Professional Documents
Culture Documents
Authentication Protocol
by
Aishwarya A Nair
17MVD0089
March 2019
Certificate
The contents of this thesis have not been submitted and will not be submitted
either in part or in full, for the award of any other degree or diploma in this institute
or any other institute or university. The thesis fulfills the requirements and regula-
tions of the institute and in my opinion meets the necessary standards for submission.
Place : Vellore
Date : March 29, 2019
Approved by
I hereby declare that the thesis work entitled “Secure Implementation of Mu-
tual Authentication RFID” submitted by me, for the award of the degree of Mas-
ter of Technology in VLSI Design to Vellore Institute of Technology is a record of
bonafide work carried out by me under the supervision of Dr K.Sivasankaran.
I further declare that the work reported in this thesis has not been submitted and
will not be submitted, either in part or in full, for the award of any other degree or
diploma in this institute or any other institute or university.
It is with great enthusiasm and the learning spirit that to bring out this project re-
port. We also feel that it is the right opportunity to acknowledge the support and
guidance that came in from various quarters during the course of the completion of
our project. I am extremely grateful to Dr Arunachalam, HOD SENSE Department,
Vellore Institute of Technology,Vellore providing the necessary facilities. I express
my gratitude to Dr K Sivashankaran., Associate Professor, Department of Micro-
electronics,Vellore Institute of Technology , for the valuable suggestions, advice, and
encouragement throughout the project. I would like to express our sincere thanks
to Mrs Priya Mam, Research Schoalar, Department of Microelectronics, who helped
me to successfully completing this project. We are indebted to all other lectures for
their whole hearted cooperation. I extend our special thanks to all our friends for
their help and encouragement. Last but not the least we would like to thank God
Almighty for giving us confidence to do the project.
i
iii
Abstract
Modern era needs secure communications and transactions.Also people want such type
of technology that,instead of giving data manually,one needs such a technology that
automates all ,rhus reduce the time as well as error.So one of the most flexible auto
identification technology is RFID(Radio Frequency Identification Technology).So the
researchers have worked for security and come up with some Mutual Identification
Protocol for UHF Passive RFID tags.Here a lightweight mutual authentication pro-
tocol is implemented in ASIC based on the EPC Class 1 Generation 2 framework
released by EPC global, which is the widely used industrial standard for passive UHF
RFID communication.Here I incorporate a variable Fibonacci LFSR rather than a
normal LFSR which will provide more secure communication compared to current
design methodology aned the results are optimized in Synopsys DC Compiler.
Contents
Acknowledgment i
Abstract iii
Contents v
List of Tables ix
List of Abbreviations xi
1 Introduction 1
1.1 RFID System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 EPC Class-1 Generation-2 RFID Standard . . . . . . . . . . . . . . . 2
1.3 Thesis Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Literature Survey 5
v
vi
Bibliography 31
Appendix 33
Publications 35
List of Figures
vii
viii
ix
List of Abbreviations
xi
Chapter 1
Introduction
In the new modern era companies wanted to give datas into the computers without
just manualy printing it so as to save time, reduce error problems, increasees the
efficiency and to free up the employees to do other useful jobs. This idea leads to
the emergence of a broed new term automatic identification to help the machine to
identify objects and various things,to capture the information and give the datas into
the computer simultaneously. There are different types of automatic technologies like
bacode, RFID’s, smartcards, biometric scan etc.Out Of these the radio frequency
identification the most widely used the technology because of that capability to the
identify objects wireless without line of the site, reading of that information simulta-
neously from the multiple objects at the faster rate,allowing the tags to change the
data and the IDs dynamically,versatile, hide the tags in object physically so as the to
improve the security, to detect the distant of the objects, and the most the important
feature that of enabling the Internet of Things.
