RFID Security: A Method for Tracking Prevention

. RFID-tags are very small and low-cost electronic devices that can store some data. The most popular are passive tags that do not have own power source, which allows for far-reaching miniaturization. The primary use of RFID-tags is to replace barcodes. Their industrial importance is constantly growing because in contrast to barcodes, manual manipulation of the object code is not required. RFID-tags are also used for detection and identiﬁcation of objects. This enables tracking of objects in technological processes. At the moment, the most widespread use of RFID tags is identiﬁcation of sold goods. However, the possibility of tracking carries the risk that improper subject can track the tags and consequently track a person who is in possesion of tagged subject. Therefore in this paper a method for tracking prevention is considered.


Introduction
Internet of Things (IoT) is the convergence of Internet with Radio Frequency IDentification (RFID), Sensor and smart objects. IoT can be defined as "things belonging to the Internet" to supply and access all of real-world information [13]. RFID is said to give rise to the IoT. RFID are systems that consist of three fundamental elements: tags, reader and a database system. Tags (also called transponders) are "small" electronic devices, highly constrained. They usually do not have own power source and are inductively powered during communication with the reader. They are not capable to perform strong crypto operations (even symmetric encryption). Reader (transceiver) is a device with quite big computational and energetic capabilities. Readers communicate with the tags via radio channel. The last part of RFID system is a database that stores information related with tags. Usually reader communicating with tags, uses a database system.
Unfortunately, RFID technology entails some privacy threats. One of them is tracking. For example, if a person is carrying an RFID-tag with static ID with no encryption or blinding, then tracking is easy [4]. In this case tracking is understood as a possibility of identifying the tag. Another problem is that authentication here does not help much, because it is generally used in order to prevent revealing tag's stored data [9]. Tag's ID is usually not "masked". Thus learning tag's ID is quite easily achievable and sufficient for tag tracking.
In this paper a method for tracking prevention is described. We propose that tags has a dynamic ID. For this purpose, a tag should have built-in random number generator. We assume that tag's ID can be modified, for instance after every tag activation. Then the tag generates new ID and sends it to the reader which saves it in the system database. Considered is a passive model of an adversary who eavesdrops all the traffic, but not all the time [10]. If the adversary misses several changes of tag's ID, it may be not possible to identify again targeted tag. History of all tags IDs is stored in the backend database.
The rest of the paper is organized as follows: next section gives a short overview of methods for privacy preserving/tracking protection in RFID systems. Section 3 presents proposed method for tracking prevention. In Sect. 4 preliminary experimental evaluation of proposed method is presented; finally the last section concludes this work and gives possible future directions.

Related Works
The risk associated with privacy has been recognized quite quickly [2]. Unfortunately, some RFID systems do not use any security mechanisms, so tags can be read by any reader, which is an obvious threat to privacy [12]. For instance, an ability to identify a tag, can deliver information about its owner. It is then possible to create a profil of an user, based on information collected from tags [7]. Thus so far many techniques for privacy protection have been proposed. In [9], there is proposed a method for tracking prevention. Considered is a model, where an attacker monitors a large fraction of interactions, but not all of them. Authors propose to make small changes with the tag's identifier. Tag does not have to perform any cryptographic functions.
Another method is "masking" tags, described in [4,14]. It assumes that a tag stores a list of pseudonyms p 1 , p 2 , . . . , p k and every now and then changes them. An adversary would not know that for example p i and p j belong to the same tag, therefore such approach can effectively complicate recognizing a tag. However, if an adversary intercepts tag's list of pseudonyms, the whole idea is compromised. Another question worth considering is how many pseudonyms should have store. Should be taken into account that tag has strongly limited memory resources [4].
Popular method is the kill command which aim is to completely deactivate a tag [12]. However this approach strongly reduces functionality of the system [8]. Another possible solutions are: screening with Faraday Cage or physical destruction of antenna or other parts of a tag [8]. More advanced solution is called active jamming. It is based on actively broadcasting radio signals, what disrupts actions of any reader. However, this approach requires extra device [11].
In [6] there is proposed an extension of method from [15], where tag can be temporarily switched off and another tag is simulating tags of all possible IDs. Hence a reader is not able to determine a tag which established a connection.
Golle et al. proposed in [5] a method called universal re-encryption. This solution is based on the classical scheme ElGamal which allows for re-encryption of a ciphertext without knowledge about public key. Thereby computationally powerful devices can read from a tag its content, then re-encrypt it and save it back in the tag. In this case only tag's owner, who knows the proper private key, is able to track the tag. Further development of this idea was proposed in [1].

