214 Int, J Mobile Communications, Vol. 3, No. 3, 2005 RFID tags: privacy and security aspects Dong-Her Shih* and Chin-Yi Lin Department of Information Management National Yunlin University of Science and Technology 123 Section 3, University Road, Douliu, Yunlin, Taiwan Fax(886)5-5312077 E-mail: [email protected] E-mail: [email protected] Corresponding author Binshan Lin College of Business Administration Louisiana State Univesity in Shreveport Shreveport, LA 71115 USA Fax: 318-797-5127 E-mail: [email protected] Abstract: Radio Frequency Identification (RFID) has recenly received a lot of attention as an augmentation technology in manufacturing, SCM, and retail wentory contol. However, widespread deployment of RFID tags may create ‘now threats to security and privacy of individuals and organisations. This paper gives an overview ofall types of RFID privacy and security problems and its Keywords: RFID tag; mobile communications; security: privacy: Reference to this paper should he made as follows: Shih, D-H., Lin, C-Y. and Lin, B. (2005) “RFID tags: privacy and security aspects’, Za. J. Mobile Communications, Nol 3, No. 3, pp 214-230, sraphical notes: Dong-Her Shih received his PhD in Electrical Engineering from National Cheng Kung University. Taiwan in 1986. He is a Senior Associate Professor in Department of Information Management, [National Yunlin University of Science and Tecimology in Taiwan since 1991. He was the Chair ofthe Department of Information Management from 1991 to 1994 and Director of the computer centre from 1997 to 2002. His current researches include network security, intrusion detection, wireless network, ‘neural network, and peer-to-peer network, (Chin-Y Lin i a graduate student of Department of Information Management at National Yulin University of Science and Technology in Taiwan. He reccived his bachelor’s degree from Tamkang University in 2003. He has some practical experience in online system development and implementation involves E-leaming, ERP, and Intelligent Inwusion Detection System. His present research fields include information security, cryptography, and RFID. Copyright © 2005 Inderscience Enterprises Ltd. © scanned wth omen scamerRFID tags: privacy and security aspects 215 Dr. Binsban Lin is Professor of Operations and Information Management at Louisiana State University in Shreveport. He received his PhD from the Louisiana Stale University in 1988. He is a six-time eeipient of the Outstanding Faculty Award at LSUS. Dr. Lin also received Ben Bauman Avanl for Excellence in ACIS 2008. Outstanding Educator Award in SWDSI 2004, and Emerald Literati Chub Awards for Excellence 2003. He has published over 120 articles in refereed joumals, and curently serves as Esitor-in-Chiet of seven academic joumals, 1 Introduction Radio Frequency Identification (RFID) is another step towards fully automatic identification systems. The technology promises faster, reliable, and more accurate identification of goods marked with RFID tags. The technology gives itself'a wide range of uses. The firs traditional technology to be replaced by RFID is the bar code system. RFID can do everything bar codes can and much more [1] Optica bar codes suffer from several drawbacks. First, human intervention is required to sean a bar code, Objects must be physically manipulated to align barcodes with scanners. Anyone who has shopped in ‘market has ikely witnessed a cashier strugeling to scan an item. Second, the readability of bar codes could be affected by drt, moisture, abrasion, or packaging contours. Third, the ability of storing data on bar code is very low. Fourth, retailers also often alffx bar codes, which are unnecessary for them, on top of packaging of goods. The last, the bar codes is easy to be counterfeited and so on. These issues limit the performance of optical bar code based on auto-ID systems. Today, over five billion bar eodes are scanned daily worldwide [2-3] and this is just one operation which RFID technology is predicted to take over. The actual idea of RFID has been around since 1960 [4-5]. Table I shows that REID is in the over these 60 years' evolution ‘Table 1 The decades of REID Decade vent 1940-1950 Radar refined und used major World War I development effort RFID invented in 1948, 1950-1960 Early explorations of RFID technology, laboratory experiments 1960-170 Development of the theory of RFID Start of applications field tials 1970-1980 Explosion of RFID development ‘Tests of REID aeoslerate Very early adopter implementations of RFID. 1980-1990 Commercial applications of RFID enter mainstream 1990-2000 Emergence of standards RFID widely deployed RFID becomes a part of daily Tite © scanned wth omen scamer216 D-Hf Shih, C-¥. Lin and B. Lin RFID supporters claim to sce an integration of RFID in all businesses, In the world of RFID, Walmart [6] is currently the strongest advocate promoting this new way to identify everything that can be marked with a tag. Walmart encourages its suppliers to adopt the technology by 2008, atthe latest, for identification at case level [7]. Main competitors to Walmart (¢.