Manuscript

 

Research on Data Security of RFID System

 

1 Introduction
Radio Frequency Identification (RFID) is the abbreviation of Radio Frequency Identification. Its application began in World War II and has been mostly used for military purposes for a long time. Compared with the traditional bar code technology, it has obvious advantages such as non-contact reading, no optical alignment, long working distance, suitable for harsh environment, recognizable moving targets and so on. It also benefits from the development of electronic technology, so it has gradually been widely used. Typical applications include train and freight container identification, Expressway Automatic Toll Collection and traffic management, warehousing management, access control system, anti-theft and anti-counterfeiting, etc.

Current research on RFID technology mainly focuses on antenna design, security and privacy protection, tag location and anti-collision technology.

This paper studies the information security of the front-end data acquisition and operation of the RFID system. The other parts of this paper are arranged as follows: The second part classifies and describes the problems of data security in RFID system, and explains the significance of protecting data security in RFID system. The third part introduces several representative schemes of data security in RFID system. The fourth part analyses, compares and summarizes these schemes.

2 RFID Data Security
In the front-end data acquisition of the RFID system, the tag and reader communicate with each other by radio frequency signals. This not only provides flexibility and convenience for system data acquisition, but also exposes the transmitted information to the public, which is undoubtedly a major threat to information security. With the rapid popularization and application of RFID technology, its data security has become a widespread concern.
For the front-end data acquisition part of the RFID system, the threat of information security mainly comes from illegal reading and modification of tag information, illegal tracking of tags, fake and deception of valid identity.
Fig. 1 is a schematic diagram of the front-end data acquisition system of RFID. The reader and database server are connected by a trusted secure channel (how to ensure the security of this channel is not a problem to be discussed in this paper). But between reader and tag is an insecure and untrustworthy wireless channel, which is dangerous to be eavesdropped, cheated and tracked. This paper will mainly discuss how to ensure the data security of this communication process.
For different fields of application of RFID system, the emphasis of data security protection is different. In retailing, businesses need to prevent illegal price changes. In the field of logistics, not only should commercial spies be prevented from stealing the information of goods in the label, but also they should be prevented from tracking the flow of goods through the label and estimating the quantity of goods by counting the labels. In the application of access control and automatic fee collection, illegal labels should be prevented from passing authentication by pretending to be legitimate labels.
Figure 1 Systematic schematic diagram

3 Main Solutions
Aiming at the problem of data security in RFID system, various solutions have been put forward, including physical isolation, stop tag service, read access control and double tag joint verification. These methods will be introduced and analyzed in detail below.
3.1 Physical isolation
The main idea of this method is to use physical method to block the electromagnetic wave transmission path when the tag is not expected to be read. For example, if someone purchases a product with an RFID tag, he can use a special package that can block electromagnetic waves on his way home to protect his personal privacy from being known. RSA, the information security manufacturer, has made a lot of efforts in this area. They have developed this kind of packaging bag which can block the RFID signal. In addition, RSA is developing a sand-grain-sized microchip to block communication between RFID tags and RFID readers. This method can be applied to retail commodities, medicine, postal parcels, archives and other occasions requiring the confidentiality of RFID tags.
3.2 Stop Labeling Service
Stopping tag service is to stop tag information service partially or completely after the application cycle of RFID tag is completed. Some people call it "killtag". This method is mainly aimed at passive tags that only store tag ID. The ID number of this label is unique, often consisting of a product's classification number and a locally unique serial number. For example, we can remove the serial number of the RFID tag when the goods are sold or changed hands, keep only the information of the manufacturer and product type, or stop labeling altogether.
3.3 Read Access Control
Read access control is a scheme that uses hash function to encrypt and verify. When reading access control is performed, the RFID tag only responds to the authenticated reader. Besides RFID reader and RFID tag, it also needs the support of database server. This is a scheme that can provide more complete data security protection, and it is also a scheme that has been studied more recently. The typical implementation methods are described below.
Hash function is a one-way function. Its calculation process is as follows: input a string of variable length and return a string of fixed length, also known as hash value. One-way hash function is used to generate information digest. Hash function mainly solves the following two problems: in a certain period of time, it is impossible to find the original message which generates a specific hash value after hash operation, and it is impossible to find two different messages which generate the same hash value after hash operation.
Initialization process: The scheme requires high hardware, and the tag ROM stores the tag ID hash function value hash (TagID). RAM stores the Reader ID of an authorized valid reader. In addition, tags are required to have simple logic circuits, which can be used for simple calculations such as hash function calculation and random number generation. Reader is associated with Tag and the database server, and is assigned Reader ID. The background database stores TagID and hash (TagID) data.
Verification process: The reader first sends a request, and the tag generates a random number k in response. The server obtains the K value from the reader and calculates the difference or difference between K and Reader ID (k Reader ID in this article), then hashes it to get a (k) = hash (k Reader ID) and sends a (k) to the tag through the reader. At the same time, tags calculate a (k) in the same way with their own stored K values and ReaderID values. The tag compares a (k) and a (k)'. If the same reader has the correct Reader ID, the validation is passed, otherwise the tag is silent.
Information transfer process: After verification, the tag will send its valid information hash (TagID) to the reader. The database server gets hash (TagID) from the reader and finds the corresponding TagID value in the database, which completes the information transfer. The process is shown in Figure 2.
Figure 2 Validation of read access control
Updating the ReaderID process: When it is necessary to update the legitimate ReaderID, the new ReaderID is different from the original ReaderID or is issued to the tag. The tag can use the original ReaderID value to calculate the new ReaderID value.
3.4 Joint Verification of Double Labels
Dual-label Joint Verification is a security verification method for low-end, passive and low computing power RFID tags proposed by Ari Juels et al. This mechanism will maintain the integrity of RFID tag information in logistics chain under the complex situation that the data of RFID tag will change hands with the goods many times.
The main idea of this method is that when two corresponding RFID tags are read by the reader at the same time, the reader device is used as an intermediary to verify each other. Even if the reader is not trusted, the tag can be offline verified. This method is suitable for some special applications, such as ensuring that drug instructions and bottles are transported together in drug distribution, and ensuring that some aircraft parts have safety valves when they leave the factory.
The verification process is shown in Figure 3. It uses a message authentication codes (MACs) mechanism. The tag is encrypted by a key whose only secret length is d bits. In addition, each tag has a counter C with an initial value of 0. The key set is kept by a trusted verifier V. MAC x [m] denotes the MAC calculated with the key x pair of information M. FX [C] represents hash operation of input C with key X. When tags TA and TB are scanned simultaneously, a yoking 2proof PAB is generated. The reader transmits information about "left validation" and "right validation". As a result, PAB is verified by V using the key it knows.
Figure 3 Double Label Joint Verification
The key of this method is that two tags are read at the same time, but it is not necessarily that these tags are read by the same device. It is very difficult for an intruder to satisfy the condition of simultaneous reading from the far end, which improves its security.