An RFID system the uses radio waves for automatic communication. It consists of a
2 main blocks: the tag and a reader where the tag are embedded in with microchip
and the antenna while an reader is embedded with the antenna. The antenna receives
and the transmits the information while the microchip the stores and processes the
1
2
data. The basic RFID system is shown in Fig.1.1 It works in the such a way that
the information encoded on the Tag is read by the sending a signal from reader to
the tag and then tag responds by sending a the signal to the back to the reader.
The antennas embedded on the tag and a reader handle the communication between
them.This a response is after send to the computer or backend server from the reader
for the future processing of the RFID (radio frequency identification)which is the
automatic recognition technology that uses the wireless communication. Generally,
the system or a part that uses an IC tag to identify or to the control various the items
viz wireless communication is called RFID. There are two type of RFID’s Tags:Active
and the Passive Tags.Active Tags have the internal Power source butthe passive did
not have the internal power source.It gets the energy from the electromagnetic waves
send from the reader.Passive tags are the primarily intended to function as a form of
wireless barcode used for the tracking, inventorying, and even preventing of the theft
of costume.RFID operates in the three frequency region:Low Frequency(LF),High
Frequency (HF) and Near Field Communication (NFC) and Ultra High Frequency
(UHF).UHF range is normally used for the RFID security purposes.Here the protocol
fully implemented in UHFrequency Range.
EPC Global is a GS1 initiative to innovate and to develop the industry driven stan-
dards for Electronic Product Code to support the use of the Radio Fequency Identi-
fiction and to allow global visiblity in terms of today’s fast moving,inforamtion rich
,tarding networks. The EPCglobal Class-1 Generation-2 Radio Frequency Identity
3
Protocol for the Communications at the 860 MHz-960MHz, which defines the phys-
ical and the logical requirements for the passive back scatter, Interrogator talk first
(ITF), the radio frequency identification (RFID) system. This standard has been the
widely accepted as the primary standard for the passively powered RFID tags since
the its inception by EPCglobal in 2004.
In this thesis,We will get an idea of the EPC Global C1G2 which is the widely
used standard for the RFID Communication and also block by block description
of each block used in digital end and also it will give the main security issues of the
RFID Communication.And this also discuss the security enhancement of it .Following
chapters will give the verilog code for the each blocks .
4
Chapter 2
Literature Survey
To compensate the security problems of EPC C1G2 specification, the researchers pro-
posed some security methods like Pad generation function which isused to protect the
tags various password or crucial data during the transfer. Yu-Jung Huang, Wei-
Cheng Lin, and Hung-LinLi published a journal similar to the Pad generation
concept, where implemented in FPGA Board.Here they used to produce covercod-
ing pad to mask the tag’s access password before the the data is transmitted.Here
the information from tag to reader or reader to tag can be accessed by simple exor
operation.So to covercode the dta,reader request for he random number from the
tag,the reader performs bitwise exor operaton wit data or password with this ran-
dom number send by the raeder and this is transmitted to reader with a cover coded
form.And this is uncovered by the reader by doing the bitwise exor operation with
received information However the problem with it is the increase in power dissipation
due o incerse in hardware. Lili Wei, Zhaotong Luo, QiangQu, Qing He and
Jingwei published a fully fledged authentication protocol which widely used a pub-
lic key cryptography and also the crypto GPS method but the problem is the lack
of the security proof and also had limitations on the number count of the tag. In
2010 ,a Noval anonymous RFID authentication protocol was published by Jian Shen
Dongmin Choi, Sangman Mohand Ilyong Chung, they denote their protocol
as ARAP which provide a strong privacy and also the security aspects by taking the
pseudonym concept to protect from the synchronization, disclosure and attack.Here
5
6
protocol works without disclosing the real ID’s of the participating tags and provide
strong privacy and security.So the RFID tags substitute pseudonym for all rael ID’s
and this RFID tag preshares the Pseudonym ,the secret as well as information to
backend . In 2015 Mahsa Fathi and Elham Tavakol claimed and proved that
the ARAP protocol is very badly vulnerable to the security and the de synchroniza-
tion and modifies the a new authentication protocol which takes with hash function
and also the PRNG (Pseudo Random Number Generation)which safeguard against
replay, desynchronization, impersonation and traceability issues. Researchers have
also come up lot of lightweight authentication protocols but their hardware were long
neglected until Honorio Martin,Enrique San Millan, Pedro Peris-Lopez, and
Juan E. Tapiador implemented at two lightweight authentication protocols based
upon PRNG and come up with many ideas for the same. However the idea wit us-
ing f PRNF is very innovative and deterministic, therefore in 2015 Yu-Jung Huang,
Wei-Cheng Lin, and Hung-Lin Li proposed a new lightweight authentication pro-
tocol based on TRNG which will provide more security compared go previous works
but with little high power dissipation.In this thesis,I modify the design to provide
better secure communication from tag to reader by incoperating a Fibnocci LFSR in
the design.
