Author Guidelines for Proceedings of ISATE2005 s1
Total Page:16
File Type:pdf, Size:1020Kb
Security and Privacy in RFID
Sirkka-Liisa Vehkaoja
Oulu University of Applied Sciences, [email protected]
Abstract back-end server. The tags, also called transponders are attached to/or embedded in Security and privacy in RFID and mobile RFID objects to be identified. (hosts). They are consist services and user-side communication are coming of microchip and RF-coupling element and more and more important then the wireless traffic antenna, which enables communication via radio is increasing hugely. Security and privacy waves. The microchip can include features as a protecting mechanism have to be tested to work CMOS integrated circuit, ROM, RAM and well. There are still problems to protect the nonvolatile EEPROM, autonomous power connections against attacks by any kind of hackers. element as a battery. The readers often called In this paper are handled on the tested systems for transceivers include a radiofrequency module, a more safe and privacy wireless traffic RFID control unit and a coupling element to scan for equipped communication. and communicate with tags. There are too many ways of classify RFID tags such as passive-, Keywords: Personal information protection, active and semi-passive. Physical blocking, Rewritable tag, Smart tag - Passive tags: It’s power captured from approach, Public key encryption, Common key reader’s radio waves through induction at encryption, hash based scheme, K-steps ID the antenna. matching, Crypto Algorithm, Discovery Service - Active tags: Power supplied autonomously Gateway system, Policy-based user privacy (usually a battery). protection - Semi-passive tags: Autonomous power . provides for an onboard clock and/or powers the tag circuitry, but does not supply the 1 Introduction radio interference. Communication is powered by induction as in the passive case. Personal information protection means same as Sometimes RFID readers are stand-alone units, privacy in this paper. All kind of protection against sometimes integrated with cell-phone devices. hackers is very important in information and Sometimes they have interface for mobile technology area. Normal RFID tag is called communication with a back-end server, with the basic tag because of not possesses any middleware or the database to implement cryptographic operation as encryption, strong specific secure business logic with a PC-type pseudorandom number generation and hashing. device and a custom software in the cell-phone A typical deployment of an RFID system and other components in remote databases involves three types of entities: tags, readers and accessed through the cell network. 2.5 K-steps ID matching
2 Normal RFID tag protection Hash function H, a ROM and a pseudorandom number generator are embedded within each First about the stationary RFID tags handles RFID tag. The tag is using a tree ID structure. further mobile RFID tags showing. The tree has N-leaves and each leaf corresponds to an RFID tag. Each node has an unique label. 2.1 Personal RFID protection ID of an RFID tag corresponding to a leaf node defines a sequence of labels from the root node Ideas, operations and technologies for personal to the leaf node. The server recognized an ID protection of RFID are based the same as normal from the output of an RFID tag. Steps. Proposes information systems. There are two unique features in RFID systems:1. An adversary can access a tag 3 Mobile RFID protection easily without notice since RFID uses radio frequency. 2. The restriction to the cost of the tag is Multilateral security approaches in mobile very severe in RFID systems. RFID using:
2.2 Physical blocking approach 1. Crypto Algorithm 2. Discovery service gateway system Satisfy anonymity and unlinkability by 3. Policy-based RFID user privacy protection preventing an adversary from accessing RFID tags physically. 3.1 Crypto Algorithm 1. Kill command, which disables functionality of the tag by EPCglobal standard. There is a crypto library for efficient processing 2. Faraday cage, made of conducting material, of the crypto algorithms and security protocols in blocks radio frequency. User encloses RFID mobile RFID. It provides security mechanism to tags with Faraday cage, which prevents the mobile RFID reader and targets the mobile communication between tags and readers. RFID middleware based on the WIPI platform at 3. Proposes by Jules, Karjoth and MosKowitz. a reasonable cost and short period of time. In WIPI platform RFID crypto library enables the 2.3 Rewritable tag approach mobile RFID service provider, wireless content provider and information security industry Nonvolatile RAM (NVRAM) as a flash memory Crypto logical procedures are used to protect is embedded within each RFID tag. Proposes by against active and passive attacks to achieve the Juels and Pappu. protection. The transmitted data can be encrypted before transmission so that potential 2.4 Smart tag approach attacker can’t hacker the content of message. In mobile RFID systems are used for a long time Cryptographic function and a ROM are only symmetric procedures. embedded within each RFID tag. The tag changes its output all the time using a cryptographic 3.2 Discovery service gateway system function – public key encryption, common key encryption or hash function – on itself. A secure service portal for various mobile RFID Proposes by Kinoshita. application services is SMAP (the secure mobile RFID application portal). A service provider using SMAP can easily guaranteed security and privacy protection for several mobile RFID RPS system applications. This portal allows to find out offline product information on an EPC, online additional RPS system creates a privacy profile for owner’s service information, information on authentication privacy policy, provides the privacy profile to the for product families or product related to this EPC service-side system and manages the event logs etc. This gateway system manages the locations from service-side or RPS system for auditing. and interface of servers and services as registered from the applicable product and service providers Service-side system for product information and contents corresponding to each EPC. It manages too the This system provides information related to the mobile OIS system in a mobile RFID security ID code of RFID tag and provides an access application service network and supports internal function by owner-defined privacy profile. functions comprising each element service system. The gateway system seeks appropriate services for User-side system capacity provide information transmitting between RFID tag and any device equipped with applicable The system has a wireless (or wired) network EPC or contents. A safe server-based system is access function and an RFID reader function. built by using Web service security technology as a Via this system the tag owner accesses the standard to expand RFID data security functions. service-side and RPS system.
