Radio Frequency Identification Technology: Applications, Technical Challenges and Strategies

Purpose - The purpose of this paper is to discuss the technology behind RFID systems, identify the applications of RFID in various industries, and discuss the technical challenges of RFID implementation and the corresponding strategies to overcome those challenges. Design/methodology/approach - Comprehensive literature review and integration of the findings from literature. Findings - Technical challenges of RFID implementation include tag cost, standards, tag and reader selection, data management, systems integration and security. The corresponding solution is suggested for each challenge. Research limitations/implications - A survey type research is needed to validate the results. Practical implications - This research offers useful technical guidance for companies which plan to implement RFID and we expect it to provide the motivation for much future research in this area. Originality/value - As the infancy of RFID applications, few researches have existed to address the technical issues of RFID implementation. Our research filled this gap

INTEND AND ACCOMPLISHMENT OF PROTECTED INFRASTRUCTURE IN DISSEMINATED RFID SYSTEMS

Privacy protection is the primary concern when RFID applications are deployed in our daily lives. Due to passive tags that are computationally weak, the non-encryption-based simulation protocols have been recently developed, in which wireless jamming is used. However, the existing private tag access protocols without sharing secrets depends on impractical assumptions hence difficult to deploy. To tackle this issue we redesign RFID architecture by dividing RFID reader into an RF activator and Trusted Shield Device (TSD). Then we proposed new coding scheme namely Random Flipping Random Jamming (RFRJ), to protect the tags contents. Analysis and simulation results validate our distributed architecture with the RFRJ coding scheme, which protects tag’s privacy against various adversaries like encoding collision, random guessing attack, correlation attack, eavesdropping, and ghost and leech attack

Improving Security and Privacy in Large-Scale RFID Systems

Radio Frequency Identification (RFID) technologies lay in the very heart of Internet of Things (IoT), in which every physical objects are tagged and identified in an internet-like structure. High performance and privacy-preserving interrogations of individual tags, generally called private tag authentication, is crucial for effective monitoring and management of a large number of objects with RFID tags. An RFID system consists of RF readers and RF tags. RF tags are attached to objects, and used as a unique identifier of the objects. RFID technologies enable a number of business and personal applications, and smooth the way for physical transactions in the real world, such as supply chain management, transportation payment, animal identification, warehouse operations, and more. Though bringing great productivity gains, RFID systems may cause new security and privacy threats to individuals or organizations, which have become a major obstacle for their wide adaptions. Therefore, it is important to address the security and privacy issues in RFID systems. In this dissertation, we investigate two important security and privacy issues for large-scale RFID systems. First, we discuss the private tag authentication problems. In a singulation process, an RF reader first sends a query and energizes an RF tag, and then the tag replies its ID or data to the reader. As the tag\u27s ID itself is sensitive information, the reply from tags must be protected against various threats, such as eavesdropping and compromise attacks, where tags are physically tampered and the keys associated with compromised tags are disclosed to adversaries. Fast and secure object identification, generally called private tag authentication, is critical to efficiently monitor and manage a large number of objects with Radio Frequency Identification (RFID) technologies. In a singulation process, an RF reader queries an RF tag, and then the tag replies its ID or data to the reader. Since the tags ID itself is private information, the reply must be protected against various threats, such as eavesdropping and com-promised attacks, where tags are physically tampered and the keys associated with compromised tags are disclosed to adversaries. Hence a large amount of efforts have been made to protect tags replies with low-cost operations, e.g., the XOR operation and 16-bit pseudo random functions (PRFs). In the primitive solution, a tag sends a hashed ID, instead of its real ID, to a reader, and then, the reader searches the corresponding entry in the back-end server. While this approach defends tags replies against various attacks, the authentication speed is of 0(N), where N is the number of tags in the system. Hence, such a straightforward approach is not practical for large-scale RFID systems. In order to efficiently and securely read tags content, private authentication protocols with structured key management have been proposed. In these schemes, each tag has its unique key and a set of groups keys. Groups keys are shared by several tags and used to confine the search space of a unique key. With efficient data structures, the tag authentication completes within 0(log k N). How-ever, private authentication protocols with structured key management unfortunately reduce the degree of privacy, should some tags in the system be compromised. This is because group keys are shared by several tags, and physical tampering of some tags makes the other tags less anonymous. How to remedy this issue is equivalent to reducing the probability that two tags share common group keys (hence after we refer to it as the correlation probability). The introduction of random walking over a data structure, e.g., randomized tree-walking and randomized skip-lists, significantly reduces the correlation probability. Nevertheless, two tags are still correlated should they have same groups keys at all the levels of in a balanced tree or skip lists. In our study, we design a private tag authentication protocol, namely Randomized Skip Graphs-Based Authentication (RSGA), in which unique and group keys are maintained with a skip graph. The RSGA achieves lower correlation probability than the existing scheme while maintaining the same authentication speed as the tree structure. Second, we discuss the fast and secure grouping problems. In the large-scale RFID systems, categorization and grouping of individual items with RF tags are critical for efficient object monitoring and management. For example, when tags belonging to the same group share a common group ID, the reader can transmit the same data simultaneously to the group ID, and it is possible to save considerably the communication overhead as compared with the conventional unicast transmission. To this end, Liu et al. recently propose a set of tag grouping protocols, which enables multicast-like communications for simultaneous data access and distribution to the tags in the same group. In the reality, not only the performance issue, but also security and privacy-preserving mechanisms in RFID protocols are important for protecting the assets of individuals and organizations. Although a number of works have been done for protecting tag\u27s privacy, to the best of our knowledge, the problem of private tag grouping is yet to be addressed. To address the problem of private tag grouping in a large-scale RFID system, we first formulate the problem of private tag grouping and define the privacy model based on the random oracle model. As a baseline protocol, we design a private traditional polling grouping (PrivTPG) protocol based on traditional tag polling protocol. Since PrivTPG is a straightforward approach, it can take a long time. Hence, based on the idea of broadcasting group IDs, we propose a private enhanced polling grouping (PrivEPG) protocol. To further improve the efficiency of tag grouping, we propose a private Bloom filter-based grouping (PrivBFG) protocol. These protocols broadcast unencrypted group IDs. Therefore, we propose a private Cuckoo filter-based polling grouping (PrivCFG) protocol, which is a more secure protocol using a data structure called a cuckoo filter. Then, the protocol-level tag\u27s privacy of the proposed PrivTPG, PrivEPG, PrivBFG, and PrivCFG is proven by random oracles. In addition, computer simulations are conducted to evaluate the efficiency of the proposed protocols with different configurations.首都大学東京, 2018-03-25, 修士（工学）首都大学東

Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID

Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________This thesis examines the security issues of Radio Frequency Identification (RFID) technology, one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to address. RFID systems can be classified according to tag price, with distinction between high-cost and low-cost tags. Our research work focuses mainly on low-cost RFID tags. An initial study and analysis of the state of the art identifies the need for lightweight cryptographic solutions suitable for these very constrained devices. From a purely theoretical point of view, standard cryptographic solutions may be a correct approach. However, standard cryptographic primitives (hash functions, message authentication codes, block/stream ciphers, etc.) are quite demanding in terms of circuit size, power consumption and memory size, so they make costly solutions for low-cost RFID tags. Lightweight cryptography is therefore a pressing need. First, we analyze the security of the EPC Class-1 Generation-2 standard, which is considered the universal standard for low-cost RFID tags. Secondly, we cryptanalyze two new proposals, showing their unsuccessful attempt to increase the security level of the specification without much further hardware demands. Thirdly, we propose a new protocol resistant to passive attacks and conforming to low-cost RFID tag requirements. In this protocol, costly computations are only performed by the reader, and security related computations in the tag are restricted to very simple operations. The protocol is inspired in the family of Ultralightweight Mutual Authentication Protocols (UMAP: M2AP, EMAP, LMAP) and the recently proposed SASI protocol. The thesis also includes the first published cryptanalysis of xi SASI under the weakest attacker model, that is, a passive attacker. Fourthly, we propose a new protocol resistant to both passive and active attacks and suitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol for smart cards, taking into account the unique features of RFID systems. Finally, because this protocol is based on the use of cryptographic primitives and standard cryptographic primitives are not supported, we address the design of lightweight cryptographic primitives. Specifically, we propose a lightweight hash function (Tav-128) and a lightweight Pseudo-Random Number Generator (LAMED and LAMED-EPC).We analyze their security level and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags

Privacy-preserving E-ticketing Systems for Public Transport Based on RFID/NFC Technologies

Pervasive digitization of human environment has dramatically changed our everyday lives. New technologies which have become an integral part of our daily routine have deeply affected our perception of the surrounding world and have opened qualitatively new opportunities. In an urban environment, the influence of such changes is especially tangible and acute. For example, ubiquitous computing (also commonly referred to as UbiComp) is a pure vision no more and has transformed the digital world dramatically. Pervasive use of smartphones, integration of processing power into various artefacts as well as the overall miniaturization of computing devices can already be witnessed on a daily basis even by laypersons. In particular, transport being an integral part of any urban ecosystem have been affected by these changes. Consequently, public transport systems have undergone transformation as well and are currently dynamically evolving. In many cities around the world, the concept of the so-called electronic ticketing (e-ticketing) is being extensively used for issuing travel permissions which may eventually result in conventional paper-based tickets being completely phased out already in the nearest future. Opal Card in Sydney, Oyster Card in London, Touch & Travel in Germany and many more are all the examples of how well the e-ticketing has been accepted both by customers and public transport companies. Despite numerous benefits provided by such e-ticketing systems for public transport, serious privacy concern arise. The main reason lies in the fact that using these systems may imply the dramatic multiplication of digital traces left by individuals, also beyond the transport scope. Unfortunately, there has been little effort so far to explicitly tackle this issue. There is still not enough motivation and public pressure imposed on industry to invest into privacy. In academia, the majority of solutions targeted at this problem quite often limit the real-world pertinence of the resultant privacy-preserving concepts due to the fact that inherent advantages of e-ticketing systems for public transport cannot be fully leveraged. This thesis is aimed at solving the aforementioned problem by providing a privacy-preserving framework which can be used for developing e-ticketing systems for public transport with privacy protection integrated from the outset. At the same time, the advantages of e-ticketing such as fine-grained billing, flexible pricing schemes, and transparent use (which are often the main drivers for public to roll out such systems) can be retained

