Lightweight RFID Authentication Protocol: An ... - Semantic Scholar
Lightweight RFID Authentication Protocol: An Experimental Study Brandon Belcher [email protected] King's College London Strand, London WC2R 2LS England, United Kingdom
Mostafa El-Said George Nezlek [email protected] [email protected] School of Computing and Information Systems Grand Valley State University Allendale, MI 49418 specifications. The most important part of the tag’s memory structure consists of 144 bits, as shown in figure 1. The EPC number is a 96-bit value. It is protected by a CRC value stored in the tag’s memory [3].
Abstract. The market for passive RFID tags has experienced significant growth in recent years. However, passive RFID tags suffer from having a limited physical memory space for strong cryptography. The rapid proliferation of the technology, combined with the technology’s physical limitations, encourages the development of a “lightweight” authentication protocol. In this paper, a means to implement such an authentication protocol is presented. The protocol takes advantage of the password protected “kill” function of a tag, to permit its alternative use as a simple password dialog. Experimental studies have been carried out to verify the effectiveness of the proposed approach, and promising results are obtained.
CRC (16 bits)
MSB
EPC Code (96 bits)
Password (32
LSB
Figure 1 - Class I Gen 2 Passive RFID Tag Structure
The Class-I protocol defines a set of basic commands to manage communications between the reader and the tag such as Scroll ID, Scroll All ID, Ping, Quiet, and Talk. [4,5]. However, it does not define any security for these commands. Only a password keyword has to accompany the KILL command to destroy the tag permanently. This makes the tag design and implementation fairly simple. Current passive EPC tags may have at most 2,000 logic gates available for security solutions implementations. Additionally, passive RFID tags are severely limited by strict power restrictions. Security measures such as an authentication protocol, or even basic encryption, are difficult if not impossible in this environment. With no means by which to authenticate a tag, a reader cannot test the validity of the data obtained during a read. This presents a security risk for some applications, as a tag’s readily available EPC could possibly be programmed into another tag for the purpose of tricking the reader with a counterfeit product. Additionally, RFID systems rely upon the integrity of the RFID tag data to function correctly. An attacker could use a counterfeit (“spoofed”) tag and hijack an ongoing communication session between the true tag and the reader. The spoofed tag could be used to inject a storm of false information into the session. This subsequently leads to interruption of the whole RFID system, in a classic version of a Denial of Service (DoS) Attack. The DoS
Keywords: RFID systems, RFID Cloning, RFID authentication. 1. Introduction Radio Frequency Identification (RFID) technology has gained popularity in recent years, due to steadily improving performance and the steadily decreasing size of RFID tags. Passive RFID tags are primarily used in asset tracking applications. However, as the technology matures, it has the potential to offer a seemingly endless range of applications. Passive RFID tags receive electrical power by converting ultra high frequency radio waves emitted by a signaling device into electrical current. Commands sent from a transmitter pass into the conductive antenna of the tag, which are then channeled to the RFID chip, which processes the signal and responds accordingly, usually by transmitting a return message containing the unique Electronic Product Code (EPC) of the chip. This communication allows for a RFID transmitter (reader) to poll for all available tags within its range, thus obtaining a list of the EPCs of nearby items. Passive tags follow the Class –I Gen 2 protocol
583 th
Proceedings of the ITI 2008 30 Int. Conf. on Information Technology Interfaces, June 23-26, 2008, Cavtat, Croatia
a request-response challenge technique. This technique is known to be vulnerable to man-inthe-middle attacks. Authors in [2] introduce a cryptographic primitive, called insubvertible encryption, which generates a randomized ciphertext. This protocol relies on using certificates by authorized readers, to prove that the ciphertext can only be decrypted by authorized parties. The authorized readers can mark the tags by writing data to them. Although the authors suggest that this technique can be applied to passive RFID tags, it does not seem feasible, because passive tags lack sufficient memory storage space. In [7], a simple clientserver architecture with TCP/IP sockets simulates the tag-to-reader communication. This is also not a feasible solution, because passive tags have no processing computation capabilities or memory space to store the TCP/IP socket’s programming code. In this paper, a lightweight authentication protocol (LWP) is presented. The significance of this proposed work stems from the fact that: (i) There is no need for tag redesign, (ii) The proposed protocol has no need for a sophisticated cryptology protocol. (iii) The LWP is not subject to Man-inThe-Middle attack. This is a significant advantage because the protocol relies on using the Kill command along with the correct scrambled Kill-password value. The remainder of the paper is organized as follows. Section 2 describes the lightweight protocol approach. Section 3 describes and summarizes preliminary experimental results. Section 4 concludes the paper and outlines future work.
