Trust management in IoT environments

In the literature, there is a rapidly growing literature around topics of trust and reputation management for IoT [11]. Several trust management systems have been proposed for RFID systems in IoT environments. Basically, trust management is the mechanisms to evaluate, establish, maintain, and revoke the trust between devices of the same or different networks within the IoT environment. The trust computation techniques in [13] are classified on four design dimensions: trust composition, trust propagation, trust aggregation and trust update. The authors summarize advantages and drawbacks of each dimension's options, and highlight the effectiveness of defense mechanisms against malicious attacks.

The work in [14] proposes an IoT protocol framework for RFID-based devices—the Scalable RFID Security Framework and Protocol Supporting IoT (SRSFPSI). The proposal entails an effective ID procedure founded on a hybrid framework (group-based and collaborative technique) and highly adaptive security monitoring handoff for RFID IoT networks. The protocol offers adaptability and scalability while upholding secure and adaptable RFID net-works. Other than preventing the introduction of malicious nodes and facilitating scalability, the protocol is integrated with a malware recognition tool.

In [15], the authors propose a lightweight and robust trust establishment scheme. The proposed trust scheme is lightweight thanks to a simple trust estimation method. The comprehensiveness and flexibility of the proposed trust estimation scheme make it robust against different types of attack and misbehavior. But evaluation results show one drawback of the proposed scheme is that it is sensitive to false-positive alarms, compared to other trust mechanisms.

The work in [16] presents a trust management scheme based on revised Dempster-Shafer (D-S) evidence theory. D-S theory is preponderant in tackling both random and subjective uncertainty in the trust mechanism. A trust propagation mechanism including conditional trust transitivity and dynamic recommendation aggregation is developed for obtaining the recommended trust values from third part nodes. Our proposed scheme is inspired by [16], but we use the different Dempster rules in our mole. In addition, the shortcomings of D-S evidence theory based trust scheme are analyzed in our paper.

The work in [17] proposes a computational model for the trust management. In order to enhance the security of data sharing and access control, the trust evaluation is built into the process of transactions of the data exchange and authorization. An example shows the performance of the proposed computational trust model. In [18], the authors investigate the personalized applications and services of IoT by detecting people-object gestures with a passive RFID tag. The proposal is analyzed based on people-object gestures classification. In [19], the authors also present a hierarchical trust model for the Internet of Things, similar to our work. Though the simulation results show the benefit of hierarchical trust model, the proposed model doesn’t explain the details about how to calculate the trust of reader. Our work is different with [19]. The trust relationship is classed into three classes: intra-domain trust, inter-domain trust and cross-domain, and time window mechanism is introduced in our multi-domain trust management model.

In [20], the authors evaluate the existing approaches to trust management in the Internet of Things based on three parameters. The first parameter focuses on trust management protocol in IoT, the second parameter concerns scalable solutions for trust management in IoT, and the third parameter addresses context-aware assessment in IoT. The paper has given a comparative evaluation of each existing approach for trust modeling in IoT, based on these parameters. Finally, the authors consider that the further research into trust management in IoT is required to develop scalable and context-aware trust solutions in IoT networks.

All these trust management schemes do not focus on the trust issue of multi-domain RFID systems. Designing a suitable trust management model to evaluate the trust of entities from heterogeneous domains without past interaction or prior agreed policy, is a challenge. In the paper, we analyze the special challenges on trust management in multi-domain RFID systems, and identify four trust requirements for multi-domain RFID systems. Finally, a hierarchical trust management framework is proposed to build the trust relationships among entities from heterogeneous domains.

D-S evidence theory

In 1976, Shafer published a book named A Mathematical Theory of Evidence [21]. Dempster-Shafer Theory has a wide range of application on uncertainty reasoning, decision analysis and predication. Evidence theory is based on belief function and plausible reasoning [22].

First of all, we define Θ as a frame of discernment {T, ¬T} as the set of propositions under consideration where T and ¬T mean that the given agent considers a given correspondent to be trustworthy or not to be trustworthy, respectively. The sign 2^Θ indicates the set composed of all the subset generated by the frame of discernment. For a hypothesis set, denoted by A, m(A)→[0,1]

Ø is the sign of an empty set. The function m is the basic belief assignment.

