SECURE SYMMETRIC AUTHENTICATION FOR RFID TAGS Presentation On SECURE SYMMETRIC AUTHENTICATION FOR RFID TAGS DBS INSTITUTE OF TECHNOLOGY Kavali,SPSR Nellore Presented By K.Sandhya, 118T1A0433, ECE.
OUTLINE: ABSTRACT INTRODUCTION TO RFID SYSTEM TYPES OF RFID TAGES WHY ONLY RFID? THREATS FOR THE RFID TAGES SYMMETRIC AUTHENTICATION INTERLEAVED AUTHENTICATION PROTOCOL ADVANTAGES AND APPLICATIONS FUTURE SCOPE CONCLUSION REFERENCES
ABSTRACT: Radio frequency identification (RFID) technology allows for the identification of objects or subjects remotely using attached RFID tags via a radio frequency channel, hence identification is achieved in a contactless manner. This technology is used for object tracking and monitoring, supply-chain management and personalized information services. Numerous authentication protocols for RFID systems were proposed in an attempt to prevent unauthorized tracking and monitoring, impersonation or cloning, and information leakage. This paper enhances passive RFID tags with cryptographically secure authentication.
INTRODUCTION: An RFID system is an small portable computer without a screen and a keyboard that interacts with the world through radio frequency signals. An RFID tag is a small microchip, with an antenna, holding a unique ID and other information which can be sent over radio frequency. The information can be automatically read and registered by RFID readers. The data received by the RFID reader can be subsequently processed by a back-end database.
RFID SYSTEM: A basic RFID system consist of three components An antenna or coil A transceiver (with decoder) A transponder (RF tag) electronically programmed with unique information.
WORKING: An RFID system consists of a tag made up of a microchip with an antenna, and an interrogator or reader with an antenna. The reader sends out electromagnetic waves in the ranges of anywhere from one inch to 100 feet or more, depending upon its power output and the radio frequency used. The tag antenna is tuned to receive these waves. When an RFID tag passes through the electromagnetic zone, it detects the reader’s activation signal. The reader decodes the data encoded in the tag’s integrated circuit and the data is passed to the host computer for processing.
TYPES OF RFID TAGS: The RFID tags are again classified into three types. They are Active Semi passive(=semi active) Passive
PASSIVE RFID TAGS: Passive RFID tags have no internal power supply. The electrical current induced in the antenna by the incoming radio frequency signal provides just enough power for the CMOS IC in the tag to power up and transmit a response. In this the aerial(antenna) has to be designed to both collect power from the incoming signal and also to transmit the outbound backscatter signal. It contain non-volatile EEPROM(Electrically erasable programmable read only memory) for storing data. Due to the lack of an on-board power supply the device can be quite small and have an unlimited life span. These tags have practical read distances ranging from about 2mm up to about few metres depending on the chosen radio frequency.
SEMI-PASSIVE RFID TAGS: These tags are very similar to passive tags except for the addition of a small battery. This battery allows the tag IC to be constantly powered. This removes the need for the aerial to be designed to collect power from the incoming signal. Aerials can therefore be optimised for the backscattering signal. Semi-passive RFID tags are faster in response and therefore stronger in reading ratio compared to passive tags.
ACTIVE RFID TAGS: Active RFID tags or beacons have their own internal power source which is used to power any ICs and generate the outgoing signal. They may have longer range and larger memories than passive tags, as well as the ability to store additional information sent by the transceiver. Active tags have practical ranges of tens of metres, and a battery life of up to 10years. Because passive tags are cheaper to manufacture and have no battery, the majority of RFID tags in existence are of the passive variety.
Different frequencies have different characteristics that make them more useful for different applications There are four main frequency bands for RFID tags commonly . They are categorized by their radio frequency: Low frequency tags(125 or 134.2kHz). High frequency tags(13.56MHz). UHF tags(868 to 956MHz) or 463MHz. Microwave tags(2.45GHz or 5.8GHz).
WHY ONLY RFID: For objects identification BARCODE technology will also be used. But RFID technology is better than RFID technology. The big difference between the two is bar code is a line-of-sight technology. That is, a scanner has to "see" the bar code to read it, which means people usually have to orient the bar code toward a scanner for it to be read. Radio frequency identification, by contrast, doesn't require line of sight. RFID tags can be read as long as they are within range of a reader. Bar codes have other shortcomings as well. If a label is fallen off, there is no way to scan the item. In addition, standard bar codes identify only the manufacturer and product, not the unique item.