attack can make the system’s backend database unresponsive, and flood the reader with a message volume beyond the reader’s processing capability. Figure 2 illustrates how a DoS Attack could be carried out. In step 1, the attacker attempts to discover the tags’ EPC numbers in the field. This process is known as tag skimming. If successful, the attacker can then use the skimmed data to produce cloned tags. The cloned tag(s) may send a uni-cast or a broadcast of false information to a reader. Inventory Query EPC-1, EPC-2, .......
Flood Tx by Cloned tag
RFID Reader
True RFID Tag in field
Cloned RFID Tag with EPC -1
Figure 2. Skimming and Cloning Tag Attack
Current tag authentication solutions have concentrated on directly modifying the tag design by incorporating hashing methodologies, public key cryptology, and cellular automata structures [4,7]. The disadvantages of these solutions are: (i) solutions are not cost effective and require an extensive number of logic gates to be implemented, (ii) a new tag design is required which is not feasible and (iii) they use nonrealistic implementations for simulating the tagto-reader communication scenario such as in [7]. The next paragraph describes the state of the art in tag authentication. In [1], the author presents various techniques that protect passive RFID tags against cloning attacks. The proposed authentication technique is a simple challenge-response mechanism that is subject to a “man-in-the-middle” attack. In [6] a solution is proposed for products requiring authentication mechanisms. The proposed solution extends the EPC Network infrastructure with an EPC Product Authentication Service. The proposed authentication algorithm relies on
2. The Lightweight Protocol Solution RSA Laboratories proposed a method to test a quick and simple form of authentication not explicitly built into the EPC Class 1 Generation 2 RFID chip’s capabilities [1]. The lightweight protocol (LWP) is based on the RSA proposal, and suggests that the password protected “kill” function of a tag can be used to verify the authenticity of a specific tag in the field. Authors in [1] have not conducted any experiments or simulation analysis to validate this proposal. This paper describes and presents the results of an empirical analysis to measure the
584
Now, the reader can effectively decide to allow or deny the tag in the field. The adjustable power level and the tag error codes confirm to the EPC global standard. The tag response can then be used as an implicit authentication low weight methodology to validate the tag’s identity.
effectiveness of the Kill-password technique for authenticating RFID tags. To render an RFID tag inoperable, a reader must send a kill command that includes the correct tag-specific kill password. Once this command is sent, the tag will respond with one of three messages: • The tag was killed successfully, • The tag did not gain enough power to complete the kill function, or • The kill password was incorrect. The experimental analysis is based on controlling the power level of the reader. An authentication program can guarantee that there is not enough power to kill the tag, and will then be able to use the kill function to enable a simple password dialog. An RFID reader will select one RFID tag to communicate with. The tag that is selected to participate in the inventory session isn’t allowed to respond until its Q value reaches zero. This means that only one tag will respond back to the reader’s commands at any given time. As soon as a tag’s Q value reaches zero, it responds back with its EPC value. The reader then issues an adjusted power-level Kill-command, to verify the authenticity of the tag in the field, and decide whether to deny or allow this tag on the system. This means that the LWP is independent of the number of tags in the field, and can be scaled well, even if there are multiple tags in the field. In practice, it is rare to have multiple readers that are serving the same coverage area. In case this happens, the readers would have to be controlled by a middleware application to avoid redundant reads and confusing the tags in the field.
