PL  |  NL  |  FR  |  ES  |  PT  |  IT  |  DE  |  DK  |  NO  |  SE  |  FI  |  GR  |  JP  |  CN  |  KR  |  RU  |  AE

  Report this article

More information

IPv6 Integration Scenarios

General IPv6 Security Concepts

General IPv6 Security Practices

IPsec Basics

What is New in IPv6

Why Do We Need IPv6

Common Misconceptions about IPv6

When to switch to IPv6

AAA Overview

Enterprise Security Models for IPv6

PPP Overview

ADSL Overview

The ISDN Layer Protocols

NAT Operation

Radio Frequency Identification (RFID) is emerging as a powerful and versatile Automatic Identification and Data Capture (AIDC) technology. RFID offers the major advantage of remote object identification, indoors and outdoors, without the limits of line of sight characteristics associated with the currently widely used optical scanning bar code technology. RFID technology products can communicate at much higher data rates, making it relatively easy for these technologies to interface with standard business communication networks in a real time manner. These new products support several other essential features than the traditional barcodes and other AIDC technologies. These additional features include rewritable memory, security features and environmental sensors. RFID is finding increasing use in a wide variety of fields, including healthcare, manufacturing, retail outlets, suppliers, etc, where the products are used to identify many types of objects such as manufactured goods, animals, and people. The wireless nature of RFID systems poses new security problems in AIDC applications. An RFID tag is attached to the object of interest and this communicates wirelessly with a remote interrogator or reader. The fact that RFID wireless communications are non-line of sight means that passive and active attacks can be carried out relatively easily, in a manner that is similar to wireless networks. It is, therefore, important that the security risks and the solutions for mitigating these risks be identified and appropriately dealt with.

The issue of RFID and Information System Security is discussed in a three part series. In part one RFID technology is reviewed as well as the application areas and the application requirements. Part two discusses the pertinent security issues with RFID deployments; with particular regard to security risks and the necessary security controls to minimize the effects of the risks. In part three, emphasis is laid on the good practice of incorporating RFID security controls to all stages of the system development life cycle.

RFID TECHNOLOGY

RFID technology is making it possible to build intelligence into AIDC. Other AIDC technologies of smart cards, optical memory cards, control memory buttons, bar codes, and satellite tracking systems are much limited due to the way in which they communicate with the associated computer systems. RFID uses a labeling component that uses radio frequency to communicate with a remote reader. The distance between the reader and the tag or label can be quite substantial. This remote capability, coupled with high data bandwidth, in addition to several add-on features, makes these systems much more effective and versatile in object identification applications.

RFID technology can be considered in terms of system components, RF subsystem, enterprise system and inter-enterprise system.

Elements of RFID system

The major components of an RFID system are RF subsystem, an Enterprise subsystem, and an inter-enterprise subsystem. The database and the Internet form part of the enterprise system. Not all RFID applications include the enterprise and inter-enterprise component, but all must have the RF subsystem.

RF Subsystem

The RF subsystem is the basic component of an RFID system. It comprises the two components of RFID tags (or transponders) and RFID Interrogators (or readers). The tags are the small electronic devices attached to or embedded in the objects of interest. Each tag has a unique identifier and may have some other features such as memory, environmental sensors and security mechanisms. Interrogators communicate remotely with the tags for the identification purpose. Both tags and interrogators have radio antennas for bi-directional communication.

RFID TAGS

There are many different types of tags, the difference being based on cost, size, performance and security mechanisms. The major characteristics are, however, common to most of the types and include:

• Identifier format, comprising header, domain manager bits, object class and serial number. A standard format makes it possible for objects to be identified across multiple organizations. Organizations who, for security reasons, may not wish to have this standard feature may develop own format. In this way others may not share the information about the object.
• Power source, to enable tags to send information and to perform other tasks. Power requirements vary according to distance between tag and interrogator, the tag radio frequency and the tag functionality. The power sources are classified as passive, active, semi-active and semi-passive. Passive tags rely on the electromagnetic energy received from the interrogator, and are, therefore, light, simple and cheap. Functionality and distance are rather limited. Active tags use own battery, and are therefore more expensive and heavier, but with better performance and more functionality. Semi-active tags wake up on received signal from interrogator, while semi-passive tags use battery only to power on-board circuitry and not to communicate.
• Operating frequencies influence certain factors including international portability of tags; the likelihood of radio interference; the ability of signal to penetrate materials; and the operating range of the signal as well as the tag reading speed and data transfer rate. The higher the frequency the higher the data rate and the longer the distance. For example EPC class-1 Generation-2 UHF can read tags at 640 kbps.
• Functionality, aside from the basic function of communicating with the interrogator, includes a number of additional features, such as privacy and protection; security, such as password protection and cryptography; memory; and environmental sensors. Environmental sensors can be used to record variables like temperature, humidity, vibration, etc, which can be useful for the handling of high value perishable objects.
• Form factor, which refers to the shape, size, packaging and handling features of an object. Other important aspects regarding form factor include weight and method of tag attachment to the object.