Chapter 3
2. The way in which we write the code must be proper,such that reset,enable etc.
It is our manner to utilize the various coding guidelines,so that our coding will be
proper and does not create any problems during synthesis and backend.Also another
aspect is timing anlysis of our Design.So Design must be proper such that it does
not create any timing as well any viloations at backend.Detailed Prime time analysis
must be done after logic Synthesis as well as backend.
• Reader
• Tag
7
8
• Backend
In this protocol, the Reader will be modulates a signal in the UHF frequency range
(860-960 MHz) in order to communicate and transfer to receiver. The tag will utilize
this signal not only to receive data, but also to power the tag.The reader also receives
a continuous wave and also the tag will modulates the reflection the coefficient of
antenna in a process which called as backscatter.
Figure 3.1: Basic RFID Communication.A host server sends commands to tags
through reader.Then tags respond with inforamation stored in it
As said, the reader which emits the em signal is also responsible to control the
Uplink(R-T) and also Downlink(T-R)with possible data rate.Uplink Transmission
will occur with the data rate of between 50-215 kbps and downlink Transmssion with
data rate between 640 kbps. Tags also have some form of non-volatile memory such as
flash, where the Electronic Product Code, denoted as EPCID throughout this work,
which can be thought of as the ID of the tag, as well as other information.
Chapter 4
cation phase is done in secured or otther wise in open state.In this protocol,the alues
are always updating the secret value.So it is advised to implement this protocol in
secured state.The flow diagram of implemented protocol is shown in figure Accord-
ing tho the protocol,every tag has an unique code.So before starting communication
reader should acquire the unique ID from tag by authenticate command.In this pro-
tocol,communication between reader nad tag is insecure where as we assume that
between reader and tag it is secure.Here the following notation are used in following
9
10
sections:
• mj Secret value
Brief Description
• Phase 1:The reader will generate random number Rr which will be send to tag
with a authentication command.
1. According to the UID that comes from a tag to nd the matching SIDj in
the database.
II. If βb = βt, the secret value will be updated. At the same time, in order to
prevent de-synchronization attack, the back-end server performs the following
steps:
1. Updates the secret values of mj and SIDj. The new secret value mj+1 is
generated by the XOR operation with random numbers, mj+1 = (Rt2kRt1)
mj, SIDj+1 = VLFSR(Rt1kRt2,mj).
III. If betab6= βt, the back-end server will nd the secret value mj1 and SIDj1 from
the Mj1 table instead of mj and SIDj, and calculate betab = VLFSR(Rt1/parallelRr,
mj1) according to step I. This is to prevent a synchronization problem that has
occurred in the previous authentication.
• Phase 7: The reader transmits the value of VLFSR(Rt2kRr, SIDj) to the tag.
• Phase 8: The tag authenticates the reader and back-end server via VLFSR(Rt2kRr,
SIDj). The tag updates the new secret value mj+1 = (Rt2kRt1)⊕ mj and
SIDj+1 =VLFSR(Rt1kRt2,mj) after back-end server authentication. The pro-
tocol is nished after updating the secret value.
