«Challenges to Privacy and Risk Oriented RFID System Implementation in Libraries Nitumika Gogoi Lecturer, Centre for Library & Information Science ...»
ISSN (Print): 2320-9798
International Journal of Innovative Research in Computer
and Communication Engineering
(An ISO 3297: 2007 Certified Organization)
Vol. 2, Issue 10, October 2014
Challenges to Privacy and Risk Oriented
RFID System Implementation in Libraries
Lecturer, Centre for Library & Information Science Studies, Dibrugarh University, Assam, India
ABSTRACT: Library and information Professionals of the present decade have adopted and borrowed the characteristics those of the technologists and software professionals in the competition to conquer the sophistications of offline and online content providers as well as quest for existence in the digital milieu. This ultimately has enhanced their user service standards blended with auto service system on the part of the users. The users however are responding very well to this renovated image of the libraries and information centres (LICs). When viewed in this context of technological progress, Radio Frequency Identification (herein after RFID) implementation is hardly unique. The commercial deployment of RFID technology has captured every segment of the present market sector as well as specialized and security related applications. The LICs therefore are not lagging behind. They have started tagging every item in their possession with RFID tag, raising patron privacy concerns. As such in an item tagging regime, the ability to track tags raises the possibility of surveillance of library patrons and their reading habits. Through this paper, an attempt is made to investigate the privacy risks in the libraries’ use of RFID technology and methods for reducing such risks.
KEYWORDS: RFID, privacy, eavesdropping, collision avoidance, password management
I. INTRODUCTIONThe best way of making a system secure is by knowing how it can be attacked. Therefore, an RFID compliant library is no exception with a large number of readers thronging in and out of it in need of books possessed by the library. The RFID technology is a pervasive technology because leakage of information is a major defect that occurs when data sent by tags reveal sensitive information about the labeled items. Information products labeled with insecure tags reveal their memory content when queried by readers. Usually readers are not authenticated while tags answer in a transparent and indiscriminate manner. The main purpose of RFID is automated identification of products and people. One of the biggest advantages of RFID over conventional systems such as bar codes isthat neither line of sight nor physical contact is required for an object with an RFID tag to be identified, as is the case with bar codes where line of sight is required and smart cards, where contact is required and it is hoped to replace all techniques of optical identification.
Dai Yu (2011) in his case study on the Turku City Library on implementing RFID Technology in Library Systems focused on the management aspect of a library particularly the self service support system for patrons by introducing RFID system. Based on a comparative study between the barcode and RFID applications, it is stressed on the many benefits of RFID. However, challenges are many and are pointed out as those of tracking and hot listing. Moreover, depending on the strength of the RFID reader it is possible to either greatly hinder or completely block the tag signal by wrapping an item, embedded with several layers of aluminum or tin foil. This combined with a weak gate sensor, makes risk of item getting stolen quite high. Syed Md Shahid (2005) considers RFID applications in circulation, tracking, inventorying and security of library materials as well as discusses on the various components of the RFID system in details followed by its installation features. At the same time, he states that it is important to educate library staff and library users about RFID technology before implementing a program. Serge Vaudenay (2001) deals in preparing a model based purely on the security and privacy of the RFID tags and assumes a powerful adversary who can control all communications mandating the use of some public key cryptography techniques while discussing on tag
corruptions and availability of side channels. In a research project, David Alexander Molnar studies the security and privacy in deployments of RFID technology and propose novel mechanism for improving RFID privacy for library books and electronic passport and deals with private authentication. He also discuss broadly on the different eavesdropping ranges, repetitive stress injuries, streamline mechanism and RFID as an enabler for automatic sorting on book check-in. Seema Vasistha (2009) aims at extending RFID applications in an academic library keeping in view the scantiness of funds and scarcity of supporting staff. Moreover it is considered important for controlling management problems such as increasing theft, monopolizing reading materials, poor inventory accuracy, inadequate security control. A.
Narayanan et al. particularly studies the technical and scientific aspects of RFID system with in depth discussion on microchips, anti-collisions as well as tag classes that can be applied in library oriented RFID system and giving importance on its implementation in retrospective conversion and reader usage. Dhanalaxmi M and Uppala Mamatha (2009) describes the different RFID modules that provide integration with Library Management System along with the positioning of the tags on the document that gives 100% readability of tags thus reducing time consumption. 
III. THE RFID SYSTEM IN A NUTSHELL
More generally, RFID system can be considered a non-contact method of using radio frequency electromagnetic (herein after RFE) waves with frequencies up to 2.5GHz, for communication between two remote entities. Data is stored in devices called RFID tags or transponders (each with a unique identification number), and is retrieved by readers or transceivers. The main purpose of RFID system is the automated identification of people and products.
While the biggest stumbling blocks in the use of RFID system are the numerous and complex security threats that as well as privacy issues involved with RFID system. An RFID system basically consists of three components:
1. The RFID tag or transponder (derived from transmitter/responder). It bears the information that identifies the person or object, and is carried or implanted. The information is usually in the form of an alphanumeric word. This information is called an identifier, and that of each tag is unique. Tags vary in size, and their size mainly depends on the size of the antenna on the tag.
2. The RFID reader or transceiver (derived from transmitter/receiver). It supplies energy to the tag in the form of RF electromagnetic waves. It then receives the signal from the tag. It usually contains an interface that allows it to communicate with a data processing system.
