Tamper Proof RFID Security Tag

In this publication we present a tamper proof long range platform tolerant uhf smart RFID tag to identify valuable or security sensitive products. The smart tag functions as platform tolerant tag but once detached from the host object, it will permanently stop to function buy rendering the RFID chip unusable. The tag substrate design for additive manufacturing, platform tolerant antenna design as well as electromagnetic performance and read range are provided

RFID Security

Tahle práce se zabývá popisem teorie rádio frekvenční identifikace, zejména zabezpečením komunikace. Seznamuje s rozdělením komunikačních zařízení jednak podle čipů karet a jednak podle frekvencí, na kterých zařízení komunikují. Práce je zaměřena na bezkontaktní karty, postavené na čipu MiFare classic. Je zde popis návrhu a realizace emulátoru, který slouží pro demonstraci výrobních nedostatků zmíněných karet a možnost vytvoření její kopií. Zjistilo se, že karty s Mifare Classic disponují velkými nedostatky již z výroby a je snadné vytvořit si jejich duplikát.The thesis describes the theory of radio frequency identification and is focused on the security of communication. Smart cards are divided by type of chip and operating frequencies. The thesis is focused on contactless cards based on the Mifare Classic and on a description and construction of the emulator, which is able to demonstrate the production defects. We can make a copy of the card using the emulator. Laboratory task was designed and implemented demonstrating the communication between cards.

Optimal security limits of RFID distance bounding protocols

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.In this paper, we classify the RFID distance bounding protocols having bitwise fast phases and no final signature. We also give the theoretical security bounds for two specific classes, leaving the security bounds for the general case as an open problem. As for the classification, we introduce the notion of k-previous challenge dependent (k-PCD) protocols where each response bit depends on the current and k-previous challenges and there is no final signature. We treat the case k = 0, which means each response bit depends only on the current challenge, as a special case and define such protocols as current challenge dependent (CCD) protocols. In general, we construct a trade-off curve between the security levels of mafia and distance frauds by introducing two generic attack algorithms. This leads to the conclusion that CCD protocols cannot attain the ideal security against distance fraud, i.e. 1/2, for each challenge-response bit, without totally losing the security against mafia fraud. We extend the generic attacks to 1-PCD protocols and obtain a trade-off curve for 1-PCD protocols pointing out that 1-PCD protocols can provide better security than CCD protocols. Thereby, we propose a natural extension of a CCD protocol to a 1-PCD protocol in order to improve its security. As a study case, we give two natural extensions of Hancke and Kuhn protocol to show how to enhance the security against either mafia fraud or distance fraud without extra cost

