- Introduction and Motivation
Radio Frequency Identification (RFID) is a technology that automatically recognizes objects and people, as a supplement or alternative to traditional barcode technology to automatically identify, track, and trace items. RFID can be seen as a means of clearly marking objects to facilitate the perception of computing devices.
The RFID system consists of two core components, the reader as the core component of the RFID system and the RFID tag that records production information and unique identification. In addition, antennas, middleware, and back-end databases also play important roles in RFID systems.
Soon, RFID will become part of more compelling applications. But at the same time, more and more people worry that security and privacy issues will interfere with the future of this technology, especially because it is used for more critical purposes. However, RFID faces many challenges. In order to accept this technology in a wider area, we need to develop solutions to protect human privacy. Therefore, we will review system attacks, reported privacy threats, and some possible solutions.
2. Methodology
In this article, we analyse and evaluate the security protocols proposed to improve the security efficiency of RFID tags. Following, we will introduce several mechanisms to improve RFID security and privacy.
“Killing and Sleeping” Commands: After purchasing a tagged item, the EPC tag will receive a “kill” command from the reader, and then it will be permanently disabled. The sleep tag is an improved method, similar to the kill tag, but the advantage is that the disabled tag can be activated by “wake”.
Tag Password: Unless the correct password is received, the tag will not send important information. Only the reader knows the identity of the tag; otherwise, you cannot know which password to pass to the tag.
Blocking Tag: The scheme depends on the merging in the tag of modifiable bits called privacy bits.
Schemes Based on Hash Functions: In this method, the tag ID is stored in memory in two states: locked and unlocked. You can use the ID to lock the tag to prevent information leakage and use another key to unlock the locked tag. Then another random HashLock scheme was designed to improve the metaID problem temporarily with no changes to the HashLock scheme.
Classic Cryptography: The permanent identification of hidden tags, with rewritable memory, contains the private identification selected by the user or assigns a partial identification sequence to the user-assigned tag, so that the user can globally control the uniqueness of the local identification without revealing the identification and the object relationship.
Distance Measurement: The signal-to-noise ratio of the reader signal in an RFID system provides a rough measure of the distance between the reader and the tag.
Shielding Tag: The Faraday cage method is a kind of shielding. Use a Faraday cage to isolate RFID tags from any type of electromagnetic waves. A Faraday cage is a container made of metal mesh or aluminium foil that cannot be penetrated by radio signals.
Proxy Approach: Users can bring their own privacy protection RFID devices instead of relying on public RFID readers to implement privacy protection, such as mobile devices. RFID Guardian is a typical approach. It is a platform that provides centralized RFID security and privacy management for individuals for personal use.
3. Learning and Discussion
In addition to the above mechanisms, the National Institute of Standards and Technology has also developed guidelines for protecting RFID systems. These security controls are divided into three groups: management, operation, and technology, in which precautions and controls are described in detail. In addition to these security controls, it also discusses privacy considerations, including privacy principles, applicable privacy controls, and some other recommendations. In addition, experts pay more attention to legal issues related to RFID data collection.
Security vulnerabilities and privacy threats are very complex and cannot be solved with a single measure, so you must conduct an overall assessment of all aspects of the problem. Any single solution is not complete and can lead to other security weaknesses and loopholes in the RFID system. To ensure the security of the RFID system, the scalability, management, and costs of the system must be thoroughly evaluated.
4. Most Interesting Findings
Like other wireless technologies, RFID systems pose multiple security and privacy risks to users (including consumers and manufacturers). It should be noted that privacy is a multidimensional issue involving many areas such as policy, security, law enforcement agencies, and so on. Perfect confidentiality is just a mathematical concept; in reality, there 4 will always be human factors that are difficult to quantify in any mathematical formula. Therefore, it is practically impossible to have a completely secure system. Once you understand this, you can continue to solve the security and privacy issues behind RFID. Before considering security and privacy issues, it is important to understand the factors that contribute to the low cost of RFID and the restrictions imposed on these cheap tags. In this section, we only briefly discuss the security aspects of advanced systems, including some of the main challenges of implementing user-oriented RFID applications.
A) Jamming
Jamming refers to deliberate attempts to interfere with the air interface between the reader and the tag, thus destroying the integrity or availability of the communication.
B) Eavesdropping
Since the RFID tag is a wireless device that transmits data, usually a unique identifier, when interrogated by the RFID reader, there is a risk that the communication between the tag and the reader will be eavesdropped.
C) Replay attack
In the case of a replay attack, the attacker abuses the identity of another person by repeating the same authentication sequence provided by the authorized person. Replay attacks can be carried out by cloning of legitimate tags or forwarding signals heard from PCs equipped with appropriate cards and antennas.
D) Deactivation
This type of attack renders the transponder useless by using unauthorized applications to remove or terminate the command, or by physically destroying it.
a) Detaching the tag
The transponder is physically separate from the attached item and can later be associated with a different item, much like “swapping” a price tag.
b) Spoofing
Spoofing is defined as copying tag data and transmitting it to the reader. The data obtained from the tag by any means is transmitted to the reader to imitate a legitimate source.
i) Man in the middle attack
An attacker can disrupt the communication path and manipulate information between RFID components. This is a real-time threat.
ii) Cloning
Tag cloning is the process of first obtaining the data from a legal tag and then creating an unauthorized sample copy on the new chip.
5. FUTURE SCOPE & IMPROVEMENTS
RFID tags may revolutionize society. While we make your convenience a reality, we must also understand their risks. Implementing global network connections in society will require careful examination of personal privacy from the technical and social aspects. Security is one of the most important issues in the communication system, especially for the wireless communication systems that use the insecure wireless channel to communicate with each other. In the RFID system, the data transmission between the tag and the reader, and sometimes even the data transmission between the reader and the back-end database uses wireless channels. Obviously, RFID seems to be more suitable for various applications, such as smart appliances, shopping, drug compliance, passports, libraries, toll payment transponder, etc. than a complete barcode system. However, due to its cost and resource limitations, it does not have sufficient security and privacy support. Currently, many researchers and scientists are working hard to implement the lightweight and low-cost privacy and security protocol to increase applicability.