Abstract: RFID system, in which we give identification number to each item and detect it with radio frequency, supports more variable service than barcode system can do. For example, a refrigerator with RFID reader and internet connection will automatically notify expiration of food validity to us. But, in spite of its convenience, RFID system has some security threats, because anybody can get ID information of item easily. One of most critical threats is privacy invasion. Existing privacy protection schemes or systems have been proposed, and these schemes or systems defend normal users from attempts that any attacker tries to get information using RFID tag value. But, these systems still have weakness that attacker can get information using analogous value instead of original tag value. In this paper, we mention this type of attack more precisely and suggest 'Tag Broker Model', which can defend it. Tag broker in this model translates original tag value to random value, and user can only get random value. Attacker can not use analogous tag value, because he/she is not able to know original one from it.
Abstract: In recent years, it has been proposed security
architecture for sensor network.[2][4]. One of these, TinySec by Chris
Kalof, Naveen Sastry, David Wagner had proposed Link layer security
architecture, considering some problems of sensor network. (i.e :
energy, bandwidth, computation capability,etc). The TinySec employs
CBC_mode of encryption and CBC-MAC for authentication based on
SkipJack Block Cipher. Currently, This TinySec is incorporated in the
TinyOS for sensor network security.
This paper introduces TinyHash based on general hash algorithm.
TinyHash is the module in order to replace parts of authentication and
integrity in the TinySec. it implies that apply hash algorithm on
TinySec architecture. For compatibility about TinySec, Components
in TinyHash is constructed as similar structure of TinySec. And
TinyHash implements the HMAC component for authentication and
the Digest component for integrity of messages. Additionally, we
define the some interfaces for service associated with hash algorithm.
Abstract: EPC Class-1 Generation-2 UHF tags, one of Radio
frequency identification or RFID tag types, is expected that most
companies are planning to use it in the supply chain in the short term
and in consumer packaging in the long term due to its inexpensive
cost. Because of the very cost, however, its resources are extremely
scarce and it is hard to have any valuable security algorithms in it. It
causes security vulnerabilities, in particular cloning the tags for
counterfeits. In this paper, we propose a product authentication
solution for anti-counterfeiting at application level in the supply chain
and mobile RFID environment. It aims to become aware of
distribution of spurious products with fake RFID tags and to provide a
product authentication service to general consumers with mobile
RFID devices like mobile phone or PDA which has a mobile RFID
reader. We will discuss anti-counterfeiting mechanisms which are
required to our proposed solution and address requirements that the
mechanisms should have.
Abstract: Recently, the RFID (Radio Frequency
Identification) technology attracts the world market attention as
essential technology for ubiquitous environment. The RFID
market has focused on transponders and reader development.
But that concern has shifted to RFID software like as
high-valued e-business applications, RFID middleware and
related development tools. However, due to the high sensitivity
of data and service transaction within the RFID network,
security consideration must be addressed. In order to guarantee
trusted e-business based on RFID technology, we propose a
security enhanced RFID middleware system. Our proposal is
compliant with EPCglobal ALE (Application Level Events),
which is standard interface for middleware and its clients. We
show how to provide strengthened security and trust by
protecting transported data between middleware and its client,
and stored data in middleware. Moreover, we achieve the
identification and service access control against illegal service
abuse. Our system enables secure RFID middleware service
and trusted e-business service.
Abstract: This paper is about hiding RFID tag identifier (ID)
using handheld device like a cellular phone. By modifying the tag ID
of objects periodically or manually using cellular phone built-in a
RFID reader chip or with a external RFID reader device, we can
prevent other people from gathering the information related with
objects querying information server (like an EPC IS) with a tag ID or
deriving the information from tag ID-s code structure or tracking the
location of the objects and the owner of the objects. In this paper, we
use a cryptographic algorithm for modification and restoring of RFID
tag ID, and for one original tag ID, there are several different
temporary tag ID, periodically.
Abstract: Electronic seal is an electronic device to check the
authenticity and integrity of freight containers at the point of arrival.
While RFID-based eSeals are gaining more acceptances and there are
also some standardization processes for these devices, a recent
research revealed that the current RFID-based eSeals are vulnerable to
various attacks. In this paper, we provide a feasible solution to
enhance the security of active RFID-based eSeals. Our approach is to
use an authentication and key agreement protocol between eSeal and
reader device, enabling data encryption and integrity check. Our
protocol is based on the use of block cipher AES, which is reasonable
since a block cipher can also be used for many other security purposes
including data encryption and pseudo-random number generation. Our
protocol is very simple, and it is applicable to low-end active RFID
eSeals.