In order to satisfy the privacy protection 3.3 Policy-based RFID user privacy requirements of mobile RFID service users the protection profile-based privacy protection service incorporates the functions as access control, The privacy problem will be very serious if the registration, privacy profile management, privacy RFID reader is contained in handheld device and enhanced log management, obligation many application services are based on B2C notification and tag data refreshment. model. The RPS system provides for users privacy protection services under mobile RFID Conclusion of mobility RFID tag environment. In connection between RFID user and RFID tagged product RPS enables the owner The mobility of RFID reader and it’s service to control the backend information connected to model will give rise to additional security treats. the tag as product information, distribution info, The killing alone and recoding are not enough owner’s personal information etc. and new mechanism are needed for building The secure privacy protection mechanism is often privacy-preserving RFID architectures. There are focused on the tag/reader authentication protocol. many supposes and suggestions for better Owner’s privacy profile-based protection service This source gives only just that kind of ideas. seems to be quite reliable. There are three service systems using profile-based systems (See Figure Nearly all visibility events detected on the 3.). research of RFID made by College of Engineering. The US National Science (See 1. RPS system 2. Service-side system This result verifies the integrity of data- 3. User-side system collection procedure because high precision depends on correct ground truth input. passive active hybrid RFID tag (PART). To it has been employed security and multiple levels during the RFID transaction. These levels are applied in different layers in the communication scheme similar to the layers as in OSI (Open System Interconnection) Model. This system provides layers for security in the final RFID system with: 1. passive activation layer (burst switch) 2. the active communication encoding (physical layer) 3. the use of encrypted data in communication primitives (specified with the RFID design automation) and 4. physical security protection.
For example, the reader generates pulses with lenght of 2, 12, 3, and 9 time units. The tag must detect a unique code from the burst and so as activate the remainder of the tag. (See Figure 2.) The SW-based system is implemented in a PIC Figure 1. A single visibility event between two microprocessor and HW-based system is tags, except of the first, which is implemented in ASIC or SoC chips. The strength the average of A’s visibility of encoding is related to two components: the events with their objects. number of bursts in the sequence n and a unique Average precision and recall for number of different burst length detectable by the visibility events. receiver b.
PEEX in Figure 1 means Probabilistic Event The clock speeds of the circuit depends on the Extractor for RFID Data research prototype. detection precision of the burst. HW with Spartan 3 FPGA and connection between a Security in RFID standards generator and detector. Deviation was 100 kHz first ~1 µs and it dropped by considering four Still there are ISO-, ANSI-, etc.-standards and pulses 0 % for 0,3 µs. Clock speed should be security technics the state security of RFID- below 1 MHz and resolution systems have several key problems. Security of the transceiver at least an order of magnitude standards are fairly minimal as exist at all. Finally (100 kHz) lower. they left designers integrate their own security 100 kHz clock speed is closer to match the methods they like. capability of transceiver requires 300 x less Cost and power requirements make difficult to power than PIC on processing. At such lower incorporate strong security to tags. clock speeds the clock-gated circuit provides Many technics propose lightweight authentication little power advantage. There were used Lynx and encryption but they often have high cost and transmitter and receiver too. required area are impossible to utilize and archieve. To strenghten security of RFID tags are designed a RFID communication Model For anonymity and availability in RFID RFID communication model is modeled in three authentication protocols are some tools which distinct layer: have capabilities for security measures, - lowest/physical layer, involving the RF considering the requirements of passive tags – coupling element NAND gate-equivalents (GE) is a crucial - thee data link layer/communication layer, measure and provide a few thousand GEs for including the collision-avoidance protocols security in the higher end tags. Only 1/3 of the - the protocol/application layer, wherein circuitry can be used for security purpose. Per- higher-level mechanism such as cycle maximum power and per-cycle average authentication protocols can be power required for RFID circuits are restricted implemented. for measurements. At every layer of this model there are issues that Security mechanism are: affect RFID security. By Faraday cage or larger - transient storage capacitors can eliminate such physical- - EPROM, EEPROM observation attacks as power manipulation in the - time-out mechanism RFID internal circuits. For example, US e- - asymmetric cryptographic primitives passports incorporate F-shielding pages. At - symmetric cryptographic primitives communication layer it is possible to achieve security violations and in particular location Security controls for most RFID privacy exploits by some mechanism as implementations singulation protocol in the EPC Gen2 standard (EPCglobal 2005) (See Figure 4.). By keeping Security controls can be: the singulation protocol in open state it is - Management: Organization update the possible for a reader continuously track a tag that