a simple and cost effective rfid tag reader mutual
play

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication - PDF document

Mar 18, 2024 •141 likes •273 views

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim Information and Communications University (ICU), International Research Center for Information Security (IRIS), Auto-ID Lab Korea

  1. A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim Information and Communications University (ICU), International Research Center for Information Security (IRIS), Auto-ID Lab Korea R504, 103-6, MunjiDong, Daejeon 305732, Republic of Korea { divyan, zeenkim, kkj } @icu.ac.kr Abstract. Cloned fake RFID tags and malicious RFID readers pose a major threat to RFID-based supply chain management system. Fake tags can be attached to counterfeit products and medicines. Malicious readers can corrupt and snoop on genuine tags. These threats can be alleviated by incorporating a RFID tag-reader mutual authentication scheme. In this paper we propose a simple, cost-effective, light-weight, and practical RFID tag-reader mutual authentication scheme. Our scheme adheres to two ratified standards: EPCglobal Architecture Framework specification and EPCglobal Class 1 Gen 2 UHF RFID Protocol. This scheme utilizes the tag’s Access and Kill Passwords and achieves the following three goals: detect cloned fake tags, ward off malicious snooping readers, and in the process, a manufacturer can also implicitly keep track on the whereabouts of its genuine products. 1 Introduction 1.1 RFID Technology Radio Frequency IDentification (RFID) technology offers strategic advantages for businesses because it can provide efficient real-time product track and trace capability. VeriSign [1] gives a detailed description about advantages of RFID technology for supply chain management. With RFID technology, manufactur- ers attach Passive-RFID tags to their products. Most of these tags contain only a unique Electronic Product Code (EPC) number and further information about the product (e.g., product description, manufacturing date, packaging, shipments, product arrival and departure details, etc. ) is stored on a network of databases, called the EPC-Information Services (EPC- IS). A RFID reader uses EPC number to locate the right EPC-IS, from where it can download and upload data about the product it scanned. Therefore, EPC-IS assists geograph- ically distributed supply chain stakeholders to easily and efficiently access and share information on any product they are handling. EPCglobal Inc [2] is lead- ing the development of industry-driven standards for the EPC to support the use of RFID in supply chain management. We composed this paper based on the following ratified standards: (i) EPCglobal Architecture Framework [3], (ii) EPCglobal Class-1 Generation-2 UHF RFID Protocol for Communications at 860MHz 960MHz [4], (iii) EPCglobal Certificate Profile [5].

  2. 1.2 Security Threats and Requirements In this paper we identified and focused on the following security threats and security requirements. Threat 1: RFID Tag Snatching: RFID tags can be made tamperproof, so that snatching a tag from a genuine product (pallet, case, or an item) should render itself permanently unusable to be re-attached to a counterfeit product. Threat 2: Malicious RFID Readers: A RFID tag always responds with it’s EPC number to any querying RIFD reader. Therefore a powerful malicious reader can illegally snoop upon the tags (attached to products) inside a container, warehouse, etc , leading to corporate espionage. Such readers can also corrupt and modify the tag’s data. Therefore, a tag must be able to authenticate its reader. Also, only authorized readers must be allowed to access the EPC-IS. Threat 3: RFID Tag Cloning: A malicious reader can easily scan and copy the data (e.g., EPC number) on a genuine tag and embed the same data onto a fake tag. This fake tag can be attached to a counterfeit product. This threat cannot be prevented by tamperproof tags. Even though a particular tag gives out a genuine EPC number, it must still be authenticated by the reader. Threat 4: Insider Attack: The current ratified standard on EPCglobal Class 1 Gen 2 UHF RFID Protocol [4] describes only a one-way reader-to-tag authentication scheme. As per this standard, the manufacturer of a product can embed a unique 32-bit Access Password (APwd) into the tag. Only a reader with the right APwd can communicate with the tag. This scheme is not secure and it does not provide details on the secure distribution of the tag’s APwd from the manufacturer of the product to the stakeholder’s ( e.g., distributor, retailer) RFID reader. Any disgruntled, or compromised employee, can easily obtain the APwd by eavesdropping on any one of the communication sessions between the tag and the reader. The APwd for a tag, remains the same for the rest of the product’s life cycle. Therefore, an exposed APwd at any of the stockholders end, would easily lead to fabrication of cloned fake tags with the same APwd. It would also allow any malicious reader to illegally access, corrupt or manipulate tag’s data. Therefore we need a two-way tag-reader mutual authentication scheme, and obscure the APwd during a communication session. Threat 4: Man-in-the-Middle Attack: To accommodate quick and speedy scanning of goods in large bulks, EPCglobal Class 1 Gen 2 UHF RFID tags ex- hibit outstanding far-field performance. Readers can query and communicate with these tags over a range of 10 meters. Therefore, we can anticipate Man-in- the-Middle attacks from powerful malicious readers. This attack can be mounted to eavesdrop on the communication channel between the tag and the reader and to capture a tag’s EPC number and its APwd. To alleviate this threat we need to incorporate a tag-reader mutual authentication scheme, cover-code or obscure the APwd during the communication session, and finally the supply chain pro- cessing facility must be well-shielded from malicious external RF signals/noise.