THREATS FOR THE RFID TAGS: The basic functionality of RFID systems is to provide identification of individual objects by the replies the attached RFID tag sends to a request performed by a reader. The major drawback is that the communication scheme does not provide a method to prove the claimed identity. The three main security threats in RFID systems are forgery of tags, unwanted tracking of customers and the unauthorized access to the tag’s memory. So here, we propose authentication protocols for RFID systems. These protocols allow protecting high-value goods against adversary attackers.
SYMMETRIC AUTHENTICATION: Authentication is the mechanism that one entity proves its identity to another entity. Strong authentication protocols, such as challenge-response protocols are widely used in today. In this protocol one or several messages are exchanged between the claimant and the verifier. These protocols are defined upon symmetric-key and asymmetric-key cryptographic primitives. Asymmetric-key cryptography requires extremely costly arithmetic operations and is therefore out of question for RFID systems today.
AUTHENTICATION PROTOCOLS BASED ON CHALLENGE-RESPONSE METHODS: TAG AUTHENTICATION: Here, the tag authenticates itself against a reader. The origin of the tag can be proved and forgery is prevented. The protocol works as follows: The reader sends an authentication request, addressed with the ID of the tag. It contains a nonce, generated by the reader. The tag encrypts the nonce with the secret key and sends the result back to the reader, which can then verify the result. A-SRAC Protocol AAA
READER AUTHENTICATION: This method is used for authenticated access to the tag’s memory. In this when answering to the inventory request, the tag indicates with a flag that the reader has to authenticate itself. The reader answers to the challenge and sends a request to reveal the tags ID. Then only the tag sends its ID in plaintext and grants the reader access to the memory.
MUTUAL AUTHENTICATION: In this both parties authenticate themselves against each other. Like in the former protocols the tag answers the inventory request with a nonce and requests authentication from the reader. The reader answers the challenge and sends another challenge for the tag. The tag answers the reader’s challenge and both are authenticated. In this the ID is never sent in plain, so all three security threats can be prevented.
INTERLEAVED AUTHENTICATION PROTOCOL: The protocol mentioned above only works when the result of the cryptographic primitive is available within the time defined for the tag’s response. As this time is very short a modification of this authentication scheme was proposed where the calculation time for the algorithm is of minor importance. For this purpose, authentication is split into two parts: Authentication request(AR) Response request(RR)
ADVANTAGES: Tag detection not requiring human intervention reduces employment costs and eliminates human errors from data collection. As no line-of-sight is required, tag placement is less constrained. RFID tags have a longer read range than, e. g., barcodes. Tags can have read/write memory capability, while barcodes do not. An RFID tag can store large amounts of data. Unique item identification is easier to implement with RFID than with barcodes. Tags are less sensitive to adverse conditions (dust, chemicals, physical damage etc.).
APPLICATIONS: Attendance system in educational institutions and other work place. Bank locker secured access. General frame work to implement any other RFID based applications. Ware houses and storage places where lot inventory movement is expected.
FUTURE SCOPE: A hex key pad can be interfaced to micro controller board by which user can enter his password then the lock can be opened. This ensures even if some one has card then also without the password he can’t get access. Implementing the security systems with different levels by using different types of MI fare cards. Cryptanalysis of the link between the card and reader. Study of other RFID techniques for better service and security. Interfacing the system with a GSM so that data can be transmitted through messages.
CONCLUSION: In this paper we started with a short introduction to current RFID systems. We showed how the basic principles work and we motivated the enhancement of actual RFID systems with authentication functionality with standardised methods and algorithms. The main result so far is that we showed, that secure symmetric authentication is feasible for current RFID technology without significant additional costs. RFID with authentication is not only necessary to use RFID technology in security relevant applications but also if the tags contain personal data. Its important to realize that there will be no universally “Right” solution even for similar application with in the same industry. Every RFID solution each company adopts will be unique.
REFERENCES: S. E. Sarma, S. A. Weis, and D. W. Engels. RFID Systems and Security and Privacy Implications. In Cryptographic Hardware and Embedded Systems – CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002,Revised Papers, volume 2523 of Lecture Notes in Computer Science, pages 454–470. Springer, 2002. S. A. Weis. Security and Privacy in Radio-Frequency Identification Devices. Master’s thesis, Massachusetts Institute of Technology, Cambridge, MA 02139, May 2003. S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels. Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In Security in Pervasive Computing, 1st Annual Conference on Security in Pervasive Computing, Boppard, Germany, March 12-14, 2003, Revised Papers, volume 2802 of Lecture Notes in Computer Science, pages 201–212. Springer, 2004.
Queries?