RFID Security Through Dynamic Tag Content Management
No Thumbnail Available
Date
2020-02-02
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Radio frequency identification (RFID) tag exchanges data with an RFID reader through radio waves. These tags can be attached to almost any object, such as baggage‟s, containers, construction materials, laundry and bottles. It can also be attached to animals, humans and vehicles. It is seen as a means to enhance efficiency and introduce new functionality in products such as intelligent fridges or washing machines, to query their contents. However, concern has arisen about the possibility of using RFID technology for tracking and profiling individual people. Privacy, integrity, data security and civil rights concerns are expressed and may lead to the failure of RFID technology to realize its promise.
Cryptographic solutions may be a consideration. However, standard cryptographic primitives (hash functions, message authentication codes, block/stream ciphers, etc.) are quite demanding in terms of circuit size, power consumption and memory size, so they make costly solutions for RFID tags. We analyze the security hole and present these concerns and find out the problem as static tag_id identification and no access control. As we see none of RFID tags employ read passwords or other read access control. Because the tag content on the RFID tag never changes until next encoding, the ability to read will enable several security risks. First, the adversary may determine which object owns the tag and infer the origin of the object carrying the tag. Second, static identifier can be used both to track and hotlist tagged objects easily. The main security risk of the static tag content is the leakage of content and cloning the tag. Because of the static properties, RFID tag content always remains unchanged in the entire system, and an attacker can conducts multiple actions on the target tag. Tag that stores static information is vulnerable to attacks such as cloning. So our proposed solution comes with the idea of using dynamic tag content to the tag which is making the tag_id dynamic by changing it every time the tag is read/scanned. The tags store a dynamic number, called tag_id. The back-end system issues these numbers and keeps track of which number is written on which tag to prevent cloning attack. This work makes use of the tag‟s rewritable memory for changing tag content after every scan. Finally, we simulate our work using Arduino and Proteus simulation tools.
Description
Keywords
RFID, Privacy, Integrity, Data Security, Cryptography, Authentication, Cloning