Skip to main content
Log in

Session-based security enhancement of RFID systems for emerging open-loop applications

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Radio frequency identification (RFID) is an important technique used for automatic identification and data capture. In recent years, low-cost RFID tags have been used in many open-loop applications beyond supply chain management, such as the tagging of the medicine, clothes, and belongings after the point of sales. At the same time, with the development of semiconductor industry, handheld terminals and mobile phones are becoming RFID-enabled. Unauthorized mobile RFID readers could be abused by the malicious hackers or curious common people. Even for authorized RFID readers, the ownership of the reader can be transferred and the owners of the authorized mobile reader may not be always reliable. The authorization and authentication of the mobile RFID readers need to take stronger security measures to address the privacy or security issues that may arise in the emerging open-loop applications. In this paper, the security demands of RFID tags in emerging open-loop applications are summarized, and two example protocols for authorization, authentication and key establishment based on symmetric cryptography are presented. The proposed protocols adopt a timed-session-based authorization scheme, and all reader-to-tag operations are authorized by a trusted third party using a newly defined class of timed sessions. The output of the tags is randomized to prevent unauthorized tracking of the RFID tags. An instance of the protocol A is implemented in 0.13-μm CMOS technology, and the functions are verified by field programmable gate array. The baseband consumes 44.0 μW under 1.08 V voltage and 1.92 MHz frequency, and it has 25,067 gate equivalents. The proposed protocols can successfully resist most security threats toward open-loop RFID systems except physical attacks. The timing and scalability of the two protocols are discussed in detail.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. Note that, as micro-electronics industry develops, it would be feasible to support a strong public key cryptography in normal tags in the future.

  2. Note that the freshness of a session in the proposed protocols is assured by a nonce and an on-tag counter. In the proposed protocols, all reader to tag operations are authorized session by session.

References

  1. Nohl SK, Evans D, Plötz H (2008) Reverse-engineering a cryptographic RFID tag. USENIX security symposium

  2. Garcia FD, Gans GK, Muijrers R, Rossum PV, Verdult R, Schreur RW, Jacobs B (2008) Dismantling MIFARE classic. In: Proceedings of the 13th European symposium on research in computer security, pp 97–114

  3. http://www.cn.nxp.com/products/identification_and_security/smart_card_ics/mifare_smart_card_ics/mifare_plus/

  4. Sarma SE, Brock D, Ashton K (1999) The networked physical world, proposals for engineering the next generation of computing, commerce and automatic-identification, whitepaper. http://autoid.mit.edu/whitepapers/MIT-AUTOID-WH-001.PDF

  5. Sarma SE, Brock D, Engels D (2001) Radio frequency identification and the electronic product code. IEEE Micro 21(6):50–54

    Article  Google Scholar 

  6. Weis S, Sarma SE, Rivest RL, Engels D (2004) Security and privacy aspects of low-cost radio frequency identification systems. Secur Pervasive Comput 2802:201–212

    Article  Google Scholar 

  7. Class 1 generation 2 UHF air interface protocol standard version 1.2.0 (2008). http://www.gs1.org/gsmp/kc/epcglobal/uhfc1g2/uhfc1g2_1_2_0-standard-20080511.pdf

  8. ISO/IEC 18000-63:2013 Information technology—radio frequency identification for item management—part 63: parameters for air interface communications at 860 MHz to 960 MHz type C. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=59643

  9. Ashton K (2009) That ‘internet of things’ thing. RFiD J, itrco.jp

  10. Atzoria L, Ierab A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805

    Article  Google Scholar 

  11. Sun Y, Yan H, Lu C, Bie R, Zhou ZB (2013) Constructing the web of events from raw data in the web of things. J Mob Inf Syst. doi:10.3233/MIS-130173

  12. Guo J, Zhang H, Sun Y, Bie R (2013) Square-root unscented Kalman filtering-based localization and tracking in the internet of things. Pers Ubiquit Comput. doi:10.1007/s00779-013-0713-8

    Google Scholar 

  13. Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394

    Article  MathSciNet  Google Scholar 

  14. Koscher K, Juels A, Brajkovic V, Kohno T (2009) EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond. In: Proceedings of the 16th ACM conference on computer and communications security, pp 33–42

  15. Engels DW, Kang YS, Wang J (2013) On security with the new Gen2 RFID security framework. In: Proceedings of IEEE international conference on RFID

