A Technical RFID Primer

← Back to Stories (view on slashdot.org)

Posted by Hemos on Tuesday October 26, 2004 @02:35AM from the learn-more-about-it dept.

gManZboy writes "Roy Want, principal engineer at Intel Research, has a pretty meaty technical overview of RFID up at Queue. If you ever wondered how these little things actually work it's worth a read. For instance, I was intrigued to find out how the tags (which are generally battery-free) can absorb enough energy from RFID readers to then power up and transmit their own signal back to the reader."

13 of 131 comments (clear)

Min score:

Reason:

Sort:

RFID isn't a problem-free technology for retailers by hrbrmstr · 2004-10-26 02:45 · Score: 5, Informative

A little over a week ago, Yahoo! posted a story from TechWeb about IBM's experiences with Wal-Mart in their RFID deployment.
During the deployment, IBM consultants have encountered interference from handheld devices such as walkie-talkies, forklifts, and other devices typically found in distribution facilities. And nearby cell-phone towers, which transmit at the high end of the frequency band, sometimes leak unwanted radio waves into the RFID readers. Bug zappers in the grocery sections of the pilot stores also caused interference. "When you have a bug that hits the zapper, the RF power generated by the interaction with the bug produces noise in the coax cables," says Douglas Martin, executive consultant at IBM Global Services.
Regardless of how much a retailer's internal facility might disrupt their ability to monitor me, I still plan on getting one of RSA's RFID jammers when they're out.

--
Mind the gap...
errrm.... by mr_snarf · 2004-10-26 02:56 · Score: 3, Informative

I was intrigued to find out how the tags (which are generally battery-free) can absorb enough energy from RFID readers to then power up
I thought that was the WHOLE POINT of RFID tags? Pretty useless if they need their own power source.

--
printf("Goodbye cruel world!\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
1. Re:errrm.... by Rimbo · 2004-10-26 07:18 · Score: 3, Informative
  
  "I thought that was the WHOLE POINT of RFID tags? Pretty useless if they need their own power source."
  
  This is called Passive RFID. There is also Active RFID, where the tag has its own power source.
  
  Active RFID is more expensive, because of the need for a power source, but it gets much better range than the ~10 feet (with an antenna that will cook you under perfect conditions) you can get with a passive tag.
  
  Person-tracking RFID systems are the sorts of things that would use an active tag; you need greater range, and the tagged item has a much higher value than, say, a can of soup, so it's worth the extra cost.
  
  As for the dream/nightmare of passive tags tracking people's purchase as they walk from store to store, I have enough trouble getting six tags placed directly onto an antenna powerful enough to make you feel warm if you stand next to it to get read; it's highly bloody unlikely that someone or some company with an antenna ten feet away is going to surreptitiously record your purchases without your knowledge. Don't believe the RFID industry's hype.
Re:I'd like more info, actually by bsd4me · 2004-10-26 03:06 · Score: 2, Informative

I'm assuming you'd let the engineers out of the office when the fire alarm was going off, otherwise you'd probably be looking at quite a jail term.

Every facility I have worked at with card readers on doors have crash bars and a door alarm, so that if you exit without swiping your card the alarm goes off. If there is a fire, nobody really cares about a door alarm.

--
(S(SKK)(SKK))(S(SKK)(SKK))
Re:article text by Anonymous Coward · 2004-10-26 03:21 · Score: 0, Informative

your supposed to post these anonymously karma whore
Re:I'd like more info, actually by mcglothi · 2004-10-26 03:27 · Score: 2, Informative

RFID in an access control installation is pretty common. We use Lenel Systems' OnGuard software suite along with TI RFID access control readers. Here are a couple of sites that might help you get an idea of what is involved in a system like this:
http://www.lenel.com/
http://www.ti.com/tiris/docs/products/readers/RI-H 4R-S5H3.shtml
Re:I'd like more info, actually by Technician · 2004-10-26 03:31 · Score: 3, Informative

could an "eraser" pulse be sent out from some unscrupulous individual?

There are some spec's on the standards. Google search for ISO15693. That covers near field tags operating on 13.56 MHZ.

Search for EPC-96 standard for the far field 915 MHZ tags.

Most tags are either read only with a unique ID number, or read/write, also with a non-alterable unique ID number. Some, but not all tags can be told to become de-activated. So yes, an eraser signal could be used against some tags. A huge surge of RF could simply fry them also. Tossing them in a microwave oven comes to mind..

Since the tags have collision avoidance, an unscrupulous individual could make an emitter that chattered garbage. With that, items with active tags could be taken past readers without being read as they wouldn't be heard in the chatter.

