Security Implications In Rfid Application

Published Date: 02 Nov 2017

Abstract-Rfid is not a new technology and has passed through many decades of use in military, airline, library, security, healthcare, sports, animal farms and other areas. Industries use RFID for various applications such as personal/vehicle access control, departmental store security, equipment tracking, baggage, fast food establishments, logistics, etc. The enhancement in RFID technology has brought advantages that are related to resource optimization, increased efficiency within business processes, and enhanced customer care, overall improvements in business operations and healthcare. This presents numerous opportunities along with innumerable risks. A lot of research is being done to suggest methods which will ensure secure communications in RFID systems. The objective of this paper is to present an introduction to RFID technology, its current and future applications, study various potential threats to security and privacy, and give an introduction to some suggested protocols for efficient security mechanisms.

Keywords-RFID technology, RFID discovery, RFID components, RFID applications, RFID in healthcare, EPC, UPC

Introduction

RFID stands for Radio Frequency Identification and is a term that describes a system of identification. RFID is based on storing and remotely retrieving information or data as it consists of RFID tag, RFID reader and back-end Database . RFID tags store unique identification information of objects and communicate the tags so as to allow remote retrieval of their ID. RFID technology depends on the communication between the RFID tags and RFID readers. The range of the reader is dependent upon its operational frequency. Usually the readers have their own software running on their ROM and also, communicate with other software to manipulate these unique identified tags . Basically, the application which manipulates tag deduction information for the end user, communicates with the RFID reader to get the tag information through antennas. Many researchers have addressed issues that are related to RFID reliability and capability . RFID is continuing to become popular because it increases efficiency and provides better service to stakeholders. RFID technology has been realized as a performance differentiator for a variety of commercial applications, but its capability is yet to be fully utilised.

RFID technology has passed through many phases over the last few decade.. The technology has been used in tracking delivery of goods, in courier services and in baggage handling. Other applications includes automatic toll payments, departmental access control in large buildings, personal and vehicle control in a particular area, security of items which shouldn’t leave the area, equipment tracking in engineering firms, hospital filing systems

Application:

Automation

Animal tracking

Product tracking

Asset tracking

Health care

Smart card reader

The paper is organized as follows. Section 2 addresses security issue and Section 3 explains Security algorithm Section 4 Explains advantage and disadvantage

.

Security Issues

There are many Security issues related to RFID They can be broadly divided into following categories.

Tag Access

An RFID system is susceptible to various kinds of attacks.

These attacks can be categorized as follows.

Physical Access

This is possible when the attacker has physical access to the RFID tags. These attacks may include material removal or water etching, energy attacks, radiation imprinting, circuit disruption or clock glitching.These attacks can not happen at a widespread level.

Counterfeiting

In this kind of attack an attacker may be able to produce its own tags and can initiate queries to the tags.

Eaves dropping

In this kind of attack the attacker can not initiate the query but may only be able to listen to "logical" messages transmitted in protocols, as opposed to the electromagnetic emissions monitored by physical access.

Traffic analysis

In this kind of attack attacker can not listen to the logical message but still be able to find the number of queries generated thereby by being able to do traffic analysis.

Denial of service attacks

This kind of attack is limited to disrupting broadcasts, blocking messages or any other denial of service attacks. As RFID becomes widely used this kind of attack could be very crucial.

Tag Collision

Readers may attempt to read a single tag from among a population of many. When multiple tags respond simultaneously to a reader query, conflicting communication signals may cause interference. This interference is called a collision and may result in a failed transmission. Readers and tags must employ a method to avoid collisions,referred to as an anti-collision algorithm. Binary tree walking is one such algorithm Binary tree-walking scheme In this scheme, a reader will query all tags in the vicinity for the next bit of their ID. If two different bit values are transmitted from among the population of tags, the reader will be able to detect the collision. The reader will then broadcast a bit indicating whether tags who broadcast a 0 or tags who broadcast a 1 should continue. Essentially, the reader chooses a "branch" from the binary tree of ID values. Tags which do not match the reader’s choice will cease participating in the protocol. As the reader continues to move down the branches of the binary tree, fewer tags will continue operating. If all tags are unique, at the end of the protocol only a single tag will remain in operation. This process of addressing and isolating a single tag is referred to as singulation.

