a new epc rfid protocol revised from yehet al. protocolrt32 random generator by tag s share key...
TRANSCRIPT
IERI Procedia 4 ( 2013 ) 110 – 117
2212-6678 © 2013 The Authors. Published by Elsevier B.V.Selection and peer review under responsibility of Information Engineering Research Institutedoi: 10.1016/j.ieri.2013.11.017
A
Abst
A neaseasagrical., aotheris repbe ge © 20Selec Keyw
1. In
Tcomand havethat syste
Corr
2013 Inte
A New E
*
tract
ew EPC Global sy card, convecultural etc.Usinand finds a newr one is the searplaced to O(n).enerated as a ne
013.Publishedction and peer r
words: RFID;EPC
ntroduction
The radio freqmposed by tag,
then gives thie be a long-rait is the frien
ems in 2005 th
respondence: Hen
ernational C
EPC RF
*Hardy Lin*Profess
**GProf
RFID protocolenience store pngthe disadvantw RFID protocorch for back-end The aim is to
ew protocol for
d by Elsevier Breview under re
C Global Class-1 G
quency identi readerand bais informationange automatind or foe [2].Ihat Wal-Mart
nry Chan, e-mail
Conference o
ID Proto
n,**Yu-Kasor, Dept. Inform
Graduate Student, fessor, Dept. Info
l is developed fpayment cards,tages of Yehet ol.The redundad server can bereduce the PRNRFID.
B.V. esponsibility of
Generation-2; Sec
ification (RFIack-end servern tothe back-eic identificatioIn the future,t raised the att
: changher@mail
on Electron
ocol Rev
ai Chen, anmation Manageme
Graduate instituormation Manage
from the Yehet, park cards, bal.protocol, the
ancy of PRNG e shortened wheNG generation
Information En
curity Attack; Per
ID) is a placr system, the rend server andon from Worl RFID is in ctention of vari
l.cgu.edu.tw
nic Engineer
vised fro
nd Henry Kent, Chihlee Institute of Informationement, Chang Gu
talprotocol.RFIDbranded shoppieresearchcombihas reducedin
en the linear seawith time com
ngineering Rese
rformance Evalua
e of the tradreader reads td queries corrld War II, micommercial apious manufact
ring and Co
om YehetKer-Chang
tute of Technologn Management ung University
D has been useing card, the ines both protocorder to simpl
arch is too muchmplexitysimultan
earch Institute
ation.
ditional barcodthe tag informresponding lablitary airplanepplications. Wturers in a lea
omputer Scie
t al. Prot
Chang
gy
ed in many applbusiness logistcols of Kim et ify the whole oh effort, the conneously. So the
de. The RFIDmation by radio
bel record. RFes are applied
Wal-Mart [15]ading 100 man
ence
tocol
lications such tics, medical, al. and Yehet operators; the nstant of O(1) e research can
D system is o frequency, FID systems d to find out ] uses RFID nufactures to
Available online at www.sciencedirect.com
© 2013 The Authors. Published by Elsevier B.V.Selection and peer review under responsibility of Information Engineering Research Institute
ScienceDirect
Open access under CC BY-NC-ND license.
Open access under CC BY-NC-ND license.
111 Hardy Lin et al. / IERI Procedia 4 ( 2013 ) 110 – 117
use RFID; the domestic government research units pay a special attention to this area, so under the support of the Ministry of Economic Affairs, the Taipei Computer Association of "RFID industrial Association for the Promotion of the establishment of the General Assembly” has been setup, the first president Frank Huang served as chairman of the Taipei Computer Association"[16], he leads all manufactures to include the RFID operation. Therefore RFID has a special effect on businesses in the world. Some many areas such as materials management, health care, access control systems, telemedicine, or other usages using RFID are provided.
Based on the use of RFID and transfer information transmitted in the air must have additional security problems, such as eavesdropping, interception, tampering or resend, some attacks are found in the problems of security and privacy, according to Yehet al. protocol and our research from the collected papers [5,9,10,13,14],some security issues are as follows:
(1) Information Leakage: an attacker illegally unauthorized reader to read the tag or the interception of several messages related confidential information.