¢.. Tesco and Metro group) follow closely behind, and cooperate to a certain extent in evaluating and implementing RFID at trial sites. The Metro Group operates ‘next-generation’ supermarket in Rheinberg, Germany, with RFID implemented, where benefits of the technology have been seen [2], There are still many other RFID applications. For instance, proximity cards, theft-detection tags, small dashboard devices for automating toll payments [8], even cattle herding [9] cash like Furo [3], and so on. With RFID, new uses of identification and collection of data about movements of items will be possible. Also, itis understandable that major interest is given to issues of information security and privacy. Lack of assurance regarding privacy and information security is one of the remaining obstacles for widespread usage of RFID (7]. RFID still can be done without security assurance if individuals do not have to wory about forsaking their privacy. Many issues related to information security and privacy within RFID systems are inherited through using already known technology and methods [10] However there are many new issues, especially regarding personal privacy that need to be discussed. Along with the advances of RFID, there are many consumer rights and privacy rights groups protesting against trial sites of RFID and appealing to courts for stricter regulations on the usc of RFID. The claim is that there is little knowledge about RFID security and privacy flaws and that a better understanding of how large scale RFID systems will work has to be gained before the technique is integrated in systems Where it will affect individuals. Also, the impact and barriers of mobile commerce [11-12] are considered. Today, RFID is in use at production and assembly sites, in car keys and in home security alarms [9], protecting valuable things. Prices of RFID tags are still too high to compete [9] but prices are dropping, and market analysts believe that the first major roll-outs on case level [2] will take place in the near future 2 REID primer RFID systems consist of three main components: the RFID tag, the RFID reader, and the backend database. Tags typically consist of a microchip that stores data and a coupling clement, such as a coiled antenna, used to communicate via radio frequency communication. The readers usually consist of a radio frequency module, a contol unit, and a coupling element to interrogate the tags via radio frequency communication. Tag readers interogate tags for thei contents through an RF interface. As well as an RF interface to the tags, readers may contain intemal storage, processing power, or an interface to hack-end databases to provide additional function. The RFID tags obtain their power from the magnetic field generated by the reader through inductive coupling. The ‘magnetic field induces a current in the coupling element of the smart label, which provides the microchip with power. The inductively coupled RFID system consequently behaves like many loosely coupled transformers. © scanned wth omen scamerRFID tags: privacy and security aspects 217 ‘Tags may be either actively or passively powered. Active tags contain an on-board power source, such as a battery, while passive tags must be inductively powered via an RF signal from the reader. The distance a reader may interrogate tags from is limited by the tag's power. Consequently, active tags may be read from a greater distance than passive tags. Active tags may also record sensor readings or perform calculations in the absence of a reader. Passive tags only can operate by a reader and are inactive otherwise, Readers may use tag contents as a look-up key into database storing product information, tracking logs, or key management data. A ubiquitous low-cost RFID system would most likely require the use of passive tags. Tight cost requirements can make tags use few resources, Power consumption, processing time, storage, and gate count are all highly limited. A practical USS0.05 design, such as those proposed by the MIT Auto-1D Center [6], may be limited to hundreds of bits of storage, roughly 500-S000 gates and a range of few metres. The resourees available in a low-cost RFID tag are far less than what is necessary for public key eryptography, even