Chapter 5
A RFID modules of the tag consist of both analog frontend and digital backend. The
frontend will regulate the incoming RF signal to generate VDD for the digital control,
will generate the clock signal, and demodulating of incoming data. The frontend also
consist the backstatter antenna which moduletes for for communication between tag
and reader.The block diagram of Passive Tag is shown in Figure which has an analog
frontend and a digital backend. The frontend is also responsible for transmitting data
back and forth to the reader, provides control datas like reset and also True Random
Number Generator to the digital block. We concentrate on the digital backend where
the protocol is implemented. It has Rom interfaced to store the secret values,Secure
13
14
ID sand other secret data.Implementation of digital baseband is fully based upon the
EPC C1G2 standards. In the following section we present the operation of each block
used in the architecture.
Pulse interval encoding (PIE) is special encoding scheme used for Reader to Tag
transmissions.The To simplify the decoder, amplitude modulation (AM) is used. We
know that the tag also harvests power from this signal, whenever the amplitude of
the incoming RF signal was low, the tag will not receiving power. Therefore,use an
15
encoding method in which the incoming RF signal is high for the majority of the
time.So in this fig, we can see the low in the 0 and 1 . Decoding of data start when
incoming data is high. Figure shows the R T calibration symbol (RTcal) which will
be send in starting of every reader command. We will sample the RTcal and divide
this the number by two resulting will be pivot. For the durations of this current
commands we will be interpret any symbols shorter (less samples) than the pivot to
be a zero and any symbol larger to be a one. A detailed description of the PIE decoder
state machine is given in Fig. Brief Description of different states in pie decoder is
Figure 5.5: RTcal symbol. Symbol is transmitted at the beginning of each reader
command and is used to calibrate the R–¿T data link.
described as follows:
Ready
Delimiter
Initial data 0
• counter is reset
Initial PW
• counter is reset
Sample RTCAL
Initial PW2
Decide TRCAL
• We get the TRCAL and compare it with pivot to know which symbol has been
recieved
OPCODE PW
• The opcode counter and opcode is been compared and if there is a match the
opcode ready ag is raised and we prepare to receive the message(R1).
Decide Opcode
• If Data in = 0 we compare the counter with pivot to decode the symbol received.
Data Decode
• If Data in = 0 we compare the counter with pivot to decode the symbol received
Data PW
• The data ready ag is raised after we receive all the symbols and also if the
opcode ready ag is raised.
Wait
• The state hold the values for a long time simultaneously implementing the
protocol operations.
LFSR (Linear feedback shift register) is the base element of the protocol.A simple
LFSR is the shift register where its inputs are driven by the XOR operation ie.is a
linear function of its previous state therefore will then make it a deterministic.
The implemented lfsr structure consists has 2 sets of register one is normal shift
register and other is coefficient register. They both are initialized with Rt1kRt2 and
Sa after the decoder reads all the data inputs. Coecient register will determine the
18
input values according to the value of mb stored in rom, then shift register will shifts
the values upto mb cycles so that we get b and this βt will be decoded back to reader.
5.3 ROM
Simple ROM is implemented to store secret value mj = Sakmb, Secure ID (SID) and
tag random numbers (Rt1,Rrt2). And is used to initialize the coecient register in
LFSR while mb will be used to rotate this value. Rr,Rt1 and SID is encoded back
after an XOR operation. Rr is also used to initialize the Sr.
Valid communication between the reader and tag is ensured by CRC16 and CRC5.
This will be done as per the EPC gen2 standards as a safeguard against bit errors.
The CRC5 and CRC16 circuits are a form of LFSR that consist of 5 and 16 registers
respectively. Modules working will be started by initially the registers by preloading
to 01001 (CRC5) or FFFFh (CRC16). Then data bits are encoded back. This register
will now holds the crc5 output . Here CRC5 is will be to validate AUTHENTICATE
command while the CRC16 is used to compute the crc16 value which has to be send
to the reader. The structure of CRC5 and CRC16 is shown in g and g respectively.
