Professional Documents
Culture Documents
BY
2008
Submitted as part of the requirements for the award of the MSc in Information
Security at Royal Holloway, University of London.
I declare that this assignment is all my own work and that I have acknowledged
all quotations from the published or unpublished works of other people. I declare
that I have also read the statements on plagiarism in Section 1 of the Regulations
Governing Examination and Assessment Offences and in accordance with it I
submit this project report as my own work.
Date:
Abstract
In today‟s world there is a rapidly increasing demand for wireless activities such as Radio
Frequency (RFID) tagging system for assets tracking. My project based on critical review
of RFID tagged high and low based frequency tagged using in logistics system for assets
tracking. I discussed the detail structure of management process of RFID tagged in
logistics systems how its works. We can say that RFID providing the financial security
safety and decrease the risk of lost, saving time and labor management. Beside also I did
discuss about the measure attacks and tagged manipulating, cloning, removing etc.
ISO/IEC 14443 has defined standards for RFID tags which specify the ranges and
transmission methods. RFID have proved their importance in daily life therefore its
rapidly increasing in assets controlling beside there is also misunderstanding between
people who think that RFID Tagged are vulnerable which monitors their all actions but
the RFID tags only used for assets tracking its only about the product which should going
to right hands its giving the unique identification for each product. I did also discussed
about other organization‟s view on RFID whom successfully using RFID tagged for
securing tier business and providing better customer services.
ACKNOWLEDGEMENTS
Without the help and support from the following people, this project would have not been
as successful as it was. The author wishes to extend his gratitude to the following people:
Secondly, I would like to thank my Academic advisor, Dr Allan Tomlinson. He spent his
precious time advising me on this project. I would like to thank also Mr. Mohammad
Faran who helped me a lot to complete this project.
Thirdly, my heartfelt gratitude goes to my family and especially my father who gave me
this opportunity to come far from my home country and pursue master degree in one of
the top universities in U.K.
Finally, I would like to thank my house mate‟s friends, for their greatly appreciated help
and support.
Table of Content
1. Introduction…………………………………………………………………...….2
1.2. History of RFID………………………………………………………………...2
6. Conclusion………………………………………………………………………...2
7. Bibliography………………………………………………………………………2
List of Figures
List of Table
1. Introduction:
RFID (Radio-Frequency Identification) is an automated data capture technology used to
identity, track and store information about physical items. It consists of three components
which are RFID tags (transponder), RFID readers and transceiver with decoder. It
operates on the radio signal and operates on different frequencies. RFID works on a very
basic concept. A signal is sent to transponder which sent back a signal (passive tags) or
broadcasts a signal (active tags).
It was first used by Britain in 1939 during World War II to identify friendly and enemy
aircrafts. Each aircraft has transmitter installed on it and it broadcast the signal back as
the transmitter received signal from the radar on the ground. Advances in radar and RF
communications system continued during 1950s and 1960s. Scientists and academics in
the United States, Europe and Japan did research and presented papers explaining how
RF energy could be used to identify objects remotely. During 1960s it was considered for
the commercial world. The first modern RFID system was demonstrated in 1971 to the
New York Port Authority which consisted of 16 bit transponder and a passive device
powered by interrogating signal for use as toll device.
The First U.S patent for an active RFID tag with rewritable memory was awarded to
Mario W. Cardullo on January 23, 1973. Also in 1973, Charles Walton, a California
entrepreneur received a patent for passive transponder used to unlock a door without a
key. A card with embedded transponder sends signal to the reader near the door. When
the reader detected a valid identity number stored within the RFID tag, the reader
unlocked the door. Walton licensed the technology to Schlage, a lock maker, and other
companies. In 1970s US government developed RFID system to track Nuclear Weapons
that use transponder on trucks and readers at the gates of the secure facilities.
This system was commercialized during mid 80s and automated toll payment systems
was created and widely used on roads, bridges and tunnels around the world. Also the
same scientist who developed toll system created passive RFID tag system to track cows
that uses UHF radio waves. The device drew energy from the reader and simply reflected
back a modulated signal to the reader using a technique known as backscatter. Later
companies developed low frequency (125 kHz) system that uses small transponders. Low
frequency transponders were also put in cards and used to control the access to buildings.
