Context-Aware Approach for enhancing security and privacy of RFID

Transcription

1 Internatinal Jurnal Of Engineering And Cmputer Science ISSN: Vlume 4 Issue 1 January 2015, Page N Cntext-Aware Apprach fr enhancing security and privacy f RFID Lect. Nisha R. Wartha 1, Prf. Vaishali Lndhe 2 1 Lecturer in Infrmatin Technlgy Department Gvernment Plytechnic, Thane, nisha.wartha@gmail.cm 2 HOD f Cmputer Engineering Department YadavraTasgankar Institute f Engineering and Technlgy vaishali.lndhe@tasgankartech.cm Abstract: RFID systems have increasingly impact n bth public and private dmains. Hwever, due t the inherent weaknesses f underlying wireless radi cmmunicatins, RFID systems are plagued with security and privacy threats. Apprach fr enhancing security and privacy in certain RFID applicatins lcatin-related infrmatin can serve as a legitimate access cntext. Examples f these applicatins include access cards, credit cards, and ther payment tkens. T defend against unauthrized reading and relay attacks, such cntext infrmatin can be leveraged in tw ways. First, cntextual infrmatin can be used t design cntext-aware selective unlcking mechanisms s that tags can selectively respnd t reader interrgatins and thus minimize unauthrized reading and ghst-and-leech relay attacks. Secnd, cntextual infrmatin can be used as a basis fr cntext-aware secure transactin verificatin that allws a bank server t decide whether t apprve r deny a payment transactin and detect a specific type f relay attack invlving malicius readers. Keywrds: RFID, relay attacks, cntext recgnitin, security and privacy, unauthrized reading. 1. INTRODUCTION Radi Frequency Identificatin (RFID) is a wireless cmmunicatin technlgy fr autmated identificatin f bject and peple. An RFID tag is a small micrchip designed fr wireless data transmissin. RFID enables identificatin frm a distance withut requiring a line f sight.a typicalrfid system usually cnsists f tags, readers and/r back-end servers. Tags, als called transpnders, are miniaturized wireless radi devices that stre infrmatin abut their crrespnding subject. Such infrmatin is usually sensitive and persnal identifiable. Fr example, a US e-passprt stres the name, natinality, date f birth, digital phtgraph, and (ptinally) fingerprint f its wner [11]. Other examples f these applicatins include access cards, tll cards, credit cards, and ther payment tkens. We shw that lcatin awareness can be used by bth tags and back-end servers fr defending against unauthrized reading and relay attacks n RFID systems. On the tag side, we design a lcatin-aware selective unlcking mechanism using which tags can selectively respnd t reader interrgatins rather than ding s prmiscuusly. On the server side, we design a lcatin-aware secure transactin verificatin scheme that allws a bank server t decide whether t apprve r deny a payment transactin and detect a specific type f relay attack invlving malicius readers. Readers, als knwn as interrgatrs, bradcasts queries t tags in their radi transmissin ranges fr infrmatin cntained in tags and tags reply with such infrmatin. The queried infrmatin is thensent t the server (which may c-exist with the reader) fr further prcessing and the prcessing result is used t perfrm prper actins (such as updating inventry, pening gate, charging tll r apprving payment). Figure. 1.1: RFID system cmpnents. Due t the inherent weaknesses f underlying wireless radi cmmunicatin, RFID systems are plagued with a wide variety f security and privacy threats [12]. A large number f these threats are due t the tag s prmiscuus respnse t any reader requests. This renders sensitive tag infrmatin easily subject t unauthrized reading [13]. Infrmatin (might simply be a plain identifier) gleaned frm a RFID tag can be used t track the wner f the tag, r be utilized t clne the tag s that an adversary can impersnate the tag s wner [12]. Prmiscuus respnse als incites different types f relay attacks. One class f these attacks is referred t as ghst-andleech [14]. In this attack, an adversary, called a ghst, Nisha R. Wartha, IJECS Vlume 4 Issue 1 January, 2015 Page N Page 10078