There is mention of RFID jammers. Do a Google search again. Google is your friend.

--
The truth shall set you free!
transmission vs. reflection and foil bags by Wansu · 2004-10-26 03:36 · Score: 4, Informative

I was intrigued to find out how the tags (which are generally battery-free) can absorb enough energy from RFID readers to then power up and transmit their own signal back to the reader."

The high frequency tags don't actually transmit. They change the impedance of their antenna to modulate the reflection back to the transmitter.

Another problem the article didn't mention is that bags lined with aluminum or copper foil will thwart these systems.

--
Wansu, th' chinese sailor
Re:I'd like more info, actually by RPI+Geek · 2004-10-26 03:41 · Score: 2, Informative

If you go and implement this for all the entrances and you really DO want to be cautions about hackers gaining admittance, be careful what kind of RFID you choose. RFID Cloner

If would be easy enough to have the RFID readers ONLY within the building and give the engineers/manag^H^H^H^H^H^H/security/cleaning staff access to a sensitive lab, maybe. That way even if someone does manage to clone the tag while the engineer is in the street, they can't get in the building using just the cloned tag. If someone within the company did this, you probably have other problems anyways.

--

- "Nobody came out that night, not one was ever seen. But Old Man Stauf is waiting there, crazy sick and mean!"
Lukas Grunwald's Blackhat pres. + Linux tools! by phreakmonkey · 2004-10-26 03:44 · Score: 5, Informative

Lukas Grunwald did an excellent presentation at BlackHat USA 2004 about this very subject.
The most interesting thing that I learned was that most all RFID tags have a 128 byte "user data" buffer than can be read or written by ANY RFID gate. (Ie: you can put an RFID interface on your laptop and query the tags and change the "user data" portion on them.)
Obviously, this means that any application that is sensitive to tampering should only use the hard-coded serial numbers, not the "user data" area... but history has told us how well people stick to "common sense" security practices in their implementations.
His paper and the Linux tool that allows you to query and change the data are located here: http://www.blackhat.com/html/bh-media-archives/bh- archives-2004.html (scroll down to Lukas Grunwald under "Layer 0".
Re:not so new? by Anonymous Coward · 2004-10-26 04:42 · Score: 1, Informative

they are magnetic metallic strips which can be degaussed temporarily to allow exiting the store. if they arent degaussed, they resonate and generate an em field which sets of the alarm.
see : http://w4.siemens.de/FuI/en/archiv/zeitschrift/hef t1_99/artikel10/
Some add on... by feloneous+cat · 2004-10-26 05:47 · Score: 3, Informative

Yah, but the transmitters are not clean (how the eff do they get them through FCC?). They splatter around their set frequency. Really a freakin mess.

-The energy sent BACK is very weak. So you really don't need much to block it. White noise around 125 Khz should be enough. Or, as I mentioned before, chewing gum wrapper. Take your pick.

-Random codes won't do it. Sorry, but there IS a check (pretty pitiful, but there is one) and if the checksum don't match, nothing goes through. Nothing gets stuffed. Most readers use 8051 or something lightweight. If it doesn't pass first base, it doesn't go no where.

-Pliers work real good at breaking them. Easier than EMP (which might be noticed). They also break pretty easily on their own.

--
IANAL, but I've seen actors play them on TV
1. Re:Some add on... by JustKidding · 2004-10-26 06:11 · Score: 2, Informative
  
  -The energy sent BACK is very weak. So you really don't need much to block it. White noise around 125 Khz should be enough. Or, as I mentioned before, chewing gum wrapper. Take your pick.
  Well, ofcourse, that's the idea. Just build a simple 125 kHz oscillator (say, run a schmitt trigger at 125 square wave and use a simple second order bandpassfilter to filter out some unwanted harmonics), and connect it to a simple, tuned antenna. That would be pretty effective at blocking all RFID tag readers using that frequency at a considerable distance.
  -Random codes won't do it. Sorry, but there IS a check (pretty pitiful, but there is one) and if the checksum don't match, nothing goes through
  That's right, a checksum is often used to prevent a bad read when a tag is only just in range. However, the way those checksums are calculated, is usually documented, and there are only a few different checksum algorithms in use. That would make it fairly easy to transmit random data with correct checksums.
  -Pliers work real good at breaking them.
  Yes, but ofcourse, only if you can find the tag, which will become more difficult as they get smaller. You may not even be sure a tag is there. Other than that, they can be unreachable.
  Easier than EMP (which might be noticed).
  Ofcourse it might be noticed. The question is: how can they tell it's me, and secondly, what do they plan to do about it?!?