A Power Efficient Secure Mutual Authentication Protocol for EPC ...
A Power Efficient Secure Mutual Authentication Protocol for EPC Gen2v2 standard Nguyen Xuan Hieu, Van Nhan Nguyen, and Dasom Park
Doyoung Chung, Hyunsik Lee, and Jong-Wook Lee School of Electronics and Information Kyung Hee University, Suwon, 446-701, Korea
School of Electronics and Information Kyung Hee University, Suwon, 446-701, Korea
architecture includes three main sections such as FSM controller, key expansion, and encryption as shown in Fig 1.
Abstract – EPCglobal recently announced the revised Gen2 standard – called Gen2 version 2. Gen2v2 includes several new security and file management features to fit various possible application requirements. Inspired by these new features, we propose a security protocol with mutual authentication and data cryptographic mechanism between reader and tag for the UHF passive RFID system. The tag verilog core was tested by using FPGA chip and chip was fabricated in a 0.18 m 1-poly 6-metal standard CMOS process. Keyword-security, AES, mutual authentication, radiofrequency identification (RFID), cryptography. I.
Figure1. AES functional block diagram
The AES perform ten rounds transformation of 128-bit states. The initial state is the input plaintext and output state (after 10 rounds finish) is ciphertext. The round function consists of the transformations such as AddRoundKey, SubBytes, ShiftRows, and Mixcolumns for encryption . With initial round consists only of AddRoundKey operation, while the last round the Mixcolumns operation is omitted. Each round from initial to last round the AddRoundKey operates XOR operator with independent key was generated by KeyExpension.
INTRODUCTION
Nowadays, Passive Radio Frequency Identification (RFID) have been widely adopted in the world. Furthermore, with development of Internet of Things (IoT), we have or will have more and more applications about RFID such as e-passport, industrial control, agriculture management, military and defense, payment transaction, and automotive industry [1]. Over past decade, EPC Gen2 standard has established itself as a standard for near RF communication and will be more and more RFID application with time. However, with combination of internet with tag and with sensor or only sensor with tag problem issued is security. Due to the awareness of security problems on the previous EPC Gen2v1 standard, the new Gen2v2 standard features a number of backward compatible, optional and security features [2]. According to Gen2v2 standard, a tag may support one or more cryptographic suite, corresponding with key. In this paper, we propose a low power mutual authentication method compatible with ISO/IEC 29167. The mutual authentication protocol bases on Advanced Encryption Standard (AES) algorithm, which is a lightweight encryption function. II.
III.
MUTUAL AUTHENTICATION
The proposed mutual authentication consists of the processes for tag’s authentication and reader’s authentication. Fig. 2. shows the diagram for the mutual authentication between the tag and reader. Steps (1)-(9) is similar to the command flow in the Gen2 standard and it is not shown. In step (12), the reader initiates mutual authentication process by sending “Challenge” command with CSI. In step (13), , the tag replies to the reader with Rn64tag#1. In this step when the reader receives feedback message, and will initiate its own the key by combination Rn64Read#1 and Rn64tag#1. Through step (12) – step (13), both of tag and reader have the same key result. In step (13), the tag backscatter to the reader the reader Rn64tag#1. In step (15), the tag replies to the reader with Rn64tag#2. In step (16), when the tag backscatter to the reader the reader Rn64tag#2, It requests the second authentication information that mean the reader keep transmitting a 64-bit
IMPLMENTATION OF AES
The standard AES algorithm is a symmetric block cipher, based on arithmetic in a finite Galois Field GF(28), supporting variable text and key length of 128, 196, or 256 bits. In this paper we use data and key length of 128 bits. The AES
This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (no. 2015R1A2A2A03004160). The chip fabrication and CAD tools were made available through the IDEC (IC Design Education Center).