2 relays the infrmatin surreptitiusly read frm a legitimate RFID tag t a clluding entity knwn as a leech. The leech can then relay the received infrmatin t a crrespnding legitimate reader and vice versa in the ther directin. This way a ghst and leech pair can succeed in impersnating a legitimate RFID tag withut actually pssessing the device. A mre severe frm f relay attacks, usually against payment cards, is called reader-and-leech ; it invlves a malicius reader using which the wner intends t make a transactin [15]. In this attack, the malicius reader, serving the rle f a ghst and clluding with the leech, can fl the wner f the card int apprving a transactin which she did nt intend t make (e.g., paying fr a diamnd purchase made by the adversary while the wner nly intending t pay fr fd). We nte that addressing this prblem requires secure transactin verificatin, i.e., validatin that the tag is indeed authrizing the intended payment amunt. The feasibility f executing relay attacks has been demnstrated n many RFID deplyments, including the Chip-and-PIN credit card system [15], RFID-assisted vting system [16], and keyless entry and start car key system [6]. With the increasingly ubiquitus deplyment f RFID applicatins, there is a pressing need fr the develpment f security primitives and prtcls t defeat unauthrized reading and relay attacks. Hwever, prviding security and privacy services fr RFID tags presents a unique and frmidable set f challenges. The inherent difficulty stems partially frm the cnstraints f RFID tags in terms f cmputatin, memry and pwer, and partially frm the unusual usability requirements impsed by RFID applicatins (riginally geared fr autmatin). Cnsequently, slutins designed fr RFID systems need t satisfy the requirements f the underlying RFID applicatins in terms f efficiency, usability and security. PRIOR WORK :- Due t the inherent weaknesses f underlying wireless radi cmmunicatin, RFID systems are plagued with a wide variety f security and privacy threats. A large number f these threats are due t the tag s prmiscuus respnse t any reader requests. This renders sensitive tag infrmatin easily subject t unauthrized reading. Infrmatin(mightsimplybea plain identifier) gleaned frm a RFID tag can be used t track the wner f the tag, r be utilized t clne the tag s that an adversary can impersnate the tag s wner. 1) Hardware-Based Selective Unlcking These include: Blcker Tag [19], RFID Enhancer Prxy [20] RFID Guardian [29], and Vibrate-t-Unlck [34]. All f these appraches, hwever, require the users t carry an auxiliary device (a blcker tag in [19], a mbile phne in [34], and a PDA like special-purpse RFID-enabled device in [20], [29]). Such an auxiliary device may nt be available at the time f accessing RFID tags, and users may nt be willing t always carry these devices. A Faraday cage can als be used t prevent an RFID tag frm respnding prmiscuusly by shielding its transmissin. Hwever, a special-purpse cage (a fil envelpe r a wallet) wuld be needed and the tag wuld need t be remved frm the cage in rder t be read. 2) Cryptgraphic Prtcls Cryptgraphic reader-t-tag authenticatin prtcls culd als be used t defend against unauthrized reading. Hwever, due t their cmputatinal cmplexity and high bandwidth requirements, many f these prtcls were still unwrkable even n high-end tags as f 2006 [18]. There has been a grwing interest in the research cm-munity t design lightweight cryptgraphic mechanisms (e.g., [10], [21]). Hwever, these prtcls usually require shared key(s) between tags and readers, which is nt an ptin in sme applicatins. 3) Distance Bunding Prtcls These prtcls have been used t stp relay attacks [8]. A distance bunding prtcl is a cryptgraphic challengerespnse authenticatin prtcl which allws the verifier t measure an upper-bund f its distance frm the prver [3]. (We stress that traditinal ``nn-distance-bunding'' cryptgraphic authenticatin prtcls are cmpletely ineffective in defending against relay attacks.) Using this prtcl, a valid RFID reader can verify whether the valid tag is within a clse prximity thereby detecting ghst-and-leech and reader-and-ghst relay attacks [8]. The upper-bund calculated by an RF distance bunding prtcl, hw-ever, is very sensitive t respnse time delay, as even a light delay (a few nansecnds) may result in a significant errr in distance bunding. Therefre, even XOR- r cmparisn-based distance bunding prtcls [3] are nt suitable fr RF distance bunding since simply signal cnversin and mdulatin can lead t significant delays. A recent prtcl eliminated the need fr signal mdulatin and instead utilized signal reflectin and channel selectin, achieving a prcessing time f less than 1 ns at the prver side [28]. Hwever, the prtcl requires specialized hardware at the prver side fr channel selectin. This renders existing prtcls currently infeasible fr even high-end RFID tags. 2. LITERATURE SERVEY In Cntext-Aware