Later companies moved to high frequency (13.56 MHz) which was unregulated and
unused in most part of the world. High frequency offered greater range and faster data
transfer rates are possible. Companies in Europe started to use 13.56 MHz frequency to
track reusable container and other assets. Today, 13.56 MHz RFID systems are used for
access control, payment systems (Mobile Speed pass) and contact less Smart Cards. In
the early 1990s, IBM engineers developed and patented an ultra-high frequency (UHF)
RFID system. UHF offered longer read range (up to 20 feet under good conditions) and
faster data transfer.
IBM tested its technology with Wal-Mart but that technology was never commercialized
and in mid 1990s IBM sold it patents to Intermec. Intermec RFID systems are used from
warehouse tracking to farming. But at that time due to low volumes of sales and lack
open international standards the technology was expensive. In 1999 Uniform Code
Council, EAN International, Procter & Gamble and Gillette funded to establish the Auto-
ID Center at MIT for UHF RFID research. David Brock and Sanjay Sharma was
working on low cost RFID tags.
In order to decrease the cost their idea was to put only serial number on tag. The data
associated with the serial number would be stored in internet accessible database.
Previous tags were like mobile database that carried information about the product or
container they were on with them as they traveled. They turned RFID into a networking
technology by linking objects to the Internet through the tag. For businesses, this was an
important change, because now a manufacturer could automatically let a business partner
know when a shipment was leaving the dock at a manufacturing facility or warehouse,
and a retailer could automatically let the manufacturer know when the goods arrived.
Between 1999 and 2003, the Auto-ID Center gained the support of more than 100 large
end-user companies, plus the U.S. Department of Defense and many key RFID vendors.
It opened research labs in Australia, the United Kingdom, Switzerland, Japan and China.
It developed two air interface protocols (Class 1 and Class 0), the Electronic Product
Code (EPC) numbering scheme, and a network architecture for looking up data
associated on an RFID tag on the Internet. The technology was licensed to the Uniform
Code Council in 2003, and the Uniform Code Council created EPCglobal, as a joint
venture with EAN International, to commercialize EPC technology.
The Auto-ID Center closed its doors in October 2003, and its research responsibilities
were passed on to Auto-ID Labs.
Some of the biggest retailers in the world—Albertsons, Metro, Target, Tesco, Wal-
Mart—and the U.S. Department of Defense have said they plan to use EPC technology to
track goods in their supply chain. The pharmaceutical, tire, defense and other industries
are also moving to adopt the technology. EPCglobal ratified a second-generation standard
in December 2004, paving the way for broad adoption.
Chapter 2
------------------------------------------------------------------------------------------------------------
2. Basics of RFID Systems……………………………………………………..……11
2.1. RFID Tags………………………………………………………………………11
2.1.1. Passive Tags……………………………………………………………….12
2.1.2. Active Tags………………………………………………………………..13
2.1.3. Semi-Passive Tags………………………………………………………...13
2.2. RFID Readers…………………………………………………………………..13
2.3. Middleware……………………………………………………………………..15
2.4. Radio Waves Frequencies……………………………………………………...16
2.4.1. Low Frequency (LF)………………………………………………….............16
2.4.2. High Frequency (HF)………………………………………………………...16
2.4.3. Ultra-High Frequency (UHF)………………………………………………..16
2.5. Differentiate Between RFID and Barcodes…………………………………...16
2.6. Electronics Product Code (EPC)………………………………………............17
2.7. EPC Global Network…………………………………………………………...18
------------------------------------------------------------------------------------------------------------
RFID systems are used to identify and track objects or people using radio waves. It is
possible by reading microchips that contains unique numbers that can identify objects,
people and information. These microchips can be read automatically, unlike bar code that
is scanned manually. Due to its automatic identification it is gaining popularity in the
world to identify and track objects. RFID systems is made of three components
Basically RFID Tags are microchips that used to store data on it. Before late 1990s it
used to contain much more information then it is used to be stored now a days. These tags
are large and very expensive because of large microcontroller and memory. Now a days
tag only store serial numbers that are large enough to store a unique identification of a
single product not like barcode that store similar information about the same type of
product. These tags can be Read-Only or Read-Write capability. Read-only tags have
unique information stored during its manufacturing process also referred as „name plate‟
application. The information cannot be changed on the Read-only tags. With Read-Write
tags user can manipulate information on the tags when the tags are within user range.
