Secure Active RFID Tag System



Similar documents
RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

Intelligent Fleet Management System Using Active RFID

A Study on the Security of RFID with Enhancing Privacy Protection

How To Hack An Rdi Credit Card

RFID based Bill Generation and Payment through Mobile

IT-Based Safety and Security Solutions for Schools

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS

Strengthen RFID Tags Security Using New Data Structure

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Remote Monitoring of Livestock Wireless and the Wii Improving Livestock Welfare

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Privacy and Security in library RFID Issues, Practices and Architecture

TT-RFID platform - Introduction

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Assets Location Management Solution Based on the Combination of SmartLocator and RFID

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

RFID Security: Threats, solutions and open challenges

SmartDiagnostics Application Note Wireless Interference

CRACK DETECTION METHODS USING RADIO FREQUENCY IDENTIFICATION AND ELECTRICALLY CONDUCTIVE MATERIALS

RFID 101: Using RFID to Manage School Assets and Achieve Huge Savings

Application of Tracking Technology to Access-control System

Applying RFID in traffic junction monitoring

Efficient Asset Tracking: From Manual to Automated

RFID SECURITY. February The Government of the Hong Kong Special Administrative Region

CHAPTER 1 Introduction 1

Data Transfer Technology to Enable Communication between Displays and Smart Devices

Network Sensing Network Monitoring and Diagnosis Technologies

Security in Near Field Communication (NFC)

Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08

Enabling the secure use of RFID

Bidirectional wireless communication using EmbedRF

RFID Design Principles

Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges

The IT Guide to RFID Solutions for Schools. UHF RFID Technology: The Basics. The Technology, Applications, and Benefits

Location-Aware and Safer Cards: Enhancing RFID Security and Privacy

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

RFID Penetration Tests when the truth is stranger than fiction

AAS. Automatic Attendance System. Grant Hornback, Alex Babu, Bobby Martin, Ben Zoghi, Madhav Pappu, Rohit Singhal

Design And Implementation Of Bank Locker Security System Based On Fingerprint Sensing Circuit And RFID Reader

On-Demand Virtual System Service

Technical Standards for Information Security Measures for the Central Government Computer Systems

Experiences in positioning and sensor network applications with Ultra Wide Band technology


Wi-Fi Backscatter: Battery-free Internet Connectivity to Empower the Internet of Things. Ubiquitous Computing Seminar FS2015 Bjarni Benediktsson

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

ODOT Surveyor s Conference

How To Understand The Power Of An Freddi Tag (Rfid) System

Global Deployment of Finger Vein Authentication

ANYTIME ANYPLACE-REMOTE MONITORING OF STUDENTS ATTENDANCE BASED ON RFID AND GSM NETWORK

Radio Frequency Identification (RFID)

Security and Privacy Issues of Wireless Technologies

WiFi and Security Administration

Threat Modeling a SharePoint Application: An exploratory exercise in preventing data breaches and theft.

The RFID Revolution: Your voice on the Challenges, Opportunities and Threats. Online Public Consultation Preliminary Overview of the Results

Special Topics in Security and Privacy of Medical Information. Reminders. Medical device security. Sujata Garera

Technologies Supporting Smart Meter Networks

We are one of the distinguished suppliers of a Wide range of Access Controllers. These are procured from the reliable vendors and are available in

Wireless power meter monitoring with power theft detection and intimation system using GSM and Zigbee networks

ADVANCED VEHICLE TRACKING SYSTEM USING ARM7

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Data Analysis Methods for Library Marketing in Order to Provide Advanced Patron Services

Futuristic Cart For Shopping With Product Inventory Management System

Aperio Online System Description

Unmatched RF Spectrum Analysis

RFID Radio Frequency Identification

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

RFID Based Centralized Patient Monitoring System and Tracking (RPMST)

RFID BASED VEHICLE TRACKING SYSTEM

Updating the International Standard Classification of Occupations (ISCO) Draft ISCO-08 Group Definitions: Occupations in ICT

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

PREPARING FOR THE NEW PCI DATA SECURITY STANDARDS

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Shadow TX(A) Shadow RX

Gemalto Mifare 1K Datasheet

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

Wireless Technologies take Personnel Safety in the Process Industries to a New Level

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Analytical Model for Automating Purchases using RFID-enabled Shelf and Cart