a resource-efficient scheme. Hardware implementations of symmetric encryption algorithms typically have on the order of 20,000-30,000 gates. Standard cryptographic hash functions such as SHA-I [2] are too costly for several years 3 RFID security and privacy risks With the use of the intemet, many vulnerabilities and threats to the system security and the privaey of the users are inherited. This can be @ malicious agent faking an innocent PML request over an ONS service or a disgruntled employee adding incorrect product information in the database, causing confusion and damaging the system's integrity. RFID tags may pose security and privacy risks to both organisations and individuals. This section will look closer at the privacy and security concerns from areas in which RFID distinguishes itself from most current usage of information technology [13-14]. ‘Unprotected tags may be vulnerable to eavesdropping, trafic analysis, spoofing, or denial of service. Unauthorised readers may compromise privacy by accessing tags without adequate access control. Even if tag contents are protected, individuals may be tracked through predictable tag responses: essentially a traffic analysis attack violating ‘location privacy’. Spoofing of tags may aid thieves or spies. Saboteurs could threaten the security of systems dependent on RFID technology through denial of service. Any parties with their own readers may interrogate tags lacking read aecess control, although only within a relatively short tag read range of a few metres. While anyone could also scan nearby ‘optical bar codes, they cannot do so wirelessly ata rate of hundreds of reads per second. The very properties make RFID technology attractive: but vulnerable in terms of efficiency. In addition to treats of passive eavesdropping and tracking, an infrastructure dependent on RFID tags may be susceptible to denial of service attacks or tag spoofing. Sabotcurs could disrupt supply chains by disabling or corrupting a large batch of tags. Therefore, the RFID security problem can be consist of four components. One is eavesdropping [15] from RFID-tagged items. When reader queries tag, tag may return information back to reader, others would have an opportunity to fetch content sent. The second is traceability [16] or traffic analysis (2]. By tacking tag signal, eavesdropper could trace individual behaviour and distinguish personal identification. ‘The third is © scanned wth omen scamer218 DHE Shih, C-¥. Lin and B. Lin spoofing [2]. Cheat RFID system with a counterfeit tag make RFID system think that this counterfeit tag is a legal tag. The final is industrial sabotage [17]. Somebody may corrupt data in tags by using a handheld device, and erase or modify the contents. About eavesdropping, it may cause two kinds of sccurity problems. The first is individual information leakage [16] and the other is industrial espionage [18]. Spoofing ‘may also cause two kinds of security problems: theft [15] and counterfeiting [19]. In addition, still there are traceability [16], physical attacks, and denial of service [15], so RFID may encounter seven kinds of security problems. Figure 1 portrays the classification of RFID sccurity problems, We describe these security problems as follows. Figure 1 The classification of RFID sceurty problems RFID security problems. Eavessrcpeina | | Taceabity | Spootng | | Indust sabotage Po) z i ge|| eesti | | ten | coumersing || ons || Pres 3.1 Eavesdropping Eavesdropping [17] is defined as listening in on longer-range communication systems like UHF, which broadcast signals (albeit very weak) up to 100 metres. Tag readers are assumed fo have a secure connection to a back-end database. Although readers may only read tags from within the short (e.¢., 3 metres) tag-operating range, the reader-to-tag, or forward channel is assumed to be broadcasted with a signal strong enough to monitor from long-range, perhaps 100 metres. The tag-to-reader, or backward channel is relatively much weaker, and may only be monitored by eavesdroppers within the tag's shorter operating range. Generally, it will be assumed that cavesdroppers may only monitor the forward channel without detection. This relationship is illustrated in Figure 2 [15,17] © scanned wth omen scamerRFID tags: privacy and security aspects 219 Figure 2. Forward vs, backward channels (15) Eavesdropper ts Backward Range Forward Range 3.1.1 Individual information leakage In caily life, people are prone to carrying various objects around with them. Some of these objects are quite personal, and provide information that the user docs not want anyone to know about, (.g., money, expensive products, medicine, or books). If such items are tagged, various personal details can be acquired without the owner's permission. The private information leaks either via the wired network or involving the communication between an RFID tag and a reader. Placing private information on the ‘memory in an RFID tag, such as writing a eredit card number, is obviously dangerous and therefore should be avoided, since the communication with RFID tags can be easily tapped [10.12]. 