3.1. System Setup The lightweight protocol was implemented and tested using an experimental RFID testbed consisting of the following components: (1) Samsys MP9320 2.8 EPC UHF Reader (1) Maxrad 902-928 MHz Left-Hand Circular Polarized Panel Antenna (1) 1.5” item level inlay with EPC Class 1 Generation 2 chip (1) SMA Male to “N” Female Adapter (1) 4-Port Netgear Hub (2) Cat-5 Ethernet Cables (1) Control System (Dell Inspiron 630m)
3.2. Practical Experiments The test application is implemented in C#. The application controls the tag programming, the reader transmitted power, and processes the tag to reader messages. Tests were conducted as follows: Step 1: Tag Creation and Programming a. Place tag within field of transmission b. Set transmitter power to 30 dBm this power level is used to create the tag and set the KILL command power level. c. Send “create” command with parameters:(EPC: 0xAAAA AAAAAAAAAAAAAAAAA AAA, Kill Pwd: 0x11111111) d. Set transmitter power to 2 dBm - this power level is used to read response back from the tag e. Response: “Creation successful” f. Tag in field: 0xAAAAAAAAAA AAAAAAAAAAAAAA g. Conclusion: Tag was reprogrammed successfully with the given parameters.
3. Experimental Results The LWP is intuitively straightforward, and proof-of-concept is demonstrated with relative ease in this section. The technologies used to demonstrate the practicality of the LWP are no more sophisticated than might be expected in a typical RFID system environment. A successful demonstration consists of appropriate tag responses to the KILL command along with correct as well as correct passwords. The KILL command sent with adjustable power levels that are enough to get the tag to respond with a 1-bit data with value equal to 0. This is interpreted as “NOT ENOUGH POWER TO PERFORM THE KILL FUNCTION”.
585
The reader will be able to differentiate between cloned and non-cloned tags, and filter out the cloned ones. The final test is conducted to verify that the reader works properly, and is able to kill the tag with sufficient power level.
Step 2: Testing Scenario I (Reader Performs Authentication Task - Sending an Incorrect Password) a. Place the tag within field of transmission b. Set transmitter power to .5 dBm – this small power level is used to challenge thetag to respond without killing it. c. Send “kill” command with parameters:(EPC: 0xAAAAAAAA AAAAAAAAAAAAAAAA, Kill Pwd: 0x22222222) d. Set transmitter power to 2 dBm - this power level is used to read response back from the tag e. Response: “Incorrect password” Tag in field f. Conclusion: Kill command was sent to tag with an incorrect password at a power setting too low to be successful. Tag informs reader only that the password was incorrect.
Step 4: Testing Scenario III (Verify Tag Killing function with Correct Password) a. Place the tag within field of transmission b. Set transmitter power to 30 dBm - this power level is used to kill the tag c. Send “kill” command with parameters: (EPC: 0xAAAAAAAAAAAAAAAAA AAAAAAA, Kill Pwd: 0x11111111) d. Set transmitter power to 2 dBm - this power level is used to read response back from the tag e. Response: No response or “Kill successful” f. Tag in field: g. Conclusion: Kill command was sent to tag with the correct password at a power setting high enough to be successful. Tag is rendered inoperable and is no longer visible to the reader.
Step 3: Testing Scenario II (Reader Performs Authentication Task - Sending a Correct Password)
The experimental analysis demonstrates the LWP’s effectiveness, in practical as well as theoretical terms. In each case, tags responded with messages that conform to the EPC Global standard.
a. Place the tag within field of transmission b. Set transmitter power to .5 dBm - this small power level is used to challenge the tag to respond without killing it. c. Send “kill” command with parameters: (EPC: 0xAAAAAAA AAAAAAAAAAAAAAAAA, Kill Pwd: 0x11111111) d. Set transmitter power to 2 dBm this power level is used to read response back from the tag e. Response: “Not enough power to kill tag” Tag in field:0xAAAAAAAAAA AAAAAAAAAAAAAA f. Conclusion: Kill command was sent to tag with the correct password at a power setting too low to be successful. Tag informs the reader that there was not enough power to kill the tag. This unique response implies that the password was correct and the tag is authentic.
Figure 3 shows the GUI front end for the authentication service.
