Tamper Detection for Ubiquitous RFIDenabled Supply Chain - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

Tamper Detection for Ubiquitous RFIDenabled Supply Chain

Description:

Electronic Product Code (EPC) was first developed by Auto-ID Center in MIT in 1999. ... extracted parameters do not match then data tampering can be detected. ... – PowerPoint PPT presentation

Number of Views:212
Avg rating:3.0/5.0
Slides: 32
Provided by: leg585
Category:

less

Transcript and Presenter's Notes

Title: Tamper Detection for Ubiquitous RFIDenabled Supply Chain


1
Tamper Detection for Ubiquitous RFID-enabled
Supply Chain
2005 International Conference on Computational
Intelligence and Security, Xian, China December
15-19, 2005
Vidyasagar Potdar, Chen Wu, Elizabeth
Chang School of Information Systems Curtin
University of Technology Perth,
AUSTRALIA http//www.ceebi.curtin.edu.au/potdarv

2
OUTLINE
  • Introduction
  • Issues
  • Existing Solutions
  • Proposed Solution
  • Summary

3
1. INTRODUCTION
  • RFID Radio Frequency Identification
  • Technology for automated data capture
  • Composed of four major components
  • Tag that contains the identification number
  • Reader that activates the tag to broadcast its
    identification number
  • Middleware that interacts with the reader and the
    backend database Molnar Wagner 2004, Hennig et
    al. 2005
  • Backend Database

4
1.1 RFID INFRASTUCTURE
RFID INFRASTRUCTURE
5
1.2 APPLICATION DOMAINS
  • Supply Chain Automation
  • Asset Tracking
  • Medical Applications
  • People Tracking
  • Manufacturing, Retail and Warehouse Tracking
  • Livestock Tracking
  • Tracking exact timing in sports events

6
1.3 RFID INFRASTUCTURE
www.datasoft.se
www.eff.org
www.barcoding.com
www.kennedygrp.com
www.forrester.com
TAGS
READER
MIDDLEWARE
7
1.4 TYPES OF RFID TAGS
  • Types of RFID Tags
  • Passive Tags
  • Activated in presence of the readers radio
    waves.
  • Active tags
  • Self-activated using battery.

www.micromata.de
8
1.5 EPC DATA STRUCTURE
  • Electronic Product Code (EPC) was first developed
    by Auto-ID Center in MIT in 1999.
  • This centre developed the initial RFID standard
    and later transferred to EPCGlobal for
    commercialization in late 2003.
  • Two data structures were designed by EPC,
  • 64 bit EPC was designed primarily for testing and
  • 96 bit EPC were designed for commercialization.

http//www.sbs.siemens.cz/files/images/topics/sche
ma13s.gif
http//www.rsasecurity.com/rsalabs/rfid/images/cli
p_image001.gif
9
1.6 EPC DATA STRUCTURE
10
1.7 RFID Data Structure
  • Header which determines which EAN.UCC key is used
    and how many bits are allocated to the remaining
    sections.
  • EPC Manager which identifies the product
    manufacturer
  • e.g. Toyota.
  • Object Class which is a unique identifier for the
    product manufactured by the manufacturer
  • e.g. Camry. This value is defined by the product
    manufacturer.
  • Serial Number which is assigned to each item
    belonging to a class of product
  • e.g. registration number 1AUT315. All the values
    assigned in these partitions are in binary format
    only.

11
1.8 RFID MIDDLEWARE
  • RFID Middleware locates itself between the RFID
    reader and the backend legacy systems.
  • It manages the readers and extracts EPC data from
    the readers and sends the data to the enterprise
    WMS and the backend database.
  • From the architectural perspective, RFID
    middleware has three layers of functionality
  • Reader API
  • Data Management, and
  • Integration Management

www.irt.de
12
1.9 RFID MIDDLEWARE
13
2. ISSUES
  • Security
  • Cost
  • Privacy
  • Deployment
  • Scalability
  • Resilience
  • Multi-modal Sensing

http//www.rochester.edu/in_visible_culture/issues
-image.jpg
14
2.1 ISSUES - SECURITY
  • Security
  • Data Tampering
  • Insecure Wireless Communication
  • No security mechanisms available on low end RFIDs

15
2.2 ISSUES - COST
  • Cost
  • Low end RFIDs Affordable
  • No Security Protocols
  • High end RFIDs Very Expensive
  • Comprehensive Security Mechanisms

www.piperreport.com/
16
2.3 PROBLEM STATEMENT
  • Data on the RFID is very significant and if this
    data is tampered it can have severe consequences.
  • Data tampering of this nature needs to be
    detected as it can be a threat to national
    security.
  • Data tampering can raise issues in collaborative
    environments where this data mismatch can result
    in repudiation issues.
  • The main issue that this research tackles is to
    ascertain that data tampering has happened and to
    identify what data on the RFID is tampered.

www.cpapforseniors.com
17
3. EXISTING SOLUTIONS
  • Weis et al. (2004)
  • Cryptographic properties in tags prevent
    unauthorized readers to read the RFID data.
  • K. Chung (2004)
  • Relational Check Code
  • Henrici Müller (2004)
  • Offers location privacy but it is not scalable
    because it requires a lot of cryptographic
    calculations

www.istockphoto.com/ imageindex/319/7/319788/
18
3.1 ISSUES
  • Most of the available literature focused on
    solutions based on next generation RFIDs.
  • Such solutions assume cryptographic capabilities
    on the RFID tags which are currently very
    expensive.
  • From a deployment perspective using next
    generation RFID tags is an expensive bet and
    assuring security on current generation RFID tags
    is still a major issue.
  • Security issues in general and data tampering in
    particular has not been completely addressed in
    literature which gives us motivation to present
    our work.