-1-
ISOCC 2015
Figure 4 shows the measured results of commands from Query to Req_RN command. Upon the tag receiving Query command, tag will backscatter with RN16 value. When tag receiving ACK command, it begins memory access by activating MEM_READ signal to read the PC+EPC, compute CRC16 through PC+EPC, and response the backscattering data. Comparison with some related researches is shown in Table I.
data [127:63] encrypted DataRead64 to the tag. In step (17), because all authentications between reader and tag are completed. When authentication process is successful, the tag state changes to “Authentication state”, which is most secure state, and all commands execute in this state should be encapsulated into two commands “AuthComm” and “SecureComm”. The “AuthComm” and “SecureComm” commands allow authenticated Reader to tag communications.
TABLE I.
COMPARISON WITH PREVIOUS WORKS
This work
[3]
[4]
[5]
[6]
CMOS technology
0.18 μm
0.18 μm
0.18 μm
0.18 μm
0.18 μm
Encryption
AES
AES
AES
AES
AES
Supply voltage
1V
1.8 V
0.6 V
N. A.
0.9 V
Clock
1.92MHz
3.55MHz
NA
1.25MHz
1.92MHz
Insecure 3.3 μW
Figure 2. Sequence diagram of mutual authentication
IV.
Power
Secure 8.8 μW
4.7 μW
2.5 μW
125 μW
Secure 3.5 μW
Area
0.49 mm2
0.45 mm2
0.2 mm2
N. A.
0.36mm2
Opt.command support
Fully
N. A.
N. A.
N. A.
N. A.
V.
CONCLUSION
IMPLEMENTATION AND MEASURED RESULTS
Figure 3 shows the architecture of proposed digital control for secured tag. The basic blocks consist of the incoming PIE and command decoders, the backscatter clock generator, the output bit encoder that support both FM0 and Miller encoding method. The cycle redundancy checkers (CRC-5 and CRC-16), pseudo random number generator are used for the anticollision scheme, and AES block is used for mutual authentication. The proposed design is implemented using Verilog and synthesized by Astro. The Verilog code had tested by using Quartus II-13.0-sp1software and DE2 package board including FPGA chip. For testing, a pattern generator is used for providing the Gen2 commands with a clock frequency of 1.92 MHz.
Insecure 2.8 μW
In this paper, a low-power baseband processor for passive RFID secure tag is presented. We propose a security tag basis on the EPC C1G2 v2.0.0 standard, it support full commands such as mandatory, optional, and security commands. To install the CMOS passive tag we also proposed some low power strategies for minimize the power consumption and chip area. The verilog code tested base on FPGA is fabricated using 0.18 μm CMOS technology. The digital baseband’s area is 0.49 mm2, power consumption is 8.8 μW at 1 V (secure fully command) and 3.3 μW (insecure – fully command) References [1] Z. Liu, D. Liu, L. Li, H. Lim, and Z. Yong, “Implementation of a new RFID authentication protocol of EPC Gen2 standard,” IEEE Sens J., vol. 15, no. 2, pp. 1003-1011, Feb., 2015. [2] EPCglobal, Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Air Interface Version 2.0.0, Nov. 2013. [3] A. S. W. Man, E. S. Zhang, V. K. N. Lau, C. Y. Tsui, and H. C. Luong “Low power VLSI design for a RFID passive tag baseband system enhanced with and AES cryptography engine,” in Proc RFID Eurasia, Sept. 2007, pp.1-6. [4] A. Ricci, M.Grisanti, I. DeMunari, and P. Ciampolini “Design of a 2 µW RFID baseband processor featuring an AES cryptography primitive,” in Proc ICECS 2008, Sept. 2008, pp. 376-379. [5] S. Choi, H. Kim, S. Lee, K. Lee, and H. Lee “A fully integrated CMOS security-enhanced passive RFID tag,” ETRI J., vol. 36, no. 1, pp. 141-150, Feb. 2014. [6] H. Kim, T.-H. Ki, S. Lee, and H.-S. Lee “CMOS securityenhanced passive (SEP) tag supporting to mutual authentication,” IEEE Trans. Ind. Electron., vol. 61, no. 9, pp. 4920-4930, Sept. 2014.