Figure 3. Tag Authentication GUI Application
586
4. Conclusions and Implications for Future Research
6. References [1] Ari Juels, Strengthening EPC Tags Against Cloning WiSe '05: Proceedings of the 4th ACM workshop on Wireless security, September 2005. [2] Giuseppe Ateniese, Jan Camenisch, Breno de Medeiros, Untraceable RFID Tags via Insubvertible Encryption CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, November 2005. [3] Gwo-Ching Chang, A Feasible Security Mechanism for Low Cost RFID Tags ICMB '05: Proceedings of the International Conference on Mobile Business, July 2005. [4] Manar El-Chammas, Bassam El-Khoury, and Antoun Halaby Implementing Security in RFID systems: The “Tag Emulator”. Online resource available at http://whitepapers.silicon.com/0,39024759,6 0113378p-39001632q,00.htm [03/03/2008]. [5] Thomas Eisenbarth, Sandeep Kumar, Christof Paar, Axel Poschmann, Leif Uhsadel, A Survey of LightweightCryptography Implementations. IEEE Design & Test, Volume 24 Issue 6, November 2007. [6] Thorsten Staake, Frédéric Thiesse, Elgar Fleisch Extending the EPC Network – The Potential of RFID in Anti-Counterfeiting SAC '05: Proceedings of the 2005 ACM symposium on Applied computing, March 2005. [7] Zongwei Luo, Terry Chan, Jenny S. Li1, Edward Wong, William Cheung2, Victor Ng, Wilton Fok, Experimental Analysis of an RFID Security Protocol, Proceedings of the IEEE International Conference on eBusiness Engineering, October 2006.
Results of experiments to date suggest that the lightweight protocol can be used to implement an effective password dialog mechanism using existing RFID tag technologies. The authors do not assert that a universal solution to all RFID application issues has been developed, but do claim that innovative approaches, such as the lightweight protocol described in this research, can be implemented using current RFID technology. This can further expand and enhance the range of RFID tag applications, without modifying the specifications of the existing devices, or the extensive technology infrastructures that have evolved to utilize them. Such applications will serve to accelerate the proliferation of RFID technology, through a range of application options that have yet to be designed. The authors plan future projects to demonstrate additional ways of extending the capabilities of RFID devices, utilizing variants of the lightweight protocol as described in this paper. Inquiries regarding the paper, the protocol, or the results of the experiments may be directed to any of the authors at their respective e-mail addresses.
5. Acknowledgements The authors wish to acknowledge and express their appreciation for the suggestions from reviewers of the initial draft of this paper. Incorporating their suggestions to address their concerns has resulted in a clearer presentation.
587
588
Mostafa El-Said George Nezlek [email protected] [email protected] School of Computing and Information Systems Grand Valley State University Allendale, MI 49418 specifications. The most important part of the tag’s memory structure consists of 144 bits, as shown in figure 1. The EPC number is a 96-bit value. It is protected by a CRC value stored in the tag’s memory [3].
Abstract. The market for passive RFID tags has experienced significant growth in recent years. However, passive RFID tags suffer from having a limited physical memory space for strong cryptography. The rapid proliferation of the technology, combined with the technology’s physical limitations, encourages the development of a “lightweight” authentication protocol. In this paper, a means to implement such an authentication protocol is presented. The protocol takes advantage of the password protected “kill” function of a tag, to permit its alternative use as a simple password dialog. Experimental studies have been carried out to verify the effectiveness of the proposed approach, and promising results are obtained.
