2. DESIGN OF RADIO FREQUENCY IDENTIFICATION
SYSTEM SECURITY METHOD
Supervisor
Dr. Imran Ali Jokhio
Co-Supervisor
Prof. Dr. B.S.Chowdhry
Presented By
Durr Muhammad
B09MEESE-58
Institute of Information and Communication Technologies
Mehran University of Engineering & Technology
Jamshoro Sindh
3. PRESENTATION OUTLINE
Introduction
Background
RFID System
Aims and Objectives
Literature Review
Methodology
Cryptographic Approach
Simple scheme for tag Authentication
Authentication Protocol Proposal
Protocol Description
Conclusion
References
4. Introduction
Radio Frequency Identification (RFID) Technology uses radio waves to
automatically identify wirelessly.
Contact less
Without visibility
Privacy and security concerns slow down the fast adaption of RFID technology for
many application. A number of authentication protocols that address these concerns
have been proposed but real-world solutions that are
secure
maintain low communication cost
And can be integrated into EPCglobal C1G2 tag protocol.
This thesis represents a novel authentication protocol which offers a high level of
security through the combination of random key scheme with a strong cryptography.
This protocol is applicable to,
− Memory Resources
− Power
− Computational constraint platforms such as RFID tags.
1
5. Background
The hindrances of this thesis are,
− Mutual authentication
− Untraceability
− Forward and backward security
− Resistance-to-replay
− Denial-of-service
− Man-in-the-middle
The proposed protocol is integrated into the EPCglobal C1G2 tag which assures low
implementation cost.
Keywords :
− cryptographic authentication proposed protocol
− passive computation capable tag
− RFID Systems.
2
6. RFID System
An RFID system consist of three components:
- Tags
- Reader
- Back-end-server.
The RFID tags being considered are passive that are powered by the
reader through RF carrier.
Operating frequency of the reader ranges from 860 to 960 MHz
depending on the local regulations.
Tags operate with modest amount of energy , however , they can
perform computationally intensive operation such as en/deciphering of
messages.
Reader is a combination of customary RFID reader and application
software that runs on personal computer.
Back-end-server is trusted entity that maintains all the crucial tag such
as key tables, timestamps and IDs.
3
8. Aims and Objectives
• To investigate security and privacy challenges faced by RFID devices.
• To highlight the privacy and security threats faced due to RFID devices.
• To identify RFID major threats
• To investigate threats impacts with respect to serious consequences
• To investigate measures to overcome Security Issues in RFID devices
• To investigate secure storage and transmission of data
• To design a security method to secure RFID tag.
5
9. Literature Review
• Weis, S., Sarma, S., Rivest, R., Engels, D: from Laboratory for
Computer Science and Auto-ID Center introduced Low-Cost RFID
System in which they analyze the security and Privacy Issues (2004).
• Security Issues are:
-- Eavesdropping,
-- Traffic analysis (Location Privacy),
-- Spoofing (aid thieves) or denial of service.
• Privacy concerns are removing and stealing tag.
• They used different schemes
• Hash-Based Access Control (locking or unlocking tag and managing
key in database to ensure forward security)
-- Spoofing is not protected
-- Replay attack occur
6
10. Continue…
• Random Access Control
-- Pseudo-random number generation (past transaction guarantee)
-- Brute-force search (not better for large databases)
-- XORing technique is used (XOR provide no security)
-- Randomized version to disguise the ID so that output is not
fixed overtime but impersonation is the serious security flaw.
-- Not embedded with EPCglobal standard.
• Silent Tree Walking
--Binary tree walking anti-collision algorithm to derive tag contents.
-- This scheme does protect against long-range eavesdropping
of forward channel with little added complexity .
7
11. Continue…
• Dimitriou, T.: Athens Information Technology, A light-weight RFID
Protocol to protect Traceability and Cloning Attack (2005). He
presents RFID authentication that enforces user privacy and protect
against tag cloning .
• Common secret and PRNG used to obscure the message contents.
• Simple and enhanced protocol rely on the secret shared key
between reader and tag (back-end database).
• Impersonation, replay or cloning, protection against these attacks
but not all.
8
12. Methodology
Surveying RFID applications.
Selection of a candidate application. (SCM)
Analysis of the candidate application to devise security requirements.
Analysis of attacks on RFID tags.
To devise an attack taxonomy in the context of candidate application.