There are three types of tags that are used now days.
1. Passive.
2. Active.
3. Semi-Passive.
Figure: 0[24]
2.1.1. Passive Tags:
As the name suggests Passive tags have no power of its own. These tags are powered by
electromagnetic field generated by the reader and provide enough power to the circuit for
power up and to send back the signal to the reader. These tags operate by backscattering
(reflection of the signal back to the source) the radio wave from the reader. Passive tags
practical read distance ranges from 10 cm (ISO 14443) up to few meters (Electronic
Product Code (EPC) and ISO 18000-6) that depend on the radio frequency and the
antenna size. These tags are very small as compared to active tags because lack of power
source. It holds less information as compared to active tags. These are the most cost
effective and reliable. Passive tags are less reliable as compared to active tags but some
passive tags are much work effective then active tags like in water and tin foils. The tags
remain readable for the long time even after the product is sold. Tags have life of twenty
years or more.
Figure: 3[25]
2.1.2. Active Tags:
Active tags have their own power source which is used to power the circuit and send the
respond signal to the reader. Active tags range of operation is up to 100 meter and
battery source life is up to ten years. Active tags are more expensive and bulkier than
passive tags due to internal power supply for the tags. It holds more information as
compared to the passive tags. These tags due to its on power supply it can transmit at
higher power level which allows them to be work better in environment with humidity
and spray or with dampening targets (objects containing water), reflective targets from
metal (containers, vehicles) and at longer distances. They are more reliable because of the
ability to conduct Session with the reader. Active tags can have more memory as
compared to passive tags and may store additional information received from the reader.
Active Tags
Figure: 4[13]
2.1.3. Semi-Passive Tags:
These tags have their own power source but it powers only the circuit not the antenna to
broadcast the signal. For response it worked the same way as passive tags. They have
greater sensitivity than passive tags which can be used for greater range and enhanced
reliability. It has longer battery life as compared to active tags. It can perform active
functions such as temperature monitoring using its own power even without the reader.
Basically RFID readers performs various function from activating tags, send querying
signals, supplying power to passive tags and to the antennas of semi-passive tags,
encoding the data sent to the tag and decoding data received from the tag. It typically
consists of transmitter and receiver, a control unit and a coupling element (antenna) .The
reader can be fixed or handheld. It emits electromagnetic waves. The range of the reader
depends upon the radio frequency used and power output. They can be fitted with an
Some Readers
Figure: 5[13]
a. Reader API:
The reader API is the application programming interface that allows programs to
register for and capture RFID tag read events. It also provides capabilities to
configure, monitor, and otherwise manage the reader.
b. Communications:
Readers are edge devices, and like any other RFID devices; they are connected to
the overall edge network. The communications component handles the
networking functions.
c. Event Management:
When a reader sees a tag, we call this an observation. An observation that differs
from previous observations is called an event. The analysis of observations is
called event filtering. Event management defines what kinds of observations are
considered events and determines which events are interesting enough to merit
being either put in a report or sent immediately to an external application on the
network.
d. Antenna subsystem:
The antenna subsystem consists of one or more antennas and the supporting
interfaces and logic that enable RFID readers to interrogate RFID tags.
