THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM

Transcription

1 THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM Iuon Chang Lin Department of Management Information Systems, National Chung Hsing University, Taiwan, Department of Photonics and Communication Engineering, Asia University, Taiwan Jyun-Ruei Li Department of Photonics and Communication Engineering, Asia University, Taiwan 2 nd Author s Name address Hui-Yu Chen Department of Management Information Systems, National Chung Hsing University, Taiwan ophechen@gmail.com ABSTRACT In this paper, we introduce the problem in privacy and security. And then we proposed a new idea. We use the Huffman code to encode the tag ID. And we use the hash function to augment the data security. Our protocol provides that each RFID tag emits a pseudonym when receiving each and every reader s query. Therefore, it makes tracking activities and personal preferences of tag s owner impractical to provide the user s privacy. In addition, our proposed method provides not only high-security but also high-efficiency. Keyword: Huffman code, privacy, RFID INTRODUCTION Recently, RFID (Radio Frequency Identification) has become a important technology, but it also raises some privacy problem. An integral RFID system consists a tag, a reader and a host system. The tag is a small electronic chip with a antenna, that contain an Electronic Product Code (EPC) that can provide an unique identifiers for any production. RFID use radio wave to transmit the data. Then it identifies and accesses the data by using the radio./citechi07 Although RFID technology is more and more convenient and popular, it also brings some problem. One of the problems is privacy. Today, Tag can be read remotely by any reader. And every tag has the unique ID. The consumer that has a tag may be traced insensibly. For example, important field may use the RFID tag to track the people movement without verify. And we have the other situation. Reader can 1 ISS 364

2 read the tag s information. If we take a expensive or special product, we will expose a dangerous place. Above-mentioned two example we can explain are tracking and data privacy. Tracking. Illegal reader knows the tag s ID or another information, then he will know the tag s position. Data privacy. Attacker use the reader to detect the tag. Then the tag will response the tag s information. In early work, some authors proposed the physical to defeat the privacy problem. And we listed these approaches as below: The kill command. Auto-ID center proposed a stand mode that RFID have the kill command. When we purchase the product, the reader may send the kill command. Then the tag will be no used anymore. But this way could bring the service after selling problem. Faraday cage. The tag place in a metal container. Then the radio wave will be cut off. The reader can t read the tag s information. Consumer can use the technology to prevent the illegal reader. But someone might use the way to avoid the cash register. information. Active jamming. The user uses the radio device to jam another RFID equipment. Then to prevent the attacker eavesdrop the user s tag. But the device is too dangerous if the radio frequency is too high. It will bring the serious destruction in some place like the airport or hospital The blocker tag. It is proposed by RSA company. When a reader query a tag, even if product is not exist. The blocker tag still send the normal information.[4] Basic on the physical methods, some way must pay another money by consumer. It is much difficult to use. So we must find a way to solve the privacy problem in RFID device. In 2005, D. Molnar, A. Soppera and D. Wagner proposed a way to solve the privacy problem. They use pseudonym scheme and Trusted Center (TC) to enforce the desired privacy policy. When the tag is read, it will generate a new pseudonym and send the pseudonym to the reader. The Trusted Center can decode the pseudonym and obtain the tag s identify.[5] 2 ISS 365

3 Today, RFID has been used in selling for many years. Every product has a tag. They have a unique ID that can identify the product. And then, Some products are popular. Some goods are not so popular. In order to speed up the checkout, we hope speed up for searching the goods that we often buy. So, The tag s frequency is higher. It is a priority. And it can be identify quickly. We use the characteristic to improve the Molnars scheme. Then we also use the pseudonym and the TC. When tag is read, it also send the pseudonym to the reader. But we use the Huffman code to build the TC tree. Huffman code is the optimal for building the tree. The tag that frequency is high will show in up tree. The low frequency will appear in the trees below. In this paper, our organization is as follow: In section 2, we describe the reviews the previous methods. In section 3, we introduce the Huffman code algorithm. In section 4, we describe the scheme we propose. In section 5, analysis of our proposed scheme. The final section concludes the paper with discussion of overview. MAIN CONTENT Related Work Many researches had been proposed in RFID areas. Excepts of the physical ways. Several papers have examined the protection of user privacy. We introduced the scheme Wagner proposed in 2005 as below.[5] Tree of Secrets They build a tree in TC by binary tree. Each tag is identified with a leaf of the tree. A tag stores the secret from the root to the leaf of the tree. Each S is different. It generate by randomly. And Tag knows secrets from root to its leaf. For example, Tag ID-3 is associated with S0, S01, S010.(fig 1.). And TC knows all secret keys. Figure 1: Tree of Secrets 3 ISS 366