Dempster's rule of combination combines two independent evidences.

Dempster's rule of more than two evidences: Suppose there are m evidences that are independent.

The basic probability assignments are m₁,m₂,….m_p. The focal elements are A₁,A₂,….,A_p. m(A) is a basic probability assignment which describes the combined evidence.

The trust evaluation strategy of readers in section 3.2 is proposed based on the D-S evidence theory in our paper.

System model

Our RFID system model consists of one or more domains which in turn include four types of entities: RFID tags, RFID readers, authentication centers and an administration center (see Fig 1). In addition, RFID readers are also named as nodes. It is similar with the model in [23]. The RFID tag located on the object to be identified is the data carrier in the RFID system. The RFID reader is be able to interact with a tag include both reading data from and writing data to a tag. Every domain has an authentication center. The authentication center authorizes a reader of its own domain or other domain to interact with a tag of its own domain, and utilizes the data obtained from the tag in some useful manner. An administration center manages and maintains the trust of authentication centers.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 1. Our RFID system model.

https://doi.org/10.1371/journal.pone.0181124.g001

In particular, a tag T_k and a reader R_j belong to an administrative domain A which is controlled by an authentication center C_A-which in the following is referred to as home domain. While a tag is typically attached to an object that may roam to other administrative domains, also referred to as visited domains, a reader will always remain in its home domain only. Furthermore, we assume that a reader is always connected to its home authentication center via a secure channel. Also, an authentication center is always connected to the administration center via a secure channel, while the communication between tags and readers is insecure.

In the paper, we class the trust relationship in a multi-domain RFID system into three categories (marked with red color in Fig 1) based on trust domain boundaries: 1) Intra-domain trust refers to the trust relationship between tags and the readers of the domain. 2) Inter-domain trust is a kind of trust relationship which is set up by the authentication centers in the system levels. 3) Cross-domain trust means the trust relationship between tags and the readers of different domains.

A hierarchical trust management framework shown in Fig 2 is proposed to build the trust relationships among entities from heterogeneous domains. We assume that RFID tag is protected and trusted. Thus, we only focus on evaluating the trustworthiness of RFID reader and authentication center. We refer to two layers of trust in the framework: RFID reader trust layer and authentication center trust layer.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 2. Hierarchical trust management framework.

https://doi.org/10.1371/journal.pone.0181124.g002

In RFID reader trust layer: We propose two kinds of scheme to evaluate the trust of readers: D-S evidence theory based scheme (D-S scheme) and verification of interaction proof based scheme (VIP scheme). Section 3.2 and 3.3 represent the details of evaluating the trustworthiness of RFID reader.

In authentication center trust layer: An administration center is used to manage the trustworthiness of authentication centers in a centralized way. The trust of an authentication center is eventually obtained by aggregating the abnormal event reports of all readers of its own domain. The system model section describes how to management and evaluate the trust of authentication center.

Trust evaluation of RFID readers based on D-S evidence theory

In our trust model, the formation of an opinion about trustworthiness of a RFID reader depends on its interaction behaviors with other entities. Every node is implemented a watchdog agent that detects the interaction behaviors of neighbor nodes [24]. Table 1 shows three kinds of interaction events observed by neighbor nodes.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 1. Different interaction behaviors of a reader.

https://doi.org/10.1371/journal.pone.0181124.t001

In order to adapt easily to multiple application scenarios, nine assumptions of interaction behavior are defined. The behavior of reader is divided into three levels: malicious reader, normal reader, malfunctioning reader. Let R_j denotes the neighbor node of reader R_i. Let denotes the local trust of R_i that is evaluated by its neighbor node R_j in time window t_k. Here, we introduce time window mechanism, and the main objective of the timing window is to record recent records and forget previous records [25]. The time window in Fig 3 consists of three time units (L = 3).

