Hung-Min Sun,Wei-Chih Ting

DOI: https://doi.org/10.1109/tmc.2008.175

IF: 6.075

2009-01-01

IEEE Transactions on Mobile Computing

Abstract:EPCglobal Class-1 Generation-2 specification (Gen2 in brief) has been approved as ISO18000-6C for global use, but the identity of tag (TID) is transmitted in plaintext which makes the tag traceable and clonable. Several solutions have been proposed based on traditional encryption methods, such as symmetric or asymmetric ciphers, but they are not suitable for low-cost RFID tags. Recently, some lightweight authentication protocols conforming to Gen2 have been proposed. However, the message flow of these protocols is different from Gen2. Existing readers may fail to read new tags. In this paper, we propose a novel authentication protocol based on Gen2, called Gen2+, for low-cost RFID tags. Our protocol follows every message flow in Gen2 to provide backward compatibility. Gen2+ is a multiple round protocol using shared pseudonyms and Cyclic Redundancy Check (CRC) to achieve reader-to-tag authentication. Conversely, Gen2+ uses the memory read command defined in Gen2 to achieve tag-to-reader authentication. We show that Gen2+ is more secure under tracing and cloning attacks.

Junyu Wang,Christian Floerkemeier,Sanjay E. Sarma

DOI: https://doi.org/10.1007/s00779-014-0788-x

2014-01-01

Personal and Ubiquitous Computing

Abstract:Radio frequency identification (RFID) is an important technique used for automatic identification and data capture. In recent years, low-cost RFID tags have been used in many open-loop applications beyond supply chain management, such as the tagging of the medicine, clothes, and belongings after the point of sales. At the same time, with the development of semiconductor industry, handheld terminals and mobile phones are becoming RFID-enabled. Unauthorized mobile RFID readers could be abused by the malicious hackers or curious common people. Even for authorized RFID readers, the ownership of the reader can be transferred and the owners of the authorized mobile reader may not be always reliable. The authorization and authentication of the mobile RFID readers need to take stronger security measures to address the privacy or security issues that may arise in the emerging open-loop applications. In this paper, the security demands of RFID tags in emerging open-loop applications are summarized, and two example protocols for authorization, authentication and key establishment based on symmetric cryptography are presented. The proposed protocols adopt a timed-session-based authorization scheme, and all reader-to-tag operations are authorized by a trusted third party using a newly defined class of timed sessions. The output of the tags is randomized to prevent unauthorized tracking of the RFID tags. An instance of the protocol A is implemented in 0.13-μm CMOS technology, and the functions are verified by field programmable gate array. The baseband consumes 44.0 μW under 1.08 V voltage and 1.92 MHz frequency, and it has 25,067 gate equivalents. The proposed protocols can successfully resist most security threats toward open-loop RFID systems except physical attacks. The timing and scalability of the two protocols are discussed in detail.

Hao Min,ID Lab

2007-01-01

Abstract:Radio-frequency identification(RFID) is expected to take an important role for object identification as a ubiquitous infrastructure.As it will be pervasive in the social life,the security and privacy have to be concerned.Many jobs have been done in the communication between the reader and the backend database,however as an integrated technology the security of the reader and tag channel is also a weak point to be attacked.The challenge to provide RFID tag security is the limitation of its power resource,its cost requirement and even more the communication speed users bear such as EPC C1G2 standard defines the margin time the tag can process instructions.A peculiar security model of the channel between reader and tag is described in this paper,and based on the EPC C1G2 protocol the vulnerable points is analysed.The resource on the tag is recounted regarding the protocol.A modified scheme with security strategy is also suggested afterwards.

YU Yu,Yuqing YANG,Na YAN,Hao MIN

2007-01-01

Abstract:A challenge to implement tag's security is its power and cost performance. A feasible way to carry out a secure scheme on tag is to choose a tiny crypto algorithm and a secure protocol. In this paper, a secure UHF RFID tag baseband is designed. This baseband is integrated with TEA, which is one of the acceptable algorithms through estimation of hardware resource on tag and some performance analysis. To improve security, authentication procedure is added in the EPC Class 1 Gen 2 protocol. To support the flexible protocol and supply a good power management, an application specific micro-processor is designed in the structure. From the simulation results, this secure RFID tag baseband proves a feasible way to actualize security on tag.

Luciano Gavoni

DOI: https://doi.org/10.48550/arXiv.2110.00094

2021-10-01

Abstract:Radio Frequency Identification (RFID) systems are among the most widespread computing technologies with technical potential and profitable opportunities in numerous applications worldwide. Further, RFID is the core technology behind the Internet of Things (IoT), which can accomplish the real-time transmission of information between objects without manual operation. However, RFID security has been taken for granted for several years, causing multiple vulnerabilities that can even damage human functionalities. The latest ISO/IEC 18000-63:2015 standard concerning RFID dates to 2015, and much freedom has been given to manufacturers responsible for making their devices secure. The lack of a substantial standard for devices that implement RFID technology creates many vulnerabilities that expose end-users to elevated risk. Hence, this paper gives the reader a clear overview of the technology, and it analyzes 23 well-known RFID attacks such as Reverse Engineering, Buffer Overflow, Eavesdropping, and Malware. Moreover, given the exceptional capabilities and utilities of RFID devices, this paper has focused on security measures and defenses for protecting them, such as Active Jamming, Shielding tag, and Authentication.

