Integration Specialists – similar to
  platform giants, integration specialists are
  adding RFID features like reader
  coordination and edge-tier filtering go to
  their existing integration technology
  – webMethods
  – Ascential Software

 Middleware Functionality (1/4)
• Reader and device management. RFID
  middleware should allow users to configure,
  monitor, deploy, and issue commands directly to
  readers through a common interface.
• Data management. Once RFID middleware
  captures EPC data from readers, it must be able
  to intelligently filter and route it to the
  appropriate destinations. This capability should
  include both low-level logic like filtering out
  duplicate reads and more complex algorithms
  like content-based routing
 Middleware Functionality (2/4)
• Application integration. RFID middleware
  solutions should provide the messaging, routing,
  and connectivity features required to reliably
  integrate RFID data into existing SCM, ERP,
  WMS, or CRM systems
• Partner integration. Some of the most
  promising benefits of RFID will come from
  sharing RFID data with partners to improve
  collaborative processes like demand forecasting
  and vendor-managed inventory
 Middleware Functionality (3/4)
• Process management and application
  development. Instead of just routing RFID data
  to business applications, sophisticated RFID
  middleware platforms will actually orchestrate
  RFID-related end-to-end processes that touch
  multiple applications and/or enterprises, like
  inventory replenishment. Key process
  management and composite application
  development features include workflow, role
  management, process automation, and UI
  development tools.
  Middleware Functionality (4/4)
• Packaged RFID content. RFID middleware platforms
  that include packaged routing logic, product data
  schemas, and integration with typical RFID-related
  applications and processes like shipping, receiving, and
  asset tracking are major assets

• Architecture scalability and administration. This
  means that RFID middleware platforms must include
  features for dynamically balancing processing loads
  across multiple servers and automatically rerouting data
  upon server failure. These features should span all tiers
  of the architecture — even the edge devices

Single-Tier RFID Middleware

Multitier RFID Middleware

Forrester Research Conclusions
• Manhattan Associates, OAT, and SAP lead with strong
  mandate solutions
• Pure plays like GlobeRanger and ConnecTerra also offer
  viable solutions for early adopters. But unlike
  OATSystems, these vendor offer ―pure‖ middleware
  solutions that provide strong reader integration
  capabilities and APIs for publishing RFID data to back-
  end applications and typically incorporate less packaged
  application logic like EPC track-and-trace tools.
• Both Savi Technology and RF Code have specialty
  capabilities and experience with active RFID tags
• Most platform and integration vendors lack
  generally available products

                   RFID Middleware
•    Sun (merged by Oracle on 2010)
•    SAP
•    Microsoft
•    Oracle
    EPC Discovery Service (EPC_DS) is an EPCglobal
    Network service that allows companies to search for
    every reader that has read a particular EPC™ tag.
    EPC Information Service (EPC_IS) is an EPC™ network
    infrastructure that enables companies to store data associated
    with EPCs in secure databases on the Web.                        32
Sun‘s RFID Software Architecture

Sun‘s Event Manager

Sun‘s Information Server


               ERP Systems
   Value                Information Flow
 Creation                 High Resolution
                          Process Based
                          High Accuracy


                                            Process Agility

                                                   Alien Device Deployment Kit
 Quality and
Measurement                                        Alien RFID Provider

BizTalk RFID server provides a common platform
for RFID applications to interact with diverse
RFID devices such as readers and printers.

Middleware framework: PINES™
                          Data Collection & Device Management Engine
                                                                Movement and
                                                               Device Emulator
                                        Engine and

  Layout Management Engine
     Layout              Layout           Event                Information Store
  Management UI           Store           Store

                                                                EIS Data      PML
  Decision        Query Engine
  Support            and UI
  Engine                                              Rule
      Notification          Graphical                                 Automated
     Engine and UI          Dashboard             Automatic            Actuation
                                                  Actionable              Engine
                                                                       Source: Persistent Systems
Retail case study: Enabling real-time

                               12. Last three hour
  1. Raw
                               promotional offer
  event data
                               alert on product X

                                                                    11. Promotional
                 2. Log data                                        offer alert

          3. Query o/p data                                          10. Promotional
                                                                     offer update

