Radio Frequency Identification (RFID) technology is an advance wireless identification system which communicates through radio frequency between RFID reader and tags. RFID tags are usually small and can be deployed in many applications and also in highly secured applications such as embedding tag inside money (Juels and Pappu, 2004), on others security applications such as electronic passport (Liersch, 2009), (Nithyanand, 2009) and enhanced driving licenses (Koscher et al., 2008). The process of putting RFID tag inside the money makes it is possible to easily track them from being stolen or lost.
Background of the Study
Security solution such as encryption needs to be provided in order to protect messages in the communication channel (data in motion) between RFID systems components. For example, messages that are moving through wireless radio frequency communication can easily be eavesdropped or intercepted by adversary between RFID reader and tags. Therefore, encryption solution such as AES (Feldhofer et al., 2004), ECC (Hein et al., 2008) or any other lightweight type of encryption can be used to provide security for RFID system.
Another alternative for securing data at rest is by using Trusted Computing (TC) (Tomlinson, 2008). Here, Trusted Platform Module (TPM) is a tamper proof hardware (Challener et al., 2008) which can protect and provide integrity measurements and data sealing for computing platform. TPM has also been introduced to provide system integrity verification and attestation inside RFID system (Mubarak et al., 2010). The integrity verification solution provides a system protection against malware and masquerade attacks. Although, TPM is not the antivirus software but its ability to do trusted boot and chain of trust can easily detect any modification at the system level, makes it a better solution in this situation.
Besides protecting data in motion and data at rest, another part is to protect data in use or at the application level. At this level we need both security and trust. Our approach is to combine integrity verification process (trust based) and encryption process (security based) to protect the RFID system against data hijacking and malware attacks. The securities and trust based processes together with Integrity Measurement Architecture (IMA) (Jaeger et al., 2006) software can easily detect the modification of all data in use. Enforcer (Marchesini, 2003) also is another tool that can provide security and trust protection for data in use (at the application layer). Here, the encrypted data cannot easily be guessed by adversary due to the strength of the combination of trust and security.
Another problem in RFID system is regarding privacy issues such as traceability, location tracking, and confidential data leakages. Privacy Enhancing Technology (PET) (Oliver, 2003) is one of the solutions to protect data secrecy from being exposed to illegal entity, person, or organizations. There are several ways to provide privacy-preserving techniques for RFID system such as anonymous authentication (Armknecht et al., 2010), location privacy (Sadeghi et al., 2009), anonymizer-based for privacy (Sadeghi et al., 2009), and many more. The usage for each of this technique is to protect data against traceability and location tracking. All of these privacy-based techniques have more or less similar problems, i.e. related to availability and really depend on a group of anonymizers to refresh anonymity of the tags. However, there is a more pressing issue regarding to these privacy-preserving solutions, which is the lack of security and trust.
We therefore, propose a new approach in solving the issues of security, trust and privacy in RFID systems. The main idea behind this approach is called RFID system with security, trust and privacy (STP). This combination of three into one solution for RFID system and protocol will strengthen the security by protecting data within the system and within communication channels by using lightweight-based encryption, by providing a trusted RFID system through attestation and integrity verifications, and by protecting user location privacy of data by using anonymizer.
Problem Statement
There are lots of security and privacy threats which always targeted RFID tag as victims. The security issues are usually related to eavesdropping, messages intercepting and attacks on RFID system including also to man in the middle attacks. This kind of attacks can be divided into active attacks (Lopez et al., 2007) and passive attacks. Active attacks such as man in the middle and impersonation attacks are to create denial of service for RFID system and normally RFID tag will be the target. Whereas, eavesdropping and information stealing is some kind of passive attacks.
Another issue of RFID system is related to platforms and applications integrity. Usually, trust is being discussed inside security and just a few numbers of RFID systems and protocols provide trust and integrity verification in their solutions. One of RFID protocol that is focusing in trust and integrity verification is (Mubarak et al., 2010). Some other solutions are more related to trusted RFID designs and implementations (Molnar et al., 2005), (Soppera et al., 2007).
RFID platform or protocol that has no integrity verification cannot be trusted because it can be exposed to virus or malware attacks (Rieback et al., 2006) which can steal any confidential information. The trusted RFID system with integrity verification is very hard for malicious code and man in the middle attacks (Mubarak et al., 2010). Moreover, RFID system without platform integrity verification is not trustable because it can be tampered and compromised by any adversary system. Adversary RFID reader is able to do man in the middle attack to any RFID system that is not performing platform integrity check.