To design a security method for RFID tags in the context of candidate
application.
Evaluation of the security method with formal methods.
9
13. Simple Tag Authentication Scheme
In this scheme, authentic reader and tag share a common secret K. when
reader challenge a tag with a random number ra , the tag performs the
function C on the challenge ra using the secret K. Then it backscatters the
result m to the reader .
If C is reversible and the secret K is known, the reader can reveal the
original challenge . As an authentic tag knows the secret K, the reader will
authenticate the tag.
ra
Reader Tag
m performance analysis , m=C(ra, k)
Reader Tag
Authenticate the tag if
ra=C-1(m, k)
Fig.2.Simple Tag Authentication Scheme.
10
14. Continue …
In this scheme followings are the main key features of the protocol,
− Novel authentication protocol that is based on private key Cryptography
− the protocol is applicable to passive RFID tags.
− protocol is embedded with EPCglobal C1G2 standard protocol.
− Employing of Ciphers to hide the message content.
− Use the resources of WISP tag platform to implement Ciphers.
Tag-to-reader is the main bottleneck of an RFID system because passive tag can
harvest power from a reader which is the main trade-off between security and
computation/ communication cost.
11
15. Cryptographic Approach
I am Asad
Identification.
- Claim to be have a
certain identity
(e.g. username)
Authentication.
- Proof of identity
- Showing knowledge,
- possession, inherent
feature
12
16. Continue….
INTERROGATATOR TRANSPONDER
Query [2] Evaluate slot counter.
[1] Reader issues a query
command. a) If the slot counter is zero then the
tag responds with RN16.
RN16 b) If slot counter is not zero then
Identification
decrement slot counter.
[3] Reader Acknowledges tag by ACK(RN16) [4] Evaluate RN16.
issuing ACK with same RN16. a) If RN16 is valid then respond with
EPC .
b) If RN16 is invalid then do nothing.
[5] Reader issues Req_RN [6] Evaluate RN16:
containing same RN16. If RN16 is valid then respond with
handle .
Command (handle XOR PW-low) b) If RN16 is invalid then do nothing.
[7] Reader issues access [8] Decrypt PW_low by XORing
command using handle to Req_RN (handle) handle.
Authentication
cover code the password [10] Evaluate RN16
(PW_low). handle (handle) a) if RN16 is
valid then respond with
[9] Reader issues Req_RN
EPC.
containing handle.
b) If RN16 is invalid
Command (handle XOR PW_high) then do nothing.
[11] Reader issues Access [12] Decrypt PW_high by
command using handle to cover XORing handle .if PW_low
code the password (PW_low). and PW_high are correct
then authenticate reader and
13
allow further operation.
17. Protocol Authentication Proposal
This proposed cryptographic authentication protocol that is same computational
and communication abilities like YA-TRAP because YA-TRAP also places low
computational burden on the tag. The main design goal is to
− Retain high level of security
− Low implementation costs.
Improving the weaknesses of YA-TRAP which is susceptible to
− DOS attack because the reader can transfer the data (in particular the timestamp Tr)
without fully authenticating itself to the tag.
− Ciphers in place of one-way-hash function to keep the message content secret.
− Security relies on key tables (A and B) that are stored at the tag level.
Key tables are generated during the manufacturing process and along with a
primary timestamp Tt and the tag’s ID (EPC) they are written on the tag.
14
18. Continue…
The main idea of the proposed protocol is that a tag can authenticate the
reader/server as only an authentic entity can know the unique key pairs.
Key table A Key Table B
Index Key
Index Key
keyA[i] 0x03… Key Pair
KeyB[i] 0x03…
keyA[i+1] 0x01…
keyB[i+1] 0x01…
Key Pair
keyB[i+2] 0xAF…
….
….
keyA[n] 0xAF…… Key Pair
….
….
Fig.3 KEY TABLES
15
19. Continue…
Tag ID Tag Table Index Key
Timestamp
1 0 A i 0x03…
1 0 A i+1 0x01…
….
….
….
….
….
1 0 A n 0xAF…
….
….
….
….
….
1 0 B I 0x03…
1 0 B i+1 0x01…
….
….
….
….
….
1 0 B n 0xAF
….
….
….
….
….
