Tag Broker Model for Protecting Privacy in RFID Environment

RFID system, in which we give identification number to each item and detect it with radio frequency, supports more variable service than barcode system can do. For example, a refrigerator with RFID reader and internet connection will automatically notify expiration of food validity to us. But, in spite of its convenience, RFID system has some security threats, because anybody can get ID information of item easily. One of most critical threats is privacy invasion. Existing privacy protection schemes or systems have been proposed, and these schemes or systems defend normal users from attempts that any attacker tries to get information using RFID tag value. But, these systems still have weakness that attacker can get information using analogous value instead of original tag value. In this paper, we mention this type of attack more precisely and suggest 'Tag Broker Model', which can defend it. Tag broker in this model translates original tag value to random value, and user can only get random value. Attacker can not use analogous tag value, because he/she is not able to know original one from it.

Implementation of TinyHash based on Hash Algorithm for Sensor Network

In recent years, it has been proposed security architecture for sensor network.[2][4]. One of these, TinySec by Chris Kalof, Naveen Sastry, David Wagner had proposed Link layer security architecture, considering some problems of sensor network. (i.e : energy, bandwidth, computation capability,etc). The TinySec employs CBC_mode of encryption and CBC-MAC for authentication based on SkipJack Block Cipher. Currently, This TinySec is incorporated in the TinyOS for sensor network security. This paper introduces TinyHash based on general hash algorithm. TinyHash is the module in order to replace parts of authentication and integrity in the TinySec. it implies that apply hash algorithm on TinySec architecture. For compatibility about TinySec, Components in TinyHash is constructed as similar structure of TinySec. And TinyHash implements the HMAC component for authentication and the Digest component for integrity of messages. Additionally, we define the some interfaces for service associated with hash algorithm.

Anti-Counterfeiting Solution Employing Mobile RFID Environment

EPC Class-1 Generation-2 UHF tags, one of Radio frequency identification or RFID tag types, is expected that most companies are planning to use it in the supply chain in the short term and in consumer packaging in the long term due to its inexpensive cost. Because of the very cost, however, its resources are extremely scarce and it is hard to have any valuable security algorithms in it. It causes security vulnerabilities, in particular cloning the tags for counterfeits. In this paper, we propose a product authentication solution for anti-counterfeiting at application level in the supply chain and mobile RFID environment. It aims to become aware of distribution of spurious products with fake RFID tags and to provide a product authentication service to general consumers with mobile RFID devices like mobile phone or PDA which has a mobile RFID reader. We will discuss anti-counterfeiting mechanisms which are required to our proposed solution and address requirements that the mechanisms should have.

Security Enhanced RFID Middleware System

Recently, the RFID (Radio Frequency Identification) technology attracts the world market attention as essential technology for ubiquitous environment. The RFID market has focused on transponders and reader development. But that concern has shifted to RFID software like as high-valued e-business applications, RFID middleware and related development tools. However, due to the high sensitivity of data and service transaction within the RFID network, security consideration must be addressed. In order to guarantee trusted e-business based on RFID technology, we propose a security enhanced RFID middleware system. Our proposal is compliant with EPCglobal ALE (Application Level Events), which is standard interface for middleware and its clients. We show how to provide strengthened security and trust by protecting transported data between middleware and its client, and stored data in middleware. Moreover, we achieve the identification and service access control against illegal service abuse. Our system enables secure RFID middleware service and trusted e-business service.

A Study on RFID Privacy Mechanism using Mobile Phone

This paper is about hiding RFID tag identifier (ID) using handheld device like a cellular phone. By modifying the tag ID of objects periodically or manually using cellular phone built-in a RFID reader chip or with a external RFID reader device, we can prevent other people from gathering the information related with objects querying information server (like an EPC IS) with a tag ID or deriving the information from tag ID-s code structure or tracking the location of the objects and the owner of the objects. In this paper, we use a cryptographic algorithm for modification and restoring of RFID tag ID, and for one original tag ID, there are several different temporary tag ID, periodically.

Design of an Authentication Protocol for Secure Electronic Seals

Electronic seal is an electronic device to check the authenticity and integrity of freight containers at the point of arrival. While RFID-based eSeals are gaining more acceptances and there are also some standardization processes for these devices, a recent research revealed that the current RFID-based eSeals are vulnerable to various attacks. In this paper, we provide a feasible solution to enhance the security of active RFID-based eSeals. Our approach is to use an authentication and key agreement protocol between eSeal and reader device, enabling data encryption and integrity check. Our protocol is based on the use of block cipher AES, which is reasonable since a block cipher can also be used for many other security purposes including data encryption and pseudo-random number generation. Our protocol is very simple, and it is applicable to low-end active RFID eSeals.