Abstract: RFID system, in which we give identification number to each item and detect it with radio frequency, supports more variable service than barcode system can do. For example, a refrigerator with RFID reader and internet connection will automatically notify expiration of food validity to us. But, in spite of its convenience, RFID system has some security threats, because anybody can get ID information of item easily. One of most critical threats is privacy invasion. Existing privacy protection schemes or systems have been proposed, and these schemes or systems defend normal users from attempts that any attacker tries to get information using RFID tag value. But, these systems still have weakness that attacker can get information using analogous value instead of original tag value. In this paper, we mention this type of attack more precisely and suggest 'Tag Broker Model', which can defend it. Tag broker in this model translates original tag value to random value, and user can only get random value. Attacker can not use analogous tag value, because he/she is not able to know original one from it.
Abstract: Recently, the RFID (Radio Frequency
Identification) technology attracts the world market attention as
essential technology for ubiquitous environment. The RFID
market has focused on transponders and reader development.
But that concern has shifted to RFID software like as
high-valued e-business applications, RFID middleware and
related development tools. However, due to the high sensitivity
of data and service transaction within the RFID network,
security consideration must be addressed. In order to guarantee
trusted e-business based on RFID technology, we propose a
security enhanced RFID middleware system. Our proposal is
compliant with EPCglobal ALE (Application Level Events),
which is standard interface for middleware and its clients. We
show how to provide strengthened security and trust by
protecting transported data between middleware and its client,
and stored data in middleware. Moreover, we achieve the
identification and service access control against illegal service
abuse. Our system enables secure RFID middleware service
and trusted e-business service.
Abstract: This paper is about hiding RFID tag identifier (ID)
using handheld device like a cellular phone. By modifying the tag ID
of objects periodically or manually using cellular phone built-in a
RFID reader chip or with a external RFID reader device, we can
prevent other people from gathering the information related with
objects querying information server (like an EPC IS) with a tag ID or
deriving the information from tag ID-s code structure or tracking the
location of the objects and the owner of the objects. In this paper, we
use a cryptographic algorithm for modification and restoring of RFID
tag ID, and for one original tag ID, there are several different
temporary tag ID, periodically.
Abstract: Electronic seal is an electronic device to check the
authenticity and integrity of freight containers at the point of arrival.
While RFID-based eSeals are gaining more acceptances and there are
also some standardization processes for these devices, a recent
research revealed that the current RFID-based eSeals are vulnerable to
various attacks. In this paper, we provide a feasible solution to
enhance the security of active RFID-based eSeals. Our approach is to
use an authentication and key agreement protocol between eSeal and
reader device, enabling data encryption and integrity check. Our
protocol is based on the use of block cipher AES, which is reasonable
since a block cipher can also be used for many other security purposes
including data encryption and pseudo-random number generation. Our
protocol is very simple, and it is applicable to low-end active RFID
eSeals.