Evaluating RFID Research a Literature Review



Similar documents
A Study on the Security of RFID with Enhancing Privacy Protection

RFID Security: Threats, solutions and open challenges

An Overview of Approaches to Privacy Protection in RFID

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

RFID SECURITY. February The Government of the Hong Kong Special Administrative Region

Security Issues in RFID. Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

Various Attacks and their Countermeasure on all Layers of RFID System

Privacy and Security in library RFID Issues, Practices and Architecture

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

Radio Frequency Identification (RFID)

Strengthen RFID Tags Security Using New Data Structure

PAP: A Privacy and Authentication Protocol for Passive RFID Tags

On the Security of RFID

RF ID Security and Privacy

An Overview of RFID Security and Privacy threats

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

Back-end Server Reader Tag

A Survey of RFID Authentication Protocols Based on Hash-Chain Method

Feature. Security and Privacy Trade-offs in RFID Use. Operational Zone RFID Tag. RFID Reader

A Research on Issues Related to RFID Security and Privacy

Problems of Security in Ad Hoc Sensor Network

RFID Security and Privacy: Threats and Countermeasures

Low-Cost RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection

Security Challenges for User-Oriented RFID Applications within the Internet of Things

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

RFID BASED VEHICLE TRACKING SYSTEM

Security in Wireless Local Area Network

Chap. 1: Introduction

Overview of the Internet of Things {adapted based on Things in 2020 Roadmap for the Future by EU INFSO D.4 NETWORKED ENTERPRISE & RFID}

Enabling the secure use of RFID

RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

RFID Applications in the Healthcare and Pharmaceutical Industries

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

The Study on RFID Security Method for Entrance Guard System

RFID Security and Privacy. Simson L. Garfinkel, Ph.D. Center for Research on Computation and Society Harvard University October 5, 2005

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Security in RFID Networks and Protocols

COSC 472 Network Security

How To Hack An Rdi Credit Card

RFID The Best Technology in Supply Chain Management

ITL BULLETIN FOR AUGUST 2012

RFID Technology, Security Vulnerabilities, and Countermeasures

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS

How To Understand The Power Of An Freddi Tag (Rfid) System

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

RFID Basics HEGRO Belgium nv - Assesteenweg Ternat Tel.: +32 (0)2/ Fax : +32 (0)2/ info@hegrobelgium.

Wireless Network Security

Security and privacy in RFID

LOW-COST Radio Frequency IDentification (RFID) tags

If you are interested in Radio Frequency Identification technology, then this is the best investment that you can make today!

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

RFID and GSM Based ATM Money Transfer Prototype System


Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

A. Background. In this Communication we can read:

RFID Guardian Back-end Security Protocol

Secure Active RFID Tag System

Protecting the privacy of passive RFID tags

Military Usage of Passive RFID 1

WHAT IS RFID & HOW WILL IT IMPACT MY BUSINESS?

Manufacturing Control Systems {SCADA} Vulnerability and RFID Technologies

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

ITL BULLETIN FOR JANUARY 2011

Secure and Serverless RFID Authentication and Search Protocols

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Why Has the Development in RFID Technology Made Asset Management More Urgent?

RFID based Bill Generation and Payment through Mobile

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Data Protection Technical Guidance Radio Frequency Identification

Security for Ad Hoc Networks. Hang Zhao

Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

RFID Radio Frequency Identification

Security and Privacy Issues in Wireless Ad Hoc, Mesh, and Sensor Networks

Radio Frequency Identification (RFID) By Gigi Tat ACC 626

Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements

Transcription:

Evaluating RFID Research a Literature Review Franklin T. Warren Business Information Technology Virginia Polytechnic Institute and State University Fall 2007 A Paper in Partial Fulfillment of the requirements for Networks & Telecomm Business BIT 4554 Dr. Tabitha James

