8/8/2019 The Design of an RFID Security Protocol

1/3

The Design of an RFID Security ProtocolFor Saving in DB Transaction Costs!

Kwang-Jin Paek, Pyeong Soo Mah, ChangWookLee and Ui-Sung SongConvergence SW ResearchDivision, ETR!Dept. ofComputerEducation, BusanNational University ofEducation

{pkj, pmah,leecw0929}@etri.re.kr, ussong@bnue.ac.kr

Figure 1. The architecture ofRFID system

In order to reduce the load of back-end database server, wepropose a secur ity protocol that based on the dynamic keygenerating function and the minimized message

READER

~ r - : : IQ

2. Proposed Security Protocol

Figure 2. A typical security protocol in RFID system

Figure 1 illustrates the overview of RFID systemarchitecture. RFID readers interrogate tags for their datathrough an RF interface. To provide additional functionality,readers may contain internal storage, processing power orconnections to back-end databases. Computations, such ascryptographic calculations, may be carried out by the readeron behalf of a tag. Readers may use tag contents as a look-upkey into a back-end database. It is assumed that a secureconnection exists between a back-end database and the RFIDreader. However, the RF channel between readers and tags isan insecure channel . Figure 2 illustrates a typical securityprotocol in RFID system. When a RFID reader reads RFIDtags, a DB transaction occurs.In brief, In Section 2, the proposed security protocol is

presented. Future works and conclusions are presented inSection 3.

1. Introduction

Keywords - RFID, Security, Cryptography, Authentication,Load Reduction.

Radio Frequency Identificat ion (RFID) is an automaticidentification method, relying on storing and remotelyretrieving datausing devices calledRFID tags or transponders.A combination ofRFID technology and ubiquitous computingare revolutionizing the manner in which we look at simpleobjects [1, 2]. RFID systems provide increased productivity,efficiency, convenience and many advantages over bar codesfor numerous applications, especially global supply chainmanagement.Despite all the advantages RFID technology offers there are

serious concerns about security and privacy as well. Severalresearchers have attempted to resolve the security concernsrelated to the use of RFID tags and have proposed protocolsthat claim either to achieve secure authentication or to preventunauthorized traceability. However, there are open researchissues. One of the issues is back-end system loading issue thatis rarely studied by researchers[3 , 4]. We are motivated by thisissue.We consider that the RFID system has four componentswithinan RFID system:

The RFID tag, or transponder, carriesobject-identifying data. The RFID reader, or transceiver, reads and writes tag

data. The RFID channel through which the readerandtags

communicate. The back-end database holds meta information of

each tag.

Abstract- The low-cost RFID system will become pervasive inthe ubiquitous computing environment as a commoninfrastructure. It presents a lot o f advantages, but brings anumber of open issues that need to be solved before its successfulrealization. One of the open issues is about the backend systemloading. In this paper, we proposed an RFID security protocolthat has two features, dynamic key generation function forincreasing cryptographic key complexity and the efficientmessage protocol for the transactional load of back-end databaseserver.

1This workwas supportedby the IT R&Dprogram ofMKE/IITA, Rep. of Korea[2008-S-023-01, Development ofNanoQplus-Based SensorNetwork Simulator].

8/8/2019 The Design of an RFID Security Protocol

2/3

exchanged protocol. Table 1 shows the notation used in theprotocol descriptions. MK is a master secret key and a materialkey for generating S-box (Substitution box). Ids; is theidentification of MK for Si. Si is the identification of S-boxSbox[i] stands for the element of index in S-box. is theS-box of tag i. SKr; is the dynamically generated secret key fortag i.To minimize resource requirements, we used a MACpseudo-random function (F) to derive the S-box, implementedasF(K,x) =MAC(K,x).

acts as S-Box. The length of Sbox is z. Second, KGF functionpicks up two elements of Sbox with Sbox[a and b]. Third, adynamic key to encrypt/decrypt message data is made withF(Sbox[aj, Sbox[bj). Forth, the secret key, SK is used for theencryption/decryption ofmessage data.The proposed scheme consists of two phases: retrieval and

update. The retrieval phase is performed to interrogate the IDof a RFID tag. The update phase is performed to renew arandom number of a RFID tag or allocates a new MK to aRFID tag.