Defenses t RFID Unauthrized Reading and Relay Attacks Tzipra Halevi, Hayu Li prpses the use f cyber-physical interfaces, n-bard tag sensrs, t (autmatically) acquire useful cntextual infrmatin abut the tag's envirnment (r its wner, r the tag itself). First, such cntext recgnitin is leveraged fr the purpse f selective tag unlcking the tag will respnd selectively t reader interrgatins. In particular, nvel mechanisms based n an wner's psture recgnitin are presented. Secnd, cntext recgnitin is used as a basis fr transactin verificatin in rder t prvide prtectin against a severe frm f relay attacks invlving malicius RFID readers.a new mechanism is develped that can determine the prximity between a valid tag and a valid reader by crrelating certain (specifically audi) sensr data extracted frm the tw devices. The evaluatin f the prpsed mechanisms demnstrates their feasibility in significantly raising the bar against RFID attacks. Mr. A. Bharath Kumar and O. Anushareprts in Lcatin-Aware and Safer Cards: Enhancing RFID Security and Privacy via Lcatin Sensing n a new apprach fr enhancing security and privacy in certain RFID applicatins whereby lcatin r lcatin-related infrmatin (such as speed) can serve as a legitimate access cntext. They shw that lcatin awareness can be used by bth tags and back-end servers fr defending against unauthrized reading and relay attacks n RFID systems.the premise f their wrk is a current technlgical advancement that can enable RFID tags with lw-cst lcatin (GPS) sensing capabilities. Unlike prir research n this subject, ur defenses d nt rely n auxiliary devices r require any explicit user invlvement. In An Enhanced Digital Campus Security System Using RFID, GPS, GSM A.Ashk Kumar, Nisha R. Wartha, IJECS Vlume 4 Issue 1 January, 2015 Page N Page 10079

3 P.Swapnadesigned and implemented a Digital Campus Security System (DCST) base n the RFID, GPS and GSM netwrk. DCST reads the RFID tags and sends infrmatin t lpc2148.prcessr gives alerts thrugh GSM netwrk. If any invalid RFID (Thief) infrmatin cmes int mbile they get the real-time tracking fr valuables. Where the thief arrives anyne access cntrl nde, it wuld be blcked. User can als manage its wn valuables such as lending and recvery peratin thrugh the web manager centre. Di Ma and Nitesh Saxena prpses a nvel research directin in A Cntext-Aware Apprach t Defend Against Unauthrized Reading and Relay Attacks in RFID Systems, that utilizes sensing technlgies, t tackle the prblems f unauthrized reading and relay attacks with a gal f recnciling the requirements f efficiency, security, and usability. The premise f the prpsed wrk is based n a current technlgical advancement that enables many RFID tags with lw-cst sensing capabilities. Zhashun Wang, Hngsng Chen, Xiali Huang investigate the pssible privacy and security threats t RFID systems, and cnsider whether previusly prpsed RFID prtcls address these threats. We have reviewed the privacy, security, and perfrmance requirements fr RFID prtcls. At the same time, we cmpare the security mechanism fr RFID security. It is very useful t design and issue the RFID related prtcl and standard.this survey examines appraches prpsed by scientists fr privacy prtectin and integrity assurance in RFID systems, and treats the scial and technical cntext in Research fr Threats and Security in Rfid Infrmatin System.. 3. PRPOSED SYSTEM In an attempt t address the drawbacks f prir research, this paper prpses a nvel research directin, ne that utilizes sensing technlgies, t address unauthrized reading and relay attacks in RFID systems. The premise f the prpsed wrk is based n a current technlgical advancement that enables many RFID tags with lw-cst sensing capabilities. Varius types f sensrs have been incrprated t many RFID tags. Intel s Wireless Identificatin and Sensing Platfrm (WISP) is a representative example f a sensr-enabled tag which extends RFID beynd simple identificatin t in-depth sensing. This new generatin f RFID devices can facilitate numerus prmising applicatins fr ubiquitus sensing and cmputatin. They als suggest new ways f prviding security and privacy services by leveraging the unique prperties f physical envirnment r physical status f the tag (r its wner). In this paper, we specifically fcus n the design f cntext-aware security primitives and prtcls by utilizing sensing technlgies s as t prvide imprved prtectin against unauthrized reading and relay attacks. The physical envirnment ffers a rich set f attributes that are unique in space, time, and