Secure Active RFID Tag System

Download PDF
45 downloads 0 Views 187KB Size Report
Comment
place away by an uncertain party. The party can easily perceive the existence of the user who has ... the battery life to be equal with a conventional active tag.
Secure Active RFID Tag System Isamu Yamada1, Shinichi Shiotsu1, Akira Itasaki2, Satoshi Inano1, Kouichi Yasaki2, and Masahiko Takenaka2 1 Fujitsu Laboratories Ltd. 64 Nishiwaki, Ohkubo-cho, Akashi 674-8555, JAPAN {yamada.isamu, sshiotsu, inano}@jp.fujitsu.com http://www.fujitsu.com/global/ 2 Fujitsu Limited. 64 Nishiwaki, Ohkubo-cho, Akashi 674-8555, JAPAN {itasaki.akira,yasaki.kouichi, ma}@jp.fujitsu.com http://www.fujitsu.com/global/

Abstract. Recently, Radio Frequency Identification (RFID) tags are examined for various usages. Active type of tags which incorporates a battery is being applied to a person to detect the person’s position. Usually, the active tag always widely transmits ID at constant intervals. Therefore, there is a security issue that the radio signal is easily observed from a place away by an uncertain party. The party can easily perceive the existence of the user who has the tag. We report here that we designed a new active RFID tag system that solves such a security issue.

1 Introduction The Radio Frequency Identification (RFID) tag can be roughly classified into passive and active types of tags. The passive tag does not incorporate a battery and responds with the energy provided by a reader/writer. Communication range is short, but the cost is low. This type of tags are expected to be applied to improve efficiencies in the area of the cash register, picking work at a delivery center, inventory control, and distribution/traceability. Active tag’s communication range is long, but coverage of application is limited because of its high-cost. Both passive and active types of tags are being applied to various areas for their best use case[1]. Regarding the active tag, the some trials have been started providing various services to the user. There are, for example, a monitoring system for school children who commute to and from school[2,3], an integrated information support system for exhibitions in EXPO2005 AICHI JAPAN[4], and a PC locking system with utilizing the active RFID tag[5]. When the user who has a tag approaches to the reader, the reader detects the tag signal. A tag ID corresponded to the person can be extracted from the tag signal. As a result, the position of the user near to the reader is recognized, and appropriate service comes to be provided, even though the user doesn’t consider anything. However, security issues have been pointed out against these trials[6,7]. A security enhanced active tag is proposed[8], but we think that is not an essential solution. Most important issue on security for active tag is that the conventional active tag is always broadcasting IDs as a radio signal. The user with the active tag is publicly exposed while always sending the radio signal

-1-

Ubicomp2005 Workshops

saying ”I am here”. The radio signal is being easily observed and being pursued with a cheap reader. The authors think that the active tag will not be widely deployed unless and until such a security issue is solved.

2 System method

2.1 Comparison between conventional active RFID and proposed one Table 1 shows the classification of the tags. The communication range of the conventional active tag can be longer compared with a passive tag because it incorporates a battery. In case of applying the conventional active tag, the applied area should be limited in a safe area because it has a security issue. In case of a passive tag, it sends a radio signal only when it is inquired by the reader/writer. Therefore, no unnecessary radio signal is transmitted. However, it responds basically even though the reader/writer is not right one. So, there is a risk that the ID is being read from a place away. If the tag of 13.56MHz is used, the risk is low because the communication range is around 70cm with a large-scale antenna. In case of the UHF tag, the risk is more serious because it has a longer communication range about 3-7m. The communication range becomes longer, the convenience in operation improves. But if it is applied to a person, the risk would become non-negligible. We propose a method to solve these issues. It characterizes in having higher security strength than the passive tag, while maintaining the communication range and the battery life to be equal with a conventional active tag. Table 1. Classification of RFID tags Items

Passive RFID tag

Active RFID tag (Con.)

Active RFID tag (new)

Comm. Range

70cm/ 3m - 7m

more than 10m

around 10m

Battery life

(no battery)

around 1 year

around 1 year

Security

weak

N/A, or weak

strong

Cost

less than $1

less than $10

around $10

Application

distribution/ inventory control of goods.

tracking person (restricted area)

tracking person (no restriction)

2.2 Security requirements for new active tag The issues on the security for a conventional active tag are listed below. A) Radio signal from the active tag can be easily monitored by a cheap reader. Under the current situation in which the active tag is not widely deployed, transmitting radio signal itself becomes a threat. B) The ID is tapped. Pursuing the behavior of the user who has the active tag becomes possible by tapping ID transmitted from the active tag.