Table 1. Notation used in security protocols and cryptographic

Figure 3 shows the process of message exchanges in theproposed protocol. In the retrieval phase, there are 2 messagetransactions as follows:

Figure 3. The proposed security protocolc o n n e c ~ l o n

1---------....:E2Ud..d 1 a 2 l l b 2 1 I r 3 1 I E s d i d T ) l l c ~ :

operatIons~ MK Master secret key for deriving S-boxidsi Identification ofMK for SiSi Identification of S-box i

KGF( ...) Key generation Function for dynamic symmetric keysConcatenationoperator

Sbox[i] Element of index i in S-boxIi Identificationof tag iSTi S-box for tag i

SKTi Secret key for tag iF( ... ) A MAC pseudo-random function: MAC( ...)EK( ) Symmetric encryption function using key KReq.newMK A request message for a new MK

R A RFID readerA RFID tag

DB A RFID DB server

In cryptography, a substitution box (or S-box) is a basiccomponent of symmetric key algorithms. is used to obscurethe relationship between the plaintext and the ciphertext. In theproposed protocol, Sbox is used as an S-box and generatedfrom F(MK, n). Sbox makes it possible to resist cryptanalysis,thereby increasing key lifetime and the interval of rekeying.

R -7 T: r1R T: Er]+e(idsJ//a1//b1//r2//EsK(idr)//c).

If the RFID reader doesn't have MK;, it requests MK; of the tagas follows:

DB R: ids]DB -7R:MK;.

In the update phase, there are 2 cases depending on the valueof c, the count number of reading RFID tag. If c thethreshold value, the reader sends increased counter number(c+ 1) and a new random number for next transaction asfollows:

Figure 2. An overview of cryptography logic in RFID reader

R T: Er2(c+ljjr3).Otherwise, the reader makes a request for the new MK. TheMK update procedure is performed as follows:

DB R: Req.newMKDB -7 R: i d s 2 j j M ~

and the reader sends it to the tag. The tag replies to the readeras the acknowledgement.

Figure 2 illustrates the procedure of creating a dynamiccomposition key to encrypt/decrypt message data between areader and a tag. First, Sbox[n] is created with F(MK, n) and

R -7 T: Er2(ids2//a2//b2//r3//EsK,(idr)//coJR T: Er3+e(F(ids2,a1//b1//r3))

8/8/2019 The Design of an RFID Security Protocol

3/3

In the proposed protocol, we assume that a RFID reader hasmemory, processing power, and connection to the DB server.If a group of tags has the same MK, there is only onetransaction between the RFID reader and the DB server duringreading the tags in the same group. Therefore, transactioncosts can be saved according to the number of MKs used bytags.The proposed protocol provides the cost effectiveness in DBtransactions as well as the high complexity of the dynamic key.Figure 3 shows the difference between the proposed protocoland the previous protocol.

101 1 , I : 1

8 - - - : - - - ~ - - - ~ - - - : - - - ~ - - - ~ - - - I - - ~ - - - ~1 7 - - _: - - - - - - - - _:_ - - - - - 1 - - -:- - - - - -1 1 I I 1 1 1 I'0 ~ ~ I 1 1 1 1 1 I 1 I

1 - - - - - - - - -:- - - - - -

4 - _: ~ - - - -'3 1 I I I 1 I 1 1 1

3 ---:--- I - - - ~ - - - : - - - ~ - - - t - - - : - - - - : - - - ~1 I I I I 1 1 I 1

Q) 2 - - - - -t - - - ~ I 1 1 1 I 1 1 1 I

1 - - - + _ _ - r - - - : - - - ~1 1 1 I 1 1 I 1 I

105 6 70'-----'----------'--------'-----'---------'-----'-----'-------'-----'1

Figure3. The numberoftrahsactions between an RFID readerand a DB

3. Conclusions and Future WorkWedesigned an RFID securityprotocol that reduces the load

of the back-end DB server as well as the high complexity ofdynamic keys. Especially in large scale RFID systems, theload of back-end DB server is an important issue and webelieve that our protocol is a good solution for reducingtransaction costs.Our future work includes comparing its properties withothers' and implementing the proposed protocol in RFIDsystems.

REFERENCES[1] Ari Juels, "RFID Security and Privacy: A Research Survey," IEEEJournal on selected areas in communications, vol. 24, no. 2, February2006, pp. 381394.[2] Zongwei Luo, Terry Chan and Jenny S. Li, "A Lightweight Mutual

Authentication Protocol for RFID Networks," Proceedings of the 2005IEEE International Conference on e-Business Engineering (lCEBE'05).[3] Hyun-Seok Kim and Jin-Young Choi, "The Design and Verification ofRFID Authentication Protocol for Ubiquitous Computing," Proceedings

of the 18 International Workshop on Database and Export SystemsApplications, pp. 693-697.

[4] TomAhlkvist Scharfeld, Analysisof the Fundamental Constraints onLow Cost Passive Radio-Frequency Identification System Design," thethesis for the Degree of Master of Science, Massachusetts Institute ofTechnology, August 21,2001.