Antenna
Figure: 6[14]
2.3. Middleware:
Middleware is software that bridges RFID hardware and enterprise application. It is the
primary means of data gathering for any RFID deployment. It consists of computer
hardware and data processing software connection to enterprise inventory or
identification management system. It provides operating system, data repository and
processing algorithm that convert multiple tags data into visible tracking or identification
data. It can be managed by company personal or be contracted to an IT service. It allows
user to monitor, deploy, issue commands and configure readers through common
interface. It collects data from reader and provides filtering, formatting or logic so that it
can be processed by software application such as Supply Chain Management (SCM),
Enterprise Resource Planning (ERP), Warehouse Management (WMS) or Customer
Relationship Management (CRM) Systems. It can be standalone system or can be merged
with the RFID reader.
Figure: 7[20]
The tag code is based on header, EPC Manager, Object Class and Serial Numbers.
Following figure shows the tags contents for example there is header, header is shows the
current version of EPC code, to next is EPC Manager which is 26 bits define the product
manager or a product manufacturer for example if bottle of wine by fosters company
fosters company have their own code for their product which shows in EPC Manger
column in tags suppose that 01 is the code for class 1 of EPCglobal table and 0000A89 is
the manufacturer which we assume that is Fosters a wine company code.
Now the Object class its given the product information of the company for example if a
cane of foster 320ml which we can assume the product code is 00016F in the figure, now
we get class of code which brand is that product and which product is the company.
The serial number is use for unique identification every single unit of foster cane have
different serial number, through the 96 bit long integer tag code, we can get 68 billion
unique serial numbers and 16 million objects classes and 268 million companies in our
EPC Manager codes.
Figure: 8[15]
The next Gen2 EPC Global code is still facing tough research work. Gen 2 passive tags
can work in thin metal and deep water too because of the micro chip and antenna will
help to detect radio waves and help to reduce blocking waves. Gen 2 smart label shows in
following figure
Figure: 9[16]
The figure shows the smart label size width and inside structure of chip and antenna there
is few more characteristics define in following figure
Figure: 9.1[16]
Figure: 10[15]
Layer one is tags and sensors every tags should have to go through readers, readers may
forward information to the savant, savant work for filtering data its work like a part of
middleware application to reduce the size of data and getting the valuable information
which may needed. Fourth layer of EPC Information Service may provide the
information which received from savant such as object detail, manufacturer date and
forward that detail to Object name service (ONS) besides also converting the information
to the physical markup language PML.
Object name service is the cache which work like Domain name services (DNS) on
internet and other network can read the physical markup language (PML). Object name
service (ONS) service send request to enterprise application database where the all
product information available from the manufacturer. EPC global has awarded with the
VeriSign to work on object name service on global network for tracking in real time.
Chapter 3
------------------------------------------------------------------------------------------------------------
3. RFID Product Supply chain Management…………...…………………….………20
3.1 Suppliers……………………………………………………………………….……21
3.2. Manufacturing……………………………………………………………………..21
3.3Finish Goods Distribution……………………………………………………….….21
3.4. Retailer / Distributor Distribution……………………………………......…….. 21
3.5. Retail Store………………………………………………………………………...22
3.6. Consumer………………………………………………………………………….22
3.7. Example of Retail Supermarkets………………………………………………...23
3.7.1. Tesco……………………………………………………………………………..23
3.7.2. Wall-mart……………………………………………………………………..….23
3.8. Low Level and High level Inventory Management……………………...……...23
3.9. Returnable Transport Item………………………………………………………23
3.9.1. Pallets, Roll Container, Dolly, Rolly, Maintainer, Crate………………..24
3.10. Logistics Customers and Organization……………………………………..… 25
3.11. RFID Implementation and Pilot Projects………………………………………26
------------------------------------------------------------------------------------------------------------
