1 security risks of RFID Technology
Tags: RFID tags are easily manipulated by hackers, pickpockets or complaining employees.
Network: including competitors or intruders to install illegal readers on the network, and then send the scanned data to others.
Data: one of the main benefits of RFID is to increase the transparency of the supply chain, but it brings new hidden dangers to data security. Enterprises should ensure that all data is very secure, not only their own data security, but also the security of relevant data of trading partners.
2 RFID Security Solutions
(1) Stream cipher encryption
The encryption process can be used to prevent active and passive attacks, so the plaintext can be encrypted before transmission, so that the hidden attacker can not infer the real content of the information.
Encrypted data transmission is always carried out in the same mode: the encrypted text is obtained by processing the transmitted data (plaintext) using key K1 and encryption algorithm. Any attacker who does not know the encryption algorithm and encryption key K1 cannot crack the ciphertext to obtain plaintext, that is, the real content of the transmitted information cannot be reproduced from the ciphertext. At the receiving end, the ciphertext is restored to plaintext using the decryption key K2 and the decryption algorithm.
According to whether the encryption key K1 and decryption key K2 used are the same. Encryption systems can be divided into symmetric key system and public key system. For RFID system, the most commonly used algorithm is to use symmetric algorithm. If each symbol is encrypted separately before transmission, this method is called stream cipher (also known as sequence cipher). On the contrary, if multiple symbols are divided into a group for encryption, it is called block cipher. Generally, block cipher has high computational strength, so block cipher is less used in RFID system.
(2) Stream cipher generation
Each step of the cipher function transforms the cipher sequence into a different cipher sequence. In order to overcome the problem of key generation and distribution, the system should create a stream password according to the “one-time insertion” principle. At the same time, the system uses the so-called pseudo-random number sequence to replace the real random sequence, which is generated by the pseudo-random number generator.
Pseudo random number generator is generated by state automata. It is composed of binary storage unit, the so-called trigger. The basic principle of generating stream cipher using pseudo-random generator: since the encryption function of stream cipher can change randomly with each symbol, this function should not only depend on the currently input symbol, but also on the additional characteristic, that is, its internal state M. The internal state m changes with the state transformation function g (k) after each encryption step. The pseudo-random number generator consists of components m and G (k). The security of ciphertext mainly depends on the number of internal states m and the complexity of state transformation function g (k). The research of stream cipher is mainly the research of pseudo-random number generator. On the other hand, the encryption function f (k) itself is usually very simple and may only include addition or “XOR” logic gates.
The pseudo-random number generator is implemented by state automata. It consists of binary storage units (so-called triggers). If a state automaton has N storage units, it can take 2n different internal states M. The state transformation function g (k) can be expressed as combinatorial logic. The implementation of LFSR can be greatly limited to the pseudo-random shift generator (if the pseudo-random shift generator is used). The shift register is composed of flip flops in series (output n is connected with input n + 1), and all clock inputs are connected in parallel. For each clock pulse, the trigger moves forward one bit at any time, and the content of the last trigger is output.
(3) PLL synthesizer section
The PLL synthesizer adopts ADF4106 of ad company, which is mainly composed of low-noise digital phase detector, accurate charge pump, programmable frequency divider, programmable A and B counters and dual-mode pull-down frequency divider. The digital phase detector is used to compare the output phases of R counter and N counter, and then output an error voltage proportional to their phase error. There is also a programmable delay unit in the phase detector to control the flip pulse width. This pulse ensures that the transfer function of the phase detector has no dead zone, so the phase noise and introduced spurious are reduced.
(4) RSA “soft blocker” security scheme
Although many companies have just begun to consider RFID Security, privacy advocates and legislators have been concerned about the privacy of tags for some time. RSA Security Company showed RSA “blocker tag”, a specially designed RFID tag built into the shopping bag, which can launch DoS attacks. Prevent the RFID reader from reading the label on the purchased goods in the bag. But the disadvantage is that blocker tag provides pickpockets with a way to interfere with store security. So the company changed its approach. The method is to use a “soft blocker”, which strengthens consumer privacy protection, but only after the item is actually purchased.
At present, RFID tag system has been widely used in military, logistics, commodity retail, industrial manufacturing, animal identification, anti-counterfeiting identification and other fields. Due to the failure to consider the security problem of RFID system in the initial RFID application design and development process, the security problem is becoming more and more serious, and has become an important factor restricting the wide application of RFID, Without a reliable information security mechanism, the data information in the RF tag can not be effectively protected. If the information in the tag is stolen or even maliciously tampered, it may bring immeasurable losses to the logistics support; At the same time, RF tags without reliable information security mechanism also have security risks such as easy to leak security sensitive information to adjacent readers and writers, easy to be disturbed and easy to be tracked.
Responsible editor: CT