Implementation of a PC Security System using RF Transmitter-Receivers

Transcription

1 Smart Computing Review, vol. 2, no. 4, August Smart Computing Review Implementation of a PC Security System using RF Transmitter-Receivers Il-Ho Park Technology Research Center, RetailTech LTD. / 1002, Seven Venture Valley 2-Dong, 625, Sampyung-Dong, Bungdang-Gu, Sungnam-Si, Gyunggi-Do, Korea / ihpark@retailtech.co.kr Received May 16, 2012; Revised July 13, 2012; Accepted July 31, 2012; Published August 31, 2012 Abstract: This paper suggests data communication using an RF Transmitter-Receiver and a PC protection method a connected Receiver and software. Older PC protection systems demanded manual operation, but the suggested method protects PC automatically by checking user Tags when they approach. Forgery is impossible and it is safe from sniffing attacks and spoofing. Keywords: RFID, RF Transmitter-Receiver, PC Protection, Authentication Introduction T oday, due to the increasing dissemination of personal computers and the Internet, work operated by computer is consistently on the rise in all sorts of fields. In accordance to this growing usage of computers, various kinds of security systems are being researched and developed to protect significant information. There are many ways to prevent the discharge of information in traditional computers; inputting a password saved in the user PC, the recognition of smart cards by card readers connected to the computer, and biometric identification technology using fingerprints through fingerprint recognizers attached to the computer. However, there are some drawbacks to the current methods. The password input method demands regular alteration of the password, and if this is lost, it requires great effort to retrieve the data. For smart cards, there are inconveniences from contact cards having to always be inserted into the card reader, and using contactless cards also has inconvenience for its recognition range is very short, causing reception failure. Biometric identification as also creates inconvenience for the necessity of fingerprint recognition for every log-in attempt, and its recognition rate is very poor. RFID Concept and Technology DOI: /smartcr

2 270 Park: Implementation of a PC Security System using RF Transmitter-Receivers RFID Concept and Movement RFID Technology is a developed system based on the bar code and magnetic card systems already adapted very closely to our daily life, but the consistent change of production form, consumer consciousness, cultural, and technical advances accelerates the need of resolving the flaws of magnetic cards. In short, it is a technology to recognize, trace, and identify human beings, objects, animals, and anything else, wirelessly [1]. The RFID system consists of tags, readers, and data process systems capable of processing data read from the tag. Data communication between the tag and reader is enacted by a wireless communication process [1]. The elementary RFID system operates as shown in Figure 1. It consists of a structure enabling tags containing information of the product. It can be used in applications through host computers or dedicated server-middleware using a network or dedicated cable. It recognizes product information with an RF reader using an air interface as its media. It is capable of transmitting and receiving data through a wireless RF channel. The air interface is a wireless communication interface regulation and a generic term for wireless access conditions depending on frequency, communication process, access process, and other factors. An RFID system has a structure of tag answering RFID questions, and antennas are necessary in the tag or reader for wireless communication [1]. Tag An RFID tag is a device containing memory capable of storing data read from antennas used for transmitting and receiving data, power supplies from the reader, tag ID, or the user. The process of recognition through a reader attached to all sorts of objects is necessary [1]. Tags can be divided into two large groups: active tags containing its own power source, and passive tags receiving power supply through a magnetic field [1]. Reader An RFID reader is a device designed for software applications to read and write data from contactless RFID tags. An RFID reader transmits command to an active tag through an HF interface, and function as descrambling answering data received from a tag to digital data. Moreover, an active tag functions with independent power in the tag, useful for functions other than transmitting and receiving commands and answering data, unlike a passive tag which only waits for a reader to scan it [1]. An RFID reader consists of the following parts: antenna components for supplying power to the tag and transmitting and receiving wirelessly, HF interface components for wireless transmission and reception of data through an antenna,