                                         4. Off-take data   9. Promotional
                                         on X product       offer update
5. Four hours to close of
retails stores and product
X sales target for the day
not met!
                  6. Notifications for approval of               8. Approval
                  promotional offer on product X                 alert                 7. Approval

                                                                                Source: Persistent Systems
• 應用型中介軟體 (Application Middleware)
  – 以API整合、串接RFID設備為目的
  – 著重於處理前後端系統的連接問題
• 基本架構型中介軟體 (Infrastructure Middleware)
  – 可滿足多對多的介接需求
  – 具備資料收集、過濾和平台的管理與維護功能
• 解決方案型中介軟體 (Solution Middleware)
  – 提供自動化系統與RFID讀寫器、標籤溝通的介面
  – 針對不同領域推出各項創新解決方案

      Threats to RFID Middleware

•   Sniffing attack(竊聽)
•   masquerade attack (Forgery;偽造)
•   Replay Attack (重送攻擊)
•   Denyal of Service Attack (DoS;阻斷服務攻擊)
•   DDoS Attack (分散式阻斷服務攻擊)
•   Buffer Overflow Attack(緩衝區溢位攻擊)
• Code Insertion、 SQL injection
    Why RFID systems are vulnerable
              to attacks

•   Lots of source code
•   Generic protocols
•   Back-end databases
•   High-value data
•   False sense of security

         RFID-Based Exploits
• Buffer Overflows
  – The life of a buffer overflow begins when an attacker
    inputs data either directly (i.e. via user input) or
    indirectly (i.e. via environment variables).
  – This input data is deliberately longer then the
    allocated end of a buffer in memory, so it overwrites
    whatever else happened to be there.
  – Since program control data is often located in the
    memory areas adjacent to data buffers, the buffer
    overflow can cause the program to execute arbitrary
          RFID-Based Exploits
• Buffer Overflows
  – RFID tags are limited to 1024 bits or less.
  – However, commands like 'write multiple blocks' from ISO-
    15693 can allow a resource-poor RFID tag to repeatedly
    send the same data block, with the net result of filling up
    an application-level buffer.
  – Meticulous formatting of the repeatedly sent data
  – An attacker can also use contactless smart cards, which
    have a larger amount of available storage space.
  – An attacker can really blow RFID middleware's buffers
    away, by using a resource rich actively-powered RFID
    tag simulating device, like the RFID Guardian

        RFID-Based Exploits
• Code Insertion
  – Malicious code can be injected into an
    application by an attacker, using any number
    of scripting languages including VBScript, CGI,
    Java, JavaScript, and Perl

         RFID-Based Exploits
• SQL injection
  – SQL injection is a type of code insertion attack that
    tricks a database into running SQL code that was not
  – Attackers have several objectives:
     • They might want to enumerate (map out) the database
       structure. Then, the attackers might want to retrieve
       unauthorized data, or make equally unauthorized
       modifications or deletions.
     • Databases also sometimes allow DB administrators to
       execute system commands. A system command can be used
       to attack the system

           RFID-Based Worms
• Worm is a program that self-propagates across a
  network, exploiting security flaws in widely-used services
• A worm is distinguishable from a virus in that a worm
  does not require any user activity to propagate
• Worms usually have a payload, which performs activities
  ranging from deleting files, to sending information via
  email, to installing software patches
• One of the most common payloads for a worm is to
  install a ―backdoor‖ in the infected computer, which
  grants hackers easy return access to that computer
  system in the future.

       RFID-Based Viruses
• One can develop RFID based viruses
  using SQL language.
• The SQL data can be transmitted to a
  system via an RFID tag

           Tag Collision Problem
• Multiple tags simultaneously respond to query
  – Results in collision at the reader
• Several approaches
  –   Tree algorithm
  –   Memoryless protocol
  –   Contactless protocol
  –   I-code protocol

            Tree Algorithm
– Reader queries for tags
– Reader informs in case of collision and tags
  generates 0 or 1 randomly
– If 0 then tag retransmits on next query
– If 1 then tag becomes silent and starts incrementing
  its counter (which is initially zero)
– Counter incremented every time collision reported
  and decremented every time identification reported
– Tag remains silent till its counter becomes zero

          Tree Algorithm – Example
Reader informs tags in case of collision and tags generate 0 or 1
•If 0 then tag retransmits on next query, else tag becomes silent and starts a counter.
Counter incremented every time collision reported and decremented otherwise.