Fig 2.1(Kamran AHSAN1, Hanifa SHAH2 and Paul KINGSTON)

publickey

Cryptographic primitives or symmetric primitives requiring secure key distribution. Each hash-enabled tag in this design has a portion of memory reserved for a temporary metaID. The Tag owner "locks" tags by first selecting a key at random, then computing the hash value of the key.

The hash output, designated as the metaID s stored on the tag and the tag is toggled into a locked state.

The key and the metaID are stored in a back-end database. To "unlock" a tag, the owner first queries the metaID from the tag and uses this value to look up the key in a back-end database. The owner transmits this key value to the tag, which hashes the received value and compares it to the stored metaID. If the values match, then the tag unlocks itself and offers its full functionality to any nearby readers.

algorithm

Authentication using AES algorithm

In this proposal the authors talk about using AES algorithm for authentication in a challange response based protocol.As per the standards for 13.56MHZ frequency, the time for tag to respond is 32 clock cylces at a frequency of 100KHz,which is not enough for AES algorithm for encryption.So a protocol of interleaved challenge and response protocol is This gives the tag enough time (18ms) to encrypt message using AES .In this way in the system proposes that 50 tags could be authenticated in 1 second. The authors proposed AES implementation as a 32 bit architecture which allows to quarter the power consumption as compared to 128 bit.This comes at a cost of increasing the time for encryption which can be derived from using interleaved challenge respond.

HB Protocol for RFID

In this approach presented by S.Weis and A. Jules a particular human-to computer authentication protocol designed by Hopper and Blum (HB) , is shown to be practical for low-cost pervasive devices like RFID Tags. HB protocol is essentially a challenge and response protocol. Suppose Alice and a computing device C share an k-bit secret x, and Alice would like to authenticate herself to C. C selects a random challenge a 2 {0, 1}k and sends it to Alice. Alice computes the binary inner-product a · x, then sends the result back to C. C computes a · x, and accepts if it matches its own calculation. In a single round, someone imitating Alice who does not know the secret x will guess the correct value a · x half the time. By repeating this challenge and response for rounds, Alice can lower the probability of naively guessing the correct parity bits for all r rounds to 2−r. Alice can also inject noise into her response. The noise bit ν can be easily generated. Alice intentionally sends the wrong response with constant probability η. C then authenticates Alice’s identity if fewer than ηr of her responses are incorrect.

HB+ Protocol for RFID

A Jules and Stephen Weis presented HB+ protocol for Authentication against active adversaries .They argue that HB protocol will work against passive adversaries whereas HB+prevents corrupt readers from extracting tag secrets through adaptive (non-random) challenges, and thus prevents counterfeit tags from successfully authenticating themselves. HB+ requires marginally more resources than the "passive" HB protocol. In this case, rather than sharing a single k-bit random secret x, the tag and reader now share an additional k-bit random secret y. Unlike the case in the HB protocol, the tag in the HB+ protocol first generates random k-bit "blinding" vector b and sends it to the reader. As before, the reader challenges the tag with a k-bit random vector a. The tag then computes z = (a · x) (b · y) Θν , and sends the response z to the reader. The reader accepts the round if z = (a · x) Θ(b · y). As before, the reader authenticates a tag after r rounds if the tag’s response is incorrect in less than ηr rounds.

Secure Anti-Collision

The Binary Tree-Walking anti-collision algorithm discussed in the previous section has an inherent security flaw due to the asymmetry between forward and backward channel strengths. Every bit of every "Singulated" tag is broadcast by the reader on the forward channel. At certain operating frequencies, a long-range eavesdropper could monitor these transmissions from a range of up to 100 meters and recover the contents of every tag Many research papers have been submitted to deal with this. Some of the approaches are discussed below.