3 Smart Computing Review, vol. 2, no. 4, August control components for analyzing and receiving commands from external interfaces and transmitting data received from the tag, and a communication component for transmitting tag data to external interfaces using various communication methods (serial communication (RS-232, RS-485), USB, wire/wireless LAN) [1]. Cryptologic Certification Protocol Current RFID system studies focus mainly on the certification process through cryptologic methods, and have promoted the Hash-Lock technique [8], expanded Hash-Lock technique [8], Hash-Chain technique [7], Hash based ID modification technique [5], advanced Hash based modification technique [3], Challenge-Response based secured RFID certification technique [2], and external re-encryption technique [6]. Hash-Lock Technique: This is a technique rejecting ID tokens until a suitable value is entered into a tag. This technique uses Hash Functions only once, enabling it to function for a low price. Expanded Hash-Lock Technique: This is expanded, with a location-tracing solution, techniques greater than the Hash-Lock technique, and presumes that the tag contains a Hash Random Number Generator. Regular Key Modification Technique: This is a technique that regularly modifies tags and back-end database key values through the cross-modification of readers and tags, enabling secured communication even if a hacker extorts the key, making the extorted key useless in the next session. Existing PC Security System PC Security Using Password: It is basically a PC security system used in Windows user log-in or Screen Saver log-in and has the benefits of simple to use and free of charge. But it has the inconvenience of having to input the password through a keyboard, and users must modify the password continuously for security. Moreover, leakage of the password while being input is a security hole, and losing the password is also a concern. PC Security Using Biometric Identification: It is a method of certification using fingerprints: a user makes contact with hardware capable of fingerprint recognition and log-ins through authentication using software installed in the PC. This method demands the purchase of high-price fingerprint recognition hardware and passive finger contact. Moreover, it demands contact repeatedly due to poor recognition, causing concerns of fingerprint information leakage. PC Security Using Smart Card Method: It is a communication method with the reader using card-type RFID tags. A user needs to possess the card and needs to authenticate by placing the card close to the USB or serial reader connected to the PC. This method has disadvantages in short recognition distance, and passive card use. Moreover, it is capable of duplication and counterfeit. Design for PC Security System Using RFID Transmitter-Receiver RF Transmitter (Tag) Design (1) Tag initializes all internal modules; the primary phase to transmit data to the reader.

4 272 Park: Implementation of a PC Security System using RF Transmitter-Receivers (2) Tag composites values to be conveyed to the reader. Among these values, tag initially checks for battery power and if the power drops blow certain volume or if the battery check module judges a battery power disorder, the flag value sets to 0. If no disorder is detected, the flag sets to 1 and proceeds to the next process. (3) Tag can select the wireless signal intention for its purpose beforehand, and the set value is saved in the IC internal register and adjusts the RF output intensity. (4) In MCU, the flag value transmitted from a battery check circuit and RF dissemination intensity is combined with a tag ID saved in the memory and form data value to be transferred to the reader. (5) Module to repeat the same operation for the designated period, and repeat from the battery check circuit after a certain amount of time. RF Receiver (Reader) Design (1) If RF receiver is attached to a PC USB port, it uses power supplied from USB port in the PC I/O controller, and initializes all internal modules to transfer data to be transmitted from the RF transmitter to PC security software. (2) If data is transferred from the user s PC through a USB port, a command analysis module determines whether or not it is a connection check command, and after it identifies a connection check command, an ACK signal is transmitted to the connected PC. If it doesn t find a connection, it remains open for reception, standing by for a command transmitted from a user s PC. (3) When connection with a user PC is confirmed, PC security software transmits a command, and it operates by interpreting received data from the RF transmitter-receiver through a command analysis module. (4) Operations corresponding to each command are conducted by combining received data through an RF track for protocol or producing data corresponding to the command. (5) To transmit thus made data to a user PC, value is combined in the main controller through an external interface communication module. (6) The reader continuously transmits received data from the RF transmitter until the transmission conclusion command is received from the user PC, and if an initialization command is received during data transmission, it restarts from the PC connection confirmation.