Traceability is another issue which is related to privacy that needs to be solved by RFID systems and protocols besides issues which are related to security and trust only. Usually, previous RFID protocols discussed about privacy and security but not as one complete solution and in silo. Most currently used RFID systems do not provide privacy solution at all (NXP, 2008), (Sony, 2008). Our approach is to focus in security, trust and privacy into one complete solution. This scenario also creates an opportunity for us to tackle the issue specifically. The most major risk of privacy issue in RFID system is related to tracing attacks by adversary that targeting at hijacking user-related confidential data, including user identities and locations. Compromised RFID tags can be tracked by an adversary and those tags which are related to consumer products can automatically expose the location of that individual. This is not good for consumer privacy because no individual wants to be tracked without their knowledge.
Objective of the Research
The objectives of the research project are to:
Identify compromised applications inside the RFID system.
Propose a new technical framework for Security, Trust and Privacy (STP) of RFID system.
Evaluate and validate the newly proposed RFID system with 13 existing RFID system via simulation which based on security, trust and privacy (STP).
Triangulate the validity and reliability of the newly proposed RFID with STP system via test-bed experimentation.
Significance of Study
This research is significant to be done because:
The increasing usage of RFID technology in multiple applications introduces security and privacy issues and risks which need to be addressed for every RFID system.
There are no other RFID solutions yet that can solve all the three elements of security, trust and privacy.
Nowadays, adversary system and hacking tools are getting better and better so RFID security and privacy-preserving solutions also have to be far better than them.
Almost all of current available RFID systems in the market are lack in security and do not provide any privacy-preserving solution at all (NXP, 2008), (Sony, 2008).
Scope
This research is more focus on the software (protocol) and not hardware and it will be using Trusted Platform Module (TPM) which resides in the computer to provide trusted services and integrity measurement for RFID reader. This research will be focusing towards security, trust and privacy (STP) of RFID system. Our proposed solution will be tested on a particular scenario (which will be proposed later) according to the most probable cyber attacks. The proposed novel solution for STP based RFID system will be tested for system performance and efficiency and will be compared with several related solution from previous works.
Chapter 2
Literature Review
There are lots of related studies that have been done to address the security and privacy issues in RFID systems. So far, almost all previous works on RFID systems and in particular RFID protocols, discussed the solution involving security and privacy in silo. From our analysis, about 70% to 80% of related RFID security papers are focusing on security, about 10%-15% of them on privacy and only a few of them were on trust and trusted computing. Usually, security and privacy is the main target for every RFID systems and protocols. According to our study thus far, there is none of previous RFID systems and protocols that propose their solution to cater for security, trust and privacy (STP) together. In the following sub-section we divide our analysis into three categories: security, trust and privacy.
Security
Security is the main agenda needs to be included into RFID systems and protocols. Several previous RFID protocols have been proposed which try to protect against some major security issues such as eavesdropping, message intercepting, denial of service attacks, man in the middle attacks, relay attacks, replay attacks and many more and including also the physical attacks. For instance, protocol by (TrÄek and Jäppinen, 2009) is a non-deterministic lightweight RFID protocol but it has a problem with the clock synchronization because of timestamp dependencies. This protocol also is not practical for a collection of readers that have different clock settings. Moreover, this scheme also is suffering from scalability problem because the reader has to check all the possible values to find a match of the value that response by the tag.
Another protocol by (Burmester and Munilla, 2009) is a flyweight authentication protocol that uses a synchronized RNG that can be refreshed by reader. This protocol is very good in providing randomness in random number but it is not resistant against impersonation attacks and back-end server needs to store very large pools of random numbers, at least 5 per tag. This will cause scalability issues and the back-end server need to create more (at least two times) lookups in the database per tag. Moreover, this scheme also is vulnerable to man in the middle attack and can create more problems like synchronization issue after being attack by adversary.
Protocol by (Lethonen et al., 2009) is very good in detecting tag cloning but it has a drawback in time-delay for verifying and updating the synchronized secret. The time delay will be more serious in bulk reading where multiple products are scanned at once. The back-end server is using web server that makes the time overhead hard to predict. This scheme also is suffering from scalability issues because a large numbers of synchronized secrets are needed for a large numbers of tagged objects. The usage of synchronized secrets will prevent tag cloning but yet it opens a door for a new Denial of Service (DoS) attack that could make genuine tag to trigger a false alarm even when there are no cloned tags in the system.