  3. 1.3 Contributions of this Paper In order to alleviate the above mentioned threats, in this paper we propose the following: • Cheap passive-tags have tightly constrained computational and memory re- sources. Therefore we propose a simple, cost-effective, light-weight, and prac- tical tag - reader mutual authentication scheme. • A better approach to cover-code or obscure tag’s Access Password (APwd) • Secure distribution of obscured tags’ APwd to stakeholder’s RFID readers • The manufacturer of the product plays a vital role in the tag-reader mutual authentication process. Therefore, the manufacturer can also implicitly keep track on the whereabouts of its products. • Our scheme adheres to EPCglobal: Architecture Framework specification [3], Class 1 Gen 2 UHF RFID Protocol [4], and Certificate Profile [5] Juels [6] summarized many previously proposed tag-reader authentication schemes. Some of the proposed solutions like [7], depend on hash function. But due to constrained resources, Class-1 Gen-2 tags are not capable of ex- ecuting cryptographic hash function like MD5 and SHA-1. M 2 AP [8] claims to be an ultra-lightweight RFID mutual authentication protocols, which uses only simple bitwise operations. But [9] shows that this protocol fails under De- synchronization attack, and Full-disclosure attack. Unlike these schemes, the main advantage of our proposed scheme is that it does not require the implemen- tation of any special cryptographic hash functions/keys within the tag. There is also no need for the tag and the reader to synchronize security keys/hash values. We in fact propose to improve the existing one-way reader-to-tag authentication scheme (proposed by EPCglobal) to also accommodate tag-reader mutual au- thentication. Our scheme utilizes tag’s already existing, 16-bit random number generator, XOR function, and Access & Kill Passwords . Our scheme is not fully secure but it is simple, cost-effective, and light-weight to be implemented on a tag, and also it is practically secure, and highly suitable to the RFID-based supply chain processing scenario. Our scheme provides considerable challenges to thwart malicious readers, disgruntled or compromised employees, and man- in-the-middle attacks. In section 2 we introduce the one-way reader-to-tag authentication scheme proposed by EPCglobal [4] and describe its security weakness. Section 3 describes our proposed tag-reader mutual authentication scheme. Section 5 provides the security and implementation analysis of our scheme. Section 5 concludes this paper. 2 Related Work Our proposed scheme is an improvement over the weak One-Way Reader-to-Tag Authentication Scheme proposed by EPCglobal [4]. Therefore in the following subsections we describe this scheme and also its security weaknesses. Table 1 provides the list of notations we used in this paper.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei Wang, Dong Jiang, Lijun Chen 01 Background 02 System design 03 Evaluation 04 Conclusion What is RFID? 01 Background RFID System Antenna

567 views • 34 slides
WHAT IS SIT? Todays most simple and cost-effective self inflating tire system. WHAT IS SIT?

WHAT IS SIT? Todays most simple and cost-effective self inflating tire system. WHAT IS SIT?

