Вы находитесь на странице: 1из 19

S. Santa Kumari Associate Professor santakseetala@yahoo.

com

B. Chandra Kiran M.Tech(R&M) Andhra University kiranec121@gmail.com

RFID Architecture RFID system architecture consists of a reader and a tag. The reader queries the tag, obtains information, and then takes action based on that information.

Transponders used in RFID are commonly called tags, chips, or labels.


RFID tag contains the following items: Encoding/decoding circuitry Memory Antenna Power supply Communications control

Paper thin 2X2inch in size.


Read-only or Read/writable Storage capacity of 2KB data that contain 96bits serial number.
Tags come in many flavors: passive, battery assisted, active, different frequencies, various anticollision technologies, printed/wire wounded antenna etc.

TAGS

Passive vs. Active Tags Passive RFID tags do not contain a battery or other power source; therefore, they must wait for a signal from a reader. Obtains power from the reader device is done using an electromagnetic property known as the Near Field Active tags have their own power source, usually an internal battery.

An RFID reader is a device that is used to interrogate an RFID tag. The reader has an antenna that emits radio waves. The tag responds by sending back its data. The reader performs other functions like activating tags, powering tags, managing communication with multiple tags, querying tags, Middleware Middleware software manages the readers and the data coming from the tags, and passes it to the backend database system. Middleware sits in the middle of the data flow between the readers and the backend, and manages the flow of information between the readers and the backend. when multiple tags relay information to a reader simultaneously, precautions must be taken to prevent interference among signals. This paper proposes an approach in which the complexity and hence the cost of RFID tags can be drastically reduce by eliminating the security-assuring computational resources from the RFID tags and placing the security burden on the data processing server.

It is technologically possible to build RFID tags that possess the computational resources necessary to provide a high level of security to the data stored and transmitted. Password protection, public key encryption and other such features can be built into a tag, but the cost of each such a tag would be prohibitively high Tags that perform encryption would have tens of thousands of gates compared to a few thousand gates available to bare-bone tags. The key idea here is to require the exchange of a unique and different data segment between the tag and the server each time the tag transmits its identity data and other information.

Attempts to steal information stored on a tag fall into two broad categories: passive and active.
Passive attacks are said to occur when a rogue reader tries to intercept the data transmission between a tag and a reader. This form of attack is also called eavesdropping. here, the rogue does not interact directly with the RFID tag. Active attacks happen when a rogue RFID reader queries an honest tag for its information The following are the requirements of an RFID security strategy: Before a tag transmits any of its information to a reader, it must authenticate the reader. This protects the tag against active attacks, in which a rogue reader that understands the communication protocols simply queries the tag to steal its information. Every tag must be authenticated before a transaction is approved. The authentication process must protect against clones. The transmission of information over the radio wave must be protected against eavesdropping.

Recommendations: The National Institute of Standards and Technology has identified the security and privacy risks associated with RFID technology and offered a set of recommended practices to reduce threats Encryption of data when feasible. Authenticated access to RFID systems. Shielding RFID transactions from eavesdropping rogues by using metal screens and films. Destruction of sensitive information on used tags and safe disposal of tags. Audit procedures and time stamping to detect breaches.

Separation of RFID databases from other databases and IT systems.

MULTIPLE ID AUTHENTICATION PROTOCOL The Multiple ID protocol protects data against both active and passive attacks. According this protocol, every reader has to be authenticated by a tag before the tag can transmit any of its data. Similarly, each and every tag has to be authenticated by the reader. This protocol is based on the requirement that both the tag and the reader challenge each other to furnish a valid password. Every tag has a certain amount of memory space to store information. The Multiple ID protocol uses this space to store a sequence of random ASCII characters. A small section of this sequence of characters serves as a password. Every tag has a certain amount of memory space to store information.

Since the server program knows the exact sequence of characters for every tag in the system, the password supplied by the tag is easily verified. When a tag enters the interrogation zone of a reader, the tag transmits a serial number for the server program to identify the tag.

Before a tag can exchange any more information, the reader needs to authenticate itself to the tag.
The reader selects a sequence of characters or a password and transmits it to the tag. This set of characters will be used only once, although some of the characters from this sequence may be reused. The tag looks for the same sequence of characters in its memory at the specified location. If the sequence exists, the tag authenticates the reader and proceeds to authenticate itself to the reader by transmitting a password. This password is a sequence of characters selected by the tag from its memory. The reader, having looked up the tag in the database, instantly verifies the authenticity of the tag by comparing the password transmitted by the tag against that stored in the database.

