Abstract
Radio frequency identification (RFID) is an important technique used for automatic identification and data capture. In recent years, low-cost RFID tags have been used in many open-loop applications beyond supply chain management, such as the tagging of the medicine, clothes, and belongings after the point of sales. At the same time, with the development of semiconductor industry, handheld terminals and mobile phones are becoming RFID-enabled. Unauthorized mobile RFID readers could be abused by the malicious hackers or curious common people. Even for authorized RFID readers, the ownership of the reader can be transferred and the owners of the authorized mobile reader may not be always reliable. The authorization and authentication of the mobile RFID readers need to take stronger security measures to address the privacy or security issues that may arise in the emerging open-loop applications. In this paper, the security demands of RFID tags in emerging open-loop applications are summarized, and two example protocols for authorization, authentication and key establishment based on symmetric cryptography are presented. The proposed protocols adopt a timed-session-based authorization scheme, and all reader-to-tag operations are authorized by a trusted third party using a newly defined class of timed sessions. The output of the tags is randomized to prevent unauthorized tracking of the RFID tags. An instance of the protocol A is implemented in 0.13-μm CMOS technology, and the functions are verified by field programmable gate array. The baseband consumes 44.0 μW under 1.08 V voltage and 1.92 MHz frequency, and it has 25,067 gate equivalents. The proposed protocols can successfully resist most security threats toward open-loop RFID systems except physical attacks. The timing and scalability of the two protocols are discussed in detail.
Similar content being viewed by others
Notes
Note that, as micro-electronics industry develops, it would be feasible to support a strong public key cryptography in normal tags in the future.
Note that the freshness of a session in the proposed protocols is assured by a nonce and an on-tag counter. In the proposed protocols, all reader to tag operations are authorized session by session.
References
Nohl SK, Evans D, Plötz H (2008) Reverse-engineering a cryptographic RFID tag. USENIX security symposium
Garcia FD, Gans GK, Muijrers R, Rossum PV, Verdult R, Schreur RW, Jacobs B (2008) Dismantling MIFARE classic. In: Proceedings of the 13th European symposium on research in computer security, pp 97–114
Sarma SE, Brock D, Ashton K (1999) The networked physical world, proposals for engineering the next generation of computing, commerce and automatic-identification, whitepaper. http://autoid.mit.edu/whitepapers/MIT-AUTOID-WH-001.PDF
Sarma SE, Brock D, Engels D (2001) Radio frequency identification and the electronic product code. IEEE Micro 21(6):50–54
Weis S, Sarma SE, Rivest RL, Engels D (2004) Security and privacy aspects of low-cost radio frequency identification systems. Secur Pervasive Comput 2802:201–212
Class 1 generation 2 UHF air interface protocol standard version 1.2.0 (2008). http://www.gs1.org/gsmp/kc/epcglobal/uhfc1g2/uhfc1g2_1_2_0-standard-20080511.pdf
ISO/IEC 18000-63:2013 Information technology—radio frequency identification for item management—part 63: parameters for air interface communications at 860 MHz to 960 MHz type C. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=59643
Ashton K (2009) That ‘internet of things’ thing. RFiD J, itrco.jp
Atzoria L, Ierab A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
Sun Y, Yan H, Lu C, Bie R, Zhou ZB (2013) Constructing the web of events from raw data in the web of things. J Mob Inf Syst. doi:10.3233/MIS-130173
Guo J, Zhang H, Sun Y, Bie R (2013) Square-root unscented Kalman filtering-based localization and tracking in the internet of things. Pers Ubiquit Comput. doi:10.1007/s00779-013-0713-8
Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394
Koscher K, Juels A, Brajkovic V, Kohno T (2009) EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond. In: Proceedings of the 16th ACM conference on computer and communications security, pp 33–42
Engels DW, Kang YS, Wang J (2013) On security with the new Gen2 RFID security framework. In: Proceedings of IEEE international conference on RFID
