A variety of emerging microelectronics applications target portable systems with tight constraints on the related metrics of power, form factor, and longevity. For many of these applications, there are severe constraints on the energy consumption for the electronics in the system. In particular, passive RFID tags rely on power received from readers so low power consumption is necessary to enable long-range reads. Nevertheless, these devices are already widely used for applications with serious security and privacy requirements such as key cards, public transportation tokens, and implantable medical devices. Current design approaches and standard cryptographic primitives fail to satisfy the needs for these systems. As a result, current implementations either resort to "security-by-obscurity" and ad hoc solutions that fail to provide adequate security and are frequently broken in practice. This project is developing a comprehensive approach to analyzing, designing, and implementing security and privacy for severely resource-constrained devices such as widely deployed RFID systems. The goal is to enable designers to create secure, cost-effective, large-scale RFID-deployments by combining primitives and protocols from a library with known properties and to implement those designs in a principled and efficient manner. The research follows an interdisciplinary approach by bringing together experts in low-energy integrated circuit design, design automation and embedded systems, system and network security, and cryptography. In addition to the research, the project includes a modular RFID security lab course and teaching outreach courses using cryptography and RFID systems to excite middle school students about pursuing science and engineering.
CT-M: Implementable Privacy and Security for Resource-Constrained Devices