RFID systems integrated OTP security authentication design

As radio frequency identification (RFID) technology matures, the application of RFID system also increased significantly and has been widely used in commodity storage, access management. We believe that it will become one of the major electronic money for the daily business consumption in the future. However, the stability and security of the data transaction will be more important for the demand of business applications. In the existed solution, we have not yet found an effective way that the Tag can be completely prevented forgery and attack. In this paper, we analyses the security problem of RFID authentication and propose security authentication for RFID tags based on a one-time password (OTP) authentication method. By the way of OTP authentication, we can improve the security of the RFID tag authentication. It can identify the authorized RFID Tag by additional OTP authentication. If an attacker uses eavesdropping to clone a RFID tag, the clone one can be identified by OTP authentication. We use RFC-6238 Time-Based One-Time password (TOTP) algorithm which is based on HMAC-SHA1 algorithm to enhance the authentication mechanism of RFID security. And we also use the computing power of NFC-enabled smart phone to generate TOTP by OTP generator which designed in this paper. The TOTP can be repeated and the security written to the tag. Thought using RADIUS authentication technology, manufacturers can easily apply this technology in the existing RFID system. It is easily provided to users to use roaming function between the different service providers, as long as they using the same frequency and standard of RFID technology.

[1]  David M'Raïhi,et al.  TOTP: Time-Based One-Time Password Algorithm , 2011 .

[2]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[3]  Zhang Lu,et al.  Low-cost RFID security protocols survey , 2011, Proceedings of 2011 Cross Strait Quad-Regional Radio Science and Wireless Technology Conference.

[4]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[5]  David M'Raïhi,et al.  HOTP: An HMAC-Based One-Time Password Algorithm , 2005, RFC.

[6]  Craig Metz,et al.  A One-Time Password System , 1996, RFC.