Survivable RFID Systems: Issues, Challenges, and Techniques

Radio frequency identification (RFID) technique has been applied in high-security and high-integrity settings such as national defense, healthcare, and citizen identification. A tiny RFID tag is attached to a mobile object, which can be scanned and recognized by a reader. RFID offers opportunities for real-time item identification and inventory tracking. For applications using resource-restricted RFID tags and mobile hand-held readers, however, various risks could threaten their abilities to provide essential services to users. High mobility of the RFID system components and the open nature make an RFID system vulnerable to various attacks. Currently, although some techniques exist that might help improve survivability; there is still no complete proposal on survivability of an RFID system despite its growing popularity and importance in many applications. In this paper, we study survivability issues related to RFID systems and survey existing techniques whose usability and adaptability toward survivability would be beneficial. Survivability is defined as the ability of a system to continuously provide essential services to support the system's mission even in the presence of malicious attacks or system failures. We discuss the issues and challenges in developing survivable RFID systems and propose research directions.

[1]  Upkar Varshney,et al.  Reliability and Survivability of Wireless and Mobile Networks , 2000, Computer.

[2]  John A. Zinky,et al.  Open implementation toolkit for building survivable applications , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[4]  Juan E. Tapiador,et al.  Weaknesses in Two Recent Lightweight RFID Authentication Protocols , 2009, Inscrypt.

[5]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[6]  John C. Knight,et al.  Dependability through Assured Reconfiguration in Embedded System Software , 2006, IEEE Transactions on Dependable and Secure Computing.

[7]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[8]  Johannes Wolkerstorfer Scaling ECC Hardware to a Minimum , 2005 .

[9]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[10]  Hung-Min Sun,et al.  On the Security of Chien's Ultralightweight RFID Authentication Protocol , 2011, IEEE Transactions on Dependable and Secure Computing.

[11]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[12]  Adi Shamir,et al.  Remote Password Extraction from RFID Tags , 2007, IEEE Transactions on Computers.

[13]  Andrew S. Tanenbaum,et al.  Is your cat infected with a computer virus? , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[14]  Yingjiu Li,et al.  Protecting RFID communications in supply chains , 2007, ASIACCS '07.

[15]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[16]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[17]  Iwen Coisel Data Synchronization in Privacy-Preserving RFID Authentication Schemes , 2008 .

[18]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[19]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[20]  Sasa Radomirovic,et al.  Security of an RFID Protocol for Supply Chains , 2008, 2008 IEEE International Conference on e-Business Engineering.

[21]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[22]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[23]  Bhavani M. Thuraisingham,et al.  Information Survivability for Evolvable and Adaptable Real-Time Command and Control Systems , 1999, IEEE Trans. Knowl. Data Eng..

[24]  Shai Halevi,et al.  Using HB Family of Protocols for Privacy-Preserving Authentication of RFID Tags in a Population , 2009, ArXiv.

[25]  Ingrid Verbauwhede,et al.  Elliptic-Curve-Based Security Processor for RFID , 2008, IEEE Transactions on Computers.

[26]  Marc Langheinrich,et al.  Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols , 2004, UCS.

[27]  Jin,et al.  Research on the Survivability of Embedded Real-time System , 2008 .

[28]  Yanjun Zuo RFID survivability quantification and attack modeling , 2010, WiSec '10.

[29]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[30]  A. Kopf,et al.  High-Assurance Avionics Multi-Domain RFID Processing System , 2008, 2008 IEEE International Conference on RFID.

[31]  Berk Sunar,et al.  PUF-HB: A Tamper-Resilient HB Based Authentication Protocol , 2008, ACNS.

[32]  Tim Kerins,et al.  An Elliptic Curve Processor Suitable For RFID-Tags , 2006, IACR Cryptol. ePrint Arch..

[33]  William Yurcik,et al.  Survivability-Over-Security: Providing Whole System Assurance , 2000 .

[34]  Bernard Eydt,et al.  Guidelines for Securing Radio Frequency Identification (RFID) Systems | NIST , 2007 .

[35]  P. Israsena,et al.  Hardware Implementation of a TEA-Based Lightweight Encryption for RFID Security , 2008 .

[36]  Yanjun Zuo Secure and private search protocols for RFID systems , 2010, Inf. Syst. Frontiers.

[37]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[38]  Robert H. Deng,et al.  Attacks and improvements to an RIFD mutual authentication protocol and its extensions , 2009, WiSec '09.

[39]  Ronald R. Willis,et al.  Software quality engineering: a total technical and management approach , 1988 .

[40]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[41]  Mingyan Liu,et al.  A distributed monitoring mechanism for wireless sensor networks , 2002, WiSE '02.

[42]  Nancy R. Mead,et al.  Survivable Network System Analysis: A Case Study , 1999, IEEE Softw..

[43]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[44]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[45]  Kwangjo Kim,et al.  Mutual Authentication Protocol for Low-cost RFID , 2005, CRYPTO 2005.

[46]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[47]  Julien Bringer,et al.  Improved Privacy of the Tree-Based Hash Protocols Using Physically Unclonable Function , 2008, SCN.

[48]  Matti A. Hiltunen,et al.  Survivability through customization and adaptability: the Cactus approach , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[49]  D. P. Agrawal,et al.  Self-organized criticality and stochastic learning based intrusion detection system for wireless sensor networks , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[50]  Kevin J. Sullivan,et al.  Towards a rigorous definition of information system survivability , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[51]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[52]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[53]  Sumit Roy,et al.  Enhancing RFID Privacy via Antenna Energy Analysis , 2003 .

[54]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[55]  Maire O'Neill,et al.  Low-Cost SHA-1 Hash Function Architecture for RFID Tags , 2008 .

[56]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[57]  Mike Burmester,et al.  A Flyweight RFID Authentication Protocol , 2009, IACR Cryptol. ePrint Arch..

[58]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[59]  Gildas Avoine,et al.  RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks , 2009, CANS.