  16. EPC™ radio-frequency identity protocols generation-2 UHF RFID specification for RFID air interface protocol for communications at 860 MHz–960 MHz version 2.0.0 (2013). http://www.gs1.org/sites/default/files/docs/uhfc1g2/uhfc1g2_2_0_0_standard_20131101.pdf

  17. Niu B, Zhu X, Li H (2013) An ultra-lightweight and privacy-preserving authentication protocol for mobile RFID systems IEEE wireless communications and networking conference (WCNC), pp 1864–1869

  18. Kaul SD, Awasthi AK (2013) RFID authentication protocol to enhance patient medication safety. J Med Syst 37(6):1–6

    Article  Google Scholar 

  19. Wu ZY, Lin SC, Chen TL, Wang CA (2013) Secure RFID authentication scheme for medicine applications. In: Seventh international conference on innovative mobile and internet services in ubiquitous computing (IMIS), pp 175–181

  20. Mei S, Yang X (2012) An efficient authentication protocol for low-cost RFID system in the presence of malicious readers. In: Proceedings of the 9th international conference on fuzzy systems and knowledge discovery (FSKD), pp 2111–2114

  21. Lee YS, Kim TY, Lee HJ (2012) Mutual authentication protocol for enhanced RFID security and anti-counterfeiting. In: 26th international conference on advanced information networking and applications workshops (WAINA), pp 558–563

  22. Chikouche N, Cherif F, Benmohammed M (2012) Vulnerabilities of two recently RFID authentication protocols. In: International conference on complex systems (ICCS), pp 1–6

  23. Syamsuddin I, Han S, Dillon TA (2012) Survey on low-cost RFID authentication protocols. In: International conference on advanced computer science and information systems (ICACSIS), pp 77–82

  24. Juels A (2004) Minimalist cryptography for low-cost tags, security in communication networks. Revised selected papers, volume 3352 of LNCS, pp 149–164

  25. Foley JT (2007) Security approaches for radio frequency identification systems, MIT Ph.D. thesis

  26. Gao Z, Jiang Y, Lin Z (2012) An effective RFID security protocol based on secret sharing. In: Proceedings of the second international conference on instrumentation & measurement, computer, communication and control

  27. Avoine G, Bingol MA, Carpent X, Yalcin SBO (2013) Privacy-friendly authentication in RFID systems: on sublinear protocols based on symmetric-key cryptography. IEEE Trans Mob Comput 12(10):2037–2049

    Article  Google Scholar 

  28. Tsudik G (2006) YA-TRAP: yet another trivial RFID authentication protocol. In: Fourth annual IEEE international conference on pervasive computing and communications workshops (PerCom workshops), pp 640–643

  29. Wu X, Zhang M, Yang X (2013) Time-stamp based mutual authentication protocol for mobile RFID system. 22nd wireless and optical communication conference (WOCC), pp 702–706

  30. ISO (1999) Information technology—security techniques—entity authentication—part 2: mechanisms using symmetric encipherment algorithms ISO/IEC 9798-2, 2nd edn

  31. Abadi M, Needham R (1994) “Prudent engineering practice for cryptographic protocols”. In: IEEE symposium on research in security and privacy, pp 122–136. IEEE Computer Society Press

  32. Shaw JA (2012) Radiometry and the Friis transmission equation. Am J Phys 81(1):33–37

    Article  Google Scholar 

  33. Fabian B, Gunther O (2007) Distributed ONS and its impact on privacy. In: IEEE international conference on communications, pp 1223–1228

  34. Doi Y, Wakayama S, Ozaki SA (2008) Design for distributed backup and migration of distributed hash tables. In: International symposium on applications and the interne (SAINT 2008), pp 213–216

  35. Aikat J, Kaur J, Smith FD, Jeffay K (2003) Variability in tcp round-trip times

  36. Encryption performance. http://www.cpktec.com/performance.html

  37. Mysqlqueryperformance. http://dev.mysql.com/tech-resources/articles/mysql-54.html

Download references

Acknowledgments

This work is supported by National Natural Science Foundation of China (61211140046, 61076022) and the National High Technology Research and Development Program (“863” Program) of China (2011AA100701), and the Shanghai Pujiang Program. Thanks to Mi Shao, Ye Yao, Linghao Zhu, and Linyin Wu for their help with this paper.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Junyu Wang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, J., Floerkemeier, C. & Sarma, S.E. Session-based security enhancement of RFID systems for emerging open-loop applications. Pers Ubiquit Comput 18, 1881–1891 (2014). https://doi.org/10.1007/s00779-014-0788-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-014-0788-x

Keywords

Navigation