G.N. Gaydadjiev (Recipient), Melanie Rieback (Recipient), Bruno Crispo (Recipient), Rutger Hofman (Recipient) & Andrew Tannenbaum (Recipient)

This paper presents the design, implementation, and evaluation of the RFID Guardian, the first-ever unified platform for RFID security and privacy administration. The RFID Guardian resembles an ``RFID firewall,'' that monitors and controls access to RFID tags by combining a standard-issue RFID reader with unique RFID tag emulation capabilities. Our system provides a platform for both automated and coordinated usage of RFID security mechanisms, offering fine-grained control over RFID-based auditing, key management, access control, and authentication capabilities. We have prototyped the RFID Guardian using off-the-shelf components, and our experience has shown that active mobile devices are a valuable tool for managing the security of RFID tags in a variety of applications, including protecting low-cost tags that are unable to regulate their own usage.

More philosophically, RFID technology vividly illustrates the difficulties of security administration in a world of increasingly pervasive, decentralized, low-cost, and low-power computing. Our paper thus also offers a glimpse of what system administration may be like in the future, when laymen face the responsibility to manage systems of tiny computers that they are barely aware of.
Awarded date2006
Degree of recognitionInternational
Awarded at eventLISA 2006

ID: 47432339