Security of EPC Class-1

Security of EPC Class-1

Pablo Picazo-Sanchez (University School of Computer Sciences of Madrid (UPM), Spain), Lara Ortiz-Martin (University School of Computer Sciences of Madrid (UPM), Spain), Pedro Peris-Lopez (Carlos III University of Madrid (UC3M), Spain) and Julio C. Hernandez-Castro (Portsmouth University, UK)
DOI: 10.4018/978-1-4666-1990-6.ch002
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Radio Frequency Identification (RFID) is a common technology for identifying objects, animals, or people. The main form of barcode-type RFID device is known as an Electronic Product Code (EPC) and the most popular standard for passive RFID tags is Class-1 Generation-2. In this technology, the information transmitted between devices is through the air, therefore adversaries can eavesdrop these messages passed on the insecure radio channel and finally, the security of the system can be compromised. In this chapter, the authors analyze the security of EPC Class-1 Generation-2 standard, showing its security weaknesses and presenting some possible countermeasures.
Chapter Preview
Top

1. Introduction

RFID is a technology that enables identification from distance (Want, 2006) and is already used for a large number of different applications, from cards accepted for building access or payments with mobile devices (Pasquet, Reynaud, & Rosenberger, 2008) to applications in sanitary environments (Benelli & Pozzebon, 2009).

There are three main components in RFID technology: tags, readers and database. Communication between a reader and a tag occurs in a packetized manner where a single packet contains a complete command from a reader and a complete response from the tag. The command and response permits half-duplex communication between a reader and a tag. The reader is connected to a database for recognizing tags’ ID.

International Organization for Standardization (ISO) has several standards related to RFID technology. For instance, ISO11784 contains the structure of the RFID code for animals; ISO11785 defines the air interface protocol; ISO14443 defines a set of international standards covering proximity smart cards used in payment systems; ISO18047 specifies test methods for determine the conformance of RFID tags and readers to a certain standard, and ISO18046 defines methods for testing the performance of RFID tags and readers.

The Auto-ID Center was set up in 1999 to develop the Electronic Product Code and related technologies that could be used to identify and track products through the global supply chain. In this chapter, the standard considered as the “universal” standard for Class-1 RFID tags: EPC Class-1 Generation-2, in the following EPC-C1G2, is examined (EPCGlobal, 2011).

In 2007, a classification and a description of EPC tags were made by EPCglobal (EPCglobal, 2007). This classification distinguishes between four different classes:

  • Class-1: Identity Tags: Passive-backscatter tags with the following minimum features:

    • o

      An electronic product code identifier,

    • o

      A tag identifier,

    • o

      A function that renders a tag permanently non-responsive.

    • o

      Optional decommissioning or recommissioning of the tag,

    • o

      Optional password-protected access control, and

    • o

      Optional user memory.

  • Class-2: Higher-Functionality Tags: Passive tags with the following anticipated features above and beyond those of Class-1 tags:

    • o

      An extended tag ID,

    • o

      Extended user memory,

    • o

      Authenticated access control, and

    • o

      Additional features as will be defined in the Class-2 specification.

      • These two first classes (Class-1 and Class-2) are passive. Passive tags do not have their own power source. Tags use the power received from the interrogation signal (reader) and in consequence these devices have shorter read ranges compared to active systems. In comparison to active tags, passive tags occupy smaller circuit-area and can be manufactured faster and at lower cost. Passive tags are best used on low-cost and high-quantity items, as well as on products that are very small. Because there is no battery, these tags have a long life span and function until the tag is either damaged or intentionally disabled through a kill command.

  • Class-3: Battery-Assisted passive tags (called Semi-Passive Tags in Ultra High Frequency Gen2): Passive tags with the following anticipated features above and beyond those of Class-2 tags:

    • o

      A power source that may supply power to the tag and/or to its sensors, and/or

    • o

      Sensors with optional data logging.

      • This second group (Class-3) are semi-passive tags. These tags use a power source (battery) to help with powering the tag when responding to the reader and to provide power to the internal memory. The use of this battery can increase the read range even though the communication technique is the same as with the passive tags (i.e., passive backscatter). However, these tags can have environmental sensors, and the data captured by theses sensors can be saved in the internal memory. Since the power source is not used for transmitting messages, it has a longer life span than a similar battery would have if it were used in an active tag. Due to size restrictions, different types of batteries can be used, such as printed batteries.

  • Class-4: Active Tags: Active tags with all the aforementioned features and also including the following:

    • o

      Communications via an autonomous transmitter,

    • o

      Optional user memory, and

    • o

      Optional sensors with or without data logging.

Complete Chapter List

Search this Book:
Reset