Security and privacy in RFID systems

Vu que les tags RFID sont actuellement en phase de large déploiement dans le cadre de plusieurs applications (comme les paiements automatiques, le contrôle d'accès à distance, et la gestion des chaînes d approvisionnement), il est important de concevoir des protocoles de sécurité garantissant la protection de la vie privée des détenteurs de tags RFID. Or, la conception de ces protocoles est régie par les limitations en termes de puissance et de calcul de la technologie RFID, et par les modèles de sécurité qui sont à notre avis trop forts pour des systèmes aussi contraints que les tags RFID. De ce fait, on limite dans cette thèse le modèle de sécurité; en particulier, un adversaire ne peut pas observer toutes les interactions entre tags et lecteurs. Cette restriction est réaliste notamment dans le contexte de la gestion des chaînes d approvisionnement qui est l application cible de ce travail. Sous cette hypothèse, on présente quatre protocoles cryptographiques assurant une meilleure collaboration entre les différents partenaires de la chaîne d approvisionnement. D abord, on propose un protocole de transfert de propriété des tags RFID, qui garantit l authentification des tags en temps constant alors que les tags implémentent uniquement des algorithmes symétriques, et qui permet de vérifier l'authenticité de l origine des tags. Ensuite, on aborde le problème d'authenticité des produits en introduisant deux protocoles de sécurité qui permettent à un ensemble de vérificateurs de vérifier que des tags sans capacité de calcul ont emprunté des chemins valides dans la chaîne d approvisionnement. Le dernier résultat présenté dans cette thèse est un protocole d appariement d objets utilisant des tags sans capacité de calcul , qui vise l automatisation des inspections de sécurité dans la chaîne d approvisionnement lors du transport des produits dangereux. Les protocoles introduits dans cette thèse utilisent les courbes elliptiques et les couplages bilinéaires qui permettent la construction des algorithmes de signature et de chiffrement efficaces, et qui minimisent donc le stockage et le calcul dans les systèmes RFID. De plus, la sécurité de ces protocoles est démontrée sous des modèles formels bien définis qui prennent en compte les limitations et les contraintes des tags RFID, et les exigences strictes en termes de sécurité et de la protection de la vie privée des chaines d approvisionnement.While RFID systems are one of the key enablers helping the prototype of pervasive computer applications, the deployment of RFID technologies also comes with new privacy and security concerns ranging from people tracking and industrial espionage to produ ct cloning and denial of service. Cryptographic solutions to tackle these issues were in general challenged by the limited resources of RFID tags, and by the formalizations of RFID privacy that are believed to be too strong for such constrained devices. It follows that most of the existing RFID-based cryptographic schemes failed at ensuring tag privacy without sacrificing RFID scalability or RFID cost effectiveness. In this thesis, we therefore relax the existing definitions of tag privacy to bridge the gap between RFID privacy in theory and RFID privacy in practice, by assuming that an adversary cannot continuously monitor tags. Under this assumption, we are able to design sec ure and privacy preserving multi-party protocols for RFID-enabled supply chains. Namely, we propose a protocol for tag ownership transfer that features constant-time authentication while tags are only required to compute hash functions. Then, we tackle the problem of product genuineness verification by introducing two protocols for product tracking in the supply chain that rely on storage only tags. Finally, we present a solution for item matching that uses storage only tags and aims at the automation of safety inspections in the supply chain.The protocols presented in this manuscript rely on operations performed in subgroups of elliptic curves that allow for the construction of short encryptions and signatures, resulting in minimal storage requirements for RFID tags. Moreover, the privacy and the security of these protocols are proven under well defined formal models that take into account the computational limitations of RFID technology and the stringent privacy and security requirements of each targeted supply chain application.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Telemedicine

Telemedicine is a rapidly evolving field as new technologies are implemented for example for the development of wireless sensors, quality data transmission. Using the Internet applications such as counseling, clinical consultation support and home care monitoring and management are more and more realized, which improves access to high level medical care in underserved areas. The 23 chapters of this book present manifold examples of telemedicine treating both theoretical and practical foundations and application scenarios