Cryptography and Security

Qi Yongzhen,Wang Xin'an,Feng Xiaoxing,Gu Weqing

DOI: https://doi.org/10.1109/asicon.2009.5351524

2009-01-01

Abstract:This paper presents a security-enhanced baseband system for UH R ID tag, which is based on ISO1 000- B protocol. The proposed baseband system consists of the following modules Receiver, Controller, Power Management (PM), Transmitter, Advanced Encryption Standard with 12 bits cryptographic key (AES-12), and Cyclic Redundancy Check (CRC). AES-12 is the encryption engine, which is designed and implemented properly for low cost requirement. Tag uses AES-12 to protect sensitive data in memory and realize mutual authentication with reader. As the actual length of data transacted between reader and tag is less than 12 bits, a novel data flow is given to enhance security strength. The chip was designed using 0.1 mu m CMOS process. Total area of the baseband system is 5 mu mX3 0 mu m excluding pads. Power analysis shows that it consumes. mu w IV. The chip is under fabrication.(1)

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Robert H. Deng,Yingjiu Li,Moti Yung,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-15497-3_1

2010-01-01

Abstract:Formal RFID security and privacy frameworks are fundamental to the design and analysis of robust RFID systems. In this paper, we develop a new definitional framework for RFID privacy in a rigorous and precise manner. Our framework is based on a zero-knowledge (ZK) formulation [8,6] and incorporates the notions of adaptive completeness and mutual authentication. We provide meticulous justification of the new framework and contrast it with existing ones in the literature. In particular, we prove that our framework is strictly stronger than the id-privacy model of [18], which answers an open question posed in [18] for developing stronger RFID privacy models. We also clarify certain confusions and rectify several defects in the existing frameworks. Finally, based on the protocol of [20], we propose an efficient RFID mutual authentication protocol and analyze its security and privacy. The methodology used in our analysis can also be applied to analyze other RFID protocols within the new framework.

B Chen,Hy Gu,O Wang

2004-01-01

Abstract:It has been widely recognized that RFID related technologies will greatly improve the visibility, the efficiency and the collaboration of industry supply chain. In this new "product driven" supply chain scenario, manufacturer, supplier, and third party share and coordinate the use of diverse resources in distributed "virtual organizations". It challenges the security issues, which demand new technical approaches. In collaboration with researchers in Auto-ID Labs China, we have developed a service-oriented framework based on CA and Web Services, which supports inexpensive mediation of product information among rapidly evolving, heterogeneous information sources. Our architecture defines a user-driven security model that allows users to create entities and policy domains within virtual organizations. We emphasize that standard Web Services tools and software provide both stateless and stateful forms of secured communication.

He Xu,Xianzhen Yin,Feng Zhu,Peng Li

DOI: https://doi.org/10.1109/jsen.2021.3077575

IF: 4.3

2021-08-01

IEEE Sensors Journal

Abstract:Currently, Radio Frequency Identification (RFID) is one of the key technologies to realize the Internet of Things (IoT), which is widely used in our daily life. However, there are some security threats such as impersonation attack, replay attack in existed RFID systems. In addition, most physical-layer authentication methods for RFID systems are mainly to authenticate tags without authenticating the user. In this paper, we present the design and implementation of Au-Hota, a system that can authenticate the tag and the user simultaneously, and can resist replaying attack and impersonation attack that cannot be solved by most physical-layer methods. Our idea is to assign a unique identifier to the user based on the inductive coupling between two adjacent tags. When the user draws the identity identifier on the tag, different identity identifiers correspond to unique phase features so that simultaneous authentication of the tag and the user can be achieved under the premise of ensuring security. The system is fully compatible with Ultra High Frequency (UHF) RFID systems without any modification. We implement a prototype of the system and conduct extensive experiments to evaluate performance. Our results demonstrate that the system has good authentication performance.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Han Ding,Jinsong Han,Yanyong Zhang,Fu Xiao,Wei Xi,Ge Wang,Zhiping Jiang

DOI: https://doi.org/10.1109/infocom.2018.8486424

2018-01-01

Abstract:As the Ultra High Frequency (UHF) passive Radio Frequency IDentification (RFID) technology becomes increasingly deployed, it faces an array of new security attacks. In this paper, we consider a type of attack in which a malicious RFID reader could arbitrarily modify the tags via standard commands, e.g., IDs or other data in the memory. To deal with this type of attack, we propose a physical-layer RF signal based reader authentication solution, namely Arbitrator, that involves passively listening on RF channels, analyzing the communication signals, identifying unauthorized readers and jamming the commands from such readers. Our solution does not need to modify RFID devices or the underlying communication standards, hence fully compatible with the existing RFID infrastructure. In this study, we have implemented a prototype Arbitrator over the Universal Software Radio Peripheral (USRP) platform, and conducted extensive experiments to evaluate its performance. Our results show that Arbitrator can detect unauthorized RFID readers with high accuracy, and thus effectively diminish the unauthorized access attacks.

