RFID is the abbreviation of “Radio Frequency Identification”. This system is
composed of readers, RFID tags and a backend database. In the connection, the reader first launches radio waves and touches the RFID tag within the induced range. Then information can be exchanged after the communication being established. The reader first sends electromagnetic wave to the tag, which produces electric current through induction. Therefore the tag is able to compute and send a responding electromagnetic wave back to the reader. Then the reader sends the messages to the backend database.
The composition of RFID can be roughly divided into three parts:
(1)Reader:
A reader is an interrogator in RFID system. It can induce and recognize a tag via radio wave, and send the information from the tag back to the database through
wireless communication.
(2) Database:
The database management can receive the information from the reader, and take corresponding actions according to the tag, which is automatic, safe and immediate.
(3) Tag:
A tag is composed of some analog, digital and memory chips and antennae designed according to the frequency. Chips are used for computation and storage. Antennae are used for receiving radio waves. Furthermore, according to the power supply, tags can be classified into three types: active, semi-passive, and passive. Details will be introduced later in this chapter.
1.1.2 RFID Applications
The earliest application of RFID can be traced back to World War II. RFID was invented by British army to distinguish the airplanes which entered British air space.
It was called “Identification of Friend or Foe”. As the time changes and the evolution
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
of technology sprouts, recently, Radio Frequency Identification technique is getting more and more mature, making RFID application system develop vigorously. The applications of RFID are, for example, storing management, entrance guard control, and animal monitoring, etc. Since RFID tags are used in many kinds of applications, it is desired to have RFID communication protocols that are secure and efficient.
RFID can replace contact of bar-code. Furthermore, RFID is better than Bar-code no matter in applied mobility, data security or reading speed. RFID makes the whole identifying procedure automatic, and promotes commerce working efficiency. The main difference between RFID and Bar- code is that Bar- code can only record simple information of products, and read data by infrared ray contact scanning. Moreover, the mobility of Bar- code is not as good as RFID, because of its read-only property.
Besides, Bar- code requires the target aimed during the identification, and it is damaged easily. In the reading process, it is not efficient because of that only one bar-code can be read once a time. RFID performs betters. A reader of an RFID system is a contactless device. It can update information in wireless environment.
Furthermore, it is reusable, and it can read many tags at the same time. Unlike Bar- code, RFID promotes efficiency of data transformation.
The following table shows the comparison of RFID and Bar-code.
[Table 1.1] The comparison table of RFID and traditional Bar-code
1.1.3 RFID Classifications
According to the difference of power supply to tags, they can be divided into three types, which are passive, semi-passive and active.
‧
Passive tags have no power supply inside. Through the electromagnetic waves received, the internal integrated circuits can produce energy to compute. These electromagnetic waves are launched by an RFID reader. When tags receive signals which have enough intensity, it sends out data to the reader. Passive RFID tag is mainly used because of its low price, small volume, and there is no need to supply power for it.
(2) Semi-passive [20]:
The standard of Semi- passive is similar to that of Passive. The difference between them is that Semi- passive has a smaller battery, and the power of its battery is just enough to activate the internal IC of the tag. Even if the IC of the tag receives a weak signal from the reader, it still has enough power to send the data back to the reader.
The advantage of Semi- passive is that the internal antenna of the Semi- passive tag will not stop its tasks when the signals of electromagnetic wave are weak, and it also has enough power to send the signals back and forth. Furthermore, when compared with a Passive tag, the reaction speed of the Semi- passive is faster. In addition, it can transmit a longer distance and possesses better efficiency when communicating to the reader.
(3) Active [7][14][18]:
An active tag is different from the two types of tags mentioned above. Active tags have their own power supply and can provide power to the internal IC to produce external signals. So, Active tag has longer reading distance as well as longer signal transmission distance. Also, it has larger memory capacity to store additional data received from the reader. The difference between Active and Semi- passive tag is that as far as the internal power is concerned, an Active tag can transmit memory data to the reader actively. However, Passive and Semi- passive tags can only wait for the reader to send out electromagnetic signals, and then carry out communication protocol.
Since our interest is to design of a secure authentication protocol in
ultra-lightweight RFID systems where only passive tags are used, through this thesis, we will focus on the passive tags. The definition of ultra-lightweight will be
introduced in detail in Chapter 2.
