RFID Guardian Project

Home Publications Prototype Resources People Sponsors


Recent Awards:

  • 6/12/2006 - Our paper at USENIX Lisa 2006 won the Best Paper Award
  • 12/10/2006 - Netherlands Science Foundation (NWO) I/O Award
  • 12/9/2006 - Finalist for Internet Society (ISOC) Award 2006 (Category: Security and Privacy)
  • 15/3/2006 - Our paper at IEEE PerCom 2006 won the Best Paper for High Impact Award

About the Project:

The RFID Guardian Project is a collaborative project focused upon providing security and privacy in Radio Frequency Identification (RFID) systems. The goals of our project are to:
  • Investigate the security and privacy threats faced by RFID systems
  • Design and implement real solutions against these threats
  • Investigate the associated technological and legal issues
The namesake of our project is the RFID Guardian: a mobile battery-powered device that offers personal RFID security and privacy management. One the focuses of our project is to build an RFID Guardian prototype.

Our group also performed the first-ever research on RFID Malware.

What is RFID?

RFID chip Radio Frequency Identification (RFID) is the latest phase in the decades-old trend of the miniaturization of computers. RFID transponders are tiny resource-limited computers that do not have a battery that needs periodic replacement. RFID tags are inductively powered by their external reading devices, called RFID readers. Once the RFID tag is activated, the tag then decodes the incoming query and produces an appropriate response by modulating the request signal, using one or more subcarrier frequencies. RFID Tags can do a limited amount of processing, and have a small amount (<1024 bits) of storage.

RFID tags are useful for a huge variety of applications. Some of these applications include: supply chain management, automated payment, physical access control, counterfeit prevention, and smart homes and offices. RFID tags are also implanted in all kinds of personal and consumer goods, for example, passports, partially assembled cars, frozen dinners, ski-lift passes, clothing, and public transportation tickets. Implantable RFID tags for animals allow concerned owners to label their pets and livestock. Verichip Corp. has also created a slightly adapted implantable RFID chip, the size of a grain of rice, for use in humans. Since its introduction, the Verichip was approved by the U.S. Food and Drug Administration, and this tiny chip is currently deployed in both commercial and medical systems.

Click here for a collection of RFID-related resources.

RFID Security and Privacy Threats

cartoon As people start to rely on RFID technology, it will become easy to infer information about their behavior and personal tastes, by observing their use of the technology. To make matters worse, RFID transponders are also too computationally limited to support traditional security and privacy enhancing technologies. This lack of information regulation between RFID tags and RFID readers may lead to undesirable situations. One such situation is unauthorized data collection, where attackers gather illicit information by either actively issuing queries to tags or passively eavesdropping on existing tag-reader communications.

Other attacks include the unwanted location tracking of people and objects (by correlating RFID tag "sightings" from different RFID readers), and RFID tag traffic analysis (e.g. terrorist operatives could build a landmine that explodes upon detecting the presence of any RFID tag).

The RFID Guardian

The RFID Guardian is a mobile battery-powered device that offers personal RFID security and privacy management for people. The RFID Guardian monitors and regulates RFID usage, on the behalf of consumers.

The RFID Guardian is meant for personal use; it manages the RFID tags within physical proximity of a person (as opposed to managing RFID tags owned by the person, that are left at home). The RFID Guardian is portable. It should be PDA-sized, or better yet, could be integrated into a handheld computer or cellphone. The RFID Guardian is also battery powered. The RFID Guardian also performs 2-way RFID communications. It acts like an RFID reader, querying tags and decoding the tag responses, and it can also emulate an RFID tag, allowing it to perform direct in-band communications with other RFID readers.

The heart of the RFID Guardian is that it integrates four previously separate security properties into a single device:
  • Auditing
  • Key management
  • Access control
  • Authentication

RFID Guardian Demonstration Video

To see the RFID Guardian in action, we have prepared a video. It is available in three popular video formats and two resolutions. The low resolution runs at 250 kbps and the high resolution runs at 1000 kbps.

  Low Resolution (250 kbps)       High Resolution (1000 kbps)
  Windows Media (8 MB file)       Windows Media (31 MB file)
  Real Media (8 MB file) Real Media (34 MB file)
  Quick Time (9 MB file) Quick Time (34 MB file)

In addition, we have academic papers available.


The RFID Guardian project is sponsored by the Nederlandse Organisatie voor Wetenschappelijk Onderzoek (NWO) on contract #600.065.120.03N17.
Nederlands phonebook Go to the homepage of the faculty of sciences.FEW Go to the homepage of the Vrije Universiteit.VU site map search webmaster
If you spot a mistake, please e-mail the maintainer of this page.
Your browser does not fully support CSS. This may result in visual artifacts.