System and Privacy Model
We assume that RFID system consists of several tags, a reader and the backend database. More formal definition is presented in Definition 1. It is assumed that tags are passive (powered only during the communication with the reader).
In Definition 2 we introduce a simple model of an adversary and his goals. We define adversary's goal similarly as in the scheme proposed in [3]. A passive adversary A eavesdrops all the communication between RFID system components (i.e. the forward and backward channel), but not all the time. x ∈ ID which is the currently used ID of some tag T x ∈ T . The goal of the adversary is to guess x with the probability greater than 1 n .
In our approach we assume that adversary observing the communication between reader and a tag, can "miss" several queries. The goal of the adversary is to identify the tag, i.e. not to "lose" its ID.

Tracking Prevention
We propose a method ChangeID which can be used to make more difficult recognition a particular tag. This method assumes that a tag simply changes its own identifier by generating a new one. Then, a new ID is transferred to the reader which saves it in the backend database. This makes possible later identifying the tag. Below is presented an idea of method ChangeID.
1. Tag has a n-bit binary sequence which stands for its ID: (b 1 , . . . , b n ) ∈ {0, 1} n ; 2. Next n bits are overwritten at random: a new sequence is created (b i1 , . . . , b in ), where for all j ≤ n, b ij ← b ∈ U {0, 1} is substituted from a uniform distribution.
This procedure can be performed after each activation of tag or, for instance at specified intervals. Note that none of sensitive data is transferred through the forward channel which is assumed to be easily eavesdropped [11,15]. It is likely that at average n/2 bits could remain unchanged.
Formally, this approach can be described as Algorithm 1. Note that this procedure has low requirements in terms of computational complexity.

Problem of Ambiguity
One should consider that generating random IDs may cause generation of two (or more) the same IDs. Such a situation is undesirable in most systems and sometimes can be critical to their functioning. Although intuitively the probability of happening such situation is quite small, one can assume that the reader (after each changing tag's ID) checks in the backend database, if generated ID already exists. If does, then tag simply could be asked to perform another ChangeID operation. Similarly, if new generated ID is the same as the previous one, another performance of ChangeID could be done. In this case we assume that considered is a sequential access model. This situation is presented in Table 1.

Preliminary Experimental Evaluation
We conducted a simple experiment in which we implemented a function generating different lengths random sequences (strings) that could act as a tag identifier. We checked the possible links between distances of these sequences and examined Hamming distances between them. We divided an experiment into 5 trials, in each trial 80 sequences of the following lengths were generated: 1. 32 bits length; 2. 64 bits length; 3. 128 bits length; 4. 256 bits length; 5. 512 bits length.

Distances in 32 Bits Trial
In Fig. 1 there are presented distances between adjacent sequences in 32-bits trial. Similarity is mostly at the level 0.7-0.9. On the X-axis the are next sequences; Y -axis presents the normalized distance between adjacent sequences. In Table 2 there are presented several generated sequences and distances between adjacent sequences. H d for i-th sequence stands for Hamming distance between the i − 1 and i sequence, Norm denotes value of normalization at [0, 1]. For instance, H d between (1) and (2) equals 21; in normalized way: 0.66, and so on.
For the clarity, we do not present full results of this and the other trials.

Summary
The Table 3 shows minimum and maximum values of normalized at [0, 1] distances in each trial. Intuitively, the shortest sequence, the higher probability for generating two quite similar sequences (minimum distance for 32 bits is 0.38, for 64 bits -0.48). The longer sequence, the greater differences (for instance, 0.76 for 512 bits sequences). These results are also showed in Figs. 2 and 3, respectively.
The longer tag's ID, the smaller probability of generating two the same sequences; however longer sequence requires more tag's memory.

Conclusion and Future Works
In this paper, a method for tracking prevention for RFID-tags was proposed. It was assumed that tag is able to change its own identifier by generating a random sequence and replacing earlier ID. If an adversary is not able to monitor the tag all the time, this method after a certain amount of execution can effectively complicate recognition of the tag. Preliminary experimental evaluation showed that unlinkability between tags IDs is at satisfactory level.
If future works it is planned to give a formal estimation of minimal number of ID modification in order to achieve good level of privacy. Also a simulation of implementation is considered to be carried out. Another problem to consider is to propose a method for settlement of the ambiguity of tags' IDs not in the sequential access model but in situation of independent and parallel operations of (several) readers.
Open Access. This chapter is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/ 4.0/), which permits use, duplication, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, a link is provided to the Creative Commons license and any changes made are indicated.
The images or other third party material in this chapter are included in the work's Creative Commons license, unless indicated otherwise in the credit line; if such material is not included in the work's Creative Commons license and the respective action is not permitted by statutory regulation, users will need to obtain permission from the license holder to duplicate, adapt or reproduce the material.