3. RFID Product Supply chain Management.
Process of RFID management is the same as product life cycle just each step is monitor and
saving the time, labor and its cost. Every business tycoon looking for their business growth and
satisfaction of customers when customer feels unsafely about their product usage or product been
stolen disrupting them for using that facilities. A small example of laptop companies who build
laptop and sending to distributors and retail during the journey all laptop or some of laptop stolen
from theft they cannot do anything to stop them using except complaining or claiming. RFID help
to manage each product their quantity and track in each way for example If I got RFID tagged
laptop and some steal it from me where ever they can go every NFC(near frequency reader) can
read their signal about their location If I can complain about my laptop been stolen they only need
my name and my order number they will get all detail about my laptop serials and their RFID
code because each RFID tagged has unique identification, if they send request to find particular
tagged reference number on internet they get the result of RFID product where it is each NFC
(near frequency reader) will check 1st in their local database about the product if not exist then it
goes to internet to find the location of the server where its match the tagged number and get the
location of the product. Its help business because technology cost and ongoing operation is fixed
it‟s not goanna change. Cost is low and their benefits are high. Following fig describe some part
of management:
Figure: 11[28]
Suppliers
If we can talk about any farming product like vegetables which comes from the
farmers, farmers are collecting the goods in bulk quantity gathering them and
sending to manufactures. In other example of any electric machines supplier
sending every single part of machine to manufacturer for assembling all raw
goods comes from suppliers.
3.2. Manufacturing
Second and important part of manufacture for example if they receiving bulk of
mangoes they are doing their packaging put RFID tagged on each package make
them separate in quantity wise or weight wise each tagged has their unique
identification and have their code number once you put tagged on product its goes
to database that this number of tagged been issued for product. Because of EPC
(electronic product code) which saved in database which interlink to network may
help to track the product during their journey. Manufacturer sending goods to
distributions, when product leaving from manufacturing channel its catch their
quantity of product from database which goes through exit channel because of
every exit gate there is reader which read the electronics code like RFID Tagged.
When its exit from the channel its counting the time when will it reach to their
destination.
Again same procedure to follow from step 2 that when receiving goods from
manufacturer reader read the each product code from delivery and check with data
base which interlink through network when they received all of them they will
give green signal to manufacturer if there is any one of missing its shows that
something missing in product and they will check all product code if any one is
missing its shows in system that this box of product is not receiving through
channel, those code may check on the channel through RFID where it is lost.
Distributors and retail order the quantity of goods to the distribution for example
if I am owner of Sainsbury‟s I have my own many retail stores and my own
warehouse where I can save my all product I do order to home base or anyone
else to send me millions of cokes to my warehouse suppose that home base is the
distribution channel who sells products. I have received the all product on my
warehouse but for my business saving I got same technology as distribution has
when they send me product also sending me the list of product code or can share
through network when I receive the all product if there is any missing distribution
may know which is missing every RFID tagged read in my local database and its
compare with the network database if the records exist its go through if its not it
will give me alert and we will inform to distribution if anything missing during
channels.
The second last step of goods is to sending goods in retail store where every
consumer can come to buy that product. Retail store interlink to their local
retailers and also read the each box of tagged which goes to data base for
rechecking of delivery, every retailer have their own key for unlocking the
product. For example some store we saw bottles of alcoholics drinks which
tagged with bar codes and physical locks when customer want to buy that product
they have to go to till operator for removing that lock manually. When customer
took any product any going to pay off to till, till operator scan those product
which goes to database and given confirmation that this product has been sold and
received valuable cost of product which help to manage business cost and help to
reduce stealing from thefts if products is not scanned from till operator and its
going out from the exit door its will give alert to guard that someone steal
something.
3.6. Consumer
Those who buying the product for using their own usage when they bought
product from retail stores its still can be track for example if customer buy any
expensive electric gadgets which cost very high those product are tagged with
RFID tags if you lost your gadgets or stolen by someone you can complain it
against the product and RFID tagged may track the product where its been using.
People who buying the products are feel safe about their gadgets because of
company‟s who‟s providing security for customer‟s valuables. Following figures
shows the complete chain of process:
Figure: 12[26]
22 MSc Information Security
Royal Holloway University Of London
3.7.1. Tesco
Tesco is the market leader in UK there is more then 1200 store and distribution
centre around the UK. They are adopted the RFID technology with the help of
EPCglobal, after more then two years of testing they adopt the standard of RFID. They
choose the UHF tags for their cases, pallet, trays and cages. They are ensured their
manufacturing of all barcode frequencies and power levels conform to European
regulation authority. They are fitted the all technology from distribution to retail stores
now they are able to monitor their high value assets during supply chain. Tesco has
selected OATSystems to provide software infrastructure for their RFID system,
OATSystems are specialist in middleware applications and filtering data.