(2) Replay attack: the attacker transfersthe information obtained by eavesdropping, then, with illegally sending, the counterfeit legitimate device has to pass the authorization.
(3) Tracking attack: a tag can be sent by their label; an attacker can track the location area and find its purpose.
(4) Forward secrecy attack: an attacker can crack the tag memory information, to identified with the purpose, then identifies the past transaction records.
(5) Denial of service attack (QoS): RFID transmits large amounts of information in order to block, obstruct or intercept,QoScan stop the communications between tags and back-end server.
(6) Impersonation attack: the attacker can be a pseudo-legal device to complete the authentication. The communication ways of RFID can be divided into two kinds of electromagnetic induction and
microwave resonance [12].There are also three kinds of active RFID, semi-active RFID and passive RFID according the battery support.
2. Relative paper review and Discussion
There are many papers talking the RFID with their related topics, within their way, the Yehet al. protocol derived from Kimet al. protocol is found. So this research wants to deeply understand why the reasons of Yehet al. protocol came from Kim et al. protocol, and to discuss what the disadvantages of Yeh et al. protocol.
2.1 Discussion of EPC Global Class-1 Gen-2 RFID
There are many papers have talked about the EPC Global Class-1 Gen-2 RFID, and explain their disadvantages. Tao and Li [11] discussed the relative collisions of RFID in the transmission process, an anti-collision algorithm to solve these problems by the two authors. Shamir [6] also proposed flanking attack (side channel attack) to obtain information from the internal key to open other functions; it is also worth to consider a weakness. Mitrokotsaet al. [8] also proposed some RFID attacks, thisis to setup a table to illustrate many attacks, by idea of Mitrokotsaet al. [8],this research can provide information on how to think, and put forward the corresponding practice.
2.2 Kimet al. Protocol and disadvantage
Due to the limited computing functions,low-cost Class-1 Gen-2 RFID tags cannot be carried out complex computations, so there is a security problem. Kim et al. [3] proposed to improve the protocol in Figure 1,thekey shared by the back-end serverandtag to process the mutual authentication, and protects the transmission of data using the pseudo-random number. The protocol assumes a security zone between reader and tag, but DMZ (de-military zone) areais between reader and back-end server. The notations are listed in
112 Hardy Lin et al. / IERI Procedia 4 ( 2013 ) 110 – 117
Table 1according to Chien and Chen [4].
Table 1 Notations Notation Explanation
XOR + Add operator || Concatenation
f(.) Random number generator RT32 Random generator by tag
S Share key between back-end server and tag EPC Electronic product code PC Reader can get some EPC from tag in physical protocol control message
CRC16 Cyclic redundancy code 16 PIN Passwordcan be either PIN1 or PIN2 PIN1 Access password is between back-end server and tag, the purpose is to get tag. PIN2 Kill Password is between back-end server and tag, the purpose is to destroy tag.
But according to Yeh et al., they support some disadvantages from Kim et al. protocol as the following:
(1)Replay attack: because RR32 is a plaintext, PIN1 and PIN2 are fixed integers,Deursen and Radomirovi[7] found that the first eavesdropping attack can find the normal communication between the tag and reader.
i.e., From Figure 2, an attack sends a random query to the tag, and provides M1’=RT3’ PIN1, according to pre-eavesdropping message of M1 and RR32, Kim et al. protocol want to compute:
RR32’ = RR32 M1 M1’ = RR32 (RT32 PIN1) (RT32’ PIN1)
=RR32 RT32 RT32’ Ifback-end server receives as:
M2'=RR32’ PIN2 RT32' =(RR32 RT32 RT32’) PIN2 RT32
= RR32 PIN2 RT32’ If the back-end server eavesdrops the normal communication and find M2' is equal to M2 valuefrom the
tag, but P isderived M3 = f (M2) and PIN (access or destroy tags as to the requirement of commands). If the attacker tapping into P of Step 9 in Figure 1, the tagcan be adopted and the tag can be accessed or stopped its function.