5 Smart Computing Review, vol. 2, no. 4, August RF Transmitter-Receiver Protocol Design Figure 5 indicates the response protocol for received data from tags to readers or received command from the PC-connected reader, and from the tag. It either receives and transfers each tag ID and information to a PC-connected reader, or receives a command from a reader and conducts corresponding operations and responses according to the result.

6 274 Park: Implementation of a PC Security System using RF Transmitter-Receivers Security Software Design PC security software receives data from an RF receiver (Reader hereinafter) handling data sent by an RF transmitter (Tag hereinafter) in real time, and if data is not received from Tag or the Tag ID is not transferred to the software, PC security begins operating. PC security software prevents the usage of keyboard or mouse other than a program set keyboard. At this moment, if data is not received from the Tag carried by the user, the user is considered to be out of the reader signal range, and the fact that the Reader ID is not being transferred indicates that someone else intentionally removed the Reader, therefore the PC security software begins to protect the data. Authorized ID and passwords are encrypted by a Hash algorithm, therefore it cannot be decrypted by any means. The distinct feature about the used Hash algorithm is that it only provides a one-way function, therefore minimizing system resource usage by an unnecessary descrambling process, and protecting data from trespassers with malicious intent. Materialization and Performance Assessment Materialization If no user possessing a tag registered in PC protector is near, PC security will execute and will look like Figure 6. Primary PC security will be processed with a screen saver and a PC protector lock, and unless a special user key is used, the mouse and keyboard will not operate. If a user possessing a tag registered in the PC protector approaches, security will be automatically cleared, and if the user has lost possession of the tag, the user can clear the security by clearing the screen saver with a special user key and logging into the PC with a registered ID and password. Performance Assessment 1) Performance Assessment for Security Security against Sniffing Offenses: The recommended method is to transmit a sequence between Reader and Tag, and offenders cannot infer the necessary key set for descrambling even if he/she can attain the sequence. Security against Spoofing and Repeat Request Offense: A key-set is essential to use a sequence for crosscertification, to form a sequence, and to descramble the computer. If a key-set is unavailable, a Hash algorithm used for key-set inference cannot be inferred, therefore it is safe. 2) Comparison Analysis

7 Smart Computing Review, vol. 2, no. 4, August Password security requires a user to input a password into a PC, fingerprint recognition requires a user fingerprint, and a smart card requires cards to be inserted into a card reader, making them passive. However, the recommended method is automatic, for the security is cleared when a Reader receives data from the Tag. If not, security operates. Moreover, password security has a weakness to anonymous input. Dictionary offenses and fingerprint recognition is unavailable when a fingerprint contains foreign bodies or abrasions. Smart cards also have concerns regarding card duplication, but the recommended method has only one Tag ID, which is impossible to duplicate. For safety experiments, comparison analysis has been conducted for recognition rate between PC security using fingerprint recognition and an RF transmitter-receiver. For the recommended system, we turned the Tag switch on/off, and for fingerprints, we simply put the fingerprint in a fingerprint recognizer. The experimental assessment for the above content is as Figure 7. Fingerprint recognition presented a 97.5% recognition rate, while the recommended system presented a 99.5% recognition rate. Figure 8 is the result of a comparison assessment of recommended system misjudgment rate and fingerprint recognition misjudgment. Fingerprint recognition presented 5 misjudgments in 200 trials, showing a 2.5% misjudgment rate, while the recommended system presented 1 misjudgment for 200 trials, showing a 0.5% misjudgment rate.