4 Comparison and Research Direction of RFID Data Security
Physical isolation method is simple, direct and effective, which is suitable for simple applications of RFID. But its simple security mechanism also limits its scope of application: First, items with RFID tags must be suitable for packaging in such electromagnetic isolation. Therefore, the volume can not be too large, and wireless communication equipment is not suitable for this method of electromagnetic shielding. Secondly, the RFID tags in shielded isolation protect the information, but they can not provide services at this time. In addition, the cost of RFID tags will increase whether it is special packaging or chip to block electromagnetic waves. However, the cost of RFID tags still needs to be further reduced in order to be truly widely used.
The method of stopping label service is simple and easy, but it only provides the simplest information protection and has a very small scope of application. If only the tag serial number is cleared, others can still get other information in the tag, and can track the tag accordingly. If the label work is completely stopped, the label can not be further utilized. In terms of resources and efficiency, they are very uneconomical. In addition, it is not easy for consumers to detect whether the RFID tags on the goods they buy have been effectively stopped. In other words, as long as businesses are willing, they can still track consumers and spy on their privacy. So how to ensure the validity of stop label and how to reuse label are the problems that need to be solved at present.
The read access control method encrypts and protects the whole communication process of the reader, especially adding random numbers to the verification process. It has the ability of anti-eavesdropping, anti-tracking and anti-cheating, and can safely replace the legitimate Reader ID. However, it requires high hardware requirements, especially tags to achieve more logical operations and require readable and writable memory. For this method, the key is to improve the computing and storage capacity of tag chip, and to improve and simplify the verification method.
The method of double label joint verification aims at achieving a low cost of encryption algorithm, and achieves a certain degree of security. However, it still requires computing hash functions and memory with 360 bits of tags. For passive tags, it still needs the progress of RFID hardware technology to achieve.
Next, the computational complexity of the latter two methods is analyzed. We can see that in order to perform a read access control verification, the tag must have an operation to generate random numbers, a hash operation and a comparison operation; and the database server should also do the corresponding hash operation. In addition, if there are n tags in the system, the server must find the corresponding hash (TagID) in the record of the n tags. There are at least two dialogues between the entire validation tag and the reader and tag. In order to carry out a joint verification of double tags, tags need to do a hash operation, two MAC operations, and two incremental operations. There are at least three dialogs between the tag and the reader.
5 Conclusion
The data security of the front-end data acquisition system of the RFID system is analyzed, and the possible attacks are discussed and classified. In response to these attacks, several representative solutions are studied, and their implementation requirements, security intensity and scope of application are compared, their shortcomings are analyzed, and the areas to be improved are put forward.