Blinded Tree-Walking

This is a variant of binary tree-walking which does not broadcast insecure tag IDs on the forward channel and does not adversely affect performance. Also called "Silent Tree- Walking". Assume a population of tags share some common ID prefix, such as a product code or manufacturer ID. To singulate tags, the reader requests all tags to broadcast their next bit. If there is no collision, then all tags share the same value in that bit. A long-range eavesdropper can only monitor the forward channel and will not hear the tag response. Thus, the reader and the tags effectively share a secret bit value. When a collision does occur, the reader needs to specify which portion of the tag population should proceed. If no collisions occur, the reader may simply ask for the next bit, since all tags share the same value for the previous bit.

Randomized Tree-Walking

The general idea behind Randomized Tree-Walking, due to Rivest, is for each tag to generate a temporary random pseudo-ID each tree traversal. The reader will perform a normal tree-walking scheme on the pseudo-ID values. Once a tag is singulated, it will send its normal ID over the backward channel.

Blocker Tag

Consumer privacy can also be obtained by a basic blocker tag .This simulates the full set of 2k possible RFID-tag serial numbers.We may call such a tag a "full blocker" or a "universal blocker." Now, whenever the reader queries tags in the subtree of a given node B for their next bit value, the blocker tag simultaneously broadcasts both a ‘0’ bit and a ‘1’ bit. This forced collision drives the reader to recurse on all nodes, causing the reader to explore the entire tree. If the reader had enough time, memory, and processing power to complete the tree-walking algorithm in these circumstances, it would output the entire set of all 2k possible tag serial numbers. This set is very large, at least of the size of 264 in even the most basic system – and the reading process is designed to execute very rapidly. In practice, therefore, the reader may be expected to stall after reaching only a few hundred leaves in the tree. The net effect is that the full blocker tag "blocks" the reading of all tags. There can also be "Selective Blocker Tags".

Hash lock

Hash lock in tag is similar to light weight access control mechanism. In this, we install lock in the tag and after that it can be reader which has the key of that lock.

Steps to lock the tag:

Reader select random key and calculate hash of key : MetaID = HASH(key)

Reader write MetaID into tag.

Now tag is in lock state.

Reader stores its key and tag key into backend database or locally.

Fig 3.1(Kamran AHSAN1, Hanifa SHAH2 and Paul KINGSTON)

One tag is in lock state, reader need to follow the below step to read tag.

Reader send query for MetaID

Tag sends MetaID

Reader find pair [key,MetaID] and send key to tag

Tag calculates the hash of key and compare with MetaID. If HASH(key) == MetaID then it will unlock itself.

Advantage & Disadvantage

Advantage

Disadvantage

High speed

Interference

Multipurpose and many format

High cost

Reduce man-power

Some materials may create signal problem

High accuracy

Overloaded reading (fail to read)

Complex duplication

Table 4.1(Kamran AHSAN1, Hanifa SHAH2 and Paul KINGSTON)

Epc

Conclusion

RFID is famous and widely used because it is very cheap. In most of the cases, passive RFID tags are used. But passive tags have limited power and limited computational resources. This puts security at stake. It is difficult to implement security features in limited resource system. Hence even though RFID is widely used, RFID systems can easily be attacked, leaking out the sensitive information.

refrences

Kamran AHSAN1, Hanifa SHAH2 and Paul KINGSTON3 1,2 Faculty of Computing, Engineering & Technology Staffordshire University tafford, ST18 0AD, UK

Avoine, G., Dysli, E. and Oechslin, P., "Reducing time complexity in RFID systems. In SAC 2005, volume 3897"

Stephen August Weis "Security and Privacy in Radio-Frequency Identification Devices"

RFID for Dummies by Patrick J Sweeney II

http://en.wikipedia.org/wiki/RFID

http://www.technovelgy.com/ct/Technology-Article.asp

http://www.kensavage.com/archives/rfid-hacking/ked vehicle

Error (km/h)

Car 1

0.6

Car 2

0.5

Car 3

6.0

Car 4

0.0

Car 5

-1.60

Tracked vehicle

Error (km/h)

Car 1

0.6

Car 2

0.5

Car 3

6.0

Car 4

0.0

Car 5

-1.60

Tracked vehicle

Error (km/h)

Car 1

0.6

Car 2

0.5

Car 3

6.0

Car 4

0.0

Car 5

-1.60