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 3. Example of time window mechanism in D-S scheme.

https://doi.org/10.1371/journal.pone.0181124.g003

In time window t_k, neighbor node R_j records the number of interaction behavior of R_i, and uses them to compute as follows: (1) (2) (3) (4) where:

1. : the number of interaction behavior A₀…A₈;
2. n_all: the total number of all interaction behavior;
3. N_ji: the reader R_i’ local trust value of normal behavior calculated by R_j in t_k;
4. M_ji: the reader R_i’ local trust value of malicious behavior calculated by R_j in t_k;
5. F_ji: the reader R_i’ local trust value of malfunctioning behavior calculated by R_j in t_k;

The proposed algorithm of computing is described in the following Fig 4.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 4. Algorithm of computing the local trust of reader.

https://doi.org/10.1371/journal.pone.0181124.g004

As the example in Fig 3 shows, after each Δ period, the time window slides to the right, recording recent interaction behavior information and forgetting information recorded earlier. The time window in Fig 3 consists of three time units (L = 3), and are the number of interaction behavior A₀…A₈, respectively, of reader R_i observed by its neighbor node R_j in time window t_k.

Every node maintains two tables: local malicious node table (LMT) and local malfunctioning node table (LFT). In Fig 4, ϑ₂ < N_ji−M_ji < ϑ₁. ϑ₁, ϑ₂ and π₁ is the trust threshold value. In order to prevent the malicious behavior, a high value is given to ϑ₁ and ϑ₂. π₁ is used to evaluate the malfunctioning status of reader. In our simulation experiments, the value of ϑ₁, ϑ₂ and π₁ are 0.7, 0.5, 0.3, respectively. After every Δ period, the time window slides to the right, recording recent information and forgetting information recorded earlier.

The interaction events of a RFID reader can be observed by other neighbor nodes except neighbor node R_j. We can get a global trust value of RFID reader by efficiently integrating the local trust opinions calculated by all neighbor nodes in time window t_k. However, the local trust opinions of neighbors have strong subjectivity and uncertainty. Evidence theory proposed by Dempster and Shafer can briefly express the important conceptions, such as ‘uncertainty’ or ‘not-knowing’. Based on the Dempster knowledge rule in section 2.2, the global trust value of reader R_i is eventually obtained as follows: (5) (6) (7) (8) where:

1. N_1i….N_ji: the reader R_i’ local trust value of normal behavior calculated by neighbor node R₁…..R_j in t_k, respectively;
2. M_1i….M_ji: the reader R_i’ local trust value of malicious behavior calculated by neighbor node R₁…..R_j in t_k, respectively;
3. F_1i….F_ji: the reader R_i’ local trust value of malfunctioning behavior calculated by neighbor node R₁…..R_j in t_k, respectively;
4. N_i: the reader R_i’ global trust value of normal behavior in t_k;
5. M_i: the reader R_i’ global trust value of malicious behavior in t_k;
6. F_i: the reader R_i’ global trust value of malfunctioning behavior in t_k;

The proposed algorithm of computing is described in the following Fig 5.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 5. Algorithm of computing the global trust of reader.

https://doi.org/10.1371/journal.pone.0181124.g005

The global trust of reader R_i is calculated by its authentication center. In addition, the global trust value of reader R_i is stored in its authentication center.

In the end, the trust computing process of reader R_i based on D-S scheme is summarized as four steps: 1) The interaction event of reader R_i is detected by its neighbors; 2) The neighbor nodes of reader R_i calculate the local trust of R_i by using a time window mechanism and send the local trust value to the authentication center; 3) The authentication center of reader R_i calculates the global trust of R_i by synthesizing these local trust opinions based on the Dempster knowledge rule; 4) If the reader R_i is a malicious or malfunctioning node, the authentication center sends the abnormal event report to administration center.

Trust evaluation of reader based on verification of interaction proof

The pre-condition to use D-S based trust evaluation scheme is that the interaction events can be monitored by neighbor nodes. However, the events sometimes may not be monitored by neighbors due to the limited communication range in RFID systems. In addition, the sparse distributed readers also lead to the low monitoring efficiency. Therefore, we propose another trust evaluation method of reader based on verification of interaction proof (VIP scheme) in the section. We assume the following scenario:

R_i and R_j are denoted as the readers. Let C_A and C_B to denote the authentication center of R_i and R_j. T_i is denoted as a tag and its authentication center is C_B. At time t, a reader R_i wants to interact with the tag T_i.