Thorsten Staake,Florian Michahelles,Elgar Fleisch,John R. Williams,Hao Min,Peter H. Cole,Sang-Gug Lee,Duncan McFarlane,Jun Murai

DOI: https://doi.org/10.1007/978-3-540-71641-9_2

2008-01-01

Abstract:Counterfeit trade developed into a severe problem for many industries. While established security features such as holograms, micro printings or chemical markers do not seem to efficiently avert trade in illicit imitation products, RFID technology, with its potential to automate product authentications, may become a powerful tool to enhance brand and product protection. The following contribution contains an overview on the implication of product counterfeiting on affected companies, provides a starting point for a structured requirements definition for RFID-based anti-counterfeiting systems, and outlines several principal solution approaches that are discussed in greater detail in the subsequent chapters.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Zhao Wang,Wei Xin,Zhigang Xu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-34528-9_37

2013-01-01

Abstract:As a non-contact auto-identifying technology, RFID has played an important role in our daily life. However, the tradeoff between limited computing resource and high security requirement has become its bottleneck for wider use and application. Current mechanisms cannot give an effective solution to use limited computing resource to achieve a high goal of security. This paper proposes a novel secure protocol of communication between tags and readers. The protocol, which is based on EPC global UHF protocol and simplified DES, can lower the size of tag circuit and enhance the security of RFID reading and writing process. © 2013 Springer-Verlag.

Jia Liu,Xingyu Chen,Shigang Chen,Wei Wang,Dong Jiang,Lijun Chen

2020-01-01

Abstract:Radio frequency identification has been gaining popularity in a variety of applications from shipping and transportation to retail industry and logistics management. With a limited reader-tag communication range, multiple readers (or reader antennas) must be used to provide full coverage to any deployment area beyond a few meters across. However, reader contention can seriously degrade the performance of the system or even block out some tags from being read. Most prior work on this problem requires hardware and protocol support that is incompatible with the EPC Gen2 standard. Moreover, they assume the knowledge of a reader network that precisely describes the contention relationship among all readers, but the efficient acquisition of the reader network in a practical system with commercial-off-the-shelf (COTS) tags is an open problem. This study fills the gap by proposing a novel protocol Retwork, which works under the limitations imposed by commercial Gen2-compatible tags and identifies all possible reader contentions efficiently through careful protocol design that exploits the flag-setting capability of these tags. We have implemented a prototype with 8,000 commercial tags. Extensive experiments demonstrate that Retwork can reduce communication overhead by an order of magnitude, in comparison to an alternative solution.

SHEN Xiang,LIU Dan,TAN Jie,WANG Jun-yu

DOI: https://doi.org/10.15943/j.cnki.fdxb-jns.2010.06.018

2010-01-01

Abstract:The constraints on the security cipher by the RFID tag based on EPC Class-1Gen-2 protocol are analyzed.Consequently an low-power hardware implementation of AES(Advanced Encryption Standard)is proposed.The implementation adopts a single-Sbox method,and uses the same data path to implement the procedure of both AES encryption and decryption;therefore the hardware cost is reduced.Simulation results show that the implementation reaches 4952 gate equivalent,and the encryption or decryption of 128bit block can be finished in 204 clock cycles.This is suitable for application in low-cost and low-power RFID security tags.

Shaoying Cai,Yingjiu Li,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-30436-1_41

2012-01-01

Abstract:In this paper, we propose a distributed path authentication solution for dynamic RFID-enabled supply chains to address the counterfeiting problem. Compared to existing general anti-counterfeiting solutions, our solution requires non sharing of item-level RFID information among supply chain parties, thus eliminating the requirement on high network bandwidth and fine-grained access control. Our solution is secure, privacy-preserving, and practical. It leverages on the standard EPCglobal network to share information about paths and parties in path authentication. Our solution can be implemented on standard EPC class 1 generation 2 tags with only 720 bits storage and no computational capability.

Martin Feldhofer,Sandra Dominikus,Johannes Wolkerstorfer

DOI: https://doi.org/10.1007/978-3-540-28632-5_26

2004-01-01

Abstract:Radio frequency identification (RFID) is an emerging technology which brings enormous productivity benefits in applications where objects have to be identified automatically. This paper presents issues concerning security and privacy of RFID systems which are heavily discussed in public. In contrast to the RFID community, which claims that cryptographic components are too costly for RFID tags, we describe a solution using strong symmetric authentication which is suitable for today’s requirements regarding low power consumption and low die-size. We introduce an authentication protocol which serves as a proof of concept for authenticating an RFID tag to a reader device using the Advanced Encryption Standard (AES) as cryptographic primitive. The main part of this work is a novel approach of an AES hardware implementation which encrypts a 128-bit block of data within 1000 clock cycles and has a power consumption below 9 μA on a 0.35 μm CMOS process.