Localization System for Roulette and other Table Games

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

Evaluation for Cargo Tracking Systems in Railroad Transportation

Wearable Finger-Braille Interface for Navigation of Deaf-Blind in Ubiquitous Barrier-Free Space

Transcription:

Secure Active RFID Tag System Isamu Yamada 1, Shinichi Shiotsu 1, Akira Itasaki 2, Satoshi Inano 1, Kouichi Yasaki 2, and Masahiko Takenaka 2 1 Fujitsu Laboratories Ltd. 64 Nishiwaki, Ohkubo-cho, Akashi 674-8555, JAPAN {yamada.isamu, sshiotsu, inano}@jp.fujitsu.com http://www.fujitsu.com/global/ 2 Fujitsu Limited. 64 Nishiwaki, Ohkubo-cho, Akashi 674-8555, JAPAN {itasaki.akira,yasaki.kouichi, ma}@jp.fujitsu.com http://www.fujitsu.com/global/ Abstract. Recently, Radio Frequency Identification (RFID) tags are examined for various usages. Active type of tags which incorporates a battery is being applied to a person to detect the person s position. Usually, the active tag always widely transmits ID at constant intervals. Therefore, there is a security issue that the radio signal is easily observed from a place away by an uncertain party. The party can easily perceive the existence of the user who has the tag. We report here that we designed a new active RFID tag system that solves such a security issue. 1 Introduction The Radio Frequency Identification (RFID) tag can be roughly classified into passive and active types of tags. The passive tag does not incorporate a battery and responds with the energy provided by a reader/writer. Communication range is short, but the cost is low. This type of tags are expected to be applied to improve efficiencies in the area of the cash register, picking work at a delivery center, inventory control, and distribution/traceability. Active tag s communication range is long, but coverage of application is limited because of its high-cost. Both passive and active types of tags are being applied to various areas for their best use case[1]. Regarding the active tag, the some trials have been started providing various services to the user. There are, for example, a monitoring system for school children who commute to and from school[2,3], an integrated information support system for exhibitions in EXPO2005 AICHI JAPAN[4], and a PC locking system with utilizing the active RFID tag[5]. When the user who has a tag approaches to the reader, the reader detects the tag signal. A tag ID corresponded to the person can be extracted from the tag signal. As a result, the position of the user near to the reader is recognized, and appropriate service comes to be provided, even though the user doesn t consider anything. However, security issues have been pointed out against these trials[6,7]. A security enhanced active tag is proposed[8], but we think that is not an essential solution. Most important issue on security for active tag is that the conventional active tag is always broadcasting IDs as a radio signal. The user with the active tag is publicly exposed while always sending the radio signal - 1 - Ubicomp2005 Workshops

saying I am here. The radio signal is being easily observed and being pursued with a cheap reader. The authors think that the active tag will not be widely deployed unless and until such a security issue is solved. 2 System method 2.1 Comparison between conventional active RFID and proposed one Table 1 shows the classification of the tags. The communication range of the conventional active tag can be longer compared with a passive tag because it incorporates a battery. In case of applying the conventional active tag, the applied area should be limited in a safe area because it has a security issue. In case of a passive tag, it sends a radio signal only when it is inquired by the reader/writer. Therefore, no unnecessary radio signal is transmitted. However, it responds basically even though the reader/writer is not right one. So, there is a risk that the ID is being read from a place away. If the tag of 13.56MHz is used, the risk is low because the communication range is around 70cm with a large-scale antenna. In case of the UHF tag, the risk is more serious because it has a longer communication range about 3-7m. The communication range becomes longer, the convenience in operation improves. But if it is applied to a person, the risk would become non-negligible. We propose a method to solve these issues. It characterizes in having higher security strength than the passive tag, while maintaining the communication range and the battery life to be equal with a conventional active tag. Table 1. Classification of RFID tags Items Passive RFID tag Active RFID tag (Con.) Active RFID tag (new) Comm. Range 70cm/ 3m - 7m more than 10m around 10m Battery life (no battery) around 1 year around 1 year Security weak N/A, or weak strong Cost less than $1 less than $10 around $10 Application distribution/ inventory control of goods. tracking person (restricted area) tracking person (no restriction) 2.2 Security requirements for new active tag The issues on the security for a conventional active tag are listed below. A) Radio signal from the active tag can be easily monitored by a cheap reader. Under the current situation in which the active tag is not widely deployed, transmitting radio signal itself becomes a threat. B) The ID is tapped. Pursuing the behavior of the user who has the active tag becomes possible by tapping ID transmitted from the active tag. - 2 - Ubicomp2005 Workshops