EPC™ radio-frequency identity protocols generation-2 UHF RFID specification for RFID air interface protocol for communications at 860 MHz–960 MHz version 2.0.0 (2013). http://www.gs1.org/sites/default/files/docs/uhfc1g2/uhfc1g2_2_0_0_standard_20131101.pdf
Niu B, Zhu X, Li H (2013) An ultra-lightweight and privacy-preserving authentication protocol for mobile RFID systems IEEE wireless communications and networking conference (WCNC), pp 1864–1869
Kaul SD, Awasthi AK (2013) RFID authentication protocol to enhance patient medication safety. J Med Syst 37(6):1–6
Wu ZY, Lin SC, Chen TL, Wang CA (2013) Secure RFID authentication scheme for medicine applications. In: Seventh international conference on innovative mobile and internet services in ubiquitous computing (IMIS), pp 175–181
Mei S, Yang X (2012) An efficient authentication protocol for low-cost RFID system in the presence of malicious readers. In: Proceedings of the 9th international conference on fuzzy systems and knowledge discovery (FSKD), pp 2111–2114
Lee YS, Kim TY, Lee HJ (2012) Mutual authentication protocol for enhanced RFID security and anti-counterfeiting. In: 26th international conference on advanced information networking and applications workshops (WAINA), pp 558–563
Chikouche N, Cherif F, Benmohammed M (2012) Vulnerabilities of two recently RFID authentication protocols. In: International conference on complex systems (ICCS), pp 1–6
Syamsuddin I, Han S, Dillon TA (2012) Survey on low-cost RFID authentication protocols. In: International conference on advanced computer science and information systems (ICACSIS), pp 77–82
Juels A (2004) Minimalist cryptography for low-cost tags, security in communication networks. Revised selected papers, volume 3352 of LNCS, pp 149–164
Foley JT (2007) Security approaches for radio frequency identification systems, MIT Ph.D. thesis
Gao Z, Jiang Y, Lin Z (2012) An effective RFID security protocol based on secret sharing. In: Proceedings of the second international conference on instrumentation & measurement, computer, communication and control
Avoine G, Bingol MA, Carpent X, Yalcin SBO (2013) Privacy-friendly authentication in RFID systems: on sublinear protocols based on symmetric-key cryptography. IEEE Trans Mob Comput 12(10):2037–2049
Tsudik G (2006) YA-TRAP: yet another trivial RFID authentication protocol. In: Fourth annual IEEE international conference on pervasive computing and communications workshops (PerCom workshops), pp 640–643
Wu X, Zhang M, Yang X (2013) Time-stamp based mutual authentication protocol for mobile RFID system. 22nd wireless and optical communication conference (WOCC), pp 702–706
ISO (1999) Information technology—security techniques—entity authentication—part 2: mechanisms using symmetric encipherment algorithms ISO/IEC 9798-2, 2nd edn
Abadi M, Needham R (1994) “Prudent engineering practice for cryptographic protocols”. In: IEEE symposium on research in security and privacy, pp 122–136. IEEE Computer Society Press
Shaw JA (2012) Radiometry and the Friis transmission equation. Am J Phys 81(1):33–37
Fabian B, Gunther O (2007) Distributed ONS and its impact on privacy. In: IEEE international conference on communications, pp 1223–1228
Doi Y, Wakayama S, Ozaki SA (2008) Design for distributed backup and migration of distributed hash tables. In: International symposium on applications and the interne (SAINT 2008), pp 213–216
Aikat J, Kaur J, Smith FD, Jeffay K (2003) Variability in tcp round-trip times
Encryption performance. http://www.cpktec.com/performance.html
Mysqlqueryperformance. http://dev.mysql.com/tech-resources/articles/mysql-54.html
Acknowledgments
This work is supported by National Natural Science Foundation of China (61211140046, 61076022) and the National High Technology Research and Development Program (“863” Program) of China (2011AA100701), and the Shanghai Pujiang Program. Thanks to Mi Shao, Ye Yao, Linghao Zhu, and Linyin Wu for their help with this paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, J., Floerkemeier, C. & Sarma, S.E. Session-based security enhancement of RFID systems for emerging open-loop applications. Pers Ubiquit Comput 18, 1881–1891 (2014). https://doi.org/10.1007/s00779-014-0788-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-014-0788-x