The process of pre-authorizing is described in the following.

1. Reader R_i finds Tag T_i, and sends the interaction request to T_i, then T_i responds the request and sends the information about its number, name of its home domain, etc., to the R_i.
2. After R_i receives the response information, it sends the authorization request to the authentication center of T_i. The authentication center of T_i makes the interaction decision based on the trust of R_i.
3. If the authorization is approved, the authentication center of T_i sends the authorization certificate to R_i. Then, Reader R_i shows the authorization certificate to T_i and finishes the interaction at time t. Finally, T_i saves the interaction feedback record (R_i,t,S_i). S_i expresses feedback score. Tag T_i rates 1 if it is satisfied with the interaction and 0 otherwise.
4. At next time t', tag T_i interacts with Reader R_j. T_i adds the interaction feedback record (R_i,t,S_i) to the data packet D, and delete the record in its own memory.
5. Then D is changed as M, where M = (cer_t',rn_t',seq,R_i,t,S_i,h) and h = hash(cer_t',rn_t',seq,R_i,t,S_i). h is hash function which ensures the integrity of M. cer_t' is the certificate of T_i. rn_t' is random number of T_i. seq is sequence number of D. T_i forwards M to R_j. R_j adds to M. M is changed as M'. and . and is the certificate and sequence number of R_j, respectively. M' contains the sign of R_j.
6. R_j forwards M' to an intermediate reader, which will check h and h'. If the checking fails, the intermediate reader will refuse to forward M', otherwise forwards M' to the authentication center C_B of reader R_j.
7. After the authentication center C_B receives M', it will check whether there is an abnormal event of misusing the authorization or not at time t based on the feedback score. If the feedback score is 0, the authentication center C_B of reader R_j will send the abnormal event report to authentication center C_A of reader R_i and administration center, respectively.

Here, we also introduce the time window mechanism. Fig 6 shows the example of time window mechanism in VIP scheme.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 6. Ample of time window mechanism in VIP scheme.

https://doi.org/10.1371/journal.pone.0181124.g006

In time window t_k, the authentication center of reader R_j records the number of interaction behavior of R_i, and uses them to compute the global trust value of reader R_i as follows: (9) where:

1. n_s: the interaction number of score being 0 of reader R_i in time window t_k;
2. n_all: the all interaction number of reader R_i in time window t_k;
3. : the global trust value of reader R_i.

The time window in Fig 6 consists of three time units (L = 3), and n_s and n_all are the interaction number of score being 0 and the all interaction number, respectively, of reader R_i in time window t_k.

Fig 7 expresses the details of VIP scheme. The proposed method can track the authorization use of reader by checking the interaction proof. The method avoids the impact of reader distribution and limited communication distance between readers and tags.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 7. The realization process of VIP scheme.

https://doi.org/10.1371/journal.pone.0181124.g007

The trust computing process of VIP scheme is summarized as four steps: 1) The authentication center pre-authorizes reader R_i to interact with the tag T_i; 2) The interaction feedback record at time t is saved in the tags; 3) At the time of next interaction, the tag T_i interacts with the reader R_j.The interaction feedback record at time t is added into the data packet and transmitted to the authentication center of reader R_j; 4) If the feedback score is 0, the authentication center of R_j will send the abnormal event report to authentication center of R_i and administration center, respectively.

Main advantages of the proposed method based on verification of interaction proof are:

1. The authentication center tracks the authorization use of a reader by checking the interaction feedback record.
2. The tag saves the interaction feedback record at time t. At the next time t', the interaction feedback record at time t is added into the data packet, and then tag deletes the record in its own memory. Only saving the recent interaction feedback record is suitable for limited built-in memory tag.
3. Intermediate readers will verify the integrity of data packet by checking h and h'. As a result, the proposed method guarantees the route security during the process of transmitting the data packet.
4. The proposed method can effectively prevent the tampering, replaying or forging attacks by checking h, adding random number and time stamp in the data packet.