3.7.2. Wal-mart
Wal-mart is the largest retailer, operating 1100 stores, 1900 supercentres, and
575 Sam's clubs. They are using the gen2 RFID tags their suppliers are Alien
Technology, Avery Dennison, Texas Instruments, Impinj, Omron, STMicroelectronics,
for tracking and analysis in real time promotion execution they are following OAT
System. Their financial earning is $12.6 billion on $350 billion in sales with the profit
margin is 3.6%.Reducing out 30% of stock incidents in stores making additional $3.4
billion in sales.
Figure: 13[15]
There is few more stuff which is currently using in retail business and other places for
loading and delivering goods those assets are called returnable transport items (RTI).
Following figures shows some of them which is currently used in retail and other delivery
purpose.
Figure: 19[17]
Figure: 20[18]
Figure: 21[19]
Table: 1(23)
Chapter 4
------------------------------------------------------------------------------------------------------------
4. Benefits of RFID in Logistics and Standards………………………………...…27
4.1. Increased Accuracy………………………………………………………….…27
4.2. Faster Throughput……………………………………………………………..27
4.3. Lower Inventory………………………………………………………………..27
4.4. Management Exception………………………………………………………...27
4.5. EPC Global Standard Classes Protocols…………………………………….. .28
4.6. Characteristics Table of RFID Technology…………………………………...29
4.7. ISO Standards………………………………………………………………......30
4.8. ISO Standards for Supply Chain Management Applications………………..31
RFID tags increase accuracy because it is not using any manual scanning or any human
interaction every tag read by automatic readers which reduce the manual scanning and
help to detect any unreadable item or missing goods its help to increase visibility and
accuracy of supply chain.
Reading for tags is too fast of RFID tags because of UHF high frequency which can read
up to 400 /sec with out any human interaction.
Lower inventory is very important and useful, lower inventory levels must be accurate
and visible because it will shows the 100% accuracy of capital. RFID allows checking
lover inventory visibility and the response from all technology of RFID which build up in
organization.
EPC tags classes define in following table which describing the EPC middleware savant,
EPC tag reader, object name service (ONS) specification and physical markup
language(PML) which based on xml for communication on EPC Network. Following
table explain the EPC Global classes.
Table: 2(21)
Table: 3(21)
There are two major Organizations which related to RFID Technologies in the world the
ISO (international organization for standards) and EPC Global (electronic product code)
both organizations developed the RFID standard for tags, readers and protocols, see the
following table:
Table: 4(21)
Table: 5(21)
Chapter 5
------------------------------------------------------------------------------------------------------------
5. Security and Countermeasures of RFID…………………………………….......32
5.1 Virus Attack……………………………………………………………………..32
5.2. RFID Worms……………………………………………………………………32
5.3. RFID Tag Removing…………………………………………………………...32
5.4. Tag Cloning……………………………………………………………………..33
5.5. SQL Injection…………………………………………………………………...33
5.6. DOS Attack……………………………………………………………………..33
5.7. Middleware Attack……………………………………………………………..33
5.8 Radio Waves Jammer and Signal Blocking…………………………………...33
5.9. Tag Collision…………………………………………………………………....34
5.10. Lack of Knowledge……………………………………………………………34
5.11. RFID Backup Process………………………………………………………...34
5.12. Mutual Authentication………………………………………………...……..34
5.13. Countermeasure………………………………………………………………37
------------------------------------------------------------------------------------------------------------
Security of RDIF is a real issue in real world because of RFID chip is easy to hack it
work on radio waves which is easy for others to use any reader and read any tag contents
which is near to them without acknowledgment of owner. Cloning of RFID tags and
removing chips, collision with standards, effects on people privacy those issues are very
high and considerable. There are also some issues which are related to passport, smart
cards and viruses which cause the damage of the data.
remove the tags from goods whole system should be corrupted for example attaching the
oyster chip power to oyster reader power together they both power merge to each other
whenever its trying to removing chip from the oyster it will be damage whole card.
and put it near to the reader or within certain distance which may cause the block all
readers to read tags until the Jammer switched off or scan manually to every pallets of
goods . Another way is to rape anything with foil paper can block the radio frequency for
example if any product tagged with RFID and to cover up all products with foil paper can
block the RFID signals even some tags can block in water , water can absorbed high level
of frequencies tags.