Trust
Trust is another security area which needs to be provided for every RFID systems and protocols. There are only a few previous RFID protocols that discuss about trust or trusted computing in their solutions. At present there are a few of the existing RFID protocols that used integrity verification in their system. We (Mubarak et al, 2010) have previously introduced attestation and integrity verification in our RFID protocol.
RFID system with a new architecture has been introduced by (Molnar et al., 2005). This new architecture is about the embedded RFID reader with trusted computing primitives inside it. Their solution has only focused on the RFID reader design with embedded TPM and they have not presented any RFID protocols or how attestation can be implemented in their design.
(Soppera et al., 2007) proposed a trusted RFID reader that has the same approach that was proposed by Molnar. The later stages of this work have been developed within the EU BRIDGE project, where they planned to develop Proof-of-Concept (POC) into a prototype based on a commercially available secure RFID reader.
Privacy
Privacy is also an equally very important area in RFID systems and protocols. In order to protect user privacy and confidential data, RFID tag has to be untraceable to illegal parties. Anonymous authentication protocol by (Armknecht et al., 2010) is based on anonymizer-approach which is very efficient and cost effective but their solution has a problem with system availability and the system is really dependent on anonymizers to always refresh the tag.
(Sadeghi et al., 2009) proposed an anonymizer-enabled RFID system which used anonymizers as special devices that take off the computational workload (the public-key operations) from the tags and enable privacy-preserving protocols with cost-efficient tags. This scheme in general requires an additional protocol between tags and anonymizers that can possibly opens attacking opportunities. This protocol is secure against impersonation attacks and forgeries even if the adversary can corrupt the anonymizers, but the assumption that the anonymizers are always honest to guarantee privacy of the tags could be challenged.
Table 1 summarizes our STP analysis on some of RFID protocols based on factors for evaluating security, trust and privacy.
The STP Analysis of RFID Protocols
Protocol
STP Analysis
Security
Trust
Our proposed solution
√
√
(TrÄek & Jäppinen, 2009)
√
X
(Juels et al., 2003)
√
X
(Mubarak et al., 2010)
√
√
(Soppera et al., 2007)
√
√
(Molnar et al., 2005)
√
√
(Sadeghi et al., 2009)
√
X
(Armknetcht et al., 2010)
√
ï•
(Burmester & Munilla, 2009)
ï•
X
(Lethonen et al., 2009)
√
X
(Dimitriou, 2008)
√
X
(Piramuthu, 2006)
ï•
X
(Lopez at al., 2008)
ï•
X
(Qingling et al., 2008)
√
X
* Notation:
√ - Satisfied, X - Not Satisfied, ï• - Partially Satisfied.
Chapter 3
Methodology
This research is based on combining all the three aspects of security, trust and privacy (STP) of the RFID system. For now, we are considering to utilize a lightweight cryptography which is the modified type of Advanced Encryption Standard (AES) (Feldhofer et al., 2004) or Elliptic Curve Cryptography (ECC) (Hein et al., 2008) for the security solution, Trusted Platform Module (TPM) (Challener et al., 2008) as a tamper proof hardware to provide integrity measurements for trusted platform and finally, we would be proposing a trusted anonymizer for privacy solution.
Research Design
In principle, our proposed solution will be based on overall system architecture, information flow diagram and sequence flow diagram. The RFID system with STP solution will use lightweight based encryption to protect data in motion, TPM to provide trust between interaction platforms as well as to protect data in use and data at rest, and anonymizer to provide privacy-preserving solution for RFID system. The integrity verification of the anonymizer in RFID reader is also included in the proposed solution. The interfacing part of RFID reader with embedded TPM and anonymizer, and back-end server with TPM, and RFID tag will also be included in the design.
Experiment Tools
Our research method flow chart is as shown in Figure 1. The research method is based on experiment approach for our proposed solution will use software implementation in RFID system which includes STP tools. We are planning to build the proposed RFID system including the STP tools would be in the form of an RFID emulator, simulator or devices or with a combination of some other tools. The final proposed design will be done after some thorough study of many possible designs. The design implementation of the proposed solution will only begin after the overall architecture of the proposed STP-based RFID system has been fully established. This includes the required tools that have to be integrated and interoperable within the design.
Data Collection
This experiment will start by inserting the raw data into the RFID with STP tools to get the data collection. Then, data analysis and evaluation would be done to get experiments result. Security, trust and privacy analysis will be done in order to verify the ability of our proposed solution against adversary attacks or any threats.
