THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM



Similar documents
International Journal of Advanced Research in Computer Science and Software Engineering

Privacy and Security in library RFID Issues, Practices and Architecture

Image Compression through DCT and Huffman Coding Technique

Strengthen RFID Tags Security Using New Data Structure

A Study on the Security of RFID with Enhancing Privacy Protection

encoding compression encryption

RFID Security: Threats, solutions and open challenges

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Class Notes CS Creating and Using a Huffman Code. Ref: Weiss, page 433

RFID SECURITY. February The Government of the Hong Kong Special Administrative Region

Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay

Lossless Grey-scale Image Compression using Source Symbols Reduction and Huffman Coding

Binary Trees and Huffman Encoding Binary Search Trees

Back-end Server Reader Tag

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

Symbol Tables. Introduction

Research on the UHF RFID Channel Coding Technology based on Simulink

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

Information, Entropy, and Coding

On the Use of Compression Algorithms for Network Traffic Classification

RFID Security and Privacy: Threats and Countermeasures

HIGH DENSITY DATA STORAGE IN DNA USING AN EFFICIENT MESSAGE ENCODING SCHEME Rahul Vishwakarma 1 and Newsha Amiri 2

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS

Security in Near Field Communication (NFC)

RFID Security and Privacy. Simson L. Garfinkel, Ph.D. Center for Research on Computation and Society Harvard University October 5, 2005

The following themes form the major topics of this chapter: The terms and concepts related to trees (Section 5.2).

PAP: A Privacy and Authentication Protocol for Passive RFID Tags

Digital Signatures. What are Signature Schemes?

Various Attacks and their Countermeasure on all Layers of RFID System

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

RFID based Bill Generation and Payment through Mobile

Storage Optimization in Cloud Environment using Compression Algorithm

Analysis of Algorithms I: Optimal Binary Search Trees

Compression techniques

Arithmetic Coding: Introduction

Enabling the secure use of RFID

Scalable Prefix Matching for Internet Packet Forwarding

Radio Frequency Identification (RFID)

Fast Sequential Summation Algorithms Using Augmented Data Structures

Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols

Web Document Clustering

An Overview of RFID Security and Privacy threats

Binary Heaps * * * * * * * / / \ / \ / \ / \ / \ * * * * * * * * * * * / / \ / \ / / \ / \ * * * * * * * * * *

A Secure RFID Ticket System For Public Transport

RFID. Radio Frequency IDentification: Concepts, Application Domains and Implementation LOGO SPEAKER S COMPANY

International Journal of Engineering Research & Management Technology

Scalable RFID Security Protocols supporting Tag Ownership Transfer

The Drug Quality & Security Act

AS DNB banka. DNB Link specification (B2B functional description)

Network Security Technology Network Management

Topology-based network security

Split Based Encryption in Secure File Transfer

Randomized Hashing for Digital Signatures

query enabled P2P networks Park, Byunggyu

Gambling and Data Compression

RFID Tag Data Standards. Kenneth R. Traub, PhD Ken Traub Consulting LLC 12 April 2011

A binary heap is a complete binary tree, where each node has a higher priority than its children. This is called heap-order property

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

CS/COE

Entropy and Mutual Information

Special Topics in Security and Privacy of Medical Information. Reminders. Medical device security. Sujata Garera

CHAPTER 2 LITERATURE REVIEW

Analysis of Compression Algorithms for Program Data

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Less naive Bayes spam detection

Low-Cost RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection

Application of Neural Network in User Authentication for Smart Home System

RFID BASED VEHICLE TRACKING SYSTEM

LZ77. Example 2.10: Let T = badadadabaab and assume d max and l max are large. phrase b a d adadab aa b

ER E P M A S S I CONSTRUCTING A BINARY TREE EFFICIENTLYFROM ITS TRAVERSALS DEPARTMENT OF COMPUTER SCIENCE UNIVERSITY OF TAMPERE REPORT A

Evolving Bar Codes. Y398 Internship. William Holmes

Data Deduplication Scheme for Cloud Storage

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

A Catalogue of the Steiner Triple Systems of Order 19

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

The Misuse of RC4 in Microsoft Word and Excel

Physical Data Organization

Today s topics. Digital Computers. More on binary. Binary Digits (Bits)

Network Security. HIT Shimrit Tzur-David

Lecture 9 - Message Authentication Codes

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

A Research on Issues Related to RFID Security and Privacy

E-Commerce: Designing And Creating An Online Store

Single Sign-On Secure Authentication Password Mechanism

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

the recursion-tree method

, SNMP, Securing the Web: SSL

Transcription:

THE SECURITY AND PRIVACY ISSUES OF RFID SYSTEM Iuon Chang Lin Department of Management Information Systems, National Chung Hsing University, Taiwan, Department of Photonics and Communication Engineering, Asia University, Taiwan iclin@nchu.edu.tw Jyun-Ruei Li Department of Photonics and Communication Engineering, Asia University, Taiwan 2 nd Author s Name e-mail address Hui-Yu Chen Department of Management Information Systems, National Chung Hsing University, Taiwan ophechen@gmail.com ABSTRACT In this paper, we introduce the problem in privacy and security. And then we proposed a new idea. We use the Huffman code to encode the tag ID. And we use the hash function to augment the data security. Our protocol provides that each RFID tag emits a pseudonym when receiving each and every reader s query. Therefore, it makes tracking activities and personal preferences of tag s owner impractical to provide the user s privacy. In addition, our proposed method provides not only high-security but also high-efficiency. Keyword: Huffman code, privacy, RFID INTRODUCTION Recently, RFID (Radio Frequency Identification) has become a important technology, but it also raises some privacy problem. An integral RFID system consists a tag, a reader and a host system. The tag is a small electronic chip with a antenna, that contain an Electronic Product Code (EPC) that can provide an unique identifiers for any production. RFID use radio wave to transmit the data. Then it identifies and accesses the data by using the radio./citechi07 Although RFID technology is more and more convenient and popular, it also brings some problem. One of the problems is privacy. Today, Tag can be read remotely by any reader. And every tag has the unique ID. The consumer that has a tag may be traced insensibly. For example, important field may use the RFID tag to track the people movement without verify. And we have the other situation. Reader can 1 ISS 364

read the tag s information. If we take a expensive or special product, we will expose a dangerous place. Above-mentioned two example we can explain are tracking and data privacy. Tracking. Illegal reader knows the tag s ID or another information, then he will know the tag s position. Data privacy. Attacker use the reader to detect the tag. Then the tag will response the tag s information. In early work, some authors proposed the physical to defeat the privacy problem. And we listed these approaches as below: The kill command. Auto-ID center proposed a stand mode that RFID have the kill command. When we purchase the product, the reader may send the kill command. Then the tag will be no used anymore. But this way could bring the service after selling problem. Faraday cage. The tag place in a metal container. Then the radio wave will be cut off. The reader can t read the tag s information. Consumer can use the technology to prevent the illegal reader. But someone might use the way to avoid the cash register. information. Active jamming. The user uses the radio device to jam another RFID equipment. Then to prevent the attacker eavesdrop the user s tag. But the device is too dangerous if the radio frequency is too high. It will bring the serious destruction in some place like the airport or hospital The blocker tag. It is proposed by RSA company. When a reader query a tag, even if product is not exist. The blocker tag still send the normal information.[4] Basic on the physical methods, some way must pay another money by consumer. It is much difficult to use. So we must find a way to solve the privacy problem in RFID device. In 2005, D. Molnar, A. Soppera and D. Wagner proposed a way to solve the privacy problem. They use pseudonym scheme and Trusted Center (TC) to enforce the desired privacy policy. When the tag is read, it will generate a new pseudonym and send the pseudonym to the reader. The Trusted Center can decode the pseudonym and obtain the tag s identify.[5] 2 ISS 365

Today, RFID has been used in selling for many years. Every product has a tag. They have a unique ID that can identify the product. And then, Some products are popular. Some goods are not so popular. In order to speed up the checkout, we hope speed up for searching the goods that we often buy. So, The tag s frequency is higher. It is a priority. And it can be identify quickly. We use the characteristic to improve the Molnars scheme. Then we also use the pseudonym and the TC. When tag is read, it also send the pseudonym to the reader. But we use the Huffman code to build the TC tree. Huffman code is the optimal for building the tree. The tag that frequency is high will show in up tree. The low frequency will appear in the trees below. In this paper, our organization is as follow: In section 2, we describe the reviews the previous methods. In section 3, we introduce the Huffman code algorithm. In section 4, we describe the scheme we propose. In section 5, analysis of our proposed scheme. The final section concludes the paper with discussion of overview. MAIN CONTENT Related Work Many researches had been proposed in RFID areas. Excepts of the physical ways. Several papers have examined the protection of user privacy. We introduced the scheme Wagner proposed in 2005 as below.[5] Tree of Secrets They build a tree in TC by binary tree. Each tag is identified with a leaf of the tree. A tag stores the secret from the root to the leaf of the tree. Each S is different. It generate by randomly. And Tag knows secrets from root to its leaf. For example, Tag ID-3 is associated with S0, S01, S010.(fig 1.). And TC knows all secret keys. Figure 1: Tree of Secrets 3 ISS 366

