A Critical Review of RFID Key Generation, Distribution and Management Protocols

FINAL DESSERTAION

A Critical Review of RFID Key Generation, Distribution and Management Protocols

SUBMITED BY

Simab Chuhan

Student Number: 42903

Submitted in partial fulfillment of the requirements for the

MSc Security Technology

In collaboration with The University of Wales And the British Institute of Technology and E-commerce

September 2012

Page | 1

Abstract

As we know that today’s we are living in digital world, wireless technology such as mobile phones, satellite navigation, Assets tracking devices, scanners and RFID tags. In my current research topic I will discuss about more detail in RFID tags, how many types of tags, what is the purpose of these tags, their reliability and acceptance in current market. I will also discuss about the structure of RFID and its Architectural methodology. Beside I will also discuss about the measure attacks which could harm and manipulating the tags.

In further detail we will discuss about their international standard which is defined in ISO/IEC 14443. Which providing the detail information about its range and transmitting methods. Radio frequency identification (RFID) proved their efficiency and controlling assets in real world for reducing the risk of damage and loss. It will help to secure the channel from manufacturer to consumer. Their cost effective tags such as passive for low cost goods will provide better security of goods and assets tracking. In further I will discuss about some organization that using successfully those tags for providing better customer service and tracking their assets. Cryptographic method will also discuss in those tagging systems.

Page | 2

Acknowledgement

I would like to appreciate those who helped me a lot for this research work without their efforts I would have not been as successful as it was. Therefore I would like to mention following names of following people.

First of all I would like to extend my gratitude for my research work supervisor, Dr Hassan Al Saeedy who has guided me throughout this research work, with his best knowledge and skills overcome to help me for completing this research work.

Secondly, I would like to thanks my lecturer, Dr Ahmed Alnaemi. Who spend his precious time to guide me throughout my working papers and keep advising me about how to work and what should I have to mention in my report.

At last not least I would like to appreciate my family who gave me this opportunity to go away from home and pursue the research degree at one of UK best University.

Finally, I would like to thanks my all house mate's for their help and support during my studies and stay.

Page | 3

Table of Content

1. Chapter 1: Introduction & History about RFID 1. Introduction…………………..…………………………………………….…7 1.1. History……...………………...……………………………………………….8

2. Chapter 2: Literature & Review of RFID System2. Basic System of RFID…………...…………………………….....……….…112.1. Types of Tags……………………………………………………………….11

2.2. Passive Tags………………………………………………………………....11 2.3. Active Tags………………………………………………………..………..12 2.4. Semi Passive Tags…………………………………………………………12 2.5. Readers…………………………………………………………………….12 2.6. RFID Reader’s Functions…………………………………………………13 2.7. Middleware……………………………………………………………….. 14 2.8. Radio Waves………………………………………………………………15 2.9. Barcode……………………………………………………………………17 3. Chapter 3: RFID Key Generation, Distribution and Management Protocols

3. Symmetric key cryptography…………………………………………….…203.1. Public key cryptography (Asymmetric cryptography)……………………20

3.2. RSA Algorithms……………………………………………………………213.3. Kerberos…………………………………………………………………….233.4. One-time key session………………………………………………………25

4. Chapter 4: RFID Market Research & Adoption

4. RFID in Market……………………………………………………………...274.1. RFID in Animal……………………………………………………………..27

4.2. RFID in Logistics……………………………………………………………28 4.3. RFID in Pharmaceuticals……………………………………………………31 4.4. RFID in Asset Tracking……………………………………………………..33 4.5. RFID Application Software………………………………..………………..35

5. Chapter5: Vulnerable Attacks & Countermeasures 5. RFID Security, Attacks & Countermeasures ……………………………..…38

5.1. RFID Virus Attack……………………………………………………….…385.2. RFID Worm Virus………………..…………………………………………395.3. Disabling or Removing the Tags……………………………………………395.4. Sniffing Attack on RFID…………….……………………………..………395.5. Cloning the RFID Tags………….……...…………………………...………405.6. SQL Injection on RFID Tags……..………………………………………..405.7. Jamming the RFID Signals……….……………………………….………..405.8. Mutual Authentication on RFID Tags…………………………….………41

