The Journal of the American Medical Association published a report on Wednesday that showed certain RFID systems may induce hazardous incidents in nearby critical care medical equipment.  The study examined the effects of a 128 kHz active RFID system and a 868 MHz passive RFID system on 41 different types of medical devices.  Out of 123 tests, 34 led to electromagnetic interference incidents, 22 of which were classified as hazardous, 2 as significant, and 10 as light.

Though many consider the result of this study to be a serious and shocking failure in engineering, some RFID vendors claim that the problem could be avoided by lowering the power output of the RFID readers.  In any case, this study highlights a key obstacle for pervasive RFID systems: it will probably not be possible to deploy RFID readers in all locations of interest due to a variety of issues including electromagnetic interference, budgetary issues, or aesthetic concerns.  As such, a successful RFID system will have to infer when a tag enters a location which is not covered by an RFID reader.  This is one of the challenges which we designed Cascadia, the RFID Ecosystem’s event detection middleware, to address.  In particular, Cascadia allows an admin to define a graph that describes locations of interest (which may or may not be covered by an RFID reader - see image below).  Cascadia then tracks tags over this graph and can infer with some probability when a tag enters a location that is not covered by an RFID reader.  See our MobiSys 2008 paper for details!

The Guardian reports that London’s Oyster transit card may have been hacked by a group of Security researchers at Radboud University in Holland.  The hack allows an attacker to clone the Oyster card’s RFID chip after cracking its encryption in just a few seconds.  This is the latest in a series of Mifare smartcard hacks which have compromised European transit card systems in the last year.

It’s interesting to note that the authorities are not considering the hack to be a serious threat.  London Transport has claimed not only that they can detect fraudulent use within 24 hours using checks in software (a level of security often ignored by hardware hackers), but that a criminal could gain at most about £3 per cloned card.  As such, the incentive to clone Oyster cards probably isn’t that great.  One point which the article does not highlight and which is perhaps more concerning from a privacy standpoint, however, is that London Transport collects and can process data on 38 million journeys per week to identify individual instances of fraudulent use (and who knows what else?).

We just returned from two weeks at the SIGMOD and MobiSys conferences where we presented demos of the RFID Ecosystem’s event detection infrastructure, Cascadia. Cascadia allows developers and end users to declaratively specify meaningful high-level events (e.g. “a nurse has entered patient X’s room with equipment Y”, “I leave the building without my car keys”) using a SQL-like sequence language or with an intuitive GUI called Scenic. Cascadia can then continuously extract these events over a stream of incoming, uncertain RFID data using probabilistic data management techniques. The Cascadia demos at SIGMOD and Mobisys illustrated Cascadia’s operation from end-user event specification, to event detection, to event notifications for one of two demo applications. The original demo proposals are available on our publications page; both demos are also entirely web-based and will be posted online sometime in the coming weeks.