Tag Responses We first introduced the initial value first S: randomly chosen 128-bit secret key RPF: pseudo-random function r: reader generates a random number P:RPF (S,r) In the beginning, the reader generate a random r and send to the tag. And the tag will response a pseudonym. (r, p) = (r, (F h(c1..1) (r), F h(c1..2) (r),... F h(c1..d) )) For example, generate a new Pseudonym every time a Tag is read. ID-3 has the keys0, S01, S010. And tag will calculate P 0 = RP F (S0, r), P 1 = RP F (S01, r),p 2(S010, r). Finally, tag responds the (r, P ) = (r, P 0, P 1, P 2) to the reader. Figure 2: Tag Responses Decoding Pseudonyms Reader receive the pseudonym (r, P ), it is possible to use the tree structure to efficiently to decode the pseudonym. And identify the tag that the reader send the query. It use the depth-first search to find the path in the tree that match the response p. it starts at the root of the tree of secrets. At each node s, we can check whether the left child s0 or the right child s1.in this way, wrong paths can be quickly pruned. For instance, the Trusted Center receives a Pseudonym: (r, p) = (r.p0, p1, p2). It will calculate. The graph is shown in fig 3. 1. Does PRF(S0,r) == P0? Does PRF(S1,r) == P0? And go to the S0 node. 4 ISS 367

2. Does PRF(S00,r) == P1? Does PRF(S01,r) == P1? And then go to the S01 node. 3. Does PRF(S010,r) == P2? Does PRF(S011,r) == P2? Then go to the S010 node. Huffman code In 1952 David A. Huffman proposed an algorithm. The algorithm is used in lossless data compression. The scheme use the variable-length code for encoding. It was based on the estimated probability of occurrence for each possible value of the source symbol.[3][1] Huffman coding uses a specific method for choosing the representation for each symbol, resulting in a prefix code that expresses the most common characters using shorter strings of bits than are used for less common source symbols. Figure 3: Authentication For example, e has high probability to occur. And z has low probability. When we use the Huffman code to compress an information. It could use a bit to express the e. And the z could cost 25 bits. If we use the common way to encode. It would use the 8 bits to encode. Compare to the two ways, e use the 1/8 length than common way. Z use the triple length. If we know the correct frequency for every character. That can raise up the accuracy. 5 ISS 368

A Huffman code for an alphabet a 1, a 2,..., an with weights p 1,p 2,..., p n is a prefix code that minimizes the average codeword length, defined as The problem of construction of Huffman codes is equivalent to the construction of Huffman trees. A problem of constructing a binary Huffman tree for a sequence consists in constructing a binary tree T with leaves, corresponding to the elements of the sequence, so that the weighted path length of T is minimal. The weighted path length of T, wpl(t ) is defined as follows: where l i is the depth of the leaf corresponding to the element with weight p i Constructing a Huffman code Huffman invented a greedy algorithm that constructs an optimal prefix code called a Huffman code. In the pseudocode that follows, we assume that C is a set of n characters and that each character c C is an object with a defined frequency f [c]. The algorithm builds the tree T corresponding to the optimal code in a bottom-up manner. It begins with a set of C leaves and performs a sequence of C -1 merging operations to create the final tree. A min-priority queue Q, keyed on f, is used to identify the two least-frequent objects to merge together. The result of the merger of two objects is a new object whose frequency is the sum of the frequencies of the two objects that were merged. HUFFMAN (C) 1. n C 2. Q C 3. for i 1 to n 1 4. do allocate a new node z 5. lef t[z] x EXTRACT-MIN(Q) 6. right[z] y EXTRACT-MIN(Q) 7. f [z] f [x] + f [y] 8. INSERT(Q,z) 9. return EXTRACT-MIN(Q) 6 ISS 369