Experiments results would be discussed and analyzed in order to fulfill the objectives of this research. The proposed STP based RFID solution will be tested and verified. While it is not possible to do comparison with previous RFID systems or protocols (because of its integrated nature), we will find alternative methods to achieve the same aim which is based on STP principles.
Figure Research Methods Flow Chart
Expected Significant Contribution
The main contribution of our proposed solution is the first ever solution to provide a complete combination approach on security, trust and privacy (STP) which are three important elements in order to protect RFID system. Usually, previous RFID systems and protocols handle these three elements differently and almost all of them just try to solve and focusing for one only. Another major contribution of our RFID with STP is also the first ever solution to provide a security protection for data in motion (network level), data at rest (storage level), and also data in use (application level) for RFID system. We provide a lightweight based encryption for the security protection of secret information inside RFID protocol. Integrity checking (attestation) between components in RFID system is for the trust element and data anonymity is for user identity privacy protection in RFID system. One more major contribution is we will prove that our RFID solution would be resistant against impersonation attacks and adversary attacks compare to others related RFID protocols. Another major contribution for our proposed solution is related to the system performance and the efficiency of our RFID protocol compared to others related RFID protocols.
The first minor contribution of our proposed solution is related to system availability whereas it is not able to be provided by almost all of anonymous authentication based RFID system. The second minor contribution is about RFID with STP is not dependents to time compares to other types of RFID system with privacy-preserving solutions. The third minor contribution is about our proposed solution does not need to have multiple numbers of anonymizers to anonymize tags. Previous RFID privacy-preserving solutions are really depended to have multiple numbers of anonymizers to anonymize tags. Another contribution is we prove that our anonymizer to be trusted anonymizer whereas almost all of previous RFID with privacy-preserving solution just assumed anonymizers to be trusted entities. One more contribution which is related to our proposed solution is the integrity verification for every platform of RFID system including the anonymizer.
Schedule for the Research
Years
2011
2012
2013
Activities
JAN
FEB
MAC
APR
MAY
JUN
JUL
AUG
SEP
OCT
NOV
DEC
JAN
FEB
MAC
AAP
MAY
JUN
JUL
AUG
SEP
OCT
NOV
DEC
JAN
FEB
MAC
APR
MAY
JUN
JUL
AUG
SEP
OCT
NOV
(a) Review of Literature
(b) Draft Research Design
(c) Writing a Literature Review paper
(d) Finalize Research Design
(e) Writing Research Proposal
(f) Defence Research Proposal
(g) Experiment tools preparation
(h) Finalize experiment tools
(i) Doing STP experiments using RFID emulator/simulation
(j) Data Analysis (emulator)
(k) Processing results (emulator)
(l) Doing STP experiments using RFID tools/devices
(m) Data Analysis (RFID tools)
(n) Processing results (RFID tools)
(m) Compiled all results
(n) Writing thesis
(o) Submit thesis and ready for viva
Proposed Solution
Our proposed RFID system with Security, Trust and Privacy (STP) covers every system elements from being attacked or traced by adversary. Security solution such as encryption protects data in the communication channels. Trust or integrity verification protects the RFID platforms from being infected by malware or being suffered through masquerade attacks. Privacy-preserving solution for RFID system is to protect user identity and confidential data from being exposed or traceable to illegal entity. Location tracking by illegal party is another privacy issue of RFID system that is also can be protected through our proposed solution.
The proposed RFID System with STP presents a complete security protection for data in motion (network level), data at rest (storage level), and also data in use (application level). RFID with STP gives system security protection via encryption and privacy-preserving protection via anonymous ID through an anonymizer. Furthermore, our proposed solution is more efficient (time independent) as compared to other types of privacy enhanced RFID system which always needs several anonymizers to anonymize the tag (time consuming). Above all the afore mentioned advantages, it also gives trust and integrity verification in the system. An example of RFID with STP solution is as shown in Figure 2.
Figure Proposed RFID Protocol with STP solution
Publications
Mohd Faizal Mubarak, Jamalul-lail Ab Manan, Saadiah Yahya, "A Critical Review on RFID System towards Security, Trust, and Privacy (STP)", 7th International Colloquium on Signal Processing & Its Applications, Penang, Malaysia, 4th-6th March 2011. - IEEE
Mohd Faizal Mubarak, Jamalul-lail Ab Manan, Saadiah Yahya, "A Framework for Trusted Anonymizer based RFID System", 7th International Colloquium on Signal Processing & Its Applications, Penang, Malaysia, 4th-6th March 2011. - IEEE