Introduction As we approach the end of the first decade of the 21 st Century, research pertaining to Radio Frequency Identification (RFID) has increased. RFID is an innovative information technology that allows organizations the ability to attain massive amounts of data related to products, assemblies, equipment, supplies, inventory, customer service, and machinery. The intended purpose of this paper is to further extend academic research and examine the literature related to Radio Frequency Identification. The literature reviewed has been subcategorized into the following groups: RFID technology development, implementation, privacy, and security. RFID Technology Development Radio frequency identification is a developing technology that uses several basic components in order to satisfy the needs of the implementing organization. Radio frequency identification (RFID) is not a new technology. It has been around since the early 1900 s and was utilized during World War II (Domdouzis, Kumar et al. 2007). Radio frequency identification is a technology that uses a few simple components. The ID tag, is composed of an antenna, integrated circuit, a reader that gathers information from the id tag, and a database system that is used to store the information gained through interrogating the id tag (Roberts 2006). Based upon the application, the identification tag can be active or passive. Active tags in addition to the circuit and antenna have a battery that powers the circuit and allows the tag to pg. 1

broadcast information that will be picked up by a reader (Roberts 2006). Passive tags collect and store power from the reader through the use of a capacitor located within the circuit. The circuit then utilizes the energy collected to transmit tag information to the reader(weinstein 2005). Low cost passive tags are the predominantly used form of identification tag. Deciding whether to use active or passive tags is an important component of the architectural design process. Architectural design of the RFID network is imperative when developing a RFID system. This system will be evaluated on the basis of how well it tracks objects. In their article Architecture design and performance evaluation of RFID object tracking systems, Jiann-Liang Chen, Ming-Chiao Chen, Chien-Wu Chen, and Yao-Chung Chang discuss the development of an RFID/IP gateway that uses the Object Naming Service (ONS) protocol to improve the performance of an RFID network (Chen, Chen et al. 2007). According to Solanas and Domingo-Ferrer, it is important to design a network that has the ability to scale in size and maintain data privacy (Solanas, Domingo-Ferrer et al. 2007). A quantitative analysis on a cell based network simulation was performed and the results were gathered for three different conditions to test the scalability of a private network. To meet application requirements autonomous RFID systems have been developed that have the ability to read tags from greater distances (Jedermann, Behrens et al. 2006). Developing RFID technology to support data privacy and the utilization of secret-key, public-key, symmetric and asymmetric cryptographic algorithms to protect the data transmitted via the id tag during interrogation by the reader is critical to the protection and integrity of the system (Robshaw 2006). Additionally, design systems that are interoperable with other technologies such as global positioning satellite pg. 2

technology will allow the deployment of RFID systems designed for unique situations (Song, Haas et al. 2007). Implementation Organizations have implemented RFID to make improvements in their materials management, distribution, and transportation processes. Wal-Mart is an example of an organization that initially piloted RFID and its effect to reduce out-of-stock incidences, track products, and cut costs along the supply chain (Angeles 2005). Since then, Wal-Mart announced a mandate that it will ask selected major suppliers to use RFID at the pallet and case levels by the year 2005 (Angeles 2005). The Department of Defense (DoD) will mandate the use of RFID for 100 of its top-tier supplier by the year 2005 as well. This will effect DoD suppliers such as Boeing, Lockheed Martin, Northrop Grumman, Raytheon, and other DoD suppliers that will need to tag all items supplied to the DoD (Twist 2005). RFID has also been used to develop a sushi management system. The technology was implemented to improve the following; food safety, inventory control, service quality, the efficiency of operations, and visibility of the data. Better tracking of raw materials for inventory purposes and real time tracking of sushi availability on the conveyor belt produced instantaneous benefits (Ngai, Cheng et al. 2007). Privacy Due to the invasive nature of RFID tags many privacy issues and concerns exist. An issue that moves to the forefront with the use of RFID tags deal with tracing and tracking of RFID tags. The tracing and tracking of data from tagged objects in the supply chain by competitors pg. 3