WHAT IS SIT? Todays most simple and cost-effective self inflating tire system. WHAT IS SIT? Key principles of SIT design: SIMPLE Tire-integrated feature uses the motion of the vehicle to re- inflate the tire with atmospheric air

373 views • 10 slides
A simple message of welcome The The common sense & cost effective communication tool for

A simple message of welcome The The common sense & cost effective communication tool for

A simple message of welcome The The common sense & cost effective communication tool for your front door for any customer who may need a little extra assistance Why BigBell? We invented BigBell to fill a hole in the marketplace. Beyond

283 views • 11 slides
Welcomes Anglo American plc SAFE, SIMPLE AND EFFECTIVE! Venetia Mine Vision Our Venetia an

Welcomes Anglo American plc SAFE, SIMPLE AND EFFECTIVE! Venetia Mine Vision Our Venetia an

De Beers Venetia Mine Welcomes Anglo American plc SAFE, SIMPLE AND EFFECTIVE! Venetia Mine Vision Our Venetia an efficient and cost-effective diamond operation responsibly securing our prosperity SAFE, SIMPLE AND EFFECTIVE! SAFE, SIMPLE AND

609 views • 23 slides
Simple and Cost Effective Methods of Manhole Rehabilitation Sacha Tetzlaff WWOA Annual

Simple and Cost Effective Methods of Manhole Rehabilitation Sacha Tetzlaff WWOA Annual

Simple and Cost Effective Methods of Manhole Rehabilitation Sacha Tetzlaff WWOA Annual Conference October 20, 2010 Presentation Overview Why worry about MH I/I and deterioration? Types of Problems Commonly Found Basic or Minor

804 views • 30 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
Revolutionary Monitoring Technology for Vascular Health SIMPLE | NON-INVASIVE | EFFECTIVE | LOW

Revolutionary Monitoring Technology for Vascular Health SIMPLE | NON-INVASIVE | EFFECTIVE | LOW

Revolutionary Monitoring Technology for Vascular Health SIMPLE | NON-INVASIVE | EFFECTIVE | LOW COST CSE: LNB OTCQB: LXGTF LEGAL Information contained in this presentation is the property of Lexington BioSciences (Lexington or the

400 views • 26 slides
A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010 Outline Introduction. Model of RFID Systems. Adaptive Completeness and Mutual Authentication. zk-Privacy: Formulation, Clarifications

456 views • 35 slides
Accelerated Reader What is Accelerated Reader? Accelerated Reader is the number one software

Accelerated Reader What is Accelerated Reader? Accelerated Reader is the number one software

Camerado Springs Middle School A closer look at Accelerated Reader What is Accelerated Reader? Accelerated Reader is the number one software program (or tool) that helps manage reading practice, monitor daily progress, and plan instruction. The

484 views • 13 slides
Revolutionary Monitoring Technology for Vascular Health SIMPLE | NON-INVASIVE | EFFECTIVE | LOW

Revolutionary Monitoring Technology for Vascular Health SIMPLE | NON-INVASIVE | EFFECTIVE | LOW

Revolutionary Monitoring Technology for Vascular Health SIMPLE | NON-INVASIVE | EFFECTIVE | LOW COST The first sign of a heart disease is often a heart attack Current first line cardiovascular health diagnostics are insensitive at

538 views • 19 slides
Q&A 1 19/12/2013 9 Simple Steps To an Effective and (Profitable) Website TWITTER Use tag:

Q&A 1 19/12/2013 9 Simple Steps To an Effective and (Profitable) Website TWITTER Use tag:

19/12/2013 9 Simple Steps to an Effective (and Profitable) Website 9 Simple Steps To an Effective and (Profitable) Website Suzi Dafnis Australian Businesswomen s Network 9 Simple Steps To an Effective and (Profitable) Website Q&A 1

198 views • 15 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown & Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
This weeks Message: In the same way, do marriage! 1 Peter 3:1-7 1. Why was Marriage

This weeks Message: In the same way, do marriage! 1 Peter 3:1-7 1. Why was Marriage

This weeks Message: In the same way, do marriage! 1 Peter 3:1-7 1. Why was Marriage created? 2. How is Marriage restored? 3. Whats the ultimate point? 4. Peters encouragement to married couples 1. Why was Marriage created?