4 Tag Responses We first introduced the initial value first S: randomly chosen 128-bit secret key RPF: pseudo-random function r: reader generates a random number P:RPF (S,r) In the beginning, the reader generate a random r and send to the tag. And the tag will response a pseudonym. (r, p) = (r, (F h(c1..1) (r), F h(c1..2) (r),... F h(c1..d) )) For example, generate a new Pseudonym every time a Tag is read. ID-3 has the keys0, S01, S010. And tag will calculate P 0 = RP F (S0, r), P 1 = RP F (S01, r),p 2(S010, r). Finally, tag responds the (r, P ) = (r, P 0, P 1, P 2) to the reader. Figure 2: Tag Responses Decoding Pseudonyms Reader receive the pseudonym (r, P ), it is possible to use the tree structure to efficiently to decode the pseudonym. And identify the tag that the reader send the query. It use the depth-first search to find the path in the tree that match the response p. it starts at the root of the tree of secrets. At each node s, we can check whether the left child s0 or the right child s1.in this way, wrong paths can be quickly pruned. For instance, the Trusted Center receives a Pseudonym: (r, p) = (r.p0, p1, p2). It will calculate. The graph is shown in fig Does PRF(S0,r) == P0? Does PRF(S1,r) == P0? And go to the S0 node. 4 ISS 367

5 2. Does PRF(S00,r) == P1? Does PRF(S01,r) == P1? And then go to the S01 node. 3. Does PRF(S010,r) == P2? Does PRF(S011,r) == P2? Then go to the S010 node. Huffman code In 1952 David A. Huffman proposed an algorithm. The algorithm is used in lossless data compression. The scheme use the variable-length code for encoding. It was based on the estimated probability of occurrence for each possible value of the source symbol.[3][1] Huffman coding uses a specific method for choosing the representation for each symbol, resulting in a prefix code that expresses the most common characters using shorter strings of bits than are used for less common source symbols. Figure 3: Authentication For example, e has high probability to occur. And z has low probability. When we use the Huffman code to compress an information. It could use a bit to express the e. And the z could cost 25 bits. If we use the common way to encode. It would use the 8 bits to encode. Compare to the two ways, e use the 1/8 length than common way. Z use the triple length. If we know the correct frequency for every character. That can raise up the accuracy. 5 ISS 368

6 A Huffman code for an alphabet a 1, a 2,..., an with weights p 1,p 2,..., p n is a prefix code that minimizes the average codeword length, defined as The problem of construction of Huffman codes is equivalent to the construction of Huffman trees. A problem of constructing a binary Huffman tree for a sequence consists in constructing a binary tree T with leaves, corresponding to the elements of the sequence, so that the weighted path length of T is minimal. The weighted path length of T, wpl(t ) is defined as follows: where l i is the depth of the leaf corresponding to the element with weight p i Constructing a Huffman code Huffman invented a greedy algorithm that constructs an optimal prefix code called a Huffman code. In the pseudocode that follows, we assume that C is a set of n characters and that each character c C is an object with a defined frequency f [c]. The algorithm builds the tree T corresponding to the optimal code in a bottom-up manner. It begins with a set of C leaves and performs a sequence of C -1 merging operations to create the final tree. A min-priority queue Q, keyed on f, is used to identify the two least-frequent objects to merge together. The result of the merger of two objects is a new object whose frequency is the sum of the frequencies of the two objects that were merged. HUFFMAN (C) 1. n C 2. Q C 3. for i 1 to n 1 4. do allocate a new node z 5. lef t[z] x EXTRACT-MIN(Q) 6. right[z] y EXTRACT-MIN(Q) 7. f [z] f [x] + f [y] 8. INSERT(Q,z) 9. return EXTRACT-MIN(Q) 6 ISS 369