CRC (16 bits)
MSB
EPC Code (96 bits)
Password (32
LSB
Figure 1 - Class I Gen 2 Passive RFID Tag Structure
The Class-I protocol defines a set of basic commands to manage communications between the reader and the tag such as Scroll ID, Scroll All ID, Ping, Quiet, and Talk. [4,5]. However, it does not define any security for these commands. Only a password keyword has to accompany the KILL command to destroy the tag permanently. This makes the tag design and implementation fairly simple. Current passive EPC tags may have at most 2,000 logic gates available for security solutions implementations. Additionally, passive RFID tags are severely limited by strict power restrictions. Security measures such as an authentication protocol, or even basic encryption, are difficult if not impossible in this environment. With no means by which to authenticate a tag, a reader cannot test the validity of the data obtained during a read. This presents a security risk for some applications, as a tag’s readily available EPC could possibly be programmed into another tag for the purpose of tricking the reader with a counterfeit product. Additionally, RFID systems rely upon the integrity of the RFID tag data to function correctly. An attacker could use a counterfeit (“spoofed”) tag and hijack an ongoing communication session between the true tag and the reader. The spoofed tag could be used to inject a storm of false information into the session. This subsequently leads to interruption of the whole RFID system, in a classic version of a Denial of Service (DoS) Attack. The DoS
Keywords: RFID systems, RFID Cloning, RFID authentication. 1. Introduction Radio Frequency Identification (RFID) technology has gained popularity in recent years, due to steadily improving performance and the steadily decreasing size of RFID tags. Passive RFID tags are primarily used in asset tracking applications. However, as the technology matures, it has the potential to offer a seemingly endless range of applications. Passive RFID tags receive electrical power by converting ultra high frequency radio waves emitted by a signaling device into electrical current. Commands sent from a transmitter pass into the conductive antenna of the tag, which are then channeled to the RFID chip, which processes the signal and responds accordingly, usually by transmitting a return message containing the unique Electronic Product Code (EPC) of the chip. This communication allows for a RFID transmitter (reader) to poll for all available tags within its range, thus obtaining a list of the EPCs of nearby items. Passive tags follow the Class –I Gen 2 protocol
583 th
Proceedings of the ITI 2008 30 Int. Conf. on Information Technology Interfaces, June 23-26, 2008, Cavtat, Croatia
a request-response challenge technique. This technique is known to be vulnerable to man-inthe-middle attacks. Authors in [2] introduce a cryptographic primitive, called insubvertible encryption, which generates a randomized ciphertext. This protocol relies on using certificates by authorized readers, to prove that the ciphertext can only be decrypted by authorized parties. The authorized readers can mark the tags by writing data to them. Although the authors suggest that this technique can be applied to passive RFID tags, it does not seem feasible, because passive tags lack sufficient memory storage space. In [7], a simple clientserver architecture with TCP/IP sockets simulates the tag-to-reader communication. This is also not a feasible solution, because passive tags have no processing computation capabilities or memory space to store the TCP/IP socket’s programming code. In this paper, a lightweight authentication protocol (LWP) is presented. The significance of this proposed work stems from the fact that: (i) There is no need for tag redesign, (ii) The proposed protocol has no need for a sophisticated cryptology protocol. (iii) The LWP is not subject to Man-inThe-Middle attack. This is a significant advantage because the protocol relies on using the Kill command along with the correct scrambled Kill-password value. The remainder of the paper is organized as follows. Section 2 describes the lightweight protocol approach. Section 3 describes and summarizes preliminary experimental results. Section 4 concludes the paper and outlines future work.
attack can make the system’s backend database unresponsive, and flood the reader with a message volume beyond the reader’s processing capability. Figure 2 illustrates how a DoS Attack could be carried out. In step 1, the attacker attempts to discover the tags’ EPC numbers in the field. This process is known as tag skimming. If successful, the attacker can then use the skimmed data to produce cloned tags. The cloned tag(s) may send a uni-cast or a broadcast of false information to a reader. Inventory Query EPC-1, EPC-2, .......
Flood Tx by Cloned tag
RFID Reader
True RFID Tag in field
Cloned RFID Tag with EPC -1
Figure 2. Skimming and Cloning Tag Attack
Current tag authentication solutions have concentrated on directly modifying the tag design by incorporating hashing methodologies, public key cryptology, and cellular automata structures [4,7]. The disadvantages of these solutions are: (i) solutions are not cost effective and require an extensive number of logic gates to be implemented, (ii) a new tag design is required which is not feasible and (iii) they use nonrealistic implementations for simulating the tagto-reader communication scenario such as in [7]. The next paragraph describes the state of the art in tag authentication. In [1], the author presents various techniques that protect passive RFID tags against cloning attacks. The proposed authentication technique is a simple challenge-response mechanism that is subject to a “man-in-the-middle” attack. In [6] a solution is proposed for products requiring authentication mechanisms. The proposed solution extends the EPC Network infrastructure with an EPC Product Authentication Service. The proposed authentication algorithm relies on
2. The Lightweight Protocol Solution RSA Laboratories proposed a method to test a quick and simple form of authentication not explicitly built into the EPC Class 1 Generation 2 RFID chip’s capabilities [1]. The lightweight protocol (LWP) is based on the RSA proposal, and suggests that the password protected “kill” function of a tag can be used to verify the authenticity of a specific tag in the field. Authors in [1] have not conducted any experiments or simulation analysis to validate this proposal. This paper describes and presents the results of an empirical analysis to measure the
584
Now, the reader can effectively decide to allow or deny the tag in the field. The adjustable power level and the tag error codes confirm to the EPC global standard. The tag response can then be used as an implicit authentication low weight methodology to validate the tag’s identity.