For our example, Huffman s algorithm proceeds as shown in FIG 4. Since there are 6 letters in the alphabet, the initial queue size is n=6, and 5 merge steps are required to build the tree. The final tree represents the optimal prefix code. The codeword for a letter is the sequence of edge labels on the path from the root to the letter.[2] Line 2 initializes the min-priority queue Q with the characters in C. The for loop in lines 3-8 repeatedly extracts the two nodes x and y of lowest frequency from the queue, and replaces them in the queue with a new node z representing their merger. The frequency of z is computed as the sum of the frequencies of x and y in line 7. The node z has x as its left child and y as its right child. (This order is arbitrary; switching the left and right child of any node yields a different code of the same cost.) After n-1 mergers, the one node left in the queue-the root of the code tree-is returned in line 9. The analysis of the running time of Huffman s algorithm assumes that Q is implemented as a binary min-heap. For a set C of n characters, the initialization of Q in line2 can be performed in O(n) time. The for loop in lines 3-8 is executed exactly n-1 times, and since each heap operation requires time O(lgn), the loop contributes O(nlgn) to the running time. Thus, the total running time of HUFFMAN on a set of n characters is O(nlgn). Our scheme In this section, we will introduce our protocol. For our protocol, some notations will introduce as follows: h: one way hash function p: the output of hash function id: the identity of tag Because the Wagner s scheme use the binary tree. That will generate many keys. So we use the hash function to replace the key storage. Tree Structure First we will build a binary tree in the database. Each tag is identified with a leaf of the tree. For example, we give the id-3 a identify. And we give it a code 010. Tag Response First, the reader send a random number r to the tag. Then tag use its code to encode the r. According to the tree, use the hash function to encode. 7 ISS 370

Figure 4: Haffman tree example. 8 ISS 371

Figure 5: Tag response Left sight use the H0 to calculate. Right sigh use the H1 to calculate. For example, the tag id3 receive the random number r. And tag compute the P0 = H0(r), P1 = H1(P0) and P2 = H0(P1). Finally, tag responds the (r, P) = (r, P0, P1, P2) to the reader. shown as Fig 5. Decoding Reader receive the (r, P). And we also use the depth-first search to find the path in the tree. We can know the node is left sight or right sight. Finally, we can find the tag s id. For example, the reader receives the r, P0, P1 and P2. And the reader will compute the H0(r) is P0 or H1(r) is P0. And then H0(P0) is P1 or H1(P0) is P1. And H0(P1) is P2 or H1(P1) is P2. Finally, we can find the tag id-3.the graph shown as Fig 6. Figure 6: Tag response 9 ISS 372

The Huffman coding version: In our scheme, we find the secret tree use to much space. So we propose a way. We proposed the scheme use in Huffman coding. Huffman coding can use in tree structure. We think about the frequency in Huffman coding. It can improve the search time. Because the first we proposed scheme is binary tree. Its length is fixed. But we use the Huffman coding. The length is variable. It depend on the every tag s frequency. And the high frequency tag can put it on the top. Then it can decrease the search time efficiently. Analysis Reduce the key storage In our protocol, whatever we use the binary tree or Huffman coding. We only store the code at the leave. We don t need store the key at every node. It can reduce the space in the TC tree. Because we use hash function to calculate the ID s code. Hash function only need small time to calculate. Reduce the search time In our protocol, we use the Huffman coding to build the tree. The tag search time is O(logn). Although the previous protocol use the balance binary tree. Its time is O(logn). If we consider the frequency. The higher frequency tag is usually used. And then the search time can reduce efficiently. And we use the hash function. Eavesdropping RFID equipment send the messages in the air. It is easy to record by the someone. Attacker can eavestrop to know message between tag and reader. And we use the hash function to prevent it. The hash function can let attacker doesn t know the data meaning. Reply attack The attack can use some equipment. He can record the messages. And reply those messages at any time. And the database also can verify the illegal users. In our protocol, we generate the random number r to prevent this attack. The r value is random. Even if the attack can receive the value P. Then he sends to the database. It is not work out, too. 10 ISS 373

CONCLUSION: CITATION In this paper, we proposed a method to solve the privacy problem. For the users, protect their privacy is necessary. It can defeat the illegal reader to access the tag. It use the huffman coding. And it can use is some market. The coding can raise the search speed. Our scheme use the low computation. And it has the high security. REFERENCES [1] P. Berman, M.Karpinski, and Y. Nekrich, Approximating Huffman codes in parallel, Journal of Discrete Algorithms, vol. 5, pp. 479 490, Sep. 2007. [2] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clif- ford Stein, Introduction to Algorithms Second Edition. USA: McGraw-Hill, 2005. [3] D.A. Huffman, A method for the construction of minimum-redundancy codes, in Proceedings of the I.R.E, pp. 1098 1102, September 1952. [4] J.Ayoade, Security implications in RFID and authentication processing framework, Computers Security, vol. 25, pp. 207 212, May. 2006. [5] D. Molnar, A. Soppera, and D. Wagner, A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags, in Work- shop on RFID and Light-Weight Crypto, pp. 14 15, Graz, Austria, July 2005. 11 ISS 374

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information