3. The back-end infrastructure or data processing system. This receives the information from the reader, and processes it by using the tag ID number of a product to identify it. The RFID reader and the back-end infrastructure are together called the reader system.
Whenever a tag comes into the vicinity of a reader, it receives a signal from the reader and transmits its unique key, enabling identification of the object or person carrying the tag. Clearly then the reader must be able to handle multiple tags at once. There are some cases, however where there is only one tag for a particular reader. Thus RFID systems are of two types – one to one and many to one.
RFID tags can be classified into 3 types depending on their power consumption: passive, semi-passive and active.
Passive tags have no internal energy source. The electrical energy required for the tag current is derived from the radio waves emitted by the reader. These tags are the smallest and cheapest, and thus are the most widely used.
They also have a virtually unlimited lifespan.
Semi-passive tags are similar to passive tags in that the energy required for transmitting the signal is still derived from the reader. However, these tags have a small battery for internal computations.
Active tags do not require external power. They have an internal battery that is used for transmission of data as well as for transmission of the signal. As a result of the increased power, they can transmit data over a much larger range compared to passive tags. However, their relatively high cost means widespread use is not possible.
The tag which is most likely seen in the present libraries is the passive tag that replaces the barcode application in libraries because of their chip size.
As for the concerned frequency of operation, RFID systems operate in several frequency bands. The low frequency (LF) band is 124-135 KHz. High frequency (HF) ranges from 3 MHz to 30 MHz, with 13.56 MHz being the typical frequency used for HF. Ultra HF ranges from 300 MHz to 1 GHz. Microwave frequency ranges upward from 1 GHz. A typical microwave RFID system operates either at 2.45 GHz or 5.8 GHz, although the former is more common.
 Read range i.e. the maximum radius around a reader in which, if a tag is brought, the reader system can
successfully read its identifier. Range depends on factors such as:
Frequency of operation: Range increases with frequency. However, metal acts as a barrier to radio wave propagation, and reduces the range at higher frequencies.
Transmitter power of the reader.
Antenna size of reader and tags.
Transmitter power of tags: This is applicable only for active tags.
Often, vendors of RFID readers are required to quote a range. They either quote it for standard tags e.g. tags manufactured according to ISO standard, or specify the tag particulars. The electromagnetic spectrum on which RFID resides is regulated by local governmental bodies. Global standards define it as the most efficient platform on which an industry can operate and advance. The International Organization for Standardization (ISO) and EPCglobal have been very active in developing RFID standards. The AutoID Center and its commercial offshoot, EPCglobal, have also defined specifications and standards. Most commercial applications, including library applications, today use the HF standards. RFID tags with the ISO Standard 15693 are the most common ones for library applications.
However, no library RFID products using the new standard are currently available. Libraries implementing RFID system today are using tags unsuited for item- level tagging. As such, privacy concerns associated with it poses an important impediment to libraries’ use of RFID tags that contain static information that can be relatively easily read by unauthorized tag readers, allowing intervention of privacy issues described as “tracking” and “hot listing.” Tracking refers to the ability to follow the movement of a book (or person carrying the book) by “correlating multiple observations of the book’s bar code” or RFID tag. Hot listing refers to the process of building a database of books and their associated tag numbers (the hotlist) and then using an unauthorized reader to determine who is checking out items on the hotlist.
On the other hand, most RFID readers in libraries can read tags up to 16 inches away. Readers in library RFID systems
are used in the following eight ways:
1. Conversion station where library data is written to the tags 2. Staff workstation at circulation used to check in and checkout materials.
3. Patron self-checkout station used to check out books without staff assistance.
4. Exit sensors verify that all books leaving the library have been checked out.
5. Patron self-check-in station used to check in books without staff assistance.
6. Book-drop reader checks in books when patrons drop them in the book-drop.
7. Sorter which is an automated system for returning books to proper area of library.
8. Portable reader which is a handheld reader for inventorying and verifying that items are shelved correctly.
Figure2: Library RFID Management System (Lib.Best. 2007-2010)
V. LIBRARY PROBLEMS ADDRESSED BY RFID Libraries are suffering from budget shortfalls as never before. With cuts to state and local governments, it is difficult for libraries to remain staffed and open. RFID is seen as a way to address the staff shortages by increasing the number of circulations that can be processed with less staff.
Self-check systems have become very popular with both patrons and staff. RFID self-check systems allow patrons to check in or check out several books at a time. Self-check systems reduce the number of staff needed at the circulation desk.
With RFID-enabled tools, inventory-related tasks can be done in a fraction of the time that it takes with bar code readers. A whole shelf of books can be read with one sweep of the portable reader, which then reports which books are missing or mis-shelved. For archives handling sensitive materials, the ability to inventory items without handling them is an additional benefit.
Sorting can be accomplished automatically with RFID. For a book that is dropped into the book drop, the reader reads the tag and uses the automatic sorting system to return the book to the shelves, the stacks, or the hold area.
Reduction of repetitive stress injuries (RSIs) among staff is another reason libraries are converting to RFID system. The repetitive motion associated with checking out books using optical scanners is believed to be more problematic than with RFID enabled scanners. It is still too early to determine whether RFID systems reduce the incidences of RSI injuries.