Usability of display-equipped RFID tags for security purposes
Recent emergence of high-end RFID tags capable of performing public key operations enables some new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access control badges). While the use of public key cryptography mitigates many difficult security issues, certain important usability-related issues remain, particularly, when RFID tags are used for financial transactions or bearer identification. In this paper, we focus on user-involved techniques for user-to-tag authentication, transaction verification, reader expiration & revocation checking, as well as pairing of RFID tags with other personal devices. Our approach is based on two factors: (1) recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and (2) high-end RFID tags used in financial transactions or identification are usually attended by users (their owners). Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we thoroughly evaluate usability of all proposed methods via comprehensive user studies and report on our findings.
- download PDF (1.2 MB)
Kobsa, A.; Nithyanand, R.; Tsudik, G.; Uzun, E. Usability of display-equipped RFID tags for security purposes. Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS); 2011 September 12-15; Leuven, Belgium. Berlin: Springer; 2011; Lecture Notes in Computer Science 6879: 434-451.
Copyright © Springer Verlag, 2011. All rights reserved. The original publication is available at www.springerlink.com.