(2) Forward security attack: this research finds that if an attacker wants to destroy the memory information individually and substituted into the past records in the database and then does the algorithm, you can identify the records of the relative value of the tag. So value M1 in past record in Step 2 in Figure 1 has to transmit.ThenM1 PIN1=RT32'; the RR32 in Step 3 in Figure 1 with PIN2 to compute M2'=RR32 PIN2RT32 . The next calculation isM3' = f (M2') and T'(0 RT32' M2' M3' which the last bit is cancelled), and to the in-sided memory S to calculate E' = (T'+ S) EPC', if E' and E derived in Step 4 is equal, the protocol can confirm that the sending record is relative to the tag.
(3) QoS: after p is sent to open the access permission in this protocol, interception or tampering by an attacker sendsto update Write commandof PIN1, the update does not make the tagwith the back-end server synchronized, so that the tagcannot be through the identification of the back-end server.
2.3 Yehet al. protocol and their disadvantage
Yehet al.protocol[14] want to update the information weaknessin the RFID protocol by Kim et al. shown in Figure 1, the pseudo-random number RR32 Kim et al. sent in plaintext can trigger the replay attack;in addition, there are not copies of the values in both readers and tags, the forward security attackcan appear.Therefore Yehet al. protocol want to use a pseudo-pseudo-random number RID to protect RR32 in
113 Hardy Lin et al. / IERI Procedia 4 ( 2013 ) 110 – 117
transPIN
Figur
Figur
smission; both1. So their RF
re 1 Kim et al. pro
re 2Yehet al. prot
h sides can upFID protocol is
otocol
tocol
pdate the shars shown in Fig
red key PIN1gure 2.
, back-end seervercan reservve new and oold values of
114 Hardy Lin et al. / IERI Procedia 4 ( 2013 ) 110 – 117
DdesccertiPINsom
(1M2wcom
(2memthe b
(3a muconv
3. T
Tthis same
Figur
(1(2
M1=(3
During all discription is shoify the p =p1*asf(RT32e disadvantag1) Suppose nwhich can req
mplicated authe2) According
mory individuaback-end serv3) Yehet al.prutual authentivenience and p
he new RFID
There are someresearch com
e.This explana
re 3 The new RFI
1) Reader Ta2) Tag Reade=RT32 f(PIN3) Reader T
sadvantages foown ion Figurp. If it is, so
PIN1*). Theges are as follonow an illegaquire tags to entication to dto the record
ally to substiter causes a gr
rotocoluses RIication informpracticality of
D revised prot
e disadvantagmbines both twation of the ne
ID revised protoc
ag: Query.Reaer:M1. Tag N1i PIN2i), tTag: ACK(M1
found in Kimre 2 where sothe M4 can
ere is a descriowing: al reader and
perform Stepdecide whetheds of the of Ytute calculatioreat deal of theID as a pseudo
mation for reaf the reader.
tocol
ges among Kimwo protocols ew RFID revi
ol
ader gives a qucan generate
then M1 is sen1). Reader use
m et al. protoome supports
support to miption of proto
tags can comps 2 and 4 inr this reader is
Yehet al.protoon of RT32', Me load. o-random numader and tag,t
m et al. prototo simplify tsed protocol i
uery to tag. e a random nt to reader.es the ACK to
col, Yehet alare to revise
make the conocol shown in
mmunicate, on Figure 2, sos illegal.
ocol in Step 5M3', M4', and
mber shared bthetag mobilit
col and Yehethe operators is shown in Fi
number RT
give M1 to ta
l. developed . Their researtent of PIN1n Figure 2. B
only need queo we must w
, the back-enE', this practi
y the reader aty can be dec
et al. protocol according the
igure 3:
32, with PIN
ag.
a different prch can find uis updated by
But this resear
ery is free towait until we
nd server will ice is linear s
and tag, if thisclined, also to
for global clae requirement
N1i and PIN
protocol, the using M4 to y PIN1*and rchfinds that
o produce a conduct the
receive M1 earch which
s RID can be o reduce the
ass-I Gen-II, ts keeps the
N2ito derive
115 Hardy Lin et al. / IERI Procedia 4 ( 2013 ) 110 – 117
(4) Tag Reader: PC, E, CRC16. If the tag gets the M1 which is equal to M1 in Step 2, tag will compute M2= Si PIN1i RT32, M3=f(M2), the T is the 0||M1||M2||M3 with the last bit is cancelled again. Ei = T EPCi. All items of Ei, PC and CRC1 are sent to reader.