Figure 3. EPCGen2v2 baseband processor block diagram
Figure 4. Measured response of the tag for a series of commands
-2-
ISOCC 2015
Doyoung Chung, Hyunsik Lee, and Jong-Wook Lee School of Electronics and Information Kyung Hee University, Suwon, 446-701, Korea
School of Electronics and Information Kyung Hee University, Suwon, 446-701, Korea
architecture includes three main sections such as FSM controller, key expansion, and encryption as shown in Fig 1.
Abstract – EPCglobal recently announced the revised Gen2 standard – called Gen2 version 2. Gen2v2 includes several new security and file management features to fit various possible application requirements. Inspired by these new features, we propose a security protocol with mutual authentication and data cryptographic mechanism between reader and tag for the UHF passive RFID system. The tag verilog core was tested by using FPGA chip and chip was fabricated in a 0.18 m 1-poly 6-metal standard CMOS process. Keyword-security, AES, mutual authentication, radiofrequency identification (RFID), cryptography. I.
Figure1. AES functional block diagram
The AES perform ten rounds transformation of 128-bit states. The initial state is the input plaintext and output state (after 10 rounds finish) is ciphertext. The round function consists of the transformations such as AddRoundKey, SubBytes, ShiftRows, and Mixcolumns for encryption . With initial round consists only of AddRoundKey operation, while the last round the Mixcolumns operation is omitted. Each round from initial to last round the AddRoundKey operates XOR operator with independent key was generated by KeyExpension.
INTRODUCTION
Nowadays, Passive Radio Frequency Identification (RFID) have been widely adopted in the world. Furthermore, with development of Internet of Things (IoT), we have or will have more and more applications about RFID such as e-passport, industrial control, agriculture management, military and defense, payment transaction, and automotive industry [1]. Over past decade, EPC Gen2 standard has established itself as a standard for near RF communication and will be more and more RFID application with time. However, with combination of internet with tag and with sensor or only sensor with tag problem issued is security. Due to the awareness of security problems on the previous EPC Gen2v1 standard, the new Gen2v2 standard features a number of backward compatible, optional and security features [2]. According to Gen2v2 standard, a tag may support one or more cryptographic suite, corresponding with key. In this paper, we propose a low power mutual authentication method compatible with ISO/IEC 29167. The mutual authentication protocol bases on Advanced Encryption Standard (AES) algorithm, which is a lightweight encryption function. II.
III.
MUTUAL AUTHENTICATION
The proposed mutual authentication consists of the processes for tag’s authentication and reader’s authentication. Fig. 2. shows the diagram for the mutual authentication between the tag and reader. Steps (1)-(9) is similar to the command flow in the Gen2 standard and it is not shown. In step (12), the reader initiates mutual authentication process by sending “Challenge” command with CSI. In step (13), , the tag replies to the reader with Rn64tag#1. In this step when the reader receives feedback message, and will initiate its own the key by combination Rn64Read#1 and Rn64tag#1. Through step (12) – step (13), both of tag and reader have the same key result. In step (13), the tag backscatter to the reader the reader Rn64tag#1. In step (15), the tag replies to the reader with Rn64tag#2. In step (16), when the tag backscatter to the reader the reader Rn64tag#2, It requests the second authentication information that mean the reader keep transmitting a 64-bit
IMPLMENTATION OF AES
The standard AES algorithm is a symmetric block cipher, based on arithmetic in a finite Galois Field GF(28), supporting variable text and key length of 128, 196, or 256 bits. In this paper we use data and key length of 128 bits. The AES
This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (no. 2015R1A2A2A03004160). The chip fabrication and CAD tools were made available through the IDEC (IC Design Education Center).