The following is the pseudo-code of the software algorithm that implements the communication in multiple ID protocol. Step 1: Reader continuously looks for the presence of a tag or tags in its interrogation zone. When a tag or a set of tags is found, the reader executes an anti-collision algorithm to place tags in a list L Step 2: Pick tag x from the head of L and ask for its ID Step 3: If tag x doesnt respond with an ID, then delete x from L; if L is empty go to Step 1 else go to step 2. If tag x responds with its ID, the reader/server looks up the ID of tag x in the database. Step 4: If the ID of tag x doesn't exist in the database, then delete x from L; if L is empty go to Step 1 else go to step 2. If the ID of tag x exists in the database, then retrieve contents of memory buffer B associated with the tag ID;

Step 5: Reader/server randomly selects a window of characters (password) p and its starting location in B and sends p and its location to tag x.
Step 6: If tag x authenticates the reader, then reader asks tag x for the tag's password.

Step 7: If tag x doesnt respond with password, then delete x from L; if L is empty go to Step 1 else go to step 2. if tag x sends to the reader a window of bytes (password) q and its location, the reader checks the authenticity of q
Step 8: If the reader doesnt find q in B, then it flags tag x a clone; delete x from L; if L is empty go to Step 1 else go to step 2. If the reader finds q in B, then tag x is authenticated. Delete x from L; if L is empty go to Step 1 else go to step 2

The tag executes the following steps as part of the multiple ID authentication protocol. Step 1: Tag waits to be selected by the reader for communication. Step 2: When selected, the tag transmits and waits for the reader to transmit a password authentication. Step 3: If the tag doesn't receive password within a pre-set time window go to step 1. Step 4: Tag retrieves the password buffer based on the location information provided by the reader. Step 5: If passwords p and q doesnt match,then the tag refuses to transmit any information and temporarily down and later goes back to step 1. Step 6: If passwords p and q match authenticated and the tag transmit password.

The rogue is essentially an RFID reader that eavesdrops on the data exchanged between tag and the genuine reader over the course of a transaction. The frequency with which the rogue eavesdrops on the transactions is kept a variable in the simulation the stolen data to create a clone. The clone tries to engage the reader in a transaction of its own kind. This fake transaction is called a spoof. The simulation involves four entities (tag, reader/server, rogue and clone) and two activities (transaction and spoof).

The single most important factor that determines the level of security by the authentication protocol is the number of successful spoofs. If the number of successful spoofs per transaction, S is equal to zero, the configuration of the protocol is highly vulnerable. if S is close to 1 the protocol is considered highly desirable P, the probability of rogue eavesdropping; M, the number of genuine transactions between any two spoof attempts; N, the number of times each password is used by the tag. By generating simulation output S, for different setting of N, P, M, the following regression model is developed to predict the value of S for a given set of values for p, M and N.

The value of S increases consistently for a given probability as the value of N increases.The surface becomes curvy at P=0.5 and N > 6.If Nis close to 1,S would remain small regardless of p value

For a given value of probability,the value of S decreases as the value of M increases.This is because as M increases, the umber of spoofs attempts decreases.

[1] A. Juels, RFID Security and Privacy: A Research Survey. Condensed version appeared in 2006 in the IEEE Journal on Selected Areas in Communication.IDETC/CIE 2007 September 4-7, 2007, Las Vegas, Nevada, USA. [2] A. Juels, Strengthening EPC Tags Against Cloning. International Conference On Mobile Computing And Networking Proceedings Of The 4th Acm Workshop On Wireless Security Cologne, Germany. SESSION: Security analysis Pages: 67-76; Year Of Publication: 2005. [3] A. Juels, R. Rivest, and M. Szydlo, The blocker tag: Selective blocking of RFID tags for consumer privacy. In Sushil Jajodia, Vijay Atluri, and Trent Jaeger, editors, Proceedings of the 10th ACM Conference on Computer and Communication Security, pages 103111, Washington, D.C., USA, 2003. [4] A. Juels, Minimalist Cryptography for Low-Cost RFID Tags. In Carlo Blundo and Stelvio Cimato, editors, The Fourth InternationalConference on Security in Communication Networks - SCN 2004,volume 3352 of Lecture Notes in Computer Science, pages 149--164,Amal, Italia, September 2004. Springer-Verlag.

Conclusion
This work developed a new authentication protocol based on a radically different philosophy of depending on the intelligence of the system on the server and keeping the tag hardware simple. This authentication protocol provides a lot more security than the bare-bone protocols that exist in the industry.

THANK YOU

Вам также может понравиться