Desing and Implementation of a Security Layer for RFID Systems

 

V. Alarcon-Aquino¹, M. Domínguez-Jiménez, C. Ohms²

 

Department of Computing, Electronics, and Mechatronics Universidad de las Américas Puebla Cholula, Puebla, MEXICO vicente.alarcon@udlap.mx

¹ Department of Information Technology and Electronics Fachhochschule Kiel Kiel, GERMANY

 

ABSTRACT

RFID (Radio Frequency Identification) is a technology whose employment will certainly grow in the following years. It is therefore necessary to consider the security issues that come out from the implementation of that type of systems. In this paper we present an approach to solve the security problems in RFID systems by designing a naive security layer based on authentication and encryption algorithms. The authentication mechanism is the mutual authentication based on a three-way handshaking model, which authenticates both the reader and the tag in the communication protocol. The cipher algorithm based on a symmetric-key cryptosystem is RC4 implemented in a proposed modification to the existing WEP protocol to make it more secure in terms of message privacy. The proposed approach is implemented using VHDL in FPGAs communicated through RF transceivers. The results show that the security layer is simple enough to be implemented in a low-price RFID tag.

Keywords: RFID, security layer, encryption, authentication, FPGA, WEP, RC4.

 

DESCARGAR ARTÍCULO EN FORMATO PDF

 

REFERENCES

[1] Weis, A. S., Security and Privacy in Radio-Frequency Identification Devices, Master Thesis. MIT, 2003.         [ Links ]

[2] Garfinkel, S., A. Juels and R. Pappu., RFID Privacy: An Overview of Problems and Proposed Solutions, IEEE Security & Privacy. May/June 2005, pp. 34-43        [ Links ]

[3] Landt, J., The History of RFID, IEEE Potentials, October/November, 2005, pp. 8-11        [ Links ]

[4] Feldhofer, M., A Proposal for an Authentication Protocol in a Security Layer for RFID Smart Tags, Institute for Applied Information Processing and Communications -Graz University of Technology, Austria. February 2004.         [ Links ]

[5] Juels, A, RFID Security and Privacy: A Research Survey, IEEE Journal on Selected Areas in Communications, Vol. 24, Issue 2, , February 2006, pp. 381-394        [ Links ]

[6] Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., and Ribagorda, A., RFID Systems: A Survey on Security Threats and Proposed Solutions, in 11th IFIP International Conference on Personal Wireless Communications – PWC06, LNCS 4217, Springer, 2006, pp. 159-170        [ Links ]

[7] Rotter, P., A Framework for Assessing RFID System Security and Privacy Risks, IEEE Pervasive Computing, Vol. 7, No. 2, April-June 2008, pp. 70-77        [ Links ]

[8] Hassan, H. R., and Challal, Y., Enhanced WEP: An Efficient Solution to WEP Threats, IEEE 2nd IFIP International Conference on Wireless and Optical Communications Networks, WOCN 2005, March 2005, pp. 594-599        [ Links ]

[9] Purandare, D. S., Enhancing Message Privacy in WEP, Master Thesis, Department of Computer Science, University of Central Florida, USA, 2005.         [ Links ]

[10] Finkenzeller, K., RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd. ed. Trad. Rachel Waddington. West Sussex: John Wiley & Sons Ltd., 2003.         [ Links ]

[11] Oppliger, R., Authentication Systems for Secure Networks. Massachusetts: Artech House, 1996.         [ Links ]

[12] Muftic, S., Security Mechanisms for Computer Networks. West Sussex: Ellis Horwood Limited, 1989.         [ Links ]

[13] Purser, M., Secure Data Networking. Massachusetts: Artech House, 1996.         [ Links ]

[14] Fúster, A., Técnicas Criptográficas de Protección de Datos, 2nd. ed. Mexico: Alfaomega, 2001.         [ Links ]

[15] Stinson, D., Cryptography - Theory and Practice, Chapman & HALL/CRC, 2002.         [ Links ]

[16] Myers, J., RFC 2222: Simple Authentication and Security Layer (SASL), October 1997. Status: Proposed Standard. Updated by RFC2444.         [ Links ]

[17] L. R. Knudsen, W. Meier., B. Preneel., V. Rijmen and S. Verdoolaege, Analysis Methods for (Alleged) RC4, LNCS 1514, Springer-Verlag, Berlin, Germany, ASIACRYPT 1998, pp. 327-341.         [ Links ]

[18] Kitsos, P., Kostopoulos, G., Sklavos, N., Koufopavlou, O. Hardware Implementation of the RC4 Stream Cipher, in Proceedings of the 46th IEEE International Midwest Symposium on Circuits and Systems, MWSCAS 03, Vol. 3, December, 2003, pp. 1363-1366.         [ Links ]

[19] Hämäläinen, P., Hännikäinen, M., Hämäläinen, T., Saarinen, J., Hardware Implementation of the Improved WEP and RC4 Encryption Algorithm for Wireless Terminals, the European Signal Processing Conference (EUSIPCO 2000), 2000.         [ Links ]

[20] Galanis, M., Kitsos, P., Kostopoulos, G., Sklavos, N., Goutis, C., Comparison of the Hardware Implementation of Stream Ciphers, The International Arab Journal of Information Technology, Vol. 2, No. 4, October 2005, pp. 267-274.         [ Links ]