"Adoption of RFID – An Introduction to the Technology and Review

Transcription

"Adoption of RFID – An Introduction to the Technology and
Review of Technology Acceptance Studies"
Ringvorlesung "Anwendungen der Informatik"
May 2006
Dr. Sarah Spiekermann
Humboldt-Universität zu Berlin
Seite 1
Agenda
• RFID: An Introduction into the Technology
• Consumers‘ View surrounding RFID
• Technical Feasibility of Consumer Fears
• A 7-Point Plan to Ensure Privacy
Seite 2
Agenda
Seite 3
RFID (= Radio Frequency IDentification) tags
will be embedded in most objects in the future.
Seite 4
Not all RFID tags are equal
• Electronic tags refer to a family of
technologies that transfer data wirelessly
between tagged objects and electronic
readers.
• Radio Frequency Identification (RFID) tags
transmit data over a short range.
Important distinctions:
• Active vs. Passive tags
• Tag Classes
• Tag Generations
Seite 5
Depending on the frequency used RFID tags
have very different read ranges.
Seite 6
Tag Classes are being distinguished on the
basis of tag capabilities.
Quelle: Weis, Security and Privacy in Radio-Frequency Identification Devices
Seite 7
RFID tags have been in use for a long time.
Seite 8
The Electronic Product Code (EPC) uniquely
identifies each object.
The EPC code was intended to be universally and globally accepted as a
means to link physical objects to the computer network/to serve as an
efficient information reference.
Quelle: „RFID Fahrplan der Metro Group“, Dr. Gerd Wolfram, RFID-Kongressfür die Partner der METRO Group ,
Köln, 14. Mai 2004
Seite 9
RFID tag cost is declining to a point where
item level tagging becomes economically
realistic even for low value products.
Quelle: „RFID Fahrplan der Metro Group“, Dr. Gerd Wolfram, RFID-Kongressfür die Partner der METRO Group , Köln,
14. Mai 2004
Seite 10
However, RFID tags as we know them are only
one component of the Intelligent Infrastructure.
Components of the Intelligent Infrastructure