t individual bjects. These attributes such as temperature, sund, light, acceleratin r magnetic field reflect either the current cnditin f a tag s surrunding envirnment r the cnditin f the tag (r its wner) itself. A sensr-enabled RFID tag can acquire useful cntextual infrmatin abut its envirnment (r its wner, r the tag itself). Such cntextual infrmatin can be leveraged in tw ways: First, cntextual infrmatin can be used t design cntext-aware selective unlcking mechanisms s that tags can selectively respnd t reader interrgatins. That is, rather than respnding prmiscuusly t queries frm any readers, a tag can leverage upn cntext recgnitin and will nly cmmunicate when it makes sense t d s, thus raising the bar even fr sphisticated adversaries withut affecting the RFID usage mdel, i.e., withut impsing additinal user burden. Fr example, an ffice building access card, equipped with a lcatin sensr, can remain lcked unless it is near the (fixed) entrance f the building. The fllwing selective unlcking mechanisms will be explred as (i) magnetic-field triggered prximity sensing, (ii) psture recgnitin, and (iii) lcatin sensing and lcatin classificatin. Secnd, cntextual infrmatin can be used as a basis fr cntext-aware secure transactin verificatin t defend against special relay attacks invlving malicius readers. Fr example, a bank server will deny a $2000 transactin when it detects the tag (RFID credit card) is currently lcated in a restaurant where a nrmal transactin is usually less than $200. The fllwing tw cntext-aware secure transactin verificatin schemes will be explred as: (i) numeric digit-based speech recgnitin, and (ii) lcatin sensing and lcatin classificatin. The design f cntext recgnitin fr RFID tags pses several challenges. First, the resurce cnstraints f RFID tags hamper the cmplexity f the algrithms that can be used t judge what activity a tag is currently underging. Anther bstacle is the lack f ways in which users can interact with their tags. RFID tags, being geared fr autmatin, were designed t be astransparent as pssible t their users, and as such lack any input r utput interfaces such as buttns and displays. Mrever, many users are typically nt in direct cntact with their tags because they prefer t keep them inside ther bjects, such as wallets r purses [36]. Fr example, it is a cmmn practice t swipe ne s wallet cntaining the tag against the reader rather than taking the tag ut frm the wallet and directly swiping the tag. We nte the prpsed apprach may nt prvide abslute security due t the pssibility f errrs assciated with cntext recgnitin; hwever, it raises the bar even fr sphisticated adversaries withut affecting the RFID usage mdel. In additin, althugh the prpsed techniques can wrk in a stand-alne fashin, they can als be used with ther security mechanisms, such as cryptgraphic-based schemes, t prvide strnger crss-layer security prtectin accrding t different security needs in varius applicatins. Mrever, many f the prpsed ideas and techniques will be applicable in the realm f ther wireless (r wired) devices equipped with sensrs. Because sensrs serve as a bridge between the physical and the digital wrld, the prpsed sensing-centric mechanisms will be instrumental twards prviding dependability, security and privacy fr cmplex Cyber- Physical Systems. 4.METHDOLOGY CONTEXT-AWARE SELECTIVE UNLOCKING The traditinal selective unlcking techniques require special-purpse hardware and/r explicit user invlvement, bth greatly decrease the usability and acceptability f such slutins. T remedy this, we prpse selective unlcking schemes based n cntext recgnitin, fcusing nt nly n security and privacy, but als n usability. Belw first review tw recent wrks n selective unlcking based n cntext Nisha R. Wartha, IJECS Vlume 4 Issue 1 January, 2015 Page N Page 10080

4 recgnitin and discuss their merits and demerits. Next utline pssible selective unlcking mechanisms based n cnventinal sensrs such as accelermeter, magnetmeter (cmpass), and lcatin sensrs. Fr each mechanism, discussed assciated design challenges and als suggest specific applicatin(s) that culd benefit frm it Previus Recent Wrk Secret Handshakes is a recently prpsed interesting selective unlcking methd that is based n cntext inference [36]. In rder t unlck an accelermeter-equipped RFID tag [32, 39] using Secret Handshakes, a user must mve r shake the tag (r its cntainer) in a particular pattern. A number f unlcking patterns were studied and shwn t exhibit lw errr rates [36]. A central drawback t