1.05k views • 60 slides
MAGNETIC SENSORS Alfredo Garca-Arribas Universidad del Pas Vasco (UPV/EHU) Bilbao, Spain

MAGNETIC SENSORS Alfredo Garca-Arribas Universidad del Pas Vasco (UPV/EHU) Bilbao, Spain

THE EUROPEAN SCHOOL ON MAGNETISM MAGNETIC SENSORS Alfredo Garca-Arribas Universidad del Pas Vasco (UPV/EHU) Bilbao, Spain email: alfredo.garcia@ehu.es THE EUROPEAN SCHOOL ON Brno, september 12, 2019 MAGNETISM Contents 1.

966 views • 57 slides
ICTP Ocean Modelling Summer School Lab CVMix Vertical Mixing Library CVMix Team: M. Levy 1 , G.

ICTP Ocean Modelling Summer School Lab CVMix Vertical Mixing Library CVMix Team: M. Levy 1 , G.

ICTP Ocean Modelling Summer School Lab CVMix Vertical Mixing Library CVMix Team: M. Levy 1 , G. Danabasoglu 1 , S. Griffies 2 , T. Ringler 3 , A. Adcroft 2 , R. Hallberg 2 , D. Jacobsen 3 , and W. Large 1 1 National Center for Atmospheric Research

847 views • 47 slides
Ontology Development 101: A Guide to Creating Your First Ontology Natalya F. Noy and Deborah L.

Ontology Development 101: A Guide to Creating Your First Ontology Natalya F. Noy and Deborah L.

Ontology Development 101: A Guide to Creating Your First Ontology Natalya F. Noy and Deborah L. McGuinness Stanford University, Stanford, CA, 94305 noy@smi.stanford.edu and dlm@ksl.stanford.edu 1 Why develop an ontology? In recent years

281 views • 25 slides
Pavel Alex James Zach Panchekha Sanchez-Stern Wilcox Tatlock Floating Points Wild

Pavel Alex James Zach Panchekha Sanchez-Stern Wilcox Tatlock Floating Points Wild

Automatically Improving Accuracy for Floating Point Expressions error Pavel Alex James Zach Panchekha Sanchez-Stern Wilcox Tatlock Floating Points Wild Success Floating Points Wild Success F R Often floating point is

1.19k views • 67 slides
Lean & Six Sigma Minali Wadu Mesthri BSc in HR & Leadership (UK) MSc in Business

Lean & Six Sigma Minali Wadu Mesthri BSc in HR & Leadership (UK) MSc in Business

Lean & Six Sigma Minali Wadu Mesthri BSc in HR & Leadership (UK) MSc in Business Psychology (UK) Cause & Effect 01 04 Lean 02 05 Six Sigma Value Vs Waste TQM 03 06 Kaizen Lean aims to eliminate waste in order to focus

806 views • 76 slides
Shading Language Basics CSCD 471 Slide 1 4/5/10 Shading Language Overview Shaders describe the

Shading Language Basics CSCD 471 Slide 1 4/5/10 Shading Language Overview Shaders describe the

Shading Language Basics CSCD 471 Slide 1 4/5/10 Shading Language Overview Shaders describe the output of light sources, and how the light is attenuated by surfaces and volumes Execution model: Shader is only concerned with a single point on

699 views • 39 slides
to 70 MeV neutron beam facility P. Mastinu Istituto Nazionale di Fisica Nucleare - Laboratori

to 70 MeV neutron beam facility P. Mastinu Istituto Nazionale di Fisica Nucleare - Laboratori

The LENOS project at Laboratori Nazionali di Legnaro of INFN: a thermal to 70 MeV neutron beam facility P. Mastinu Istituto Nazionale di Fisica Nucleare - Laboratori Nazionali di Legnaro- LNL (Legnaro Nuclear Labs) The Legnaro Nuclear

480 views • 30 slides

More recommend