-2-

Ubicomp2005 Workshops

C)

Replay attack is being done by spoofing. It is possible to spoof as the user by capturing the radio signal and resending the captured signal to the reader.

2.3 Attestation process for new active RFID tag Fig. 1 shows the attestation process between the reader/writer and the tag. Both the reader/writer(or its server) and the tag safely manage the secret information (key, time, SysID, and TagID).

(i) ID request command is encrypted, and sent. Reader/Writer (ii)

RFID Tag

The encrypted radio signal

(iii) The command is attested.

OK!

NG!

(vii) The response is attested. (vi) (iv) TagID is encrypted, and responded (v) STOP! Do not respond.

Fig. 1. Flow of the attestation process (i) (ii) (iii)

(iv) (v) (vi) (vii)

3

The reader/writer encrypts the ID inquiring command with the time and the SysID by using the common key, and transmits the encrypted command. A radio signal sent from the reader/writer varies every time because the time data is included in the encrypted command. The attestation process is executed in the tag. After the decryption process, the tag checks if the time difference between the time from the reader/writer and the time clocked in the tag is below the prescribed value, and the decrypted SysID concretely agrees to the sysID data stored in the tag. If both are okay, it is judged that the reader/writer is attested. If attested, the tag encrypts TagID with the time data and responds. If not attested, the tag stops processing. This solves issue A). The response from the tag also varies every time because of the time data. This solves issue B). The attestation process is executed in the reader/writer. After the decryption process, the reader/writer side checks if the time difference between the time from the tag and the time clocked in the reader/writer side is below the prescribed value. If so, it is judged that the tag is attested. This solves issue C).

Prototype System

To verify the proposed method, we made a prototype. See Fig. 2 and Fig.3. Their radio frequency is 315MHz, and the transmission power is below 500uV/m@3m. In the reader/writer, the frequency for receiving and transmitting is different, and it has independent receiver and transmitter. The transmitter repeats only the transmission, and the

-3-

Ubicomp2005 Workshops

receiver repeats only the receiving. This configuration enables intermittent operation at the tag side. The purpose of two receiver system is to improve receiving sensitivity. A pair of two transmitter antennas improves signal quality at the tag side. The timing for receiving and transmitting is divided in the tag, so it has only one antenna and one combined transceiver and receiver in the tag. Box (right) Transmitter System server

f1

Box (left) RV Main receiver Controller

Client terminal

f2

TR

Controller

Secure active tag

Sub receiver

Reader/writer

Fig. 2. System configuration of the reader/writer and the tag. The system is under development. However, we could achieve that communication range of 10m, and battery life of 10.6 months with CR2032 battery at 1.4 seconds intermittent.

Antenna

Receiver antennas

Transmitter antennas

Reader/ write prototype

Secure active tag prototype

Fig. 3. Photographs of a reader/writer prototype and an active tag prototype

4

Summary

We introduced a new active tag method and a prototype system which strengthen the security. This system solves the serious security issue that was critical in the conventional active tag. Moreover, the prototype system achieved practicable battery life. We think the most important hurdle for commercialization was cleared. Hereafter, we think about the design of the entire system for practical use and application to various usages in the future.

-4-

Ubicomp2005 Workshops

References 1. 2. 3. 4. 5. 6. 7. 8.

RFID journal, http://www.rfidjournal.com/ http://pr.fujitsu.com/jp/news/2004/09/27-1.html(in Japanese) http://headlines.yahoo.co.jp/hl?a=20050402-00000000-san-bus_all http://techon.nikkeibp.co.jp/article/NEWS/20050131/101257/(in Japanese) http://www.cnes.co.jp/business/press/20050127.html(In Japanese) PCWeb, http://pcweb.mycom.co.jp/articles/2005/01/01/takagi/003.html EPIC, http://www.epic.org/privacy/rfid/brittan-letter.pdf S. Kinoshita, et. al., “Privacy Enhanced Active RFID Tag", 1st International Workshop on exploiting context histories in smart environments, Germany, May/11/2005

-5-

Ubicomp2005 Workshops