Secret Handshakes, hwever, is that a unique mvement pattern is required fr each tag t be unlcked. This requires subtle changes t the expected RFID usage mdelwhile a standard, insecure RFID setup nly requires users t bring their RFID tags within range f a reader.. Figure 4.1: Example f secret handshake/activatin scheme. Bth images shw the alpha (α) mtin per-frmed with the card in frnt f the reader. In the left image, numbers indicate sequence f card psitins acrss reader with time. In the right image, arrws shw hw the card mves acrss the reader with time. Figure 4.2: Example secret handshake/activatin scheme. In this image demnstrates the 1.5-wave gesture. Keeping in mind the gal f nt incrprating any usage mdel changes, Mtin Detectin [40] has been prpsed by us as anther selective unlcking scheme. In Mtin Detectin, a tag wuld respnd nly when it is in mtin, instead f ding s prmiscuusly. In ther wrds, if the device is still, it remains silent. This apprach hinges n the straightfrward bservatin that accessing a persnal mbile RFID tag fundamentally invlves mving it in sme manner (e.g., swiping an access card in frnt f the reader). Althugh Mtin Detectin des nt require any changes t the traditinal usage mdel and raise the bar required fr sme cmmn attacks t succeed, it is nt capable f discerning whether the device in mtin is due t a particular gesture r because its wner is in mtin. Hence, the false unlcking rate f this apprach is high, meaning there is a high chance that a tag gets unlcked when it actually shuld have been lcked. In the fllwing, we utline several new cntext-aware selective unlcking mechanisms which (1) have bth lw false lcking and false unlcking rates, and (2) d nt necessitate any change t the current usage mdel Selective Unlcking based n Prximity Sensing Using this mechanism, a tag gets unlcked whenever it detects it is near a reader. The requirement fr tag and reader being near is cmmn in mst RFID applicatins. Fr example, while making a payment, a user typically needs t bring his/her cntactless credit card (r its cntainer) clser t the reader fr transactin prcessing. This requirement can therefre serve as an effective means t establish a valid cntext. One pssible way f prximity sensing is thrugh scalar magnetmeters that measure the ttal strength f the magnetic field they are subjected t. Mre specifically, a magnet wuld be attached t the reader, and when the tag is brught clse t the reader, the tag s n-bard magnetmeter wuld sense the magnetic field and the tag wuld get unlcked if the strength f the magnetic field is abve sme pre-defined threshld. If an adversary intends t unlck a tag, it cansimply be in very clse prximity f the tag, just like a valid reader. Hwever, being near, increases the chances f the challenger being detected. T remain secret, the challenger is therefre frced t generate a strnger magnetic field frm an undetectable distance. Our preliminary investigatin shws this attack des nt seem feasible. We als nte that irn and steel can cause shielding effects n magnetic fields. Other materials such as wd, Plexiglas, Styrfam, brass, cpper, aluminum, leather r paper have almst n effect n shielding magnetic fields. This means that a magnetmeter can wrk even when encased in many bjects, such as wallets, purses r backpacks. This suggests that a magnetmeter-equipped tag wuld nt need t be remved frm its cntainer while accessing the tag Selective Unlcking based n Psture Recgnitin Secret Handshakes described is based n gesture recgnitin. T unlck an accelermeter-enabled tag, a user has t mve the tag in a special pattern - gesture. Hence Secret Handshakes is btrusive and requires explicit user invlvement, which is nt cnvenient in a frequent use and reduces the usability f such apprach. This mtivates the need fr study psture recgnitin t achieve nn-btrusive selective unlcking that des nt require user invlvement. We liberally use psture t dente activities perfrmed by users withut special intentin but can serve as a valid cntext in certain applicatins. One class f such applicatins invlves implanted medical devices (IMDs). Under legitimate IMD access, we can assume that the patient is lying dwn n his r her back. Thus, access t the IMD will be granted nly when the patient s bdy is such a pre-defined unique psture. This will prevent an attacker frm cntrlling the IMD in many cmmn scenaris, such as while standing just behind the patient in public. Since psture frmatins are human activities perfrmed by users uncnsciusly, psture recgnitin can prvide a finer-grained nn-btrusive unlcking mechanism withut purpseful r cnscius user invlvement. Psture recgnitin is similar t gesture recgnitin t a certain extent. Similar t the gesture recgnitin Schemes Nisha R. Wartha, IJECS Vlume 4 Issue 1 January, 2015 Page N Page 10081