3.1.2 Industrial espionage Aggregate logistics and inventory data hold significant financial value for commercial organisations and their competitors. A store's labelled inventory may be monitored by competitors conducting surreptitious scans. Sales data may be gleaned by correlating changes over time. Individuals carrying items with unsecured tags are vulnerable to privacy violations. In retail environment, where a competitor capable of reading tags in shops or warehouses may gather business intelligence regarding the tumover rate of stocks, the shopping patterns of customers, and so forth. Somebody could derive sales and inventory data , then offer his services to business adversary as a corporate spy [2,7] 3.2. Traceability Another important privacy concem is the tracking of individuals by RFID tags. A tag reader at a fixed location could track RFID-Iabelled clothes or banknotes carried by people passing by. Correlating data from multiple tag reader locations could track ‘movement, social interactions, and financial transactions. For instance, the consumer buys a tagged item by credit card that an adversary can monitor and link Tater. The identity is severe if the items are kept for a long time. To stretch the point a bit, this situation is similar to forcing the user to camry a tracking device. These violate the concept of location privacy [20]. Concerns over location privacy were recently raised © scanned wth omen scamer220° Df Shih, C-¥. Lin and B. Lin ‘when a major tire manufacturer began embedding RFID tags into all their products. Even if the tags only contain product codes rather than unique serial numbers, individuals could sill be tracked by the ‘constellation’ of products they carry. Someone's unique taste in brands could betray their idemtity. Individuals should not have their movement tracked automaticaly. Similar issues arise in other pervasive computing systems, as well as Bluetooth networks. 33 Spoofing In addition to threats of passive eavesdropping and tracking, an infrastructure dependent fon RFID tags may be susceptible to tag-spoofing [2,11=12]. There are two kinds of security issues about spoofing. One is theft and the other is counterfeiting which are discussed as follows. 33.1 Theft By spoofing valid tags, a thief could foo! automated checkout or security systems into thinking a product stil on a shelf. tematively, a thief could rewrite or replace tags on expensive items with spoofed data from cheaper items. Saboteurs could disrupt supply chains by disabling or comupting a large batch of tags. 33.2 Counterfeiting Counterfeiting [17] is defined as being able to read or intercept data writen into a tag, which uniquely identifies or certifies a product. Onee the data is known, similar read/write tags could be purchased and updated with the authentic data, Thus it is possible that malicious attacker use counterfeiting products to spoof RFID security system. 34 Industrial sabotage Industrial sabotage is defined as one, with a grievance against a company, who decides to start comupting data in tags by using a handheld device and erasing or modifying the contents [17]. Physical attacks and DoS are the most popular methods. 3.4.1 Physical attacks ‘One may conduct physical attacks against tags, such as specified in [4]. These attacks ‘may include probe attacks, material removal through shaped charges or liguid etching, energy attacks, radiation imprinting, circuit disruption, or clock glitching (15) 34.2. Denial of service (DoS) ‘The attacker can also pose a weakest threat, She/he could flood RF channels with noise to disrupt or garble communication. The attacker might even be able (0 conduct a low-level directed energy attack to destroy tags. Analogously, someone could easily destroy bar codes by tearing them off or writing over them. The attacker cannot derive useful information from an RFID system, but can launch denial of service attacks against the system [28,11] © scanned wth omen scamerRFID tags: privacy and security aspects 22 4 Countermeasures In this section, an overview of the known methods that prevent malicious attacks on RFID system is presented. Several papers have examined the protection of RFID security and user privacy. The