7 For our example, Huffman s algorithm proceeds as shown in FIG 4. Since there are 6 letters in the alphabet, the initial queue size is n=6, and 5 merge steps are required to build the tree. The final tree represents the optimal prefix code. The codeword for a letter is the sequence of edge labels on the path from the root to the letter.[2] Line 2 initializes the min-priority queue Q with the characters in C. The for loop in lines 3-8 repeatedly extracts the two nodes x and y of lowest frequency from the queue, and replaces them in the queue with a new node z representing their merger. The frequency of z is computed as the sum of the frequencies of x and y in line 7. The node z has x as its left child and y as its right child. (This order is arbitrary; switching the left and right child of any node yields a different code of the same cost.) After n-1 mergers, the one node left in the queue-the root of the code tree-is returned in line 9. The analysis of the running time of Huffman s algorithm assumes that Q is implemented as a binary min-heap. For a set C of n characters, the initialization of Q in line2 can be performed in O(n) time. The for loop in lines 3-8 is executed exactly n-1 times, and since each heap operation requires time O(lgn), the loop contributes O(nlgn) to the running time. Thus, the total running time of HUFFMAN on a set of n characters is O(nlgn). Our scheme In this section, we will introduce our protocol. For our protocol, some notations will introduce as follows: h: one way hash function p: the output of hash function id: the identity of tag Because the Wagner s scheme use the binary tree. That will generate many keys. So we use the hash function to replace the key storage. Tree Structure First we will build a binary tree in the database. Each tag is identified with a leaf of the tree. For example, we give the id-3 a identify. And we give it a code 010. Tag Response First, the reader send a random number r to the tag. Then tag use its code to encode the r. According to the tree, use the hash function to encode. 7 ISS 370

8 Figure 4: Haffman tree example. 8 ISS 371

9 Figure 5: Tag response Left sight use the H0 to calculate. Right sigh use the H1 to calculate. For example, the tag id3 receive the random number r. And tag compute the P0 = H0(r), P1 = H1(P0) and P2 = H0(P1). Finally, tag responds the (r, P) = (r, P0, P1, P2) to the reader. shown as Fig 5. Decoding Reader receive the (r, P). And we also use the depth-first search to find the path in the tree. We can know the node is left sight or right sight. Finally, we can find the tag s id. For example, the reader receives the r, P0, P1 and P2. And the reader will compute the H0(r) is P0 or H1(r) is P0. And then H0(P0) is P1 or H1(P0) is P1. And H0(P1) is P2 or H1(P1) is P2. Finally, we can find the tag id-3.the graph shown as Fig 6. Figure 6: Tag response 9 ISS 372

10 The Huffman coding version: In our scheme, we find the secret tree use to much space. So we propose a way. We proposed the scheme use in Huffman coding. Huffman coding can use in tree structure. We think about the frequency in Huffman coding. It can improve the search time. Because the first we proposed scheme is binary tree. Its length is fixed. But we use the Huffman coding. The length is variable. It depend on the every tag s frequency. And the high frequency tag can put it on the top. Then it can decrease the search time efficiently. Analysis Reduce the key storage In our protocol, whatever we use the binary tree or Huffman coding. We only store the code at the leave. We don t need store the key at every node. It can reduce the space in the TC tree. Because we use hash function to calculate the ID s code. Hash function only need small time to calculate. Reduce the search time In our protocol, we use the Huffman coding to build the tree. The tag search time is O(logn). Although the previous protocol use the balance binary tree. Its time is O(logn). If we consider the frequency. The higher frequency tag is usually used. And then the search time can reduce efficiently. And we use the hash function. Eavesdropping RFID equipment send the messages in the air. It is easy to record by the someone. Attacker can eavestrop to know message between tag and reader. And we use the hash function to prevent it. The hash function can let attacker doesn t know the data meaning. Reply attack The attack can use some equipment. He can record the messages. And reply those messages at any time. And the database also can verify the illegal users. In our protocol, we generate the random number r to prevent this attack. The r value is random. Even if the attack can receive the value P. Then he sends to the database. It is not work out, too. 10 ISS 373

11 CONCLUSION: CITATION In this paper, we proposed a method to solve the privacy problem. For the users, protect their privacy is necessary. It can defeat the illegal reader to access the tag. It use the huffman coding. And it can use is some market. The coding can raise the search speed. Our scheme use the low computation. And it has the high security. REFERENCES [1] P. Berman, M.Karpinski, and Y. Nekrich, Approximating Huffman codes in parallel, Journal of Discrete Algorithms, vol. 5, pp , Sep [2] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clif- ford Stein, Introduction to Algorithms Second Edition. USA: McGraw-Hill, [3] D.A. Huffman, A method for the construction of minimum-redundancy codes, in Proceedings of the I.R.E, pp , September [4] J.Ayoade, Security implications in RFID and authentication processing framework, Computers Security, vol. 25, pp , May [5] D. Molnar, A. Soppera, and D. Wagner, A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags, in Work- shop on RFID and Light-Weight Crypto, pp , Graz, Austria, July ISS 374