5 (like the Secret Handshakes scheme [36] we discussed previusly), in a psture recgnitin scheme, user mvement can be recrded by mtin sensrs such as accelermeters and the captured mtin data is then cmpared with a reference psture template which has been recrded by perfrming the crrespnding mvement in a reference crdinate system. A match between the captured data and the reference template implies that the user has exhibited a certain psture transitin defined by the reference template. Hwever, there is ne primary difference between gesture recgnitin and psture transitin recgnitin, i.e., device tilt. In (hand) gesture recgnitin systems, users are assumed t be aware f their hand activities. S gestures are perfrmed in a mre-r-less cntrlled way withut tilting the tag s that the effect f tilt can be greatly minimized r ignred. Hwever, in psture transitin recgnitin, as we d nt require any explicit user invlvement, the tag, placed inside a human bdy in the frm f an IMD r int the pckets in the frm f a car key, can be tilted due t the mvement f human bdy r the device psitining itself. The reference template is usually cllected in a reference crdinatesystem. Hwever, nce a device is tilted, mvement data cllected frm the device is n lnger in the reference crdinate system and the crrespnding psture will nt be detected crrectly. It is therefre critical t detect the tag s rientatin in rder t rtate the data vectr back t the reference crdinate system fr crrect recgnitin.in rder t ptimize ur algrithms (due t RFID resurce cnstraints), we classify pstures int tw primary types: psture and psture transitin. Psture means a static bdily psitin that a user can maintain fr certain duratin, such as lying, sitting, standing and walking. Psture transitin subsumes different human mvements, such as ``stand-t-sit,'' ``sit-t-stand,'' ``sit-t-lie,'' ``lie-t-sit,'' and s n. Psture transitins capture the dynamics f human mvement and usually nly last fr a shrt duratin. We analyze the features f these tw psture types and realize that mst f the pstures and sme f the psture transitins can be simply detected by measuring directin changes r status changes in sagittal and transverse planes. In case f psture recgnitin, cnsider, fr example, an IMD such as a pacemaker implanted int the patient's chest area equipped with a 3-axes accelermeter. As the IMD is fixed t the human bdy, it remains static relative t the bdy system but has different rientatins in the earth crdinate system (magnetic nrth and gravity) due t human bdy mvement. Thus, we can detect such mvements by simply mnitring its relative rientatin change in the earth crdinate system. Fr example, when the patient is in the ``sitting'' psitin, the Z axis f the accelermeter pints t the sky and the X-Y plane is parallel t the earth surface. When the patient lies dwn, the Z axis nw shuld be parallel t the earth surface while ne f the X r Y axis shuld pint t the sky. Thus, by simply mnitring the change f directins f axes, we can tell whether a patient is lying r nt. We nte that mbile devices als cmmnly use such detectin techniques based n accelermeter axis directin change t perfrm screen rtatin functins. Similarly, the wrk f tracks directin changes f magnetmeter axes during walking. Current systems fr full rientatin estimatin, such as the ne in Apple ipad2, usually use a set f sensr mdalities typically including gyrscpes, accelermeters and magnetmeters t estimate device rientatin. Gyrscpes are used t determine accurately angular changes while the ther sensrs are used t cmpensate the integratin drift f the gyrscpes and keep this estimate drift free. Hwever, a typical gyrscpe requires abut 5 10 times mre pwer than magnetmeter and accelermeter tgether. Mrever, its cmparably larger frm factr als makes gyrscpe nt cmmnly available in a tiny single package MEMS chip. Cnsidering the resurce cnstrained RFID platfrms, it might be necessary t restrict frm using gyrscpes, and instead fcus n using accelermeters and/r magnetmeters fr device rientatin and psture estimatin. As integrated accelermeters and magnetmeters are cmmercially available in tiny packages, an RFID tag with such sensrs can be flat and less btrusive fr the user, which makes them very attractive t be used