RFID Security

Radio Frequency IDentification (RFID) is a technology that is being increasingly integrated into many aspects of everyday life. The proliferation of RFID has created a paradigm shift in the way humans, pets, merchandizes, assets, etc., are currently being identified and tracked worldwide. RFID technology utilizes inexpensive wireless RFID chips or tags that store data related to the item. A nearby reader can have access to such stored data. Unlike the related magnetic stripe technology and bar code technology, RFID does not require direct contact nor line of sight contact. This chapter overviews the history and the basics of the RFID technology and its applications.

Radio Frequency IDentification (RFID) technology is challenged by numerous security and privacy threats that render the widespread of such an advantageous technology. The security threats encountered in RFID systems is different from the security threats of traditional wireless systems. This chapter is devoted to survey the existing security threats and their primitive solutions that do not consider cryptography. We classify the existing security threats into those which target the physical RFID components such as the tag, the communication channel, and the overall system threats. We discuss the physical system security solutions and the basic authentication techniques that ensure the valid identity of the communicating parties.

To provide security and privacy in RFID systems, physical solutions are not suitable because of their limitations and disadvantages. Instead, cryptography is an inevitable way to make the RFID technology secure. From a theoretical point of view, standard cryptosystems might be an accurate approach. However, they demand resources far more than those available to many tags in terms of circuit size, power consumption and area. Since low-cost RFID tags are very constrained devices with severe limitations in their budget, lightweight cryptographic techniques are the most appropriate solution for such RFID tags. In this chapter, the characteristic of a lightweight cryptosystem are defined. Then, a set of the well-known and most recent lightweight cryptography implementations is presented. This survey covers the recent hardware implementations of symmetric as well as asymmetric ciphers.

Redundant Bit Security (RBS) is a lightweight symmetric encryption algorithm that targets the resource-constrained RFID devices. Unlike its existing counterparts, RBS simultaneously provide confidentiality, authentication, and integrity of the plaintext by inserting hash-generated redundant bits among the already modified plaintext-data. Using a flexible-length hash algorithm in the RBS hardware implementation allows RBS to support different key sizes which implies flexibility in the security level. RBS hardware implementation consists of two parts. The first part implements the redundant bit generator by implementing a modified version of MAC generator that is compatible with block ciphers instead of the original MAC generator designed for stream ciphers. The second part of the RBS implementation targets implementing the encryption/decryption process. The encryption/decryption process is integrated with the transmission and reception modules of the RFID transponder. The RBS implementation presented supports online key size selection. This implies that the number of redundant bits, and accordingly the security level, in RBS is adjustable without changing the underlying hardware. This feature allows tags with the same hardware to operate with different key sizes.

One of the most important factors of a highly secure cryptosystem is its resilience against security attacks. There exists several well known attacks that target RFID systems. Having a lightweight cipher in terms of area and power consumption must not compromise its resilience to such security attacks. Otherwise, the advantages of such a lightweight cipher in terms of hardware implementation will not be valued. In Chap. 4, the RBS algorithm and its hardware implementation were introduced and discussed in details. In this chapter, the security of the RBS algorithm is investigated against several powerful and well-known attacks such as the known-plaintext attack, chosen-plaintext attack, chosen-ciphertext attack, differential attack, substitution attack, related key attack, linear cryptanalysis algebraic attack, cube attack and side channel attack. We show how the RBS algorithm is resilient against these attacks.

This chapter presents a comprehensive evaluation of the proposed RBS cryptosystem and compares its performance against the performance of existing lightweight ciphers. An extensive set of simulation experiments is performed to show that the RBS cryptosystem requires less power and area compared to other known symmetric algorithms proposed for RFID systems especially when authentication is required. Such saving in the area overhead has a direct effect on the implementation cost of RFID tags which is another main practical concern. Our experiments also examine other performance metrics such as the energy-per-bit, the hardware efficiency, the area-time product and the power-area-time product. Simulation results demonstrate RBS superiority compared to existing algorithms. The chapter shows that the RBS algorithm is a promising candidate for providing strong resilience to several RFID security attacks—despite the severe resource constraints of passive RFID tags.

The Internet of Things (IoT) is considered as the next generation of science revolution. Conceptually, it is possible to enable Internet connectivity to anything such as cloths, TVs, machines, cars, …, etc. IoT is a futuristic application of Wireless Sensor Network (WSN). The main characteristic of WSNs is that it is an ad-hoc network for enabling the communication of humans with the surrounding physical environment. On the other hand, Radio Frequency Identification (RFID) is considered the replacement technology for the traditional identification techniques such as barcode systems. One of the challenging research areas is the integration of both IoT and RFID technologies together such that it will be possible to have the advantages of both of worlds. This chapter discusses how does the unique characteristics of our RBS lightweight cryptosystem makes it a strong candidate of RFID security in IoT applications. The chapter then explains how to integrate IoT systems with the RFID technology and the pros and cons of such integration from security point of view.