19
4. PROPOSED SOLUTION
  • Proposed RFID Middleware Architecture
  • Algorithm for Tamper Detection
  • Embedding Algorithm
  • Extraction and Detection Algorithm
  • Discussion

www.adeasolutions.com
20
4.1 Proposed RFID Middleware Architecture
  • RFID Middleware with tamper detection component.
  • Tamper detection layer is specially introduced to
    ascertain no data tampering has happened on the
    RFID tag.
  • This is done to ascertain that whatever data is
    being propagated to the higher levels in the RFID
    middleware is tamper proof.
  • It acts a measure of security and trust, which
    means if the data crosses the tamper detection
    component it is assured that it is not tampered
    and it can be reliably used for any further
    processing.

21
4.2 Proposed RFID Middleware Architecture
22
4.3 TAMPER DETECTION
  • The proposed algorithms to detect tamper
    detection works by embedding secret information
    with in the RFID tags.
  • In order to embed secret information we have to
    identify some space within the data which can be
    modified to represent secret information.
  • In order to identify this space we investigated
    the RFID data structure.

23
4.4 TAMPER DETECTION
  • Header is used for identifying the EAN.UCC key
    and the partitioning scheme. Hence there is no
    redundant space.
  • EPC Manager is used to identify the manufacturer
    uniquely. Hence this partition also doesnt offer
    any redundant space for embedding.
  • Object Class is used to identify the product
    manufactured by the manufacturer. It may follow
    some product convention taxonomy where the first
    two digits might represent the classification of
    that product and so on. Hence there is no free
    space
  • Serial Number is used to uniquely identify an
    item which belongs to a particular Object Class.
  • It is orthogonal to first three partitions and
    can be decided by the manufacturer at will
    without violating any existing industry
    standards.
  • Consequently it offers enough space to embed
    sufficient amount of data.
  • The length of this partition is 38 bits (in
    EPC96) which offers enough room to accommodate
    the required amount of secret data.
  • Thus this becomes most appropriate candidate for
    embedding the secret.

24
4.5 EMBEDDING ALGORITHM
  • The embedding algorithm begins by selecting a set
    of one way functions F f1, f2, f3.
  • Each one way function is applied to the values
    within the RFID tags partition to generate a
    secret value as shown.

25
4.6.1 EMBEDDING ALGORITHM
  • This secret value is then embedded at predefined
    location within the Serial Number partition by
    appending it to the original Serial Number Value
    (SNorg) to generate the appended Serial Number
    (SNapp).

26
4.6.2 EXTRACTION AND DETECTION ALGORITHM
  • Extraction Stage
  • The following parameters i.e. A, B and C are
    extracted from SNapp using the pattern P.
  • Detection Stage
  • In the detection stage the values of EM, OC and
    SNorg are hashed using the same one way function
    set F f1, f2, f3.
  • These values are now compared with the extracted
    parameters to identify any data tampering.
  • If the parameters match then we conclude that
    there is no tampering happened for EC, OC and
    SNorg.
  • However, if the extracted parameters do not match
    then data tampering can be detected.

27
4.6.3 EXTRACTION AND DETECTION ALGORITHM
  • The actual source of data tampering can be
    identified based on the facts which are
    illustrated in the following Table.

28
4.7 DISUCSSION
  • The tamper detection technique that we presented
    is useful is identifying whether data tampering
    has happened and where the data is tampered. It
    is not a tamper proof solution.
  • The most likely location where tampering would
    happen is the EPC Manager or the Object Class
    partition.
  • This is because we assume that the motivation
    behind tampering would be to disguise a product
    against another for
  • Cheaper shipping cost or
  • Smuggling goods or
  • Other economic benefits

29
4.7.1 DISUCSSION
  • The proposed technique offers a binary result
    i.e. it can tell that tampering has happened in
  • EM or OC or SNapp
  • But it is not possible to ascertain whether the
    tampering was in EM or in SNapp or in OC.
  • However the mere fact that there is an
    inconsistency between EM and A or OC and B is
    enough to identify tampering.
  • The other option that we explored was to have a
    copy of the SNapp in the backend database so that
    in case of tampering we can precisely tell what
    was tampered i.e. EM or OC or SNorg.
  • However this is not feasible because the content
    in the RFID tag represents a type of composite
    key, and any tampering on the tag would make it
    difficult to uniquely identify the tag in the
    backend database. Hence a copy of SNapp in
    backend database does not offer any additional
    security.

30
5. SUMMARY
  • In this research, we identified some security
    issues in low cost RFID deployment.
  • Focusing on the data tampering issue, we found
    the majority of recent research work in RFID
    security assumes the deployment of next
    generation RFID technology, which requires
    excessive computing capability and hence high
    cost in the RFID tag.
  • We proposed a new data tamper detection framework
    by introducing a flexible layer into existing
    RFID middleware architecture.
  • We also gave a detailed description of the data
    tampering algorithm which can detect and identify
    whether and what data is tampered on the RFID
    tags.

31
Questions SuggestionsThank you for your
attention!
2005 International Conference on Computational
Intelligence and Security, Xian, China December
15-19, 2005
Write a Comment
User Comments (0)
About PowerShow.com