Figure: 22[32]
RFID System must have to use any cryptographic functions such as symmetrical
cryptographic where we can share the key K between tags and receivers for example of
Challenge response of token mostly used nowadays in UK banks they provided card
reader to their customer when customer want to buy any thing online they have been
asked for providing challenge response number when user enter their card to card reader
and enter their pin to get challenge number that challenge number may help to
authorizing for buy any product. For getting challenge number request sending by reader
to transponder when transponder receive the challenge request it‟s generate a random
number “Alice A” and sent to reader , reader may generate their own random number
“Alice b” and verifying both random numbers with shared key K if its verified they will
generate encrypted token 1 sent to transponder and transponder will do the same
procedure with the shared key and decrypt the token 1 and generate their token 2 to send
reader for completing the authentication below figure shows the basic function of
authentication.
Figure: 23[33]
If there is any reason when a transponders unable to decrypt the token 1 it simply
terminate the session of tags. This kind of mutual authentication can be possible to break
because of random number and key K it might be possible to predict the random number
although the key K is a secret key which can not be shared and all authentication depends
on key K can be possible to get therefore standardized algorithms of cryptographic
function are advised.
For making strength of this protocol we can use “Alice x” numbers instead of “Alice A”
random numbers because of random numbers can be vulnerable for feasible attack such
as data sniffing but (x) number can not be possible to attack even attacker get the
information from the transponder like (Alice X number K key) but still unable to decrypts
the data. Cryptography may help to avoid these kinds of attacks some techniques are
mostly used in current market trend such as SSL, SSH and WEP for security and defense
purpose of an organization.
Nowadays RFID systems are mostly using the symmetric algorithms cryptography
because asymmetric algorithms cryptography needs much computational processing and
getting more power. We have two main classes of cryptographic function symmetric
cryptography and asymmetric cryptography. Symmetric cryptographic protocols are
using their own key for decryption and encryption the data such as AES, 3DES, RC4,
RC5 etc. Asymmetric cryptography is using the two different keys primary key
cryptography and public key cryptography such as like RSA and VISA.
5.13. Countermeasure
Cryptographic functions help to reduce those attacks like AES, 3DES,
RSA security etc, each tag contain their own key. Cipher system may help to stop
unauthorized access if attacker can read the tags near them they will got the result on
cryptographic form which they can not understand until they got correct key every
organization have their own key some of them are also using public key cryptography
(PKI), beside there is some active tags which playing biometric functions these all
technologies help to reduce risk and safe the capital.
If the reader can read one time function which may help against DoS attack. If there is
any request going to reader and if the reader read it once and giving reply can not take
any other request from same device and disconnect their session with in certain time limit
which may help to stop DoS attack. For example suppose the Denial of Service (DoS)
attack we assume there is door look with RFID tag key can not work if there is any false
tag key hidden near to the reader if we can write command inside the reader that each can
only reader for 20 second after that the device signal may disconnect, which can reduce
the denial of service attack and also giving alert about the false tags which read by reader.
Time session limit is way to stop denial of service attack.
For using Cryptographic techniques which is quite healthy but its depends on algorithms
which is using like DES Algorithms may unblock because of current system and research
3DES and AES are normally acceptable in current trends as we know that about moors
law technology is getting more faster quantum computing is in research there is only few
machine buildup at the moment which may able to block AES and 3DES but currently its
on research mode but it will change whole cryptographic algorithms which may need
more power and more processing. We must have to adopt RFID Principles of fair
information and to get some more valuable knowledge which help to provide assets
safety.