countermeasures are divided into two major groups. One depends ‘on cryptographic algorithms and the other is noncryptographic scheme. Whether cryptographic algorithms or not, an efficient countermeasure against violating user security and privacy is that it could avoid most security issues discussed in Section 3 with Tow cost. We cleaned out some of the related studies, catalogued in Figure 3 and described as below. In this section a brief description of different types of Countermeasures are given. For each type, some proposal methods are presented. Figure 3 The classification of RFID existing security proposal ect pap "Noneryptographic } ‘Cryptographic a oo ranag_ || [ Rowioane Tisibowd | [ cumzoce ) |{ womans comme || | “rome es || ee || a Seaarag)[PrecaD eoaaion|{ Seen, [ rasncnan | 4.1 Noncryptographic scheme ‘To minimise cost, this type of countermeasures has no cryptographic function. The noncryptographic scheme can be classified into tag-killing approach, selective blocker {ag, rewriteable memory, and physical ID separation, which are described as follows. 411 Kill ag approach ‘The most straightforward approach to the protection for consumer privacy is to kill RFID tags before they are placed in the hands of consumers. The kill command may be assumed to be a slow operation that physically disables the tag, perhaps by disconnecting the antenna or shor-circuiting a fuse. Tags supported by the Auto-ID Center [21] have the following Kill properties. Each tag has a unique 8-bit password, and upon receiving the password, the tag erases itself. This function is useful in protecting the user privacy, bbut a conscious decision is required to initiate the procedure, and itis difficult to ensure that the kill command was properly executed. Moreover, tag suicide prevents any subsequent useful services such as special services for each clicat. This property actually diminishes the benefits of RFID tags [16]. © scanned wth omen scamer222 DAHL Shih, C-¥. Lin and B. Lin 412 Selective blocker tag Juels er al. [8] propose the idea of blocker tags, which simulates all of the IDs in a desired zone of ID values, and which can selectively protect the zone from being read by ‘malicious readers, with the blocker tag which simulates all of the IDs in the zone. This approach is available in tree-walking protocol widely used in UHF frequency, and is quite effective as regards cost since RFID tags on objects need no additional enhancement. Since this approach is to block private information using optional blocker {ags, practical requirement that the communication area of a blocker tag must cover that of RFID tags in objects should be fulfilled in the implementation ofthis approach. 4.1.3. Rewriteable memory Inoue and Yasuura [22] proposed this method. Each RFID tag has a read only memory (ROM) and a rewritable but nonvolatile memory (RAM). A unique and permanent ID of the RFID tag is set in the ROM by the producer. In the RAM, a private and temporary identification code is set by the owner of tag. ROM and RAM memory are used only exclusively. A user cannot read the ROM while a value is set to the rewritable memory, and he/she can read the ROM only when the rewritable memory has null value. In the ROM mode, unlimited object identification for any users is provided by the identification code of the RFID tag. In the RAM mode, the restriction of object identification to limited user is achieved. Figure is the overview of rewritable memory approach, Figure 4 Restriction of identification to limited users ROM & kom RAM aM Lo0toi0---- ROM mode: RAM mode: Public use Private use Extemal reeneryption scheme, by RSA Lab [3], uses public-key eneryption. Tag data are rewritten at the request of the user using data sent from an extemal unit. This unit is necessary hecause public-key encryption imposes heavy calculation loads that are beyond the ability ofthe tag. This task is usually done by the RFID reader. The tags output seems random in each rewrite period, so an adversary who eavesdrops only on the tag output cannot trace the tag over long periods of time [16]. The difficulty is that the data of each tag must be rewritten often, because the encrypted ID is constant. © scanned wth omen scamerRFID tags: privacy and security aspects 223 4.1.4. Physical ID separation This approach adopts non-unique IDs for each RFID, but acquires locally unique ID by combining two or more RFID tags. An RFID sequence for naive assignment for globally unique ID is divided into two fields [22]. The one is Class ID about the information on the object, such as UPC/EAN codes used in bar codes. The other one is Pure ID Such as serial number or lot numbers. When the owner of a product in a stage of the life cycle (etter) is to pass hivher ownership t0 the next stage (consumer, he/she takes off the Class ID. The owner of the next stage (consumer) prepares RFID tags with several user-assigned Class IDs. Consumer could attach the tags to the products to make the concatenation of hisher ID and Pure 1D. Figure Physical separations of IDs “pm cob Unique ersdetined Gls 10 (Option 2:) 4.2 Cryptographic scheme Cryptographic scheme is classified into hash-based access control, randomised access control, silent tree walking, hash chain, and XOR-based one-time pad, which are described as follow. 