Seite 11
Electronic tags (e.g. RFID tags)
Electronic Product Code (EPC)
Physical Markup Language (PML)
Object Naming Service (ONS)
EPC Discovery Service
The Physical Markup Language (PML) is
intended to be the standard in which
networked information about physical objects is written.
• Physical Mark-Up Language (PML)
• Based on XML
• Description of physical objects
• Independent of transport protocols and applications
• PML-Core (Schema)
• Facilitates data exchange
• Standardizes information, e.g. place, time, date, measures, etc.
• PML-Extensions
• Application specific schemata
Seite 12
The Object Naming Service (ONS) is the 'glue'
which links the Electronic Product Code (EPC)
with its associated data file (accessible via EPC-IS).
ONS
Verweist auf
EPC Discovery
Service
Verweist auf
Anfrage zu
EPC
EPC-IS
Anfragende Instanz:
Lokale
DB
Hersteller
EPC-IS
Lokale
DB
Zwischenhändler
Bewegung durch die Lieferkette
Seite 13
EPC-IS
Lokale
DB
Händler
RFID Tags are supposed to be used at
many points of the supply chain.
Quelle: „RFID Fahrplan der Metro Group“, Dr. Gerd Wolfram, RFID-Kongressfür die Partner der METRO Group , Köln,
14. Mai 2004
Seite 14
Agenda
Seite 15
RFID introduction has stirred some
concern by privacy rights organisations.
Demonstration in Rheinberg
Seite 16
Consumer fears associated with
RFID chips have become an ‘issue’ the mass media.
German Press
International Press
100%
100%
10
19
90%
80%
25
26
26
70%
15
27
80%
44
46
90%
43
70%
31
28
60%
60%
41
50%
43
50%
8
23
26
26
40%
13
30%
13
20%
42
33
10%
15
20
14
40%
12
8
30%
14
19
42
57
29
6
19
18
20%
35
33
25
10%
14
11
0%
0%
2003-02/03/04
2003-05/06/07
2003-08/09/10
2003-11/12/01
2004-02/03/04
2003-02/03/04
2003-05/06/07
3 Month Period
2003-08/09/10
2003-11/12/01
2004-02/03/04
3 Month Period
Consumer Benefits
Company Advantages
Consumer Benefits
Company Advantages
Consumer Fears
Company Disadvantages
Consumer Fears
Company Disadvantages
*Base: 350 articles published between 2000 and 2004 were analyzed from 68 national and international sources.
Seite 17
Within the ‘fears’ category, surveillance
by companies is the major social challenge
recognized for RFID technology.
Relative Importance of ‘Fear’ Types mentioned in German Popular Press:
2003/11 – 2004/04
1
0%
22
7%
71
22%
84
26%
Danger, Risk, Fear
Surveillance by Third Party
Surveillance by Companies
Health/ Environment
21
6%
71% of fears relate to
surveillance issues
Seite 18
Surveillance by State
Job Loss
125
39%
Benefits from RFID at the Point of Sale
Durchschnittliche Beurteilung des RFID Einsatzes
zu unterschiedlichen Zwecken…
Zeitersparnis
5 = befürworte
völlig
Passwort
Agent
Chips an
4
Chips aus
mittelmäßig
3
Produktinformation
2
Seite 19
n
en
üß
gr
be
nli
ch
Pe
rs ö
In
fo
rm
rW
Pe
rs
sc
h
ng
nu
ön
lic
he
ne
lls
te
te
ar
W
e
er
ati
on
e
eg
n
ze
it e
s
fo
In
re
tu
ng
rz
e
er
ne
lle
Sc
h
Be
ra
ltb
ar
ha
ss
lä
ng
er
Be
Kü
re
ch
Fr
Be
isc
h
ew
ar
e
da
,f
e
kt
od
u
ka
m
m
an
t ro
ür
di
e
fts
ko
n
un
He
rk
Pr
So
fo
rt
sa
ge
n,
ob
W
ar
e
no
lle
ch
da
1 = befürworte
gar nicht
Benefits from RFID after purchase.
Durchschnittliche Beurteilung des RFID Einsatzes
zu unterschiedlichen Zwecken…
5 = sehr
angenehm
Passwort
Agent
Chips an
4
Chips aus
mittelmäßig
3
2
1 = sehr
unangenehm
hr
Sc
Vo
m
M
an ed
k ika
Vo ge m e
w
sc m M ar nte
n
hr
nan e d t
i
k
k
er a m
in
n e en te
W
r
na
ge sch t
wa m
rn asc
t
hin
e
Le
b
no e n
ch sm
Re
i
ze halt ttel
pt v
ba
ors r
In
c
Kl
Sa eid hläg
e
e
ch
en rläd
em en
pfo
h le
n
he
on
c
se
ü el e B
r
u
re
t
p
a
t hn
a
s
e
H
z
o
W
an
zu
e
ie sen en
t
t
h
os
a n as c h
uc
nf
ar e K us
i
a
z
G n
ta
br n
at
e
h
m
s
o
G rü f e
U
Zu
p
Seite 20
What are major consumer fears
associated with RFID?
Focus Groups conducted for the Metro Group revealed 5 major threats.
1. Unauthorized readout of one’s
belongings by others
2. Tracking of persons via their objects
3. Retrieving social networks
4. Technology paternalism
5. Making people responsible for their
objects
Æ Loss of Control
Seite 21
Unfortunately, industry groups tend to play
down the real threat of RFID.
GS1 (CCG): „RFID in the context of Consumer and Data Protection“
(Management Information Paper, April 2004)*
• „With an EPC transponder we continue to just store a non meaningful number“
(p.1)
• „In terms of process logic, nothing is being changed.“ (p.2)