in IMDs r smart car keys. There exist several attempts t use either accelermeters r magnetmeters; hwever, it has been shwn that neither f the tw sensrs is gd enugh alne t estimate full rientatin. On the ther hand, rientatin estimatin schemes that usebth accelermeters and magnetmeters shw very prmising results Selective Unlcking based n Lcatin Sensing and Lcatin Classificatin Figure 4.3. Lcatin-aware selective unlcking where Lcking is legitimate lcatin (r speed) inf stred n the tag side and Lc GPS is the lcatin inf btained frm nbard GPS upn a reader request. We ntice in quite sme applicatins, (under nrmal circumstances,) tags nly cmmunicate t readers at sme specific lcatins. Fr example, an access card t an ffice building needs t nly respnd t reader queries when it is near the entrance f the building; a credit card shuld nly wrk in authrized retail stres (which may be lcated all ver the wrld); tll cards usually nly cmmunicate with tll readers in certain fixed lcatins and when the car travels at certain speed. Hence, lcatin can serve as a gd means t establish a valid cntext. That is, a tag is unlcked nly when it is in an apprpriate (pre-specified) lcatin. It is suitable fr applicatins where reader lcatin is fixed and well-knwn in advance. Lcatin infrmatin can be easily btained thrugh GPS sensrs. A new tag frm Numerex and Savi Technlgy has been equipped with GPS sensrs and has the ability t cnduct satellite cmmunicatins. Researchers in Oak Ridge Natinal Labratry als wrked with RFID system suppliers in develping new tags by cmbining GPS and envirnmental sensrs. These tags are designed t track gds anywhere within a glbal supply chain. A prerequisite in a lcatin-aware Nisha R. Wartha, IJECS Vlume 4 Issue 1 January, 2015 Page N Page 10082

6 selective unlcking scheme is that a tag needs t stre a list f legitimate lcatins befrehand. Upn each interrgatin frm a reader, the tag gets its current lcatin infrmatin frm its n-bard GPS sensr and cmpares it with the list f legitimate lcatins and decides whether t switch t the unlcked state r nt. Due t limited n-bard strage (WISP has a 8KB f flash memry) and passive nature f tags, the list f legitimate lcatins shuld be kept shrt. Otherwise, testing whether the current lcatin is within the legitimate list may cause unbearable delay and affect the perfrmance f the underlying access system. Mrever, the list f legitimate lcatins shuld nt change a lt since therwise users have t d extra wrk t securely update the list n their tags. S selective unlcking based n pure lcatin infrmatin is mre suitable t be used in applicatins where tags nly need t talk with ne r a few readers, such as building access cards. It may nt be suitable fr credit card applicatins as there is a lng list f legitimate retailer stres, stre clsing and new stre pening happen n a frequent basis. Selective unlcking based n pure lcatin infrmatin presents similar prblems when it is applied t RFID tll systems since a tll card needs t stre a lng list f tll bth lcatins. We ntice vehicles munted with RFID tll tags are usually required t travel at a certain speed when they apprach a tll bth. Fr example, three ut f eight tll lanes n the Prt Authrity s New Jersey-Staten Island Outer Bridge Crssing permit 25 mph speeds fr E-ZPass drivers; the Tappan Zee Bridge tll plaza and New Rchelle plaza, NY has 20mph rll-thrugh speed; Dallas Nrth Tll way has rllthrugh lanes allwing speeds up t 30 mph. Hence speed can be used as a valid cntext t design selective unlcking mechanisms fr tll cards. That is, a tll card remains in a lcked state except when the vehicle is traveling at a designated speed near a tll bth (such as mph in the Dallas Nrth Tll Way case). GPS sensrs can be used t estimate speed either directly frm the instantaneus Dpplerspeed r directly frm psitinal data differences and the crrespnding time differences. One disadvantage with the GPS-based apprach is the reliance n the GPS infrastructure. Thus, selective unlcking wuld require the cnstant accessibility f this infrastructure. Anther disadvantage is ptential delay due t initializatin prcess f GPS receivers. A GPS receiver can have either a cld start r ht start. The ht start ccurs when the GPS device remembers its last calculated psitin and the satellites in view, the almanac (i.e., the infrmatin abut all the satellites in the cnstellatin) used, the UTC Time, and makes an attempt t lck nt the same satellites and calculate a new psitin based upn the previus infrmatin. This is the quickest GPS lck but it nly