Scalable RFID security framework and protocol supporting Internet of Things

Abstract Radio-frequency identification (RFID) is seen as one of the requirements for the implementation of the Internet-of-Things (IoT). However, an RFID system has to be equipped with a holistic security framework for a secure and scalable operation. Although much work has been done to provide privacy and anonymity, little focus has been given to performance, scalability and customizability issues to support robust implementation of IoT. Also, existing protocols suffer from a number of deficiencies such as insecure or inefficient identification techniques, throughput delay and inadaptability. In this paper, we propose a novel identification technique based on a hybrid approach (group-based approach and collaborative approach) and security check handoff (SCH) for RFID systems with mobility. The proposed protocol provides customizability and adaptability as well as ensuring the secure and scalable deployment of an RFID system to support a robust distributed structure such as the IoT. The protocol has an extra fold of protection against malware using an incorporated malware detection technique. We evaluated the protocol using a randomness battery test and the results show that the protocol offers better security, scalability and customizability than the existing protocols.

[1]  Josep Domingo-Ferrer,et al.  Predictive protocol for the scalable identification of RFID tags through collaborative readers , 2012, Comput. Ind..

[2]  Levente Buttyán,et al.  Group-Based Private Authentication , 2007, 2007 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[3]  Srikanth V. Krishnamurthy,et al.  Special Section on A World of Wireless, Mobile and Multimedia Networks , 2011, Pervasive Mob. Comput..

[4]  Emin Anarim,et al.  A Salient Missing Link in RFID Security Protocols , 2011, EURASIP J. Wirel. Commun. Netw..

[5]  Iwen Coisel Data Synchronization in Privacy-Preserving RFID Authentication Schemes , 2008 .

[6]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[7]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[8]  Hossam Afifi,et al.  Scalable privacy protecting scheme through distributed RFID tag identification , 2008, AIPACa '08.

[9]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[10]  Kevin Barraclough,et al.  I and i , 2001, BMJ : British Medical Journal.

[11]  Morshed U. Chowdhury,et al.  Smart RFID Reader Protocol for Malware Detection , 2011, 2011 12th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[12]  Chris J. Mitchell,et al.  Scalable RFID security protocols supporting tag ownership transfer , 2011, Comput. Commun..

[13]  Jemal H. Abawajy SQLIA detection and prevention approach for RFID systems , 2013, J. Syst. Softw..

[14]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[15]  Andrew H. Sung,et al.  SQL infections through RFID , 2007, Journal in Computer Virology.

[16]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[17]  A. Rukhin,et al.  Statistical Testing of Random Number Generators , 1999 .

[18]  Xiaomei Wang,et al.  SQL Injections through Back-End of RFID System , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.

[19]  Julio César Hernández Castro,et al.  Studying the pseudo random number generator of a low-cost RFID tag , 2011, 2011 IEEE International Conference on RFID-Technologies and Applications.

[20]  V. Potdar,et al.  Recovering and Restoring Tampered RFID Data using Steganographic Principles , 2006, 2006 IEEE International Conference on Industrial Technology.

[21]  Jemal H. Abawajy,et al.  Securing RFID Systems from SQLIA , 2011, ICA3PP.

[22]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[23]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[24]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[25]  Josep Domingo-Ferrer,et al.  A distributed architecture for scalable private RFID tag identification , 2007, Comput. Networks.

[26]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[27]  Agusti Solanas,et al.  Efficient probabilistic communication protocol for the private identification of RFID tags by means of collaborative readers , 2011, Comput. Networks.

[28]  Morshed U. Chowdhury,et al.  Mutual authentication with malware protection for a RFID system , 2010, ICIT 2010.

[29]  Andrew S. Tanenbaum,et al.  RFID malware: Design principles and examples , 2006, Pervasive Mob. Comput..

[30]  Emin Anarim,et al.  Security flaws in a recent RFID delegation protocol , 2011, Personal and Ubiquitous Computing.

[31]  Agusti Solanas,et al.  Scalable trajectory-based protocol for RFID tags identification , 2011, 2011 IEEE International Conference on RFID-Technologies and Applications.