6. Conclusion
RFID system depends on appropriate tools which may provide security integrity and
privacy. Although, cryptography function such as symmetric and asymmetric
cryptography has playing very crucial role for their security mechanism. There is also
some lack of knowledge for small organization who need to adopt this technology but its
seems in current market that RFID is growing very fast even some of the countries like
Europe and Japan are using RFID system to their currency also British government
interested to make some investigation tools which belongs to RFID. barcodes are went
back because of RFID tags which is more reliable and capturing automates data, for
logistics organizations and goods handling companies RFID System is the gift but there
is some RFID systems are prohibited which can be vulnerable, for adopting the RFID
into the business may improve their efficiency, cost reduction and reduction of work of
employee.
International Standard Organization (ISO) set their all requirements and privacy for
consumer safety and for business relationship. We personally think that there is may
some issue regarding the cost of the tags like such active tags are higher cost and
and some of passive tags are also high because of their needs but it will be fall
down if their market demand will be rise. We note that security companies and
organization are rapidly adopting this technology such as US Department of Defense
(DoD) for their arms traveling monitoring. We must have to adopt RFID system and to
get knowledge of their security and principles and to participate for their developing and
research modules.
7. Bibliography
1. http://whitepapers.silicon.com/0,3800002489,60114730p,00.htm
2. http://www.rfidconsultation.eu/workshops/19/145.html
3. http://whitepapers.zdnet.co.uk/0,1000000651,260161875p,00.htm
4. http://www.indiainfoline.com/content/bschool/Your_Journal/2006/05/300520
06/Chan.pdf
5. http://www.gs1uk.org/downloads/RFID/rfid-web.pdf
6. http://www.acq.osd.mil/log/rfid/index.htm
7. http://www.rfid.com.au/rfid_animalid.htm
8. http://www.baselinemag.com/c/a/Projects-Supply-Chain/Cover-Story-
WalMarts-Faltering-RFID-Initiative/1/
9. http://www.rfidc.com/docs/introductiontorfid_business.htm
10. http://www.epcglobal.org.hk/modules.php?name=News&file=article&sid=28
0
11. www.ti.com/rfid/docs/manuals/appNotes/EPCGen2ConversionGuidelines.pdf
12. http://groups.csail.mit.edu/cis/cis-theses.html
13. www.atloaug.org/presentations/ATLOAUGRFID200601.pdf [4][5][12]
14. www.ti.com/asia/docs/india/tiidevconf2004/rfid/prateep.pdf [6]
15. http://www.logicacmg.com/pdf/RFID_study.pdf
[8][10][13][14][15][16][17][18]
16. www.ti.com/rfid/docs/manuals/appNotes/EPCGen2ConversionGuidelines.pdf
[9]
17. www.oracle.com/applications/logistics/Logistics.pdf[19]
18. www.sun.com (sun_rfid_golden_pitch_v8.5.pdf) [20]
19. www.sun.com (RetekCC.sept2004.pdf) [21]
20. http://www.forrester.com/rb/research (92315.pdf) [7]
21. http://www.nje.ca/Index_RFIDStandards.htm (2)(3)(4)(5)
22. http://www.logisticsit.com/absolutenm/templates/article-
critical.aspx?articleid=3508&zoneid=31 [2]
23. www.bear.com (bear_stearns_analysis_03.pdf) (1)
24. www.hp.com/Presentazione/Crippa.pdf [1]
25. www.andrewbibby.com UNI RFID workshop 2006 [1] [2][3]
26. GENPACT Global Impact RFID- technology overview 20 Jan 2006
ATLOAUGRFID200601.pdf
27. ISSCC d32_04.pdf 2007 / February 14, 2007
28. www.foxner.com autoid_demand [11]
29. http://www.astrec.jp
30. http://www.theregister.co.uk/2006/03/01/rfid_tibco_tnt/
31. http://www.rfidc.com/
32. http://www.theregister.co.uk/2006/03/01/rfid_tibco_tnt/
33. http://www.rfidjournal.com/article/articleview/509/1/1
34. http://www.epcconnection.com/preconference.php?sectionID=41&trackID=7