(5) Reader Back-end Server:Ei, M1. The reader sends Eiand M1 to back-end server. (6) Back-end server Reader: Information. If the back-end server gets the M1 and compare to the record in
their server, the equation of RT32’= M1 f(PIN1i* PIN2i); M2’=Si PIN1i
* RT32’; M3’= f(M2’); PIN1i
*can be a PIN1i_new or PIN1i_old. T’ is 0||M1’||M2’||M3’with last bit is cancelled; Ei’ = T’ EPCi. If Ei’ is the same as Ei, then the tag can be the same in back-end server, the information is transferred to tag.
(7) Reader Back-end server: PIN request. Reader sends a requestto back-end server to know that the tag can be accessed or destroyed.
(8) Back-end server Reader: P. Back-end server can derive P to reader where P=f(PIN M3’), PINcan be PIN1i
* or PIN2i, then the content of PIN1i is updated. PIN1i_old PIN1i
* PIN1i_new RT32 PIN1i
*’ (9) Reader Tag: P. Reader sends tag with P and let tag to compute P’. P’= f(PIN M3), PIN can be
PIN1ior PIN2i. If PIN=PIN1i, P’ is the same with Pfrom reader, the authentication of back-end server is allowed, the access authorization can be pass for tag. Otherwise, PIN=PIN2i, P’ is the same as Pin reader, all functions of that tag are stop after the authentication from back-end server, the content of PIN1i is updated.
4.Comparison of Security analysis and performance evaluation
The security analysis of a new protocol is described and the comparison is shown in Table 2:
Table 2 Security analysis
Kim et al. protocol Yehet al. protocol This research
Information leakage
Replay attack
Track attack
Forward attack
Counterfeit attack
QoS
(1) Information leak: an eavesdropper can obtain E and M1,nevertheless, all protected messages must be
transmittedvia PIN1i, PIN2iandrecent value of RID, the eavesdropper cannot obtain the information in order to prevent the leakage of information
(2) Replay attack: in this research, Siprevents the RIDtobe stolen;PIN1ivalue is updated after the back-end server and tags is updated. The various values of PIN1iare provided and then to prevent replay attacks.
(3) Tracking attack: the tag sendall informationusing variouspseudo-random number, so illegal attacker cannot trace a tag holder by the predictive value.
(4) Forward security attack: each time the tag updatesPIN1icontinuously, the communications with different PIN1iand RIDcan protect the information randomly, so an attacker cannot crack information in tag and some records in back-end serverin order to identify with some information about that tag.
(5) DoS attack: the back-end server keeps old and new values of PIN1i, when interception or tampering happen,the back-end server system can usethe old value of PIN1i to identify; the back-end server and tag can meet asynchronouslyDoS attack.
116 Hardy Lin et al. / IERI Procedia 4 ( 2013 ) 110 – 117
(6) Impersonation attack: the PIN1iand PIN2ican be identified at the same time, the transformation of message is also protectedbytheRID;he attacker cannot obtain confidential information shared key to counterfeit legitimate senders.
Table 3 Performance analysis
Comparison of performance analysis
Kimet al. protocol Yehet al. protocol This research
Tag 5 XOR
1 PRNG 1 Addition mod 2m
6 XOR 4 PRNG
2 Addition mod 2m
7 XOR 3 PRNG
0
Time complexity O(n) O(n) O(1)
Embedded Information in tag
Gen-2embedded information EPC: 96bits; PIN1: 32bits; PIN2: 32bitsTID: 32bits, sum is 192 bits
S:96bit, total sum is 288bits.
RID:32bit, total sum is224bits.