8 276 Park: Implementation of a PC Security System using RF Transmitter-Receivers Conclusion Today, due to increasing dissemination of personal computers and Internet, work operated by computer is consistently on the rise in all sorts of fields. In accordance to this growing usage of computers, computers contain much significant information, and various kinds of security systems are researched and developed to protect them. For existing PC security methods, a password input system required regular modification of passwords, and if the password is lost, it has difficulties in retrieving data. A smart cart system has the inconvenience of inserting a smart card into a card reader, and contactless smart card systems still have a short range of recognition, causing the inconvenience of reception failure. A fingerprint system also has the inconvenience of poor recognition rate compared to other technologies. This paper has studied PC security systems using an RF transmitter-receiver encryption method, and describes the details of PC security system design, materialization, and experiments. A recommended system communicates by encrypting data into Hash data using an RF transmitter and receiver and receiving certification by checking an RF transmitter ID for registration existence through PC security system operated in a PC. The recommended system, unlike existing PC security systems requiring passive movement from users, is convenient for the automatic log-in that doesn t require user actions, but locks and unlocks PC security by the distance of an RF transmitter and RF reader. Also, the readers and tags are small and easy to carry and use on a necklace-type tag. Passwords are vulnerable to dictionary attacks, and fingerprint recognition systems have the potential for recognition failure due to foreign bodies on a user fingerprint, and the potential of information leakage for unauthorized personnel with similar fingerprints. Moreover, RFID in smart cards can be duplicated or damaged by magnetic fields. The recommended system in this paper cannot be duplicated, and is safe due to unlocking the communication between Tag and Reader. It also is semi-permanently usable with battery exchange. Finally, for a comparison experiment between a PC security system using an RF transmitter-receiver and a PC security system using fingerprint recognition to verify PC security system safety, fingerprint PC security showed a 2.5% misjudgment rate while RF transmitter-receiver PC security system showed a 0.5% misjudgment rage. References [1] Ahn, Jae Myoung, RFID technology and application based on EPC GLOBAL NETWORK, [2] Lee, Keun woo, Oh, Dong Kyu, Kwak Jin, Oh, Soo Hyun, Kim, Seung Joo, Won Dong Ho, Safe RFID certification protocol based on Challenge-Response suitable for disperse database environment, Information Processing Society of Korea Thesis C, vol. 12-C, no. 3, pp , June [3] Hwang, Young Joo, Lee, Soo Mi, Lee Dong Hoon, Lim, Jong In, Low-Cost RFID certification protocol under ubiquitous environment, in Proc. of Information Security Society of Korea Summer Information Security Conference, vol.14, no. 1, pp , [4] Jung, Hang Sup Research on fingerprint recognition using Fuzzy Inference, Master s Thesis, [5] Henrich, D. and M?ller, P., Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers, in Proc. of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshop (PERCOMW'04), pp , Article (CrossRef Link) [6] A.Juels, R.Pappu, Squealing Euros : Privacy protection in RFID -enabled banknotes, Financial Cryptography '03, LNCS 2742, pp , Springer-Verlag Heidelberg, [7] M. Ohkubo, K. Suzuki, and S. Kinosita, Hash-Chain Based Forward-Secure Privacy Protection Scheme for Low- Cost RFID, in Proc. of the SCIS 2004, pp , [8] Weis, S. et al., Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems, Security Pervasive Computing, 2003 LNCS 2802, pp , Springer-Verlag Heidelberg [9] X. Li, Q.-A. Zeng, Design and Implementation of a Wireless Security System using RF Technology, International Journal of Computing Science, vol. 1, no. 1, Jan [10] G. Verma, P. Tripathi, A Digital Security System with Door Lock System Using RFID Technology, International Journal of Computer Applications, vol. 5, no.11, Aug Article (CrossRef Link) [11] D. R. Reising, M. A. Temple, M. J. Mendenhall, Improved wireless security for GMSK-based devices using RF fingerprinting, International Journal of Electronic Security and Digital Forensics archive, vol. 3 no. 1, pp , Mar Article (CrossRef Link)

9 Smart Computing Review, vol. 2, no. 4, August Il-Ho Park received his BS in Multimedia Science from Chungwoon University, Chungnam, Korea, in From 2007 to now, he has worked as a Researcher at the Technology Research Centre, RetailTech, in Korea. His research interests include RFID/USN, Security, and Smart Space. Copyrights 2012 KAIS