Community Home
★ Community Points System ★ Must read for newbies ★ Moderator Application★
 

Forum
Return list
2857 views|0 replies
fish001

3836

Posts

19

Resources
The OP
Published on 2018-2-22 16:12 Only look at the author
 

Security issues and strategies in the application of RFID technology [Copy link]

The importance of security and privacy issues in the development of RFID is becoming more and more obvious. Whether these issues are resolved or not will determine whether RFID can be recognized by people and the breadth of its application. 1. Security requirements of RFID systems The security issues of RFID are mainly caused by the wireless communication between the tag and the reader. Since the wireless power of the reader is much greater than the wireless power of the tag, the communication range of the reader may cover multiple tags, and may also overlap with the communication range of other readers. In addition, the tag is constrained by the cost and its protection ability is weak, so there may be physical attacks, denial of service attacks, tag spoofing, forged tags, eavesdropping and other security threats. Therefore, when designing the RFID system, the system must have corresponding security requirements, that is, it is required to have basic characteristics such as confidentiality, integrity, availability, demonstrability and privacy. 1. Confidentiality: An RFID electronic tag should not leak any sensitive information to unauthorized readers. Since there is a long corridor between the reader and the tag, if access control is not implemented, the tag's storage may be read by an eavesdropper. 2. Integrity: Data integrity can ensure that the information received by the receiver has not been tampered with or replaced by the attacker during the transmission process. 3. Availability: The various services provided by the security solution of the RFID system can be used by authorized users and can effectively prevent denial of service attacks. 4. Authentication: The reader must be able to ensure that the message is sent from the correct electronic tag. This type of tag generally does not have the function of preventing tampering. 5. Anonymity: The UID tag can track a person or an object with a tag anytime and anywhere, and the person being tracked is unaware. The collected information can be merged and linked to generate personal information. 2. Security risks in the RFID system The security risks of the RFID system mainly come from three different levels of security protection links, namely tags, readers and communication links. The following are explained separately: 1. Defects in tag manufacturing Due to cost constraints, it is difficult for the tag itself to have sufficient security protection capabilities. Therefore, illegal users can use legal readers or homemade readers to communicate directly with the tag, obtain the data stored in the tag, and may crack and copy the data. 2. Defects in the reader In the reader, in addition to the middleware to complete data screening, time filtering and management, it can only provide user business interfaces, but cannot provide services that allow users to provide 3. Open communication links The data communication link of RFID is a wireless communication link. Since the signal in the link is open and not encrypted, it is convenient for attackers. Attackers can eavesdrop on communication data and carry out denial of service attacks, spoofing attacks, etc. In addition, the problems faced by RFID technology include: (1) Privacy issues When the personal information of consumers is written on the RFID electronic tag, it is possible that information such as a person's location at a certain time is leaked without the consent of the person, thereby infringing on the consumer's personal privacy. Even if there is no personal information such as name in the RFID electronic tag, when special codes such as EPC and ucode are written, the information of the anonymous person's location at a certain time is collected. When an individual uses a credit card or other information that can identify his or her personal information, its unique code may be read in an instant and linked to the existing anonymous information, and the same problem of infringing personal privacy will occur as reading personal RFID electronic tag information. In fact, RFID can develop different applications for each practical application. Under certain circumstances, the type and content of data it identifies and processes are controllable. Therefore, the issue of privacy can adopt different security solutions according to different applications. (2) Technical issues Although the individual technology of RFID electronic tags has matured, the overall product technology is not mature enough and still has a high error rate. Due to the great interference of liquids and metal products on radio signals, the misreading rate of a single RFID tag is sometimes as high as 20%. Even with double tags, 3% of RFID tags cannot be read, which is still a certain distance from the maturity required for large-scale practical applications. RFID tags and readers are directional, and RFID signals are easily blocked by objects, which is also a major challenge for the future development of RFID technology. (3) Cost issues The manufacturing cost of RFID systems is expected to be greatly reduced with the development of information technology and the expansion of application fields. It is generally believed that chips with a price of more than US$5 are mainly active devices used in military, biotechnology and medical fields; those with a price of 10 cents to US$1 are often passive devices used in transportation, warehousing, packaging, documents, etc.; consumer applications such as retail tags are 5-10 cents; the price of tags will directly affect the market size of RFID. If large-scale commercial use is to be achieved, costs must be reduced. (4) Unemployment problem After enterprises adopt the radio frequency identification system, they will take over the work that was originally done manually and further replace manual operations, so that they can save costs due to the improvement of supply chain efficiency. The derived problem will be that many workers will face the crisis of losing their jobs. While developing RFID technology, we should consider how to protect the interests of workers and how to solve the problems caused by workers' unemployment. III. Response strategies to RFID system security issues An effective security mechanism can provide protection against the information security issues mentioned above, but the characteristics of RFID technology and application scenarios determine that its basic function is to achieve cheap and automatic identification. Therefore, standard security mechanisms are difficult to implement due to cost constraints. The following describes the strategies and methods of RFID security from the two aspects of physical security mechanism and authentication security mechanism based on the characteristics of RFID systems. (1) Physical security mechanism Physical security mechanism is a mechanism that uses physical methods to protect the security of tags. There are mainly physical security mechanisms such as Kill command mechanism, clip tag, pseudonym tag, blocking tag, tag method and electrostatic shielding. The following briefly introduces these methods. Ki11 command, its main function is to make the tag invalid when needed. After receiving this command, the tag terminates its function and can no longer transmit and receive data. Killing the electronic tag or discarding it after purchasing the product cannot solve all the privacy issues of RFID technology. Therefore, the simple solution of executing the kill command is not feasible. Clip tag is a new type of tag developed by IBM to address RFID privacy issues. Consumers can tear off or scrape the RFID antenna to reduce the readable range of the tag and make the tag unable to be read at will. Using clip tag technology, even if the antenna is no longer usable, the reader can still read the tag at close range (when the consumer returns to return the product, the information can be read from the RFID tag). Pseudonym tag uses a binary tree query algorithm, which interferes with the algorithm's query process by simulating the tag ID. The advantage of this method is that the RFID tag basically does not need to be modified, nor does it need to perform cryptographic operations, and the blocking tag itself is very cheap, which makes the blocking tag an effective privacy protection tool. (2) RFID security logical method In RFID security technology, commonly used logical methods can also be said to be soft methods, mainly based on protocol methods. Such as hash lock scheme, random hash lock scheme, hash chain scheme, anonymous ID scheme and re-encryption scheme. Compared with hardware security mechanisms based on physical methods, software security mechanisms based on cryptographic technology are more popular. The main research content is to use various mature cryptographic schemes and mechanisms to design and implement cryptographic protocols that meet the security requirements of RFID. This has become a hot topic in current RFID security research.

This post is from RF/Wirelessly
 
物联网应用技术
Return list
Guess Your Favourite

Motor drive applications in automotive functional safety

IoT sensing technology application

Application of TI TMS570 safety technology in automobiles

Live replay: Microchip implements MultiZone? security in RISC-V applications

Hover Camera - the world's first safe and easy-to-use portable drone

Just looking around
Find a datasheet?
Search

EEWorld Datasheet Technical Support

Hot tag
Related articles more>>
New Posts
Featured
快速回复 返回顶部 Return list