‧
Because the communication environment of RFID is open and insecure, the communication channel between the reader and the tag is easily damaged, and it might cause paralysis of the tag. Even worse, the personal data may be stolen by eavesdropping. On the other hand, to deal with the practical needs, RFID system is anticipated to provide readers with massive reading and writing ability, and provide tags with low cost and massive production. The article from M. Ohkubo shows that the production cost is taken into consideration among the tags in market [15]. The cost of each tag should be less than 5 cents. Under this requirement, the computing abilities limited. Apart from privacy and security, computing ability of tags is also a considerable factor. So, when designing a communication protocol, tags are not required to do complicated calculation such as the computation of MD5 or SHA-1 hash function [17]. Under the limited cost, encryption schemes cannot be used in this low cost RFID communication protocol.
The other problem is the privacy protection of user. Users’ privacy can be divided into information privacy and location privacy. In order to protect these two types of
privacy, the output of RFID tags should be encrypted and change dynamically. If the output of tags are not encrypted (using the ID of the tag directly), the attackers may track and obtain the identity of the holder. If the ID of tag remains unchanged in each connection, attackers can identify the holders of the tags by long-term observation and recording the output signals of the tags.
Therefore, a secure RFID communication protocol should satisfy security demands below and resist known attacks [2][5][8][9][10][11][13]. (In the next chapter we will explain in detail.)
(1)Mutual authentication and data integrity (2)Tag anonymity and resistance to tracking (3)Data confidentiality
‧
1.3 Research Purpose and Contribution
Many researchers have continually brought up communication protocol aimed at tags with the lowest cost (also called ultra-lightweight, we will introduce the
categorization of the communication protocols in the next chapter), but there are still some security problems or weakness in the design of the communication protocol.
Therefore, this thesis will provide some methods to alleviate the problems above, and redesign an Ultra-lightweight RFID communication protocol based on physical uncolonable function.
In order to solve the problems of privacy and low cost, López et al. proposed a series of ultra-lightweight communication protocols in 2006, --- M2AP, LMAP, and EMAP, also known as UMAP Family (Ultra-ultra-lightweight Mutual Authentication
Protocols family)[9][8][10], in hope to prevent illegal RFID reader from gaining the information of the tag. UMAP Family contains three main phases: Tag Identification phase, Mutual Authentication phase and Pseudo ID and Key Updating phase.
However, in 2007, Li and Wang [12] listed the weaknesses of UMAP Family separately, explaining that UMAP cannot resist synchronous destruction attack, tracing attack, and does not possess forward security. After UMAP Family, the most representative ultra-lightweight RFID communication protocol is SASI (Strong Authentication and Strong Integrity) [2], which was proposed by researcher Chien. He provided a great idea for ultra-lightweight RFID communication protocol. However, through many researches, we have known that SASI still possesses a few security problems [3]. For example, forward insecurity and vulnerability to resend attack and synchronous destruction attack.
Through this method we can indeed prevent illegal readers from getting the
information of the tags, but the tags designed by the communication protocol above can easily get physically analytically cloned. So, to avoid physical cloning attack, R.
Bassil’s article provided an ultra-lightweight RFID communication protocol based on PUF (physically unclonable functions) [1]. However, the reader and the tags of this protocol will be DOS (denied of services) attacked. The purpose of this thesis is that the design of ultra-lightweight RFID communication protocol should have high security and privacy protection for the user of the tags. Besides, this communication protocol should comply with the hardware limitation of ultra-lightweight tags, and resist attacks from physically analytical clone. This thesis provides an
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
ultra-lightweight RFID communication protocol based on PUF structure and improves the protocol proposed by R. Bassil.
1.4 Overview
Chapter 1
The introduction to this thesis includes research motivation, research purpose, contribution of research, the summary of each chapter, and relative backgrounds.
Chapter 2
Introduction to RFID communication protocol, the categorization of tags, its security and privacy needs.
Chapter 3
Introduction to relative research on ultra-lightweight RFID communication protocol This section begins with a series of introductions to UMAP family communication protocols, and then introduces the SASI communication protocol and makes a description of the security problems of UMAP and SASI communication protocol.
Chapter4
To solve physically analytic cloning that even the communication protocols above cannot conquer, we have to use physical unclonable function. This chapter gives the operation examples, purpose, and characteristics of physical unclonable function. And then we will introduce PUMAP, brought up by R.Bassil, which is based on PUF, and explain the existing security problems.
Chapter 5
We improve PUMAP to conquer the original security problems, and describe the security analysis of our protocol.
Chapter 6
Conclusions of this thesis, findings and the contribution of research.