42.1 Hash-based access control Fach hash-enabled tag in this design will have a portion of memory reserved for a temporary metalD and will operate in either a locked or unlocked state [2]. To lock tag, the owner stores the hash of a random key as the tag's metalD, that is, metalD = hashikey). This may occur either over the RF channel or @ physical contact channel for added security. After locking a tag, the owner stores both the key and metalD in a back-end database. Upon receipt of a metalD value. the tag enters its locked state While locked, the tag responds to all queries with only its mctalD and offers no other functions. © scanned wth omen scamer224 D-Hf Shih, C-¥. Lin and B. Lin To unlock a tag, the owner queries the metalD) from the tag, looks up the appropriate key im the back-end database and finally transmits the key to the tag. The tag hashes the ey and compares it to the stored metalD. Ifthe values match, it unlocks itself and offers its full functionality to any nearby readers. This protocol is illustrated in Figure 6. To prevent from being hijacked, unlocked tags should only be unlocked briefly to perform a function before being locked again. Based on the difficulty in inverting a one-way hash function, this scheme prevents unauthorised readers from reading tag contents. Since the ‘metalD acts as an identifier, and is fixed, it is possible to make tracking of individuals under this scheme. Figure 6 Hash locking: a reader unlocks a hash-locked tag (key, ID) 4.2.2 Randomised access control ‘This approach is similar to hash-based access control. Randomised access control [2] could improve traceability problem. Beside a one-way hash function, tags also have a random number generator. Each tag will operate in either a locked or unlocked state. An unlocked tag may be locked with a simple instruction from a reader; no protocol is necessary. Tags respond to reader queries by generating a random value, r, then hashing its ID concatenated with r, and sending both values to the reader. That is, tags respond 10 «queries withthe pair (r, (ID||7)) where ris chosen uniformly at random. This protocol is illustrated in Figure 7. A legitimate reader identifies one of its tags by performing a brute-force search of its known IDs, hashing each of them concatenated with r until it finds a match. Although impractical for retailers, this mode is feasible for owners of a relatively small numberof tags Figure 7 Randomised hash locking Rind, IA) Get all IDs © scanned wth omen scamerRFID tags: privacy and security aspects 225 Inoue and Yasuura [22] mentioned that this approach has an advantage because the ID ccan be automatically changed and does not need to change it in the secure place as our ‘method, However, the method needs to embed additional circuits for hash function and a pseudorandom number generator, which cost thousands of gates. 4.23. Silent tree walking A. scourity concern is the strong signal of the reader-to-tag forward channel Eavesdroppers may monitor this channel from hundreds of metres and possibly derive tag contents. Assume a population of tags share some common ID prefix, such as a product ccode or manufacturer ID. To singulate tags, the reader requests all tags to broadcast their next bit. If there is no collision, then all tags share the same value in that bit. A long-range eavesdropper can only monitor the forward channel and wall not hear the tag response. Thus, the reader and the tags effectively share a secret, namely the bit value. If xno collisions occur, the reader may simply ask for the next bit, since all tags share the ‘same value for the previous bit, When a collision does occur, the reader noeds to specify which portion of the tag population should proceed. Since we assumed the tags shared some common prefix, the reader may obiain this prefix on the backward channel. The shared secret prefix may be used to conceal the value of the unique portion of the IDs, ‘Suppose we have two tags with ID values bybs and bbs. The reader will receive by from ‘both tags without a