C) Replay attack is being done by spoofing. It is possible to spoof as the user by capturing the radio signal and resending the captured signal to the reader. 2.3 Attestation process for new active RFID tag Fig. 1 shows the attestation process between the reader/writer and the tag. Both the reader/writer(or its server) and the tag safely manage the secret information (key, time, SysID, and TagID). Reader/Writer RFID Tag (i) ID request command is encrypted, and sent. The encrypted (ii) radio signal (iii) The command is attested. OK! NG! (vii) The response is attested. (vi) (iv) TagID is encrypted, and responded (v) STOP! Do not respond. Fig. 1. Flow of the attestation process (i) The reader/writer encrypts the ID inquiring command with the time and the SysID by using the common key, and transmits the encrypted command. (ii) A radio signal sent from the reader/writer varies every time because the time data is included in the encrypted command. (iii) The attestation process is executed in the tag. After the decryption process, the tag checks if the time difference between the time from the reader/writer and the time clocked in the tag is below the prescribed value, and the decrypted SysID concretely agrees to the sysid data stored in the tag. If both are okay, it is judged that the reader/writer is attested. (iv) If attested, the tag encrypts TagID with the time data and responds. (v) If not attested, the tag stops processing. This solves issue A). (vi) The response from the tag also varies every time because of the time data. This solves issue B). (vii) The attestation process is executed in the reader/writer. After the decryption process, the reader/writer side checks if the time difference between the time from the tag and the time clocked in the reader/writer side is below the prescribed value. If so, it is judged that the tag is attested. This solves issue C). 3 Prototype System To verify the proposed method, we made a prototype. See Fig. 2 and Fig.3. Their radio frequency is 315MHz, and the transmission power is below 500uV/m@3m. In the reader/writer, the frequency for receiving and transmitting is different, and it has independent receiver and transmitter. The transmitter repeats only the transmission, and the - 3 - Ubicomp2005 Workshops

receiver repeats only the receiving. This configuration enables intermittent operation at the tag side. The purpose of two receiver system is to improve receiving sensitivity. A pair of two transmitter antennas improves signal quality at the tag side. The timing for receiving and transmitting is divided in the tag, so it has only one antenna and one combined transceiver and receiver in the tag. Box (right) Transmitter f1 System server Box (left) Main receiver f2 RV TR Controller Client terminal Cont- Sub roller receiver Reader/writer Secure active tag Fig. 2. System configuration of the reader/writer and the tag. The system is under development. However, we could achieve that communication range of 10m, and battery life of 10.6 months with CR2032 battery at 1.4 seconds intermittent. Receiver antennas Antenna Transmitter antennas Reader/ write prototype Secure active tag prototype Fig. 3. Photographs of a reader/writer prototype and an active tag prototype 4 Summary We introduced a new active tag method and a prototype system which strengthen the security. This system solves the serious security issue that was critical in the conventional active tag. Moreover, the prototype system achieved practicable battery life. We think the most important hurdle for commercialization was cleared. Hereafter, we think about the design of the entire system for practical use and application to various usages in the future. - 4 - Ubicomp2005 Workshops

References 1. RFID journal, http://www.rfidjournal.com/ 2. http://pr.fujitsu.com/jp/news/2004/09/27-1.html(in Japanese) 3. http://headlines.yahoo.co.jp/hl?a=20050402-00000000-san-bus_all 4. http://techon.nikkeibp.co.jp/article/news/20050131/101257/(in Japanese) 5. http://www.cnes.co.jp/business/press/20050127.html(in Japanese) 6. PCWeb, http://pcweb.mycom.co.jp/articles/2005/01/01/takagi/003.html 7. EPIC, http://www.epic.org/privacy/rfid/brittan-letter.pdf 8. S. Kinoshita, et. al., Privacy Enhanced Active RFID Tag", 1 st International Workshop on exploiting context histories in smart environments, Germany, May/11/2005-5 - Ubicomp2005 Workshops

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information