5.9. Countermeasure on RFID…………………………………………………41

6. Conclusion…………………………………………………………………..…...42 7. Bibliography............…………………………………………………………..…43

Page | 4

List of Figures

1. Figure 0: Radar Apparatus [1]…………………………………………………...12. Figure 1: Passive Tag Model [5]………………………………………….………1 3. Figure 2: RFID Passive Tag [6]…………………………………………………..14. Figure 3. RFID Active Tags [7]…………………………………………………..15. Figure 4. RFID Semi Passive Tags [8]……………………………………………16. Figure 5. RFID Reader [9]…………………………………………………….…..17. Figure 6. RFID Middleware [10]…………………………………………….……18. Figure 7. Radio Wave Frequency Chart [11]……………………………………..19. Figure 8. Sample of Barcode [12]…………………………………………………110. Figure 81.Public key Cryptography example[19]…………………………………111. Figure 8.2. Kerberos Protocol [21]……………………………………………….112. Figure 9. Source IDTechEx [13]…………………………………………………..113. Figure 10. Source enhancing the supply chain by zebra [14]…………………..…114. Figure 11. Author: Dirk Rodgers (RFID is Dead)[16]……………………………115. Figure 12 Bar Codes, RFID Technology, GPS Tracking [17]……………………116. Figure 13 Classification of RFID Attacks[18]…………………………………….1

Page | 5

Chapter 1: Introduction & History about RFID

Page | 6

Chapter 1: Introduction & History about RFID

1. Introduction: Radio frequency identification known as RFID is a tool which used for capturing electronic data automatically, storing the physical assets data and tracks their records. Their most three main components are Radio frequency identification reader, all kind RFID tags and transceiver decoders. Its generated radio signals and operates on different kind of frequencies. Basic concepts of RFID tag are transponders the signals from receiver only on passive tags, passive tags are can only be read by the scanner it cannot sent signals itself, but RFID active tags can generate signals to receiver, those tags can be read by NFC's. It is work like GSM technology. Active tags can find anywhere around the world via the satellites technology. Every tag has its own unique identification. It can help to track the assets, record the data and track the supply chain. Reducing the risk of lost, securing the cost and required less human interaction. It will help to improve the management of high value item such as expensive medical equipment, high value electronic items. It’s enabling the efficiency in the supply chain point to point tracking the assets from manufacturer to consumer. Worldwide many retail supplier using this technology for tracking their assets to put those tags on their pallets, boxes or rollers. Such as in UK Tesco and Sainsbury’s they are also using such kind passive tags for controlling their goods for better visibility through their distribution channel. The tag is containing the item data transmitting this data via radio waves to the reader. Some tags are consisting of electronic circuit with an antenna. Those protocols have been used between tag and reader for communication. Their protocol helps to prevent manipulating through the process. Every reader has their own protocol and decoder to read the tag memory data.

Page | 7

1.1. History:

During the World War II it was used by British army in 1939 for indentifying the enemies and suspicious aircrafts. Every aircraft has their own transmitter installed in their system, which send signals to the centre which received by the ground radar. In 1950's and 1960's advance technology has been used in radar and for radio frequency (RF) Communication. Theoretically it was proved that how to use RF energy for indentify any objects remotely, those research papers published by the US, Europe and Japanese Scientist. New York Port Authority in US completed the first advance RFID system in 1971. it has been used passive integrated signals with 16-bit transponder in tool device.

In 23 of January 1973, Mario w.Cardullo received first United State Patent for an Active RFID tag with re-writable memory. The same year 1973 Charles Walton from California, he unlock the door without using any key with the help of passive transponder patent. He made a card with an integrated transponder sending the signals to door receiver for unlock processing. It’s like a shopkeeper personal identity card number which stored in the RFID tag, valid card can activate the door unlock. Charles Walton’s licensed this technology to the schlag, a lock manufacturer and some more companies. US Government have been starting use of RFID in 1970's for tracking their nuclear assets, Such as nuclear weapons which goes through the RFID readers at the gate and provide safest capital.