RFID Security and Privacy

The European Commission has published in May 2009 a recommendation "on the implementation of privacy and data protection principles in applications supported by radio-frequency identification", which is designed to provide "guidance to Member States on the design and operation of RFID applications in a lawful, ethical and socially and politically acceptable way, respecting the right to privacy and ensuring protection of personal data." This recommendation requires RFID operators to conduct a "Privacy and Data Protection Impact Assessment" before an RFID application is deployed, and make its results available to the competent authority. The RFID recommendation is also designed to promote "information and transparency on RFID use", in particular through the development of "a common European sign developed by European Standardisation Organisations, with the support of concerned stakeholders", designed "to inform individuals of the presence of readers". The RFID PIA (Privacy and Impact Asssessment) process aims to reach several objectives: * to favour "privacy by design" by helping data controllers to address privacy and data protection before a product or service is deployed, * to help data controllers to address privacy and data protection risks in a comprehensive manner. an opportunity to reduce legal uncertainty and avoid loss of trust from consumers, * to help data controllers and data protection authorities to gain more insight into the privacy and data protection aspects of RFID applications. The industry has proposed a RFID PIA framework which classifies a RFID application into 4 possible levels: Level 0 applications, which essentially cover RFID applications that do not process personal data and where tags are only manipulated by users, and which are rightly excluded from conducting a PIA. Level 1 applications cover applications where no personal data is processed, yet tags are carried by individuals. Level 2 applications process personal data but where tags themselves do not contain personal data. Level 3 applications where tags contain personal data. If the RFID application level is determined to be 1 or above, the RFID operator is then required to conduct a four part analysis of the application, with a level of detail that is proportionate to identified privacy and data protection implications. The first part is used to describe the RFID application. The second part allows highlighting control and security measures. The third part addresses user information and rights. The final part of the proposed PIA framework requires the RFID operator to conclude whether or not the RFID application is ready for deployment. As a result of the PIA process, the RFID operator will produce a PIA report that will be made available to the competent authority. For the industry, only levels 2 and 3 are to be submitted to a PIA because it considers that information contained in a tag at level 1 are not personal. However level 1 arises concerns of Article 29 Working Party because tagged items carried by a person contain unique identifiers that could be read remotely. In turn, these unique identifiers could be used to recognize that particular person through time. It raises the possibility that a person will be tracked without his knowledge by a third party. When a unique identifier is associated to a person, it falls in the definition of personal data set forth in Directive 95/46/EC, regardless of the fact that the "social identity" (name, address, etc.) of the person remains unknown (i.e. he is "identifiable" but not necessarily "identified"). Additionally, the unique number contained in a tag can also serve as a means to remotely identify the nature of items carried by a person, which in turn may reveal information about social status, health, or more. Thus, even in those cases where a tag contains solely a number that is unique within a particular context, and no additional personal data, care must be taken to address potential privacy and security issues if this tag is going to be carried by persons. The Working Party has urged the industry to fully address this issue, by clearly mentioning it in the framework as part of a revised risk assessment approach for level 1. This chapter will address the issue of protecting privacy of RFID tag carriers in a privacy by design model which puts them in a position to decide if they accept or not to be tracked at level 1. In case of a negative decision, tags have to be deactivated. Security measures have also to be taken to protect personal information on RFID tags against information leak which could lead to identity theft

A Survey of RFID Authentication Protocols Based on Hash-Chain Method

Security and privacy are the inherent problems in RFID communications. There are several protocols have been proposed to overcome those problems. Hash chain is commonly employed by the protocols to improve security and privacy for RFID authentication. Although the protocols able to provide specific solution for RFID security and privacy problems, they fail to provide integrated solution. This article is a survey to closely observe those protocols in terms of its focus and limitations.Comment: Third ICCIT 2008 International Conference on Convergence and Hybrid Information Technolog

Cryptanalysis of two mutual authentication protocols for low-cost RFID

Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed and Parallel system

On the Privacy of Two Tag Ownership Transfer Protocols for RFIDs

In this paper, the privacy of two recent RFID tag ownership transfer protocols are investigated against the tag owners as adversaries. The first protocol called ROTIV is a scheme which provides a privacy-preserving ownership transfer by using an HMAC-based authentication with public key encryption. However, our passive attack on this protocol shows that any legitimate owner which has been the owner of a specific tag is able to trace it either in the past or in the future. Tracing the tag is also possible via an active attack for any adversary who is able to tamper the tag and extract its information. The second protocol called, Chen et al.'s protocol, is an ownership transfer protocol for passive RFID tags which conforms EPC Class1 Generation2 standard. Our attack on this protocol shows that the previous owners of a particular tag are able to trace it in future. Furthermore, they are able even to obtain the tag's secret information at any time in the future which makes them capable of impersonating the tag

DESIGN AND BUILD AUTOMATIC GOODS LOCKER WITH RADIO FREQUENCY IDENTIFICATION (RFID) SECURITY

Locker is one of the facilities that many people use to store, and locker very useful for human right now, eiter in Gym,Mall,School and other public places. In general lockers are used to store valuables so that visitors can carry out activities more freely and also to preven theft in that place. Microcontroller based Radio Frequency Identification (RFID) security locker is a locker that uses RFID security to replace the card or key that has been used in lockers that still use a manual system. Safety in the form of RFID can make it easier for locker users with a microcontroller based to control all system inputs and outputs