CRC5 can be used for both generating a 5 bit value and also for checking bit errors.
• Input is clocked by data inputs ( Data in) starting from the MSB.
Similarly the CRC6 structure shown in g can be used for both generating a 16 bit
value and also for checking bit errors. The CRC16 value is generated by the following
steps.
• Input is clocked through the inputs ( Data in) starting from the MSB.
• Value along with 16 bit value data,CRC16 is clocked to the input ( Data in)
starting from the MSB.
• After clocking all the values if we get FFFF as CRC16 value then there is no
bit error.
5.5 FM ENCODER
Fm0 encoder specied by the EPC gen2 standards to backscatter the data back to
the reader in a frequency that is decided by the TRCAL value send from the reader.
TRCAL value is set by clock management module and set the required backscatter
20
frequency and provides this as the input clock to the fm0 encoder. The Backscatter
link frequency ranges between 40-640 Khz and the output clock to the encoder is
determined by the formula clk encoder = TRCALDR where DR is the data rate
which can have value 64/3 or 8. In this thesis we encode the data in 640 KHz.
As said ,in RFID most important aspect is need of secure communication between
reader and tag.So here instead of of normal Variable LFSR,I incooerated a Fibnocci
logic in the LFSR.So that we an named it as Variable Fibnocci LFSR.The new pro-
posed diagram is shown below: So here we can see that,I used an Variable Fibonacci
Logic in LFSR.Lfsr is needed to generate the random number which will be used
to generate βt =VLFSR(Rt1kRr,mj) As said,the Rt1 and Rr will be extracted from
the server,to ensure that received values are correct or not.So in current design,the
shifte register just normal shifts the data coming in Shift register input serially.So
that retrieving of this number also will be easy task. But in modified design,we will
using Fibonacci LFSR, so that every data shift will depend previous two values.So
that we can surely claim that,data will be more difficult to retrieve by any attackers
between Tag and Reader communication.
SIMULATION RESULTS
The entire protocol is implemented in secured state .The message from reader to tag
as well as tag to reader is did according to a frame,which called as Authenticate
command which is send from reader to tag and reply send vice versa. The structure
of the 2 frameworks is shown.Authentication frame is off 80 bits whch include pie
frame,8 bit authenticate command followed by crc16,handle etc. As we can see from
Authenticate command,it begins with an pie frame.Pie frame is used to know when
to start the the transmission, and it is followed by the opcode for Command to
Authenticate d5. We also mention the length of the message which is 16 as we send
random number R1 as message. We also send a handle and crc16 for error safeguard.
The reply command from tag to the reader is off 107 bits,which starts with fm-
preamble,header,values from LFSR etc.A said Replay commnad which has to be en-
21
22
coded starts with fm0 preamble so as to determine the start of the message, followed
by 7-bit barkercode, 1 bit done indicator, which states that the encoding is nished,
header to state that the process is a success followed by the message signal Rr and
Rt1kRt2⊕SID. The reply command ends with the 16 bit handle and 16 bit crc16.
Moreover, as per EPC gen2 standards we need to use either fm0 encoder or miller
encoder so we chose to have one encoder (fm0) and the encoding scheme used was
gray encoding which reduced the power. The clock managing module in the previous
work led to an increase in area. Therefore we optimized this block to provide separate
clock only to the encoder, thus we get a reduced area. Table II shows comparison of
our work and the previous work
The protocol was simulated and synthesized in SCL pdk 180nm synopsys DC compiler
and its physical synthesis was done in synopsys IC compiler. The simulation result
is shown in g Similarly we can verify these outputs in monitor window.So here is
monitor window output for main program as well as various other blocks used in
design.First figure gives the outputs of Main module. followed every block in design.
