In this chapter, the author briefly reviews the various attacks on existing identification and authentication schemes and describes the challenges in their design for RFID systems. The chapter categorizes the RFID identification and authentication schemes into two general categories: cryptographic and non-cryptographic solutions. Cryptographic solutions are based on symmetric or asymmetric cryptography systems. Depending on the resources available on the RFID tags, algorithms based on standard cryptography cannot be utilized in an RFID system and new cryptographic algorithms must be designed. However, there remain security challenges in protecting the RFID systems that cannot be solved solely by relying on cryptographic solutions. The chapter also reviews these challenges and looks at the countermeasures based on non-cryptographic solutions that would further protect RFID systems.
TopBackground
Advancements in technology have enabled mass production of cheap, miniaturized RFID transponders (tags) that have become rampant in every application ranging from animal/cargo tracking to labeling items in stores and to payment systems. All types of RFID transponders have non-volatile memory storing the identification data and some additional data. The identification data might be equivalent to a Universal Product Code (UPC) code that uniquely identifies the RFID transponder. Additional data can be stored in the tag to carry more information about a product, such as its description, category, manufacturer, expiry date, price and other useful data. The main task of RFID transponders is to securely transmit data from the memory and to confidently identify a tag. In other words, an RFID scanner (reader) should be able to find the RFID transponder in its reading range and recognize its identity, based on the data transmitted from the tag.
RFID transponders are wirelessly activated and usually scanned without being noticed. Every time an RFID transponder is scanned, it (almost always) responds immediately with the same identification number. The tag receives a specific service, depending on its identity. The service varies greatly from one application to another. It can range from simply matching the identity of the transponder to a price in a retail store to granting entrance access through a secured door in a building.
There are many technical challenges facing the designers and researchers in making a robust RFID system. These challenges are mainly due to the physical constraints of the RFID devices and their limitations on sophisticated measures. In this chapter, we review some of the challenges in choosing an RFID technology and designing a suitable identification mechanism.
Organization: The challenges in designing an identification scheme in an RFID system are described in Section 6.2. Later, in Section 7.2, various attacks on authentication schemes are introduced. In Section 7.3, symmetric authentication schemes based on standard cryptography are partially reviewed. Authentication schemes based on asymmetric, standard cryptography are summarized in Section 7.4. RFID systems have unique requirements that demand security solutions that cannot be provided by standard cryptography, and new designs are needed. Custom, specialized cryptographic and non-cryptographic solutions for RFID systems are given in Section 7.5 and Section 7.6, respectively. Finally, this chapter is concluded in the last section with recommendations for the design of an RFID authentication system.
Top7.1 Identification In Rfid Systems
RFID systems communicate via electromagnetic waves and are categorized as radio systems. All radio systems operate in a narrow band to avoid signal interference with other radio systems. Therefore, available frequencies and transmitted power in every radio system, including RFID systems, are heavily regulated. These regulations and restrictions directly affect an RFID system in reading range, memory and the applicable standards. In this section, we briefly review each characteristic.