poses the threat of corporate espionage (Garfinkel, Juels et al. 2005). Tracing and tracking of data after the sale poses consumer privacy issues as tags can be well hidden in packaging (Ayoade 2007). Additionally, RFID tags respond to interrogation request from all readers allowing data to be gathered by others external to the organization (Juels 2006). There are many methods for disabling RFID tags and preventing data from being visible that are currently in use. Additional methods have been proposed for rendering RFID tags inoperable. Implementation of devices and methods such as blocking tags, clipping tags, soft blocking tags, selective blocking tags, and kill commands are used to block or impede the propagation of the RFID signals. Blocking tags are special devices/tags that interfere with the protocol that is used for communication between normal identification tags and readers (Ayoade 2007) and (Jules and Weis 2006). Tag clipping involves disabling the RFID device by removing or breaking the connection between the chip and the antenna. Gϋnter Karjoth and Paul Moskowitz identify several methods to effectively clip tags through the use of tags with removable electrical conductors, the use of tags with perforations, and the use of tags with a peel-off layer (Karjoth and Moskowitz 2005). Soft blocking is a variation on the blocking concept that operates through the utilization of software or firmware. Soft blocking provides for the possibility of utilizing privacy protocols (Juels and Brainard 2004). Selective blocking tags involves altering a blocker tag to prevent the transmissions of a selected set of tags (Juels, Rivest et al. 2003). The kill command is a method of permanently disabling an RFID tag as the tag moves into the hands of a private owner (Juels, Rivest et al. 2003). Additionally, the legal implications that are associated with the use of RFID technology must be addressed. John Ayoade in Privacy and RFID Systems Roadmap to solving security and pg. 4

privacy concerns in RFID systems states that RFID and technology should go hand and hand to protect consumers from surveillance (Ayoade 2007). The RFID Bill of Rights enumerated by Garfinkel, and Juels proposes the principle for the fair use of information practices to RFID systems deployment (Ayoade 2007). Security Radio frequency identification security as defined by Ranasinghe, Engels, and Cole is composed of the following components; confidentiality or message content security, integrity of message content, authentication of sender and recipient non-repudiation by the sender, and availability (Ranasinghe, Engels et al. 2004). However, this study will discuss security based upon the following criteria vulnerabilities, protocols, and cryptography. Radio frequency identification has security concerns that must be addressed pertaining to vulnerabilities and making sure that confidential data remains secure. In the article The Evolution of RFID Security, Melanie Rieback, Bruno Crispo, and Andrew Tanenbaum list the following as vulnerabilities to RFID system: replay-attack, man-in-the-middle attack, denial-ofservice attack, and spoofing (Rieback, Crispo et al. 2006). Additional vulnerabilities include tagto-reader eavesdropping, reader-to-tag eavesdropping, rouge scanning, and counterfeiting (Juels 2006). Security concerns for RFID are similar in nature to those posed for computer networks. Similar to the TCP/IP networking model used for computer networks, the RFID communication model consists of the following layers for both the RFID reader and RFID tag; Application Layer, Data Link Layer, and the Physical Layer (Knospe and Pohl 2004). The RFID model just like the TCP/IP model uses protocols to negotiate the transfer of data from the identification tag to the pg. 5

reader. Even though a single round protocol such as the Weise, Sarma, Rivest, and Engels uses a lock calculation, it is still susceptible to a replay attack (Piramuthu 2007) and is also vulnerable to a man-in-the-middle attack. However, the model purposed in the paper Security and Privacy Analysis of RFID Authentication Protocol for Ubiquitous Computing, utilizing a modified security protocol, is not vulnerable to a man-in-the-middle attack (Kim and Choi 2007). The RFID communication model utilizes protocols to facilitate the transfer of information between component devices. In order to resolve the vulnerability posed by unauthorized access, Martin Feldhofer developed the Simple Authentication and Security Layer protocol (Feldhofer 2004). Cryptography is used to increase security and reduce the vulnerabilities that RFID tags experience. However, with the low cost of passive RFID tags being utilized, it is difficult to develop an algorithm that can fit the storage capacity (Robshaw 2006). Leonid Bolotnyy and Gabriel Robins, in their paper Physically Unclonable Function-Based Security and Privacy in RFID Systems, they discussed the use of a PUF based tag protocol instead of a cryptographic algorithm (Bolotnyy and Robins 2007). Conclusion Advancements in RFID technology have surpassed the tracking of foreign and domestic airplanes during World War II. Industries that have implemented RFID have experienced both supplier-facing and customer-facing benefits. Examples of these benefits include improved product tracking and post sale warranty information. As the technology matures, existing and potential businesses will have to consider the overall return on investment of RFID. The widespread use of RFID technology may initially be limited to only a selected group of large pg. 6

companies like Gillette and Wal-Mart (Smith 2005). They have the financial resources and industry presence to completely implement this process. pg. 7