23
• Main Module
• CRC5
• FM ENCODER The entire simulation is done in tsmc 180 nm,and the values
– Rr= 17B6h
– Rt1 = AA10h
– Rt2 = F F 35h
– Sa = ABCD5432h
– Sb = 14h
25
– Sid = F C2C6700h
– TRCal = 64h
For the LFSR function we use R1kR2 = 17B6AA10h to initialize shift register,Sa
(ABCD5432) to initialize coecient register and it will shift Sb(14) cycles to get
βb as 7EEDEF62. As in protocol,we will transmit βb, R2kR3 ⊕SID to the
reader through reply command. As mentioned in thesis,we will use frequency
that is set by using TRCAL value.So here we are using 640 KHz for back
scattering. The reply command obtained is shown in graph with red mark.
We then carried out the logical and physical synthesis using TSMC 180nm
Synopsys DC compiler and IC compiler to come up with the results shown in
table given below.Area and performance is better compared to preious works
done in this area. This because we have used decoder and control as a single
block instead of 2 separate blocks as in the previous work. Moreover as per
EPC gen2 standards we need to use either fm0 encoder or miller encoder so we
chose to have 1 encoder(fm0). The clock managing module in the previous work
led to an increase in area.Therefore we optimized this block to provide separate
clock only to the encoder, thus we get a reduced area. Below given table gives
the results obtained:
level simulation can be done after the basic synthesis to verify our generated
netlist and design.Gate Level simulation is done to verify that our generated
netlist and our design is matching properly,so that it will give proper output
for our design.Here listed some importance of doing Gate Level Simulation:
Here is the output for gate Level Simulation.It will not check the functionality.It
will check for equivalence only.
PrimeTime (PT) is a sign-off quality static timing analysis tool from Synopsys. Static
timing analysis or STA is without a doubt the most important step in the design flow.
It determines whether the design works at the required speed. PT analyzes the timing
27
delays in the design and flags violation that must be corrected. In the pre-layout
phase, the clock tree information is absent from the netlist. Therefore, it is necessary
to estimate the post-route clock-tree delays upfront, during the pre-layout phase in
order to perform adequate STA. The various timing paths are shown in below table
which is obtained from Synopsys Prime Time Tool.Here we can see that ,there is no
setup as well as hold violation.
As we can see in frontend,we get an optimized netlist,the next step is Physical Im-
plementation.The physical design stage of ASIC is usually called as Place and route
stage.This is based upon the idea of physically placing the circuits, which form logic
28
gates and represent a particular design, in such a way that the circuits can be fabri-
cated.The physical Design Implementaion in ASIC consist of :
1. Floorplanning
2. Placement
4. Routing
• Clock Tree Synthesis Clock Tree is done to have clock skew minimum as
possible in order remove all type of violation.Clock Skew defines as difference
in arrival of clock in different domains.So clock routing must be done in order
to minimize the clock skew,thus makes system faster.
• Routing Routing is nothing but connecting the various blocks in the chip with
one an other. Until now, the blocks were only just placed on the chip. Routing
also is spilt into two steps:
– Global Routing:It basically plans the overall connections between all the
blocks and the nets. Its main aim is to minimize the total interconnect
length, minimize the critical path delay. It determines the track assign-
ments for each interconnect
– Detailed Routing: In this step, the actual connection between all the nets
takes place. It creates the actual via and metal connections. The main
objective of detailed routing is to minimize the total area, wire length,
delay in the critical paths.
30
As said,we are aiming to have more secure communication between reader and tag,So
that no middle man can retrieve the informaton between tag and reader.So for that ,we
are replacing our normal variable LFSR to variable Fibonacci LFSR,which requires
extra two steps to extract the values of Rr,Rt1,Rt2 in server. The output is shown
below.Here only the value of βb is changing,and no other changes.
33
34
Conclusion
35
36
Publications
Students need to write their publication list here. It is to be written in the format of
bibliography. Following is for your guidance.
Sonal, Mohanthy. (2016), “FPGA implementation of bitonic merge signal network”,
IEEE Transactions on Signal Processing, 41(6), 566-576.
37