policies remains within reach, even if the tag were to - Operational: Ensure the physical security implement privacy-preserving protocols at - Technical: Uses technology to monitor and higher layers. Protocol layer RFID security at a restrict the actions can be performed within passive RFID tag is strongly restricted in their the system. maximum circuit area by the amount of power Operational security control is physical access provided by electromagnetic energy captured by control. the antenna. This restriction provides an Management security control provide envelope of few thousand gates of circuitry authentication and integrity services, protect RF available for implementation of all protocol layer communication between reader and tag and services. Passive RFIDs are not vulnerable protect the data stored on tags by security battery-depletion denial of service attacks that policies for usage policy. The most common affect other constrained settings such as sensor security technics are using passwords, keyed- networks. Semi-passive tags represent an unique hash message authentication codes (HMAC) and security domain, but not in minimizing digital signature (SEED, KCDSA, ARIA etc.). communication and computation cost. They have not strong restrictions on circuit as battery can Low cost RFID tag security systems power comparatively larger circuits. For secure functions in RFID low cost tags are Resources available for RFID security used complexity classes for deviding tags by mechanism complexity theory (See Figure 5.). C-class (Circuit with polynomial order of the number of logic gates) in mobile phones is using RP-class in use. Then comparing the precision and recall (random polynomial) of algorithms. These tasks events of the raw data stream against a third sets include processing of data, transmitting data and of tag reads, which is made by PEEX. With the other normal procedures. By complexity theory several algorithms and tools could ameliorate all RP-class of algorithms can be implemented antenna’s reading problems in pocket or duffel on C-class of circuits. In UWB modulation using bag by cleaning the data. in time slot hidden system is used a pulse EPC tags are low-cost and they have only position modulator (PPM). A CS PRNG basic functions. (Cryptographically Secure Pseudo Random RFID tags usually communicate using some Number Generator) determines the time hopping form of Manchester encoding which combines codes. There are too using physically unclonable data communication with a synchronization functions, which are using HW-based random clock. Each bit is contained with a window in the function (PUF) integrated to low cost RFID tag signal, which contains a transition in the middle IC. Minimalist cryptography usin in RFID tags (“1” -and “0”- states in the queue). are sometimes used. By the theory the tag may Level of security and privacy will depend on the carry multiple random-looking names. Each used application. There are multiple SW- and occasion is a tag quered, the tag releases a HW-based systems in use and suggested for use different name. Only an authorized verifier can to provide for better these systems reliability. tell when different names belong to the same tag. Biomedical security solutions use layer2 privacy There are noisy tag protocols and one time codes control, proxy using MAC protocols, encryption, to secure the traffic between RFID tags and centralized authority, challenge-response readers. In one time codes system is used a authentication protocols, update algorithm for simple operator as XOR function based on use of secret keys etc. methods. The time and paper lef shared secret encrypted with random binary no possibilities to concentrate for these systems. sequences string between a tag and a database Designers are only the people who know and with one or more features. It provides only have to know what technic use. mutual authentication between RFID readers and The sensors are too like same devices as RFID tags. The backend database and the reader are tags. They have same kind of problems. The user treated as a single entity, which communicates of RFID tag cannot see RF-emissions, they only with a tag via the RFID air-interface. form their impressions based on physical cues As far as future directions, A5 algorithm is used and industry explanations. It will allow the in GSM mobile communication standard is using physical and logical access performed by policy in Hidden Field Equations (HFE) system. This decision and preliminary examinations. method is used in a direct application to the Example of use biomedical security solutions for analysis of bit oriented stream generator based animals and human beings. The implantable on shift register and has ability to represent the micromodule and blood glucose RFID device. encryption HW-using polynomial equations. The other example solution is supply-chain in logistics are used years.
4 Summary References [1] S. Ahson, M. Ilyas. RFID handbook Privacy and security level of RFID are very Applications, Technology, Security, and important issues. This source shows only supposes Privacy. 2008 crcpress, 27-28: 485-521, 611- by words “if” and “example” as far as this is. The 620, 17. April 2009. good results of researching are still quite true and [2] College of Engineering. The US National Science Foundation funded this research under its ComputingResearch Initiative grants 0454394, IIS-0428168, and IIS-0415193.. An, Pervasive computer , Authorized licensed use limited to: Oulun Seudun Ammattikorkeakoulu. Downloaded on March 30, 2009 at 08:48 from IEEE Xplore. Restrictions apply.. [3] rfid_surway_28_09_05. Figure 2. For example, reader generates pulses
Figure 3. Service system comprising the profile-based privacy protection service Figure 4. Example of tag singulation Figure 5. Complexity classes of low cost RFID tags security