effectiveness of the Kill-password technique for authenticating RFID tags. To render an RFID tag inoperable, a reader must send a kill command that includes the correct tag-specific kill password. Once this command is sent, the tag will respond with one of three messages: • The tag was killed successfully, • The tag did not gain enough power to complete the kill function, or • The kill password was incorrect. The experimental analysis is based on controlling the power level of the reader. An authentication program can guarantee that there is not enough power to kill the tag, and will then be able to use the kill function to enable a simple password dialog. An RFID reader will select one RFID tag to communicate with. The tag that is selected to participate in the inventory session isn’t allowed to respond until its Q value reaches zero. This means that only one tag will respond back to the reader’s commands at any given time. As soon as a tag’s Q value reaches zero, it responds back with its EPC value. The reader then issues an adjusted power-level Kill-command, to verify the authenticity of the tag in the field, and decide whether to deny or allow this tag on the system. This means that the LWP is independent of the number of tags in the field, and can be scaled well, even if there are multiple tags in the field. In practice, it is rare to have multiple readers that are serving the same coverage area. In case this happens, the readers would have to be controlled by a middleware application to avoid redundant reads and confusing the tags in the field.
3.1. System Setup The lightweight protocol was implemented and tested using an experimental RFID testbed consisting of the following components: (1) Samsys MP9320 2.8 EPC UHF Reader (1) Maxrad 902-928 MHz Left-Hand Circular Polarized Panel Antenna (1) 1.5” item level inlay with EPC Class 1 Generation 2 chip (1) SMA Male to “N” Female Adapter (1) 4-Port Netgear Hub (2) Cat-5 Ethernet Cables (1) Control System (Dell Inspiron 630m)
3.2. Practical Experiments The test application is implemented in C#. The application controls the tag programming, the reader transmitted power, and processes the tag to reader messages. Tests were conducted as follows: Step 1: Tag Creation and Programming a. Place tag within field of transmission b. Set transmitter power to 30 dBm this power level is used to create the tag and set the KILL command power level. c. Send “create” command with parameters:(EPC: 0xAAAA AAAAAAAAAAAAAAAAA AAA, Kill Pwd: 0x11111111) d. Set transmitter power to 2 dBm - this power level is used to read response back from the tag e. Response: “Creation successful” f. Tag in field: 0xAAAAAAAAAA AAAAAAAAAAAAAA g. Conclusion: Tag was reprogrammed successfully with the given parameters.
3. Experimental Results The LWP is intuitively straightforward, and proof-of-concept is demonstrated with relative ease in this section. The technologies used to demonstrate the practicality of the LWP are no more sophisticated than might be expected in a typical RFID system environment. A successful demonstration consists of appropriate tag responses to the KILL command along with correct as well as correct passwords. The KILL command sent with adjustable power levels that are enough to get the tag to respond with a 1-bit data with value equal to 0. This is interpreted as “NOT ENOUGH POWER TO PERFORM THE KILL FUNCTION”.
585
The reader will be able to differentiate between cloned and non-cloned tags, and filter out the cloned ones. The final test is conducted to verify that the reader works properly, and is able to kill the tag with sufficient power level.
Step 2: Testing Scenario I (Reader Performs Authentication Task - Sending an Incorrect Password) a. Place the tag within field of transmission b. Set transmitter power to .5 dBm – this small power level is used to challenge thetag to respond without killing it. c. Send “kill” command with parameters:(EPC: 0xAAAAAAAA AAAAAAAAAAAAAAAA, Kill Pwd: 0x22222222) d. Set transmitter power to 2 dBm - this power level is used to read response back from the tag e. Response: “Incorrect password” Tag in field f. Conclusion: Kill command was sent to tag with an incorrect password at a power setting too low to be successful. Tag informs reader only that the password was incorrect.