-1-
ISOCC 2015
Figure 4 shows the measured results of commands from Query to Req_RN command. Upon the tag receiving Query command, tag will backscatter with RN16 value. When tag receiving ACK command, it begins memory access by activating MEM_READ signal to read the PC+EPC, compute CRC16 through PC+EPC, and response the backscattering data. Comparison with some related researches is shown in Table I.
data [127:63] encrypted DataRead64 to the tag. In step (17), because all authentications between reader and tag are completed. When authentication process is successful, the tag state changes to “Authentication state”, which is most secure state, and all commands execute in this state should be encapsulated into two commands “AuthComm” and “SecureComm”. The “AuthComm” and “SecureComm” commands allow authenticated Reader to tag communications.
TABLE I.
COMPARISON WITH PREVIOUS WORKS
This work
[3]
[4]
[5]
[6]
CMOS technology
0.18 μm
0.18 μm
0.18 μm
0.18 μm
0.18 μm
Encryption
AES
AES
AES
AES
AES
Supply voltage
1V
1.8 V
0.6 V
N. A.
0.9 V
Clock
1.92MHz
3.55MHz
NA
1.25MHz
1.92MHz
Insecure 3.3 μW
Figure 2. Sequence diagram of mutual authentication
IV.
Power
Secure 8.8 μW
4.7 μW
2.5 μW
125 μW
Secure 3.5 μW
Area
0.49 mm2
0.45 mm2
0.2 mm2
N. A.
0.36mm2
Opt.command support
Fully
N. A.
N. A.
N. A.
N. A.
V.
CONCLUSION
IMPLEMENTATION AND MEASURED RESULTS
Figure 3 shows the architecture of proposed digital control for secured tag. The basic blocks consist of the incoming PIE and command decoders, the backscatter clock generator, the output bit encoder that support both FM0 and Miller encoding method. The cycle redundancy checkers (CRC-5 and CRC-16), pseudo random number generator are used for the anticollision scheme, and AES block is used for mutual authentication. The proposed design is implemented using Verilog and synthesized by Astro. The Verilog code had tested by using Quartus II-13.0-sp1software and DE2 package board including FPGA chip. For testing, a pattern generator is used for providing the Gen2 commands with a clock frequency of 1.92 MHz.
Insecure 2.8 μW
In this paper, a low-power baseband processor for passive RFID secure tag is presented. We propose a security tag basis on the EPC C1G2 v2.0.0 standard, it support full commands such as mandatory, optional, and security commands. To install the CMOS passive tag we also proposed some low power strategies for minimize the power consumption and chip area. The verilog code tested base on FPGA is fabricated using 0.18 μm CMOS technology. The digital baseband’s area is 0.49 mm2, power consumption is 8.8 μW at 1 V (secure fully command) and 3.3 μW (insecure – fully command) References [1] Z. Liu, D. Liu, L. Li, H. Lim, and Z. Yong, “Implementation of a new RFID authentication protocol of EPC Gen2 standard,” IEEE Sens J., vol. 15, no. 2, pp. 1003-1011, Feb., 2015. [2] EPCglobal, Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Air Interface Version 2.0.0, Nov. 2013. [3] A. S. W. Man, E. S. Zhang, V. K. N. Lau, C. Y. Tsui, and H. C. Luong “Low power VLSI design for a RFID passive tag baseband system enhanced with and AES cryptography engine,” in Proc RFID Eurasia, Sept. 2007, pp.1-6. [4] A. Ricci, M.Grisanti, I. DeMunari, and P. Ciampolini “Design of a 2 µW RFID baseband processor featuring an AES cryptography primitive,” in Proc ICECS 2008, Sept. 2008, pp. 376-379. [5] S. Choi, H. Kim, S. Lee, K. Lee, and H. Lee “A fully integrated CMOS security-enhanced passive RFID tag,” ETRI J., vol. 36, no. 1, pp. 141-150, Feb. 2014. [6] H. Kim, T.-H. Ki, S. Lee, and H.-S. Lee “CMOS securityenhanced passive (SEP) tag supporting to mutual authentication,” IEEE Trans. Ind. Electron., vol. 61, no. 9, pp. 4920-4930, Sept. 2014.
Figure 3. EPCGen2v2 baseband processor block diagram
Figure 4. Measured response of the tag for a series of commands
-2-
ISOCC 2015