        Memoryless Protocol
• Assumption: tagID stored in k bit binary string
• Algorithm
  – Reader queries for prefix p
  – In case of collision queries for p0 or p1
• Time complexity
  – Running time – O(n)
  – Worst Case – n*(k + 2 – logn)
• Message Complexity – k*(2.21logn + 4.19)

Memoryless Protocol – Example
• Reader queries for prefix p
• In case of collision, reader queries for p0 or p1
• Example: consider tags with prefixes: 00111, 01010, 01100, 10101,
  10110 and 10111

         Contactless Protocol
• Assumption: tagID stored in k bit binary string
• Algorithm
  – Reader queries for (i)th bit
  – Reader informs in case of collision
     • Tags with (i)th bit 0 become silent and maintain counter
     • Tags with (i)th bit 1 respond to next query for (i+1)th bit
• Time complexity – O(2k)
• Message complexity – O(m(k+1)), where m is
  number of tags

Contactless Protocol – Example
• Reader queries for (i)th bit
• Reader informs in case of collision
   – Tags with (i)th bit 0 become silent and maintain counter
   – Tags with (i)th bit 1 respond to next query for (i+1)th bit
• Example: tags with prefixes: 01, 10 and 11

         I-Code Protocol (1/2)
• Based on slotted ALOHA principle
• Algorithm
  – Reader provides time frame with N slots, N
    calculated for estimate n of tags
  – Tags randomly choose a slot and transmit their
  – Responses possible for each slot are
     • Empty, no tag transmitted in this slot – c0
     • Single response, identifying the tag – c1
     • Multiple responses, collision – ck

            I-Code Protocol (2/2)
   – New estimate for n :
     lower bound
       εlb(N, c0, c1,ck) = c1 + 2ck

   – Using estimate n, N calculated
   – N becomes constant after some time
   – Using this N calculate number of read cycles s to identify tags
     with a given level of accuracy α
• Time complexity – t0*(s+p)
   – t0 is time for one read cycle
   – p number of read cycles for estimating N
• Message complexity – n*(s+p)
                RFID Privacy
•   Hidden placement of tags
•   Unique identifiers for all objects worldwide
•   Massive data aggregation
•   Unauthorized development of detailed profiles
•   Unauthorized third party access to profile data
•   Hidden readers

    “Just in case you
    want to know, she’s
    carrying 700 Euro…”

The “Blocker” Tag approach
 • “Tree-walking‖ protocol for identifying tags
   recursively asks question:
   – ―What is your next bit?‖

 • Blocker tag always says both ‘0’ and ‘1’!
   – Makes it seem like all possible tags are present
   – Reader cannot figure out which tags are actually
   – Number of possible tags is huge, so reader stalls

    More on blocker tags
• Blocker tag can be selective:
  – Privacy zones: Only block certain ranges of RFID-tag
    serial numbers
  – Zone mobility: Allow shops to move items into privacy
    zone upon purchase
• Example:
  – Blocker blocks all identifiers with leading ‗1‘ bit
  – Items in supermarket carry leading ‗0‘ bit
  – On checkout, leading bit is flipped from ‗0‘ to ‗1‘
     • PIN required, as for ―kill‖ operation

      The Challenge-Response
•   Tag does not give all its information to reader.
    – The closer the reader, the more the processing.
    – Tag reveals highest level of authenticated information.

1. Reader specifies which level it wants.
2. Tag specifies level of security, and/or amount of
   energy needed.
3. Reader proceeds at that level of security.
4. Tag responds if and only if it gets energy and
   security required.
     Some more approaches
•   The Faraday Cage approach.
    – Place RFID tags in a protective mesh.
    – Would make locomotion difficult.
•   The Kill Tag approach.
    – Kill the tag while leaving the store.
    – RFID tags are too useful for reverse logistics.
•   The Tag Encryption approach.
    – Tag cycles through several pseudonyms.
    – Getting a good model is difficult.

•   No ‗one-size-fits-all‘ solution.
•   Security hinges on the fact that in the real world, an
    adversary must have physical proximity to tags to
    interact with them.
RFID Middleware

       An Introduction

Thank you!

Shared By: