Location-Based Information for Enterprise-Wide Improvements

MIS 551 Research Methods

Virginia International University

Ananthaneni, Susmitha
Blanc, Sebastian Fernando
Osinowo, Michael Adefowope
Pooskuri, Pranathi
Shlon, Mustafa
Abstract
The basic idea of location based information is to connect information pieces to
positions in either indoor or outdoor space. This can be achieve through many positioning
technologies such as GPS, GSM positioning, Bluetooth positioning or RFID positioning.
This paper will focus on investigating the benefits and vulnerabilities of using the latter
on an enterprise-wise level and how it might improve the business processed.

Introduction
RFID (Radio-Frequency Identification Devices) emerged as one of the most
pervasive computing technologies in history. Having tags affixed to consumer items as
well as letters, packets or vehicles resulted in reduced costs in the supply chain as well as
the ability to introduce new applications to the information gathered. Furthermore, unique
means of identification in each tag like serial numbers enable effortless traceability of
persons and goods. Nevertheless, some security risks are involved when using this kind
of open channel communication like radio frequencies are. RFID respond to a query
directed to it, so anyone with access to a RFID reader can obtain the information stored
on it. That is why some security measures were also researched for the purpose of this
paper.
We will discuss two project applications of RFID tracking, RADAR and SpotOn.
The first was a radio-frequency (RF) based system for locating and tracking users inside
buildings and the latter was, in the year 2000, a new tagging technology for three
dimensional location sensing based on radio signal strength analysis. We also will present
the proposal for Hash-based Enhancement of Location Privacy for Radio-Frequency
Identification Devices using Varying Identifiers by Dirk Henrici and Paul Müller from
the University of Kaiserslautern, Germany.

Radar
RADAR records and processes signal strength information at multiple base
stations positioned to provide overlapping coverage in an area of interest. It combines
empirical measurements with signal propagation modeling to determine user location and
therefore enable location-based services and applications.

Their experimental test bed was located on the second floor of a 3-storey building.
The layout of the floor is below.

The floor had dimension of 43.5 m by 22.5 m, an area of 980 sq. m (10500 sq.
ft.), and included more than 50 rooms.
The RADAR research team placed three base stations, BS1, BS2 and BS3, at the
locations indicated in Figure 1, appendix A. Each base station was a Pentium-based PC
running FreeBSD 3.0 equipped with a wireless adapter. Their mobile host, carried by the
user being tracked, was a Pentium-based laptop computer running Microsoft Windows
95.

Each base station and the mobile host was equipped with a Digital RoamAbout
network interface card (NIC), based on Lucent’s popular WaveLANTM RF LAN
technology. The network operated in the 2.4 GHz license-free ISM (Industrial, Scientific
and Medical) band. It has a raw data rate of 2 Mbps and a one-way delay of 1-2 ms. The
range of the network was 200 m, 50 m, and 25 m, respectively, for open, semi-open, and
closed office environments. This classification was used to simulate the density of
obstructions between the transmitter and the receiver. The test bed environment was
classified as being open along the hallways where the base stations are located and closed
elsewhere. The base stations provided overlapping coverage in portions of the floor, and
together covered the entire floor.

A key step in their research methodology was the data collection phase. They
recorded information about the radio signal as a function of the user’s location using the
signal information to construct and validate models for signal propagation during off-line
analysis as well as to infer the location of a user in real time. They refer to the latter as
the real-time phase and the former as the off-line phase.

They recorded information about the radio signal as a function of the user’s
location. For this, they had the windows-based mobile host broadcast packets (beacons)
periodically and have the FreeBSD base stations record signal strength information. That
was ok for their test bed, but as they discussed on the paper, a better real life application
will be for the latter to transmit the beacons and the former to measure the signal
strength. Nevertheless, the accuracy of the user location and tracking was not impacted
by this choice.

The paper describes in detail all the processes they performed to measure signal
strength so they could then analyze the possibility of tracking the user. They collected 4
signal strength samples per second at each of the base stations. They also assumed that
the user walked at a uniform pace so to be able to determine the true location of the user
at each time instant. They reduced the problem of tracking the mobile user to a
sequence of location determination problems for an user using a sliding window of 10
samples to compute the mean signal strength on a continuous basis. That information was
then used with their basic method1 to estimate the user’s location on a continuous basis.
The error distance for tracking the mobile user was only slightly worse than that for
locating a stationary user. The median error distance was 3.5 meters, about 19% worse
than that for a stationary user.

1
"RADAR: An In-Building RF-based User Location and Tracking System", Section 4.1.1
 They ended up discovering that their empirical method discussed earlier was
extremely time consuming so they decided to change into a radio propagation model to
reduce RADAR’s dependence on empirical data. Using a mathematical model of indoor
signal propagation, we generate a set of theoretically-computed signal strength data akin
to the empirical data set discussed earlier. They also found the problem of radio wave's
reflection which they tackled with Floor Attenuation Factor propagation model (FAF) 2
and adapted it for Wall Attenuation Factor (WAF) model is described by
 d   nW * WAF nW < C 
P (d )[ dBm ] = P( d 0 )[ dBm ] −10 n log   −  
 d0   C * WAF nW ≥ C 

where n indicates the rate at which the path loss increases with distance, P(do) is the
signal power at some reference distance do and d is the transmitter-receiver (T-R)
separation distance. C is the maximum number of obstructions (walls) up to which the
attenuation factor makes a difference, nW is the number of obstructions (walls) between
the transmitter and the receiver, and WAF is the wall attenuation factor. In general the
values of n and WAF depend on the building layout and construction material, and are
derived empirically. The value of P(do) can either be derived empirically or obtained
from the wireless network hardware specifications.