S:32bits, total sum is 224bits
Performance evaluation of this research is listed in Table 3 where one PRGN and time complexity of O(1)
are listed. The combination of Kim et al. protocol and Yehet al. protocol isto develop the new RFID protocol; this researchshould be a revised protocol to reduce the extra requirements.
5. Conclusion
For the security requirement, following Yehet al. modifies Kim et al. protocol discussed before, Kim et al. protocol and Yehet al.protocol have disadvantages found at all, the new protocol derived by his research.This research includes the use of shared key S between back-end server systems andtag, the application is to release burden for reader generatingRID, so that the reader does not computeany functions and just for transmission only.This research would be more secure when the inclusion of Kim et al. and Yehet al. protocols to find the particular functions. This research can be practical for general applications;even the reduction of search time complexity can make the back-end server system to release the burden.
References
[1] Ron Weinstein, RFID: A technical overview and its application to the enterprise,IT Pro, pp. 27-33,May/June, IT pro, pp. 27- 2005.
[2] C. M. Roberts, Radio frequency identification (RFID), Computers and Security, Vol. 25, No. 1, pp. 18-26,Feb. 2006.
[3] K. H. Kim, E. Y. Choi, S. M. Lee, and D. H. Lee,Secure EPCglobal class-1 gen-2 RFID systemagainstsecurity and privacy problems, Lecture Notes in Computer Science, Vol. 4277, pp. 362-371, 2006.
[4] H. Y. Chien and C. H. Chen, Mutual authentication protocol for RFID conforming to EPC class 1generation 2 standards, Computer Standards and Interfaces, Vol.29, No. 2, pp. 254-259, 2007.
[5] E. Y. Choi, D. H. Lee, and J. I. Lim, Anti-cloning protocol suitable to EPC Global Class-1 Generation-2, Systems, Computer Standards and Interfaces, Vol. 31, Issue 6, pp. 1124-1130, 2007.
[6] Y. Oren, A. Shamir, Remote password extraction from RFID tags, IEEE Trans. Computers, Vol. 56, No.9,pp. 1292 - 1296, 2007.
[7] T. van Deursen and S.Radomirovi , Attacks on RFID protocols, Cryptology, ePrint, pp. 1-56,2008. [8] A.Mitrokotsa, M. R. Rieback and A. S. Tanenbaum, Classification of RFID attacks,
http://www.cs.vu.nl/~ast/publications/iwrt-2008.pdf
117 Hardy Lin et al. / IERI Procedia 4 ( 2013 ) 110 – 117
[9] H. M. Sun and W. C. Ting, A gen2-based RFID authentication protocol for security and privacy,Trans. Mobile Computing, Vol. 8, Issue 8, pp. 1052-1062, 2009.
[10] E. Y. Choi, D. H. Lee, and J. I. Lim, Anti-cloning Protocol Suitable to EPC Global Class-1 Generation-2RFID systems, Computer Standards and Interfaces, Vol. 31, pp. 1124-1130, 2009.
[11] Tao Cheng and Li Jin, Analysis and simulation of RFID anti-collision algorithms,www.technovelgy.com/ct/Technology-Article.asp?ArtNum=24
[12] Yu-Jen Chen, Gen-Yih Liao, Chung-Chih Lin, Introduction of RFID, Hwa Tai Publishing Co.,Taiwan, 2009. (in Chinese)
[13] T. C.Yeh S. J. Lo, J. S. Wu,Improvement of RFID EPC Class-1 Generation-2 protocol, 2010TANET (Taiwan Academic Network Conference), Oct. 27 ~ Oct. 29, University of Tainan, Taiwan.(in Chinese)
[14] T. C.Yeh S. J. Lo, The RFID reversion of Kim et al. protocol, Minghsin Journal, Vol. 38, No. 1,pp. 133-145, 2012. (in Chinese)
[15] Electrical Engineering Forum, Wal-MartCo. asks to use RFID for leading 100 manufactures before 2005,www.eettaiwan.com/ART_8800318983_480202_NT_6c73a540.HTM(in Chinese)
[16]Techlife,Establishment of RFID industryapplication promotionassociation,www.techlife.com.tw/01news/01news.asp?NID=13340.(in Chinese)