Step 4: Testing Scenario III (Verify Tag Killing function with Correct Password) a. Place the tag within field of transmission b. Set transmitter power to 30 dBm - this power level is used to kill the tag c. Send “kill” command with parameters: (EPC: 0xAAAAAAAAAAAAAAAAA AAAAAAA, Kill Pwd: 0x11111111) d. Set transmitter power to 2 dBm - this power level is used to read response back from the tag e. Response: No response or “Kill successful” f. Tag in field: g. Conclusion: Kill command was sent to tag with the correct password at a power setting high enough to be successful. Tag is rendered inoperable and is no longer visible to the reader.
Step 3: Testing Scenario II (Reader Performs Authentication Task - Sending a Correct Password)
The experimental analysis demonstrates the LWP’s effectiveness, in practical as well as theoretical terms. In each case, tags responded with messages that conform to the EPC Global standard.
a. Place the tag within field of transmission b. Set transmitter power to .5 dBm - this small power level is used to challenge the tag to respond without killing it. c. Send “kill” command with parameters: (EPC: 0xAAAAAAA AAAAAAAAAAAAAAAAA, Kill Pwd: 0x11111111) d. Set transmitter power to 2 dBm this power level is used to read response back from the tag e. Response: “Not enough power to kill tag” Tag in field:0xAAAAAAAAAA AAAAAAAAAAAAAA f. Conclusion: Kill command was sent to tag with the correct password at a power setting too low to be successful. Tag informs the reader that there was not enough power to kill the tag. This unique response implies that the password was correct and the tag is authentic.
Figure 3 shows the GUI front end for the authentication service.
Figure 3. Tag Authentication GUI Application
586
4. Conclusions and Implications for Future Research
6. References [1] Ari Juels, Strengthening EPC Tags Against Cloning WiSe '05: Proceedings of the 4th ACM workshop on Wireless security, September 2005. [2] Giuseppe Ateniese, Jan Camenisch, Breno de Medeiros, Untraceable RFID Tags via Insubvertible Encryption CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, November 2005. [3] Gwo-Ching Chang, A Feasible Security Mechanism for Low Cost RFID Tags ICMB '05: Proceedings of the International Conference on Mobile Business, July 2005. [4] Manar El-Chammas, Bassam El-Khoury, and Antoun Halaby Implementing Security in RFID systems: The “Tag Emulator”. Online resource available at http://whitepapers.silicon.com/0,39024759,6 0113378p-39001632q,00.htm [03/03/2008]. [5] Thomas Eisenbarth, Sandeep Kumar, Christof Paar, Axel Poschmann, Leif Uhsadel, A Survey of LightweightCryptography Implementations. IEEE Design & Test, Volume 24 Issue 6, November 2007. [6] Thorsten Staake, Frédéric Thiesse, Elgar Fleisch Extending the EPC Network – The Potential of RFID in Anti-Counterfeiting SAC '05: Proceedings of the 2005 ACM symposium on Applied computing, March 2005. [7] Zongwei Luo, Terry Chan, Jenny S. Li1, Edward Wong, William Cheung2, Victor Ng, Wilton Fok, Experimental Analysis of an RFID Security Protocol, Proceedings of the IEEE International Conference on eBusiness Engineering, October 2006.
Results of experiments to date suggest that the lightweight protocol can be used to implement an effective password dialog mechanism using existing RFID tag technologies. The authors do not assert that a universal solution to all RFID application issues has been developed, but do claim that innovative approaches, such as the lightweight protocol described in this research, can be implemented using current RFID technology. This can further expand and enhance the range of RFID tag applications, without modifying the specifications of the existing devices, or the extensive technology infrastructures that have evolved to utilize them. Such applications will serve to accelerate the proliferation of RFID technology, through a range of application options that have yet to be designed. The authors plan future projects to demonstrate additional ways of extending the capabilities of RFID devices, utilizing variants of the lightweight protocol as described in this paper. Inquiries regarding the paper, the protocol, or the results of the experiments may be directed to any of the authors at their respective e-mail addresses.
5. Acknowledgements The authors wish to acknowledge and express their appreciation for the suggestions from reviewers of the initial draft of this paper. Incorporating their suggestions to address their concerns has resulted in a clearer presentation.
587
588