Trust management of authentication centers

The number of authentication centers is few, and their status is stable in a multi-domain RFID system. Therefore, a centralized trust evaluation scheme is proposed to evaluate the trustworthiness of authentication centers. An administration center is in charge of managing the trust of authentication center based on the abnormal event reports of readers of its own domain.

The authentication center needs to collect the abnormal events of readers of its own domain periodically, and sends the abnormal event reports to administration center. The abnormal events can be found based on D-S scheme or VIP scheme. The administration center receives the abnormal event reports and computes the trust of authentication center, as shown in Fig 8.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 8. Computing the trust of authentication center.

https://doi.org/10.1371/journal.pone.0181124.g008

Let A and B denote two different domains. C_A and C_B denote their authentication center, respectively. A tag T_i belongs to the domain A. Before a reader R_i interacts with a tag T_i, R_i need to be authorized by the authentication center C_A of tag T_i. R_i sends the authorization request to C_A. If R_i and T_i is in the same domain A, C_A computes the trust of R_i as follows: (10) where is intra-domain trust, which can be obtained with Eq(9) or Eq(8).

If R_i and T_k isn’t in the same domain A. R_i belongs to the domain B. C_A computes the trust of R_i as follows: (11) where is cross-domain trust. is inter-domain trust, which is the trust of authentication center C_B of R_i. is computed by the administration center, as shown in Fig 8. β is weighting factor.

If reader R_i is malicious node or malfunctioning node, the authorization is refused, otherwise approved. When an abnormal event of R_i is found, the authentication center C_A will consider the behavior status of R_i as malicious reader or malfunctioning node, and send the abnormal event report to administration center. Then, the trust of authentication center of C_B is changed by the administration center.

Accuracy of trust evaluation

Trust evaluation accuracy plays an important role of evaluation the performance of the trust scheme. In the section, we examine trust evaluation accuracy of D-S scheme and VIP scheme, and make comparisons with Bayes-based scheme [28].

In the first group of experiment, 100 readers are distributed in the area of three domains (C_A, C_B and C_D) whose size is 900m x 600m². Other parameters are default parameters. We vary fraction (P_M) of malicious readers who discards data packet from as low as 10% to as high as 50%. A reader selected to be in this “malicious” population is benign initially, but turns malicious after a period of time t∈[0, 120s] randomly generated is elapsed. The initial trust value of authentication center C_A is 0.9. In the experiment, D-S scheme is used to evaluate the trust of C_A. In our trust management framework, the trustworthiness of authentication center is evaluated by administration center. Based on trust evaluation algorithm in the system model section, the trust of authentication center is evaluated by collecting the abnormal event reports. The trust evaluation results are shown in Fig 10.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 10. The convergence speed of D-S scheme.

(a) Event result (Speed = 40m/s) (b) Trust result (Speed = 40m/s).

https://doi.org/10.1371/journal.pone.0181124.g010

We can see that there are four malicious events at 50s, which are found by neighbor nodes at 60s, and six malicious event reports are sent to administration center. A malicious event may be detected by multi-neighbors, so there are multi-reports. Once administration center receives the malicious event reports, the trust value of C_A is immediately updated. As the report number of malicious events increases, the trust value of C_A drops quickly. We see that after the behavior status changes, our trust scheme quickly converges towards the new trust value. The reason is that using more malicious event reports helps trust convergence more quickly. Therefore our scheme can deal with large scale RFID applications.