References Angeles, R. (2005). "RFID TECHNOLOGIES: SUPPLY-CHAIN APPLICATIONS AND IMPLEMENTATIONISSUES." Information Systems Management 22(1): 14. Ayoade, J. (2007). "Roadmap to solving security and privacy concerns in RFID systems." Computer Law & Security Report 23(6): 555-561. Bolotnyy, L. and G. Robins (2007). Physically unclonable Function-Based Security and Privacy in RFID Pervasive Computing and Communications. Chen, J.-L., M.-C. Chen, et al. (2007). "Architecture design and performance evaluation of RFID object tracking systems." Computer Communications 30(9): 2070-2086. Domdouzis, K., B. Kumar, et al. (2007). "Radio-Frequency Identification (RFID) applications: A brief introduction." Advanced Engineering Informatics 21(4): 350-355. Feldhofer, M. (2004). An Authentication Protocol in a Security Layer for RFID Smart Tags. Electrotechnical Conference. Garfinkel, S., A. Juels, et al. (2005). "RFID privacy: an overview of problems and proposed solutions." IEEE Security & Privacy Magazine 3(3): 9. Jedermann, R., C. Behrens, et al. (2006). "Applying autonomous sensor systems in logistics--combining sensor networks, RFIDs and software agents." Sensors and Actuators A: Physical 132(1): 370-375. Juels, A. (2006). "RFID Security and Privacy: A Research Survey." IEEE Journal on Selected Areas in Communications 24(2): 13. Juels, A. and J. Brainard (2004). Soft Blocking: Flexible Blocker Tags on the Cheap. WEPS'04. Washington, DC, USA. Juels, A., R. L. Rivest, et al. (2003). The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. CCS'03. Washington, DC, USA: 9. Jules, A. and S. A. Weis (2006). "Defining Strong Privacy for RFID." Karjoth, G. and P. A. Moskowitz (2005). Disabling RFID Tags with Visible Confirmation: Clipped Tags Are Silenced. WPES'05 Alexandria, Virginia, USA: 4. Kim, H.-S. and J.-Y. Choi (2007). Security and Privacy Analysis of RFID Authentication Protocol for Ubiquitous Computing. Computer Communications and Networks. Knospe, H. and H. Pohl (2004). "RFID security." Information Security Technical Report 9(4): 39-50. Ngai, E. W. T., T. C. E. Cheng, et al. (2007). "Mobile commerce integrated with RFID technology in a container depot." Decision Support Systems 43(1): 62-76. Piramuthu, S. (2007). "Protocols for RFID tag/reader authentication." Decision Support Systems 43(3): 897-914. Ranasinghe, D. C., D. W. Engels, et al. (2004). Low-cost RFID systems: confronting security and privacy. Proceedings of MIT Auto-ID Labs Research Workshop. Rieback, M. R., B. Crispo, et al. (2006). "The evolution of RFID security." IEEE Pervasive Computing 5(1): 7. Roberts, C. M. (2006). "Radio frequency identification (RFID)." Computers & Security 25(1): 18-26. Robshaw, M. J. B. (2006). "An overview of RFID tags and new cryptographic developments." Information Security Technical Report 11(2): 82-88. Smith, A. D. (2005). "Exploring radio frequency identification technology and its impact on business systems." Information Management & Computer Security 13(1): 12. Solanas, A., J. Domingo-Ferrer, et al. (2007). "A distributed architecture for scalable private RFID tag identification." Computer Networks 51(9): 2268-2279. Song, J., C. T. Haas, et al. (2007). "A proximity-based method for locating RFID tagged objects." Advanced Engineering Informatics 21(4): 367-376. pg. 8

Twist, D. C. (2005). "The impact of radio frequency identification on supply chain facilities." Journal of Facilities Management 3(3): 13. Weinstein, R. (2005). "RFID: A Technical Overview and Its Application to the Enterprise." IEEE IT Professional 7(3): 6. pg. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information