• „RFID readers are expensive and will only be mounted where this makes sense,
namely in retail outlets at the checkout, at the exit for theft protection and on
shelves for stock-keeping reasons.“ (p2)
• „Even if transponders were being read out unauthorized, nobody can make use of
the article or client number if one hasn‘t got the respective access to backend
databases.“ (p.2)
Seite 22
*own translation
Agenda
Seite 23
Goal of the attack-tree analysis presented
• Provide proof of the technical
feasibility of consumer threats.
• Provide proof of economic sense
behind potential implementation
scenarios.
• Provide a basis for structured
technical discussion to implement
security and privacy.
• Create a document that is clear and
complete for management
information.
Seite 24
Consumer threat
Path to fullfill
threat
Unauthorized readout of one’s belongings
by others
Seite 25
Getting the EPC is easy if item level tags will
operate on the UHF band.
Reading Distance: Passive Tags
Reading Distance: Active Tags
Seite 26
The Electronic Product Code (EPC)
uniquely identifies each object.
The EPC code was intended to be universally and globally accepted as a
means to link physical objects to the computer network/to serve as an
efficient information reference.
source: „RFID Fahrplan der Metro Group“, Dr. Gerd Wolfram, RFID-Congressf for METRO Group partners ,
Cologne, May 2004
Seite 27
Object data is available for those having access
to the EPC Network or to a local EPC-IS.
ONS
Verweist auf
EPC Discovery
Service
Verweist auf
Anfrage zu
EPC
EPC-IS
Anfragende Instanz:
Lokale
DB
Hersteller
EPC-IS
Lokale
DB
Zwischenhändler
Bewegung durch die Lieferkette
Seite 28
EPC-IS
Lokale
DB
Händler
On this background, we suggest 3 privacy
measures.
•
Default killing of RFID tags at store exits OR password protection of RFID tag
content.
•
No sharing of local tracking data (times and places) with the EPC Network
beyond logistics.
•
Rigorous controls and transparency of EPC Network access rights.
Seite 29
Tracking of persons via their objects
Seite 30
Only around 30% are fine with tracking in a
retail outlet IF they get the fastest track
calculated for them in return.
RFID Use
Positiv ---------------------------------- Judgement %---------------------------------- Negativ
Fastest Track
through the
supermarket
Seite 31
9,3 %
22,2 %
18,5 %
13,0
13
% 37
37,0
%
Retrieving social networks
Seite 32
On this background we added 2 further
privacy measures.
•
content
•
No sharing of local tracking data (times and places) with the EPC Network
beyond logistics
•
Minimal granulariy: Limited timestamp information
•
Rigorous controls and transparency of EPC Network access rights
•
Deletion of all object data after a certain period of time
Seite 33
Technology Paternalism
Seite 34
Not anybody should be easily able to use
the EPC Network to enforce rules.
•
content
•
Seite 35
Making people responsible for their objects
Seite 36
People should not be uniquely linked to
their objects.
•
content
•
Partial or no saving of the full EPC serial number
•
•
Deletion of all object data after a certain period of time
•
Owner control over personal information on objects sold and available on
the EPC Network
Seite 37
A 7-Point Plan to Ensure Privacy
1. Default killing of RFID tags at store exits OR password protection of RFID tag
content
2. No sharing of local tracking data (times and places) with the EPC Network
beyond logistics
3. Minimal granulariy: Limited timestamp information
4. Partial or no saving of the full EPC serial number
5. Rigorous controls and transparency of EPC Network access rights
6. Deletion of all object data after a certain period of time
7. Owner control over personal information on sold objects available on the EPC
Network
Seite 38
Default killing of RFID tags is what consumers want! 73% rather kill it,
then protecting themselves with PETS!
Chips vernichten vs. Chips aktiv
% of N
Chips off vs. PET/on
45
40
35
30
25
20
15
10
5
0
1
2
3
4
5
6
7
8
9
10
vollständig vernichten (1) vs. aktiv (11)*
Agent (N=55)
Seite 39
Passwort (N=73)
Chips an (N=53)
11
Thank you for your attention!
For more information see:
http://interval.hu-berlin.de/content/de/projekte/technoakzept_index.php
or
contact: [email protected]
Seite 40

"Adoption of RFID – An Introduction to the Technology and Review

Transcription

Similar documents