In the second group of experiment, we compare our schemes with Bayes-based scheme. The trust of C_A is respectively evaluated three times by VIP scheme, D-S scheme and Bayes-based scheme. The number of readers is respectively 50, 70 and 90 every time. The fraction (P_M) of malicious readers is 20%. A reader selected to be in this “malicious” population turns malicious after a period of time t∈[0, 120s]. Other parameters are default parameters. The results are shown in Fig 11 and Fig 12.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 11. Comparation of convergence speed.

https://doi.org/10.1371/journal.pone.0181124.g011

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 12. Comparation of malicious event detection rate.

https://doi.org/10.1371/journal.pone.0181124.g012

We can see that the trust value of C_A is changeless in the first and second time experiment of D-S scheme. But the trust value decreases in the third time experiment of D-S scheme. The reason is that the sparse distributed readers lead to the low malicious event detection rate. Because the number of readers is less than 90, the malicious events aren’t be detected by neighbor nodes. The trust evaluation results of D-S scheme and VIP scheme are similar. VIP scheme outperforms all other mechanisms, which detects earlier the node misbehavior and decreases the trust level of C_A. Even if the number of readers is 50, the malicious events can also be detected by VIP scheme. D-S scheme and Bayes-based scheme adjust the trust value of C_A based on observing the communication behavior of readers. But, the behaviors sometimes may not be detected due to the limited communication range in RFID systems.

Fig 12 shows the results of malicious event detection rate. In the figure, the number of readers is 90. From Fig 12, we can see that as the time increases, the malicious behavior detection rate also rises. When time = 80s, the detection rate of VIP scheme reaches to the best value. When time = 160s, the detection rate of D-S and Bayes-based scheme reaches to the best value. The detection rate of malicious events in Bayes-based scheme is the lowest.

Effect of mobility of tag

A tag is typically attached to an object that may roam to other administrative domains. The mobility of tag plays an important role when designing trust management mechanisms and protocols. Since the tag moves from one domain to another domain, the network topology also keeps continuously changing. These changes will have effect on detecting the malicious events. In the section we evaluate the effect of mobility of tag on detecting malicious event. Our experiments are divided into two groups. In the process of experiment, we use D-S scheme to evaluate the trustworthiness of reader. The fraction (P_M) of malicious readers is 20%. The communication range of tag is 70m. In the two groups of experiments, the tags are moving continuously at 15m/sec and 70m/sec, respectively. Other parameters are default parameters. Fig 13(A)–13(D) shows the simulation results.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 13. Effect of mobility of tag on detection rate of malicious event.

(a) Event result (Speed = 15m/s) (b) Trust result (Speed = 15m/s) (c) Event result (Speed = 70m/s) (d) Trust result (Speed = 70m/s).

https://doi.org/10.1371/journal.pone.0181124.g013

In the Fig 13, the square mark, triangle mark and circle mark respectively indicates the malicious event, detected malicious event and the trust value of C_A. From Fig 13, one can see that as the moving speed of tags increases, the occurrence rate of malicious events visibly decreases, but the detection rate of malicious events becomes higher. Faster moving of tags leads to the shorter interaction time with readers. Thus, the average number of malicious events decreases. One can see that the average number of malicious events is respectively 120 and 40 in Fig 13(A) and Fig 13(C).

Effect of communication range of tag

In the section, we evaluate the effect of communication range of tag on detection rate of malicious event. We assume that the communication range of tag is d_tag. The experiment is simulated three times. Communication range of tag is set to 30m, 60m and 90m respectively. The fraction (P_M) of malicious readers is varied from 10% to as 50%. We use D-S scheme to evaluate the trustworthiness of reader. Other parameters are default parameters. The Fig 14 shows the trust evaluation result of the authentication center C_A.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 14. Effect of communication range of tag on detection rate of malicious event.

https://doi.org/10.1371/journal.pone.0181124.g014

We can see that the trust value of C_A hasn’t any changes in the first experiment (d_tag = 30m). As the malicious events increase in the second experiment (d_tag = 60m), the trust value of C_A starts to decrease. After a while, no new malicious event is detected, and then the trust value of C_A gradually increases. In the third experiment (d_tag = 90m), the trust value of C_A quickly drops to the lowest value and remain steady.

As shown in Fig 14, the trust evaluation results of C_A are different in three experiments. The main reason is analyzed in the following:

The number of readers is n. The network area of readers is S. is the average number of readers met by a tag.

(12)

When the communication range is 30m, . Thus, the interaction is difficult to be detected by other readers in the first experiment. As a result, the performance of D-S scheme is far from satisfied, if the communication range of tag is too short.