Usability of Display-Equipped RFID Tags for Security Purposes

  • Alfred Kobsa
  • Rishab Nithyanand
  • Gene Tsudik
  • Ersin Uzun
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)


The recent emergence of RFID tags capable of performing public key operations has enabled a number of new applications in commerce (e.g., RFID-enabled credit cards) and security (e.g., ePassports and access-control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly when RFID tags are used for financial transactions or for bearer identification.

In this paper, we focus exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as association of RFID tags with other personal devices. Our approach is based on two factors: (1) recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive display-equipped RFID tags, and (2) high-end RFID tags used in financial transactions or identification are usually attended by a human user (namely the owner). Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we thoroughly evaluate the usability of all considered methods through comprehensive user studies and report on our findings.


Automate Teller Machine System Usability Scale Payment Instrument Average Completion Time Security Purpose 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
    Abadi, M., Burrows, C., Kaufman, C., Lampson, B.: Authentication and delegation with smart-cards. Science of Computer Programming 21(2), 93–113 (1993)CrossRefzbMATHGoogle Scholar
  8. 8.
    Aleskerov, E., Freisleben, B., Rao, B.: Cardwatch: A Neural Network Based Database Mining System For Credit Card Fraud Detection. In: Proceedings of the IEEE/IAFE 1997 Computational Intelligence for Financial Engineering (CIFEr), March 23-25, pp. 220–226 (1997)Google Scholar
  9. 9.
    Bangor, A., Kortum, P., Miller, J.: An Empirical Evaluation Of The System Usability Scale. Int. J. Hum. Comput. Interaction 24(6), 574–594 (2008)CrossRefGoogle Scholar
  10. 10.
    Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Brooke, J.: SUS: A “Quick And Dirty” Usability Scale. In: Jordan, P.W., Thomas, B., Weerdmeester, B.A., McClelland, A.L. (eds.) Usability Evaluation in Industry. Taylor and Francis, London (1996)Google Scholar
  12. 12.
    Chan, P.K., Fan, W., Prodromidis, A.L., Stolfo, S.J.: Distributed Data Mining In Credit Card Fraud Detection. IEEE Intelligent Systems 14(6), 67–74 (1999)CrossRefGoogle Scholar
  13. 13.
    Czeskis, A., Koscher, K., Smith, J.R., Kohno, T.: RFIDs And Secret Handshakes: Defending Against Ghost-And-Leech Attacks And Unauthorized Reads With Context-Aware Communications. In: CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 479–490. ACM, New York (2008)CrossRefGoogle Scholar
  14. 14.
    Evans Jr., A., Kantrowitz, W., Weiss, E.: A User Authentication Scheme Not Requiring Secrecy In The Computer. Commun. ACM 17(8), 437–442 (1974)CrossRefGoogle Scholar
  15. 15.
    Forget, A., Chiasson, S., Biddle, R.: Shoulder-Surfing Resistance With Eye-Gaze Entry In Cued-Recall Graphical Passwords. In: CHI 2010: Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 1107–1110. ACM, New York (2010)Google Scholar
  16. 16.
    Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., O’Hare, T.: Vulnerabilities in first-generation RFID-enabled credit cards. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 2–14. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: Security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Housley, R., Ford, W., Polk, W., Solo, D.: Rfc 5280: Internet X.509 Public Key Infrastructure Certificate and CRL profile (May 2008)Google Scholar
  19. 19.
    Juels, A., Molnar, D., Wagner, D.: Security And Privacy Issues In E-Passports. In: International Conference on Security and Privacy for Emerging Areas in Communications Networks, pp. 74–88 (2005)Google Scholar
  20. 20.
    Kainda, R., Flechais, I., Roscoe, A.W.: Usability And Security Of Out-Of-Band Channels In Secure Device Pairing Protocols. In: SOUPS: Symposium on Usable Privacy and Security (2009)Google Scholar
  21. 21.
    Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y.: Serial Hook-Ups: A Comparative Usability Study Of Secure Device Pairing Methods. In: SOUPS: Symposium on Usable Privacy and Security (2009)Google Scholar
  22. 22.
    Kou, Y., Lu, C.-T., Sirwongwattana, S., Huang, Y.-P.: Survey Of Fraud Detection Techniques. In: 2004 IEEE International Conference on Networking, Sensing and Control, vol. 2, pp. 749–754 (2004)Google Scholar
  23. 23.
    Kumar, A., Saxena, N., Tsudik, G., Uzun, E.: Caveat Emptor: A Comparative Study of Secure Device Pairing Methods. In: IEEE International Conference on Pervasive Computing and Communications, PerCom (2009)Google Scholar
  24. 24.
    Micali, S.: Efficient Certificate Revocation. Technical Memo MIT/LCS/TM-542b, Massachusetts Institute of Technology (1996)Google Scholar
  25. 25.
    Micali, S.: Certificate Revocation System. United States Patent 5,666,416 (September 1997)Google Scholar
  26. 26.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: Internet Public Key Infrastructure Online Certificate Status Protocol- Ocsp. RFC 2560 (1999),
  27. 27.
    Nithyanand, R., Saxena, N., Tsudik, G., Uzun, E.: Groupthink: Usability Of Secure Group Association For Wireless Devices. In: 12th ACM International Conference on Ubiquitous Computing, Ubicomp 2010 (2010)Google Scholar
  28. 28.
    Nithyanand, R., Tsudik, G., Uzun, E.: Readers Behaving Badly. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 19–36. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Saxena, N., Uddin, M. B.: Secure pairing of “Interface-constrained” devices resistant against rushing user behavior. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 34–52. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Saxena, N., Uddin, M.B., Voris, J.: Treat ’em Like Other Devices: User Authentication of Multiple Personal RFID Tags. In: SOUPS 2009: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 1. ACM, New York (2009)Google Scholar
  31. 31.
    Toni, P., Mario, C., Nitesh, S.: Shoulder-Surfing Safe Login in a Partially Observable Attacker Model. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 351–358. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  32. 32.
    Uzun, E., Karvonen, K., Asokan, N.: Usability analysis of secure pairing methods. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 307–324. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  33. 33.
    Wilkes, M.V.: Time Sharing Computer Systems. Elsevier Science Inc., New York (1975)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Alfred Kobsa
    • 1
  • Rishab Nithyanand
    • 2
  • Gene Tsudik
    • 1
  • Ersin Uzun
    • 3
  1. 1.University of CaliforniaIrvineUSA
  2. 2.Stony Brook UniversityUSA
  3. 3.Palo Alto Research CenterUSA

Personalised recommendations