collision, and then it will detect a collision on the next bit. Since by is secret from long-range eavesdroppers, the reader may send either bj@; or b,@by to singulate the desired tag without revealing either bit Figure 8 illustrates a reader performing silent tree walking on two bits [2]. Eavesdroppers within the range of the ‘backward channel will obviously obtain the entire ID. Figure 8 Sen tree walking: te left-hand figure ilusrates reading the first bit, which does not collide, The right-hand figure ilustrates a collision, To singulate tag O1, the reader responds with “Las Bit’ @ “Tag 01" = 0@ 1 = 1. Tag 01 proceeds, while the shaded tag 00 ceases the protocol Next Bit 0 Reader Reader © scanned wth omen scamer226 D-Hf Shih, C-¥. Lin and B. Lin 4.24 Hash chain Initially, tag has initial information s;. In the i-th transaction with the reader, the RFID tag sends answer a; = G(s) to the reader, and renews secret 1 = H(s)) as determined from previous secret si, where H and G are hash functions. Figure 9 illustrates this protocol. The reader sends u, to the back-end database. The back-end database maintains 8 list of pairs (ID: sp), where sy is the initial secret information and is different for cach tag, So the back-end database that received tag output a from the reader calculates ai’ = G(H(s,)) for each 5, in the list, and checks if a, ‘The back-end database find a =a, and return the ID, which isa pai of a Figure 9 RFID tag sends answer a. = G (x), and renews its secret si = HIS) a Si a Sit a a aie ‘The hash chain technique [16] could renew the secret information contained in the fag Thus, the private information of user could be protected, and traceability becomes impossible. 4.2.5 XOR-based one-time pad XOR-based one-time pad scheme, by RSA Lab [7], needs only an XOR calculation, and is very low in cost. In this scheme, the reader (actually the back-end database) and the tag share a common list of random keys, and in some interactions they confirm that the partner has the common lst. Ifthe check passes, the tag sends its ID. This scheme is very Tow in cost. However, this scheme requires several interactions between the reader and the tag, Moreover, the common list must be overwritten completely as needed to ensure security. These points may make implementation difficult. Figure 10 describes the flow of this protocol © scanned wth omen scamerRFID tags: privacy and security aspects 227 Figure 10 The full protocol of XOR based one-time pad Tes Verifier dete mod by +t cece “ => ‘fais valid a, for some tag 7, then ages Bee, ren tuck cs ivald for, che output("reject") and abort it p'+, then eo ‘output reject”) and abort yen output" Baac & (0A) ; cutputag, “ace lupdaes, yh «AB lupdatts,5,)) Le ave (5 pathy Ac {ke padi} be ABC 5 Comparison For above-mentioned security problems, we explore the existing possible solutions and generalise the results in Table 2. IF the solution ‘A’ could prevent the illegal attack “B", \we represent it by “O°, otherwise *X’, If itis an undcterminable situation, we represent it by “A for differentiation and left for other researchers o resolve. © scanned wth omen scamer228 D-H Shih, C-¥. Lin and B. Lin ble 2 RFID security problems and its possible solutions Problem Individual Secu’ information Industrial Physical solution leakage espionage Traceability Theft Coumterfeiing attacks DoS Kal ° ° ° x ° a a command feature Theblocker =O ° ° x ° a a tag oO Rewriable ° ° x x x a a memory Physical DO ° « x « a a separation Hast-based =O ° « * ° a A control Randomised © ° ° ° ° a a ont! Hashetain =O ° ° ° ° a A XOR-rsed =O ° ° ° ° 4 a pad scheme ‘Notes O: the solution ean preven this seeunty problem 1: the solution eannot preven his security problem As open problem 6 Conclusion It is possible that RFID tags can revolutionise society. While bringing to fruition their convenience, we must also understand their risks. Implementing ubiquitous network connectivity in society will demand a close examination of personal privacy from both the technical and social aspects. The privacy problems raised by their indiscriminate nature are serious enough to demand a comprehensive and effective technique that can ensure user privacy while retaining their benefits [23]. Some of them allow tag output 10 include relatively constant information, Others demand the data in the rewritten tag ‘memory to avoid tracking. Still others fail to satisfy the forward sceurity requirement While there are several existing schemes, not one provides a complete solution. With new technology advances allowing more features 10 be incorporated into tags, the Tine between RFID devices, smart cards, and general-purpose computers. will blur ‘Understanding RFID security today will aid in development of secure ubiquitous computing systems in the future. Roeognising inherent privacy or sceurity threats of RFID systems willbe also helpful for decision making regarding the obligations of RFID ‘manufacturers and the privacy rights of end users © scanned wth omen scamerRFID tags: privacy and security aspects 229 Acknowledgment “The authors would like to thank the National Science Council of Taiwan for provi support to this research through grant NSC 93-2218-E-194-016, References 1. Johansson, B. (2004) “An introduction to RFID ~ information security and privacy concer’, MDDCOS Projects, Spring. 