After many testing runs they came to the conclusion that the Radio Propagation
Method provided the most cost effective mean for user location and tracking using RF.

SpotOn
They developed SpotON as a new tagging technology for three dimensional
location sensing based on radio signal strength analysis. The paper was primarily
concerned with the hardware and embedded system development of the system. The
primary goal of SpotON was to create and analyze a fine-grained indoor location-sensing
system and the associated services for use within an invisible computing framework. The
paper documents the process of creating the SpotON object tagging technology based on
radio signal strength analysis and focuses mostly on the hardware and embedded systems

2
T. Seidl, H. P. Kriegel, “Optimal Multi-Step k-Nearest Neighbor Search,” Proc. ACM SIGMOD, 1998
aspects. It presents the relevant background information and a review of related work,
they document the RFIDeas experiment (an initial attempt to develop a signal strength
based location sensing system using commercial components.) Then it describes their
custom hardware design based on the lessons learned from the latter experiment, they
speculate about applications, discuss future work, and offer conclusions.

Unlike RADAR, the SpotON team went directly with commercially available
RFID hardware (AIR ID) and performed a research similar to the former. Like RADAR,
SpotON was conceived to use three sensing stations that will triangulate the location of
the users. Unlike RADAR, they went beyond X and Y, they shot to be able to locate the
user on the Z axel too. Thus the 3D aspect of SpotON.

As it had happened with RADAR, SpotON had almost the same median error
distance, but being that the error could be on the Z axel, the system could be positioning
the user on the wrong floor. The second problem is measurement frequency. Since the
AIR ID protocol was not designed for the location-sensing task, required between 10 to
20 seconds to take one location measurement from all relevant base-stations, even using
the API efficiently on a multithreaded server. It was very easy to miss significant changes
in position of the tags as they come and go with such a slow sample rate. Nevertheless,
this experiment allowed them to prove that it is possible to do, as long as money is not a
problem. AIR ID was a cheap implementation and there existed much better hardware
with shorter sampling rate which would had worked around the previously discussed
problems.

1 Proposed Hardware RF Architecture

 The paper presented the background and development for a fine-grained indoor
location sensing system based on RF signal strength. They discovered that custom tags
were needed and they could operate standalone or potentially as a plug in card enabling
larger devices to take advantage of location-sensing technology. They developed them to
be low power small form factor and able to be located with sub 1m 3 voxel accuracy, yet
still have enough processing power for caching, authentication, and other such tasks.
They believe that SpotON's tagging technology offered several advantages over existing
systems and, when combined with a general location data model, could be a key
component in the next generation of calm and invisible computing.

Security Measures
This paper discusses a simple scheme relying on one-way hash-functions for
greatly enhancing location privacy. It accomplishes that by changing traceable identifiers
on every read getting by with only a single, unreliable message exchange. Therefore this
scheme is safe from many threats like eavesdropping, message interception, spoofing,
and replay attacks.

The authors discuss possible security measures for RFID tags, going from
destruction of the RFID form the tag (which neither them or us found reasonable), to a
more acceptable hash-lock, where a tag will not reveal its information unless the reader
has sent the right key being the pre-image to the hash value sent by the tag. The scheme
requires implementing cryptographic hash functions on the tag and managing keys on the
back-end. This scheme seems to good to be truth, and it is. Although it guarantees data
privacy, it cannot guarantee location privacy. One of our main concerns too. They also
discuss the extended scheme called “Randomized Hash Lock" which ensures location
privacy. Nevertheless it is not scalable for a huge number of tags due to that many hash-
operations must be performed at the back-end and it also relies on the implementation of
a random number generator in the tags to randomize tag responses. In fewer words, the
implementation is rather complex and expensive.
 Fortunately, they thought about that and propose a scheme, with the same
requirements as hash-lock, that not only provides data privacy but location privacy as
well. The general idea: change the ID of a tag on every read attempt in a secure manner.
The propose the usage of one-way hash functions, transaction identifiers to counteract
reply attacks, and reasoned use of random values generated at the back-end as well as a
difference of transaction numbers so that the transaction numbers themselves cannot be
employed for tracking purposes. Given that much of the computation and data storage has
been moved to the back-end, the cost of the tags became quite low, according to the
paper. The protocol they propose and describe on the paper is resilient to loss of
messages.

The rest of the paper explains the Hash-based ID variation methodology and
protocols. We found this information both quite technical and fulfilling to our goal of
assuring security for location-based information.

Conclusions
Location-based information can be a real good asset to a company for bettering its
business on an enterprise-wise point of view. As many other technologies, it has its pros
and cons, but from previously research implementations we have reach the conclusion
that it is feasible to develop, though it requires a good amount of resource allocation, both
financial and human, along with careful risk and security management. It is a must to
implement the hash-based ID variation to achieve the latter, and given more time, a
further research on combination of RFID location and other location based information
services to increase the benefits to the company. That is beyond the scope of this paper,
but a real interesting topic to follow through.
References:
1. RADAR: An In-Building RF-based User Location and Tracking System (P. Bahl
& V. Padmanabhan, Microsoft Research)
2. SpotON: An Indoor 3D Location Sensing Technology Based on RF Signal
Strength (J. Hightower & G. Borriello, University of Washington Computer
Science and Engineering; R. Want, Xerox Palo Alto Research Center)
3. Hash-based Enhancement of Location Privacy for Radio-Frequency Identification
Devices using Varying Identifiers(D. Henrici and P. Müller, University of
Kaiserslautern, Germany)
4. A. Harter and A. Hopper, “A Distributed Location System for the Active Office,”
3
IEEE Network, January 1994
5. RFIDeas Website4, http://www.rfideas.com/, 1999

3
Used for reviewing facts on the above papers
4
Used for reviewing facts on the above papers