RFID Interrogator

The tag and the interrogator must conform to the same communication protocols. The major characteristics of the RFID interrogator are:

• Power output and duty cycle, which are often subject to existing rules and regulations. Generally interrogators with greater power output and duty cycles can read tags more accurately, more quickly and from longer distances. The higher power output, however, increases chances of eavesdropping attacks.
• Enterprise subsystem interface, necessary for the transfer of RFID data to subsystem computers for processing and analysis.
• Mobility based on whether the interrogator is wired or wireless.
• Antenna design and placement can be critical in ensuring security. To reduce the likelihood of eavesdropping the antenna should be placed such that the range remains within the intended coverage.

Tag-Interrogator communication

The communication between the tag and the interrogator is critical for the performance of the RF subsystem. The characteristics of interest include;

• Communication initiation, in which either the Interrogator Talks First (ITF) or the Tag Talks First (TTF). Only one type of initiation is allowed in an RFID system. TTF operation is easier for an intruder to intercept since the tags send beaconing signals even when they are in the presence of the interrogator.
• Singulation, the process by which an interrogator identifies a particular tag. This is important where there are two or more tags in the vicinity. Only tags with specific memory contents respond to the interrogator command. The interrogator uses the unique identifier and the random number from the selected tag in subsequent communication.
• Signal propagating distance has a strong influence on system security. With passive tags the forward channel signals are usually much stronger than signals in the reverse channel and are therefore easier to detect over longer distances. Several operational ranges can be defined, including:
  • Normal operating range;
  • Back channel eavesdropping range;
  • Rogue skimming or scanning range;
  • Rogue command range;
  • Forward channel eavesdropping range; and
  • Forward channel traffic analysis range.

Enterprise Subsystem

The enterprise subsystem consists of three major components of middleware, analytic system and network infrastructure that make it possible to connect the interrogators to the computers running software that can store, process, and analyze data acquired from the RF subsystem.

The middleware acts as the intermediary between the RF subsystem and the analytic system. It hides the complexity of the RF subsystem from the rest of the enterprise system. One major function of the middle ware is to filter duplicate, incomplete and erroneous information received from interrogators, before passing this information to the rest of the enterprise system. System administrators could also use the middleware to monitor and manage interrogators. Many middleware products are available that support event-triggered actions, as well as incorporating several additional features like printing RFID labels, etc.

Analytic Systems comprise databases, data processing applications and web servers. These process the information received from the middleware according to the demands of a given business application and requirements. These systems are generally based on open platforms since they support other AIDC applications such as bar code systems, etc.

Network infrastructure enables the communication between the RF and the enterprise sub systems. The most critical features of the network infrastructure include the physical and logical topology of the network and the data communication protocols. The logical topology could, for example, be configured to create virtual private networks, which are often useful in enhancing network security by placing the RFID system in own network segment. Physical distribution of the RFID system can be exploited through the use of virtual LANs for both performance and security enhancement.

Communication protocols are also critical for network performance, reliability, and security, both at data link and network layers. RFID systems typically rely on Ethernet LAN technology, which does not have any built-in security. Mobile interrogators use Wi-Fi protocols and technology, which may incorporate security features. The Internet Protocol (IP) is the predominant protocol when there are accesses to the RFID system through the web. This exposes the enterprise system to a number of protocol attacks, same as in other IP-based networks.

Inter-Enterprise Subsystem

This subsystem is to be found in organizations that have systems that are physically distributed over different national and international locations. It also applies to a group of organizations that have agreed to conduct certain businesses together, such as e-commerce. The Inter-Enterprise subsystem then serves to connect the various enterprise subsystems together, for the purpose of sharing information among the various subsystems. These systems are also referred to as open or online systems as they make it possible for multiple entities to access tag-related information. Extranet access will only be possible if the participating organizations configure their network firewalls appropriately. A global tag identification system is now necessary and is based on the EPC Object Naming Service (ONS), which uses the Internet DNS to support the name resolution. The ONS inherits all the standard security concerns associated with DNS and thus requires similar mitigating measures.

Discovery service is one other component of the Inter-Enterprise RFID system that is, in many ways similar in operation to the Internet such engine. It makes the system capable of locating records across information sources within the several enterprise systems.

Summary

RFID technology is emerging as a versatile and flexible AIDC technology with several advantages, including remote capability and ability to identify objects outside the line of sight. The technology can be viewed as three major subsystems of RF, enterprise and inter-enterprise. The features and capabilities that are designed into these components have a strong influence on the overall performance and security of the RFID system. There is no single RFID solution, but the solutions much depend on the application and the capabilities that are required.

Parts 2 and 3 of this paper will address the application arrears and the security issues in the deployment of the technology.

References

[1] NIST Special Publication SP 800-98 on Computer Security. (September 2006). "Guidance for Securing Radio Frequency Identification (RFID) Systems (Draft)." http://csrc.nist.gov/publications/nistpubs/800-53/sp800-53.pdf

[2] GAO Information Security Report. (May 2005). "Radio Frequency Identification Technology in the federal Government." http://www.gao.gov/cgi-bin/getrpt?GAO-05-551