2 Weis, S.A, Sarma, SE, Riovest, RL. and Engels, DLW, (2004) ‘Security and privacy aspects ‘of low-cost radio frequency identification systems", in D. Hutter et al. (Fds.) Seeurity in Pervasive Computing 2003, LNCS, Springet-Verlag, Vol. 2802, pp.201-212. 3. Jucls, A. and Pappu, R. (2003) “Squcaling euros: privacy protection in. RFID-enabled banknotes’, Proceedings of Financial Cryptography. ~ FC'03, LNCS, Springer-Verlag, ‘Vol. 2742, pp.103-121. 4 Weigar, S.H. (2000) ‘Physical security devices for computer subsystems: a survey of attacks and defenses’, Workshop on Cryptographic Hardware and Embedded Systems, CHES, LNCS, Springer-Verlag, Vol. 1965, pp-302-317. 5 Royal Air Force History (1940) hup//www.raf.mod.ub/historyine1940.hum 6 Anderson, R. and Kuhn, M. (1997) ‘Low cost attacks on tamper resistant devices’, IWSP: Invernational Workshop on Security Protocols, LNCS, Vol. 1361, pp.125-136. 7 Juels, A. 2004) Minimalist Cryptography for Low-Cost RFID Tags, in C. Blundo (EA) Secutity of Communication Neworks (SCN), to appear. 8 Juels, A, Rivest, RIL. and Szydlo, M. (2003) “The blocker tag: selective blocking of RFID tags for consumer privacy’, in V. Atiuri (Ed) 81h ACM Conference om Computer and Communications Security, ACM Press, (CCS 2003), October, pp.103-111, 9 Koolle, A.R., Depp, $.W., Land, J-A.and Bobbett, RE. (1976) ‘Short-range passive telometry by modulated backscatter of incident CW RF catrier beams’, Biotelemetry, Vol. 3, pp.337-340. 10 Aljili, H. and Tyrewalla, N. (2004) “Security mode! for intra-domain mobility management protocol, International Journal of Mobile Communications, Vol. 2, No.2, pp.137-170. I Tan, J., Wen, HJ. and Gyies, T. (2003) ‘M-commeree security: the impact of wireless application protocol (WAP) security services on e-business and e-health solutions’, Indernational Journal of Mobile Communications. Vo. 1, No. 4, pp-409-424. 12 Anil, S., Ting, LT, Moe, LLH. and Jonathan, GPG. (2003) ‘Overcoming barriers to the successful adoption ‘of mobile commerce in Singapore’, International Journal of Mobile Communications, Vol. 1, Nos. 1-2, pp-194-231. 13 Lu, J, Yu. CS., Catherina, CL. and Ku, ¥.P. (2004) “Wireless trust: conceptual and ‘operational definition’. International Journal of Mobile Communications, Vol. 2, No. 1 pp.3s-s0. 14 Siau, K. and Shen, Z. (2003) “Mobile communications and mobile services’, Imernational Journal of Mobile Communications, Vol. 1, Nos. 1-2, pp3-M4. 1S Weis, S. (2003) ‘Security and privacy in radio-frequency idemification deviees’, Masters Thesis, MIT, May. 16 Ohkubo, M. Suzki, K. and Kinoshita, $. (2003) ‘Cryptographic approach to “privacy-frendly” tags’, Nippon Telegraph and Telephone, November. 17 White Paper (2004) “A basic introduction to RFID technology and its use inthe supply chain’, LARAN RFID, lanusry. © scanned wth omen scamer230. D-Hf Shih, C-¥. Lin and B. Lin 18 Sarma, S.E,, Weis, S.A. and Engols, D.W, 2002) “RFID systems and security and privacy implicaions’, Workshop on Cryptographic Hardware and Embedded Systems, CHES 2002, INCS, Springer-Verlag, Vol. 2523, pp.454-468. 19 Finkenzeller, K. (2003) RFID Handbook: Fundamentals and Applications in Contactless ‘Smart Cards and Idenification, 2nd edition, John Wiley & Sons, Lt 20 Bereford. A. and Stajano, F. (2003) “Location privacy in pervasive computing’, IEEE Pervasive Computing, Vol. No. 1, pp6-55. 21 Auto-1D Center (2002) ‘860 MH2-960 MH class I radio frequency identifieation tag radio frequency & logical communication interface specification proposed recommendation version 1.00, Technical Report MIT-AUTOID-TR-007, November. 22 Inoue, $. and Yasui, H. (2003) REID Privacy Using User-Controllable Uniqueness, Kyushu University, November. 23, Floerkemeier, C. and Lampe, M. (2004) “Issues with RFID usage in ubiquitous computing application’. in A. Ferscha and F. Matter (Eds.) Pervasive Computing: Second International Conference, PERVASIVE 2004, LNCS, Linz/Vienna, Austria: Springer-Verlag, April 18-23, Vol. 3001. pp. 188-193 © scanned wth omen scamer