Fig.4.Server Data Base. 16
20. Protocol Description
READER/SERVER TAG
m1 =Rr Generate Rt
Generate and transfer Rr
Look up keyA[Rt] and KeyB[Rt+1]
Encrypt Tt and Rr with keyA[Rt]
Fetch subset KA of all keys with number Rt and
h1 = h(Tt||Rr,KeyA[Rt]
associated tag timestamps Tt(i). m2 =Rt||h1 Reply h1 and Rt
WHILE(key found=false)&& (i<#of keys)
Decrypt h1:[Tt,Rrt]=h(inv)(h1,key)
IF (Rr=Rri): key found=true End IF End WHILE
IF (key found=true): delete all keys KA except the
Decrypt h2 with keyB[Rt+1]
one found . Check if one of the associated tag
[Tr,Rt]=hinv(h2,keyB[Rt+1])
timestamps
IF Tr>Tt:
Tti matches Tt. IF this is not the case, generate a
Update timestamp Tt=Tr
warning. Store assumption about m4.
Set key key=keyB[Rt+1]
Fetch th related key keyB[Rt+1] and encrypt the
ELSE:
reader
Set key key = keyA[Rt]
Timestamp and Rt: m3=h2=h(Tr||Rt,KeyB[Rt+1])
END IF
ELSE:
m3 =h2 Encrypt ID and timestamp with key
Generate random number: m3=Rr2
m4 =h3=h(IDXORTt,key)
END IF
ELSE:
Reply m3
Generate and reply random
Number Rt2
Decrypt h3 with the key keyA[Rt] or keyB[Rt+1]
m4 =Rt2
based
END IF
On assumption about m4.
Reveal tag ID based on assumption about m4 by an
m4 =h3 Reply m4
exclusive OR operation with Tr or Tt
Authenticate the tag if it is one of the possible tags.
17
21. Continue …
The authentication process can have three possible scenarios:
[1] Reader is not authentic: Reply random number Rt2.
[2] Reader is authentic but timestamp is wrong: Use keyA[ Rt ] to encrypt h3 and do
not update the timestamp.
[3] Reader is authentic and timestamp is right : Update timestamp and use keyB[ Rt+1]
to encrypt h3.
The reader can authenticate the tag based on the assumption made after the first
round.
18
22. Conclusion
The security features of different protocols are to be analyzed to design the
secured RFID system.
Security and privacy threats are described and used encryption method that
gives better way to secure communication. Encryption may either symmetric or
A-symmetric because both have their own issues.
This proposed protocol provides:
− Mutual authentication
− Untraceability
− Forward and backward security
− Resistance-to-replay
− Denial-of-service
− Man-in-the-middle
19
23. References
[1]. S. Liu, O.V. Gavrylyako, P.G. Bradford, Implementing the TEA algorithm on sensors: Department of
Computer Science , The University of Alabama, 2004.
[2]. Asif Z., Munir M, Integrating the Supply Chain with RFID, In: Fox School of Business and
Management Temple University (Volume 15, Article 24, March 2005)
[3]. G. Tsudik, YA TRAP: Yet Another Trivial RFID Authentication Protocol: CS Department , University
of California, Irvine, 2006.
[4]. Thorsten B., George Q., RFID in Operations and Supply Chain Management (2007)
[5]. H. Chae. D.J. Yaeger, J.R. Smith, K. Fu, Maximalist cryptography and computation on the WISP UHF
RFID Tag, in: proceedings of the International Conference on RFID security, 2007.
[6]. G. Tsudik, A family of dances: Trivial RFID identification and Authentication Protocols, in:
Computer Science Department, University of California, Irvine, 2007.
[7]. Omer k., Beygo., C., Eraslan, Enhancing Security and Usability Features of NFC, In: School of
Computing Blekieng Institute of Technology Sweden (Thesis no: MCS 2009-30, September 2009).
[8]. Dr.V., Coskun, Kerem Ok, Current Issues in Near Field Communication Technology, In: ISIKI
University, Istanbul, Department of Information Technology (University of Thessaly September 23rd,
2010)
[9]. Kapil N., Vhatkar, G., P., Bhole, Internal Location Based System for Mobile Devices Using Passive
RFID and Wireless Technology (2010).
[10]. Gul N. Khan, X. Yu, F.Yuan, A novel based authentication Protocol for RFID Systems, Department of
Electrical and Computer Engineering, Reyrson University, Toronto, canada, 2011.
20