wrks if the receiver is generally in the same lcatin as it was when the GPS was last turned ff. The cld start is when the GPS device dumps all the infrmatin, attempts t lcate satellites and then calculates a GPS lck. This takes lnger time because there is n knwn r pre-existing infrmatin. The GPS mdule we are currently experimenting with can nrmally acquire a fix frm a cld start in 35 secnds, and acquire a ht-start fix in less than 2 secnds. Fr applicatins which have extremely lw delay tlerance, a strage capacitr can be added t the tag in rder t help the GPS receiver keep running t avid cld start [37]. Anther disadvantage f the GPS-based apprach is that multiple entities may share the same lcatin infrmatin, which might nt be desirable in sme cases. Fr example, the stres at the same place, but n different levels f a shpping mall, can share the same altitude and latitude infrmatin. This mtivates the need t design a lcalized apprach t lcatin sensing,that des nt require any additinal infrastructure besides the RFID. One idea is t make use f (multiple) envirnmental sensrs (such as micrphne, thermmeter, r magnetmeter, and perhaps dr and gas sensrs) as a means t derive the lcatin-specific infrmatin. The intuitin is that the lcalized data gathered by these sensrs is unique per lcatin (r type f lcatin, such as an ffice r a hspital), and thus ne can build a classifier that can assciate this data with a particular lcatin. T justify this, we can cnsider the example f an access card applicatin. The nise, temperature and dr levels, fr instance, and their variatins within a certain timeframe, at the ffice entrance, and at a nearby cafeteria r utside the ffice building are likely t be quite different. Thus, a classifier can be trained t acquire unique features frm sensr data gathered at the ffice entrance building. On every read request (malicius r therwise), the card will test the classifier n current sensr data and get unlcked nly n a psitive classificatin instance. Anther example is that f an implanted medical tag [38], which will nly get unlcked when the classifier detects it t be inside a hspital r a dctr s ffice, which may pssess sme unique sensr extracted features. There exists sme prir research which demnstrates the ptential fr sensr-based lcatin classificatin. Other prir wrk als cnsiders wireless radi receivers t address a similar prblem. A number f challenges need t be addressed in rder t realize the RFID lcatin classificatin apprach, hwever. First, distinct features f envirnmental data (a lcatin fingerprint ) need t be identified, that remains cnstant acrss time, but can be used t uniquely identify a given lcatin (r a lcatin type). Secnd, a simplistic classifier needs t be develped that can be accmmdated within the cnstraints f an RFID tag; traditinal machine learning classifiers may nt be feasible due t their high cmputatinal requirements. Third, the classifier needs t be rbust enugh t be used in practice, with lw classificatin errrs. The lcatin estimatin based apprach may nt be as fine-grained as the GPS apprach. Hwever, we view it as a much simpler alternative, and believe that it can be emplyed t prvide imprved security in the face f many cmmn attacks. CONTEXT-AWARE TRANSACTION VERIFICATION A highly difficult prblem arises in situatins when the reader, with which the tag (r its user) engages in a transactin, itself, is malicius. Fr example, in the cntext f an RFID credit card, a malicius reader can fl the user int apprving fr a transactin whse cst is much mre than what he/she intended t pay. That is, the reader terminal wuld still display the actual (intended) amunt t the user, while the tag will be sent a request fr a higher amunt. Perhaps mre seriusly, such a malicius reader can als cllude with a leech and can succeed in purchasing an item much cstlier than what the user intended t buy [15]. As addressing this prblem requires secure transactin verificatin, i.e., validatin that the tag is indeed authrizing the intended payment amunt. Nte that selective unlcking is ineffective fr this purpse because the tag will anyway be unlcked in the presence f a valid (payment) cntext A display-equipped RFID tag can easily enable secure transactin verificatin. This, hwever, necessitates user invlvement because (1) the tag must be taken ut f ne s wallet r purse, and (2) the amunt displayed n the tag needs t be validated by the user. Distance bunding prtcls have als been suggested as a Nisha R. Wartha, IJECS Vlume 4 Issue 1 January, 2015 Page N Page 10083