Toll collection system was introduced in the middle of 1980’s; it has been widely used in commercial properties such as, road, tunnels and building all over world. Those scientists also created the toll system, using the UHF radio wave they work on the passive RFID tag system for electric cattle. This device has used the energy to reflect back to modulator signals known for the reading device technical reverse signals, further development in company using low frequency (125 kHz), transponders in cards for controlling access to buildings. The company move ahead further for high frequency (13.56 MHz), which has been not used on regular base but also been used in most of worldwide locations. Radio Frequency (RF) provides long range and faster transmitting data processing.

Figure0 [1] Watson-Watt with the first radar apparatus

Page | 8

European Companies start using to track their assets and containers to use 13.56 MHz frequency tags. Today’s in current market 13.56 MHz RFID technology been used for contact less smart cards, payment system and for controlling access. IBM scientist created the patent of an ultra high frequency UHF radio frequency identification system in the year of 1990's. Ultra high frequency offer more than 20 meter of range and a faster transmitting the data in good conditions.

There has been idea discuss about the cost method to put only serial number on the label which will reduce the cost of tag. in the data base it will secure the serial number of the tag and available on internet for authorities to access. Before that tags was caring the information about the product and the container which travel during the movement from one point to another there was risk of reading information by intruders. Once they change into RFID technology it will help to business and their partner to monitor the shipment from factory to warehouse and retail points. Everything has automatically known by the manufacturer and merchandisers where the shipments have been reached.

Mid of 1990's it was not used commercially but with the help of IBM they has tested this technology with Wall Mart. they sold IBM Intermec Patents. This Intermec radio frequency tag systems are been used for monitoring the agriculture departmental stocks. Because of the less information about the international standards and low sale ratio technology was seems to be more expensive. in the year of 1999 some organization such as uniform code council, EAN international , Procter & Gamble and Gillette operate their funds to open an auto id center at MIT for purpose of research on ultra high frequency. Two of their scientists sanjay sharma and david brock have work usage of low cost radio frequency (RFID) tags.

In 1999 and 2003 Auto id center won the title of RFID supplying to over 100 major companies and U.S Department of defense. During the year it has been change to auto id labs and EPC Global. They are responsible of managing and continued of funding in Research and development of EPC technology. They open some laboratories in UK, Switzerland, Japan, China and Australia. There are two air interface protocols been developed by the electronic product code (EPC) class1 and class 0, those numbers are connected with the network architecture connected to the internet for RFID tag data. In 2004 EPC Global ratified as a standard of 2nd generation and spread their acceptance worldwide.

Ref [2][3][4]

Page | 9

Chapter 2: Literature & Review of RFID System

Page | 10

Chapter 2: Literature & Review of RFID System

2. Basic System of RFID: RFID systems are for identification and tracking of objects

or persons using radio waves. It is possible to identify by reading the chip, which uses a unique number to contain objects, people and information. These chips can be read automatically, manually scanned differently than a barcode. Due to the automatic identification, RFID gain their trust in the world to identify and track objects. RFID systems consist of three components RFID Tag (Transponder), RFID Reader (Transceiver) and Middleware.

2.1. Types of Tags: Microchips based RFID Tags used to store data, in late 1990's it contain much more data information storage as compare to current scenario. It’s used to be the large tags because of size of their microcontroller and size of memory. Their continuous of development progress store serial numbers of the tags which is big enough for unique identification of single product. These protocols can be set the rules of read only or read-write. as we know that if we assign read only rule to any tags which will consist their information at manufacture process than it cannot be change or alter. RFID read write tags are more expensive as read only tags those tag can be compromise with user, it can be manipulate the information in to the tag within the particular range of readers. Some RFID Tags allow user to kill their code and disable the tag permanently, after this tags are stop responding their readers. There are many tags in market which cannot be compromise with the reader that only reply to those readers where the protocols and rules have been set. These tags are called anti-collision types of tags. Those tags can use different materials and shapes and sizes, such as PVC, plastic buttons, smart cards, contact less cards. it can be used