Citation
Kobsa, A.; Nithyanand, R.; Tsudik, G.; Uzun, E. Usability of display-equipped RFID tags for security purposes. Proceedings of the 16th European Conference on Research in Computer Cecurity (ESORICS’11); 2011 September 12-15; Leuven, Belgium. Berlin: Springer; 2011; LNCS 6879: 434-451.
Abstract
Recent emergence of RFID tags capable of performing public key operations enables a number of new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access-control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly when RFID tags are used for financial transactions or bearer identification. In this paper, we focus exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as pairing of RFID tags with other personal devices. Our approach is based on two factors: (1) recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and (2) high-end RFID tags used in financial transactions or identification are attended by a human user (typically, their owner). Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we conducted comprehensive user studies to assess usability of all considered methods. This paper reports on our findings.
