What security issues may arise with RFID systems?

      In recent years, RFID technology and applications have grown rapidly worldwide. The concept of "Internet of Things" is considered to be one of the most promising important industries and application technologies in this century. The market prospect is of concern to all major information technology countries, and many countries have developed it as an important industrial strategy and national strategy.       At present, RFID technology has been widely used in logistics and warehousing, manufacturing, book management, pharmaceutical production, patient care, environmental awareness, and check security.               However, due to the high cost and some security risks, it is difficult to apply to critical tasks and hinder the application of RFID systems. Therefore, it is necessary to study the security processing strategies of RFID systems and improve RFID through effective security authentication and access mechanisms. The overall security of the system.

      1 Security risks and attacks in RFID systems

      The potential security risks and attacks in RFID systems are as follows:

        Eavesdropping: The communication between the tag and the reader is received, causing information leakage;

        Non-forward security: The attacker can infer the information sent by the previous tag based on the output of the tag intercepted in a certain communication;

        Location tracking: By analyzing the fixed messages sent by the RFID tags, determine the location of the tags and track them;

       Illegal reading: The attacker uses an unauthorized reader to communicate with the tag, causing the information in the tag to be leaked, modified, and deleted;

       Pretending to deceive: Put the intercepted real tag information into fake tags, disguise as legitimate tags, to pass the authentication of the reader;

       Cloning: When the RFID-related standards are formulated, the attacker creates a tag circuit based on the information in the standard, so that the reader cannot judge the authenticity;

       Denial of service (DOS) attack: Man-made signal interference prevents legitimate devices from operating tag data normally;

       Replay: When the reader sends an authentication message, the attacker intercepts the response message sent by the tag. When the reader performs the next authentication request, the intercepted tag information is sent to the reader, so as to achieve the purpose of continuing the following operations;

Forgery: Attackers forge information to be transmitted on the network; illegal modification and access of databases, and data in the back-end database is unauthorizedly changed, deleted, replaced, and accessed.

      2 Methods used to implement RFID security mechanisms

      The current methods used to implement RFID security mechanisms can be roughly divided into three types: based on physical security mechanisms, based on password technology, and tag authentication mechanisms.

      1) Security mechanism based on password technology-generally divided into two categories: static ID mechanism and dynamic ID refresh mechanism. Among the security policies based on cryptographic technology, the design of the RFID security protocol based on the Hash function is more practical, because the Hash function is very suitable for the RFID authentication protocol, whether it is implemented from security requirements or from low-cost RFID tags. At present, there have been various RFID security protocols such as Hash-Lock protocol, randomized Hash-Lock protocol, Hash chain protocol, and hash-based ID change protocol, but these protocols cannot resist retransmission and counterfeit attacks, and database synchronization also exists. Potential security hazards [1]; Literature [2] proposed the use of a low-cost hash chain mechanism to update secret label information and provide forward security, the purpose of which is to ensure its privacy, but it cannot avoid replay attacks; Reference [3] relies on a one-way hash function to prevent tag tracking attacks. In this solution, a tag response is used to update the stored value after successful verification, but it does not provide anti-tracking and forward security mechanisms; Hash-based ID Changing the protocol can make the ID exchange information in each conversation different, so it can resist retransmission attacks, but the tag can only update its information after receiving the message, and after the verification is passed, this protocol does not It is not suitable for the computing environment of distributed databases, and the protocol also has potential security risks of database synchronization. Without any hash function, a pseudo random number used to protect the confidentiality of the information, this method can resist cloning and eavesdropping, but the protocol requires additional storage tags, and a communication overhead, which limits its applicability.

      2) physical security mechanism-is to use physical methods to protect the security of the label. Commonly used are the Kill tag mechanism, Faraday cage (static shielding method), active interference and blocking tag methods, etc. The use of these physical security mechanisms adds additional physical equipment and has more limitations. EPCGen2's RFID tags now support pseudo-random number generator (PRNG) and cyclic redundancy code (CRC) checks, but no hash function is provided. [3] Although an authentication protocol conforming to the EPCGen2 standard was proposed, the authentication message sent by the tag to the reader did not include the random value of the reader, which was vulnerable to message replay attacks, and the attacker could eavesdrop on the message. Send a session end message to the reader, making the reader data and the corresponding tag data asynchronous.

      3) Tag-based authentication method-this method can effectively improve the security strength. David's digital library RFID protocol, distributed RFID challenge response protocol, LCAP protocol, and re-encryption mechanism all belong to this authentication method. The first two methods are effective in preventing eavesdropping, spoofing, and location tracking, but both require the support of a certain tag circuit, and they are not able to resist denial of service attacks. [5] proposed the YA-YRAP protocol. The protocol uses timestamps, which reduces complexity, but makes tags more vulnerable to denial of service attacks. [6] proposed low-cost HB protocols and HB + protocols, which limited attackers to only passive attacks in the HB protocol. In the HB + protocol, the attacker can not only perform active attacks but also passive attacks, but the active attacks in the HB + protocol are not very secure; the security protocol in [7] uses Hash technology, which uses a label identification (ID). As a shared secret, the tag can change the corresponding morning counter data and output data only after the mutual authentication between the tag and the reader is completed. The problem with this protocol is that the database and tag updates are not synchronized, and it is also vulnerable to denial of service attacks.

      3 Conclusion

      To sum up, the previous schemes still have some problems in preventing tampering with the tag data, ensuring its integrity, identifying clone tags, preventing counterfeit attacks, denial of service attacks, and data out of sync. To solve the security hazards in the RFID system, we can base on the subject and object authentication in the RFID system, and perform security analysis on the authentication protocols. We are committed to finding out the security flaws in these protocols and proposing new solutions.

If you want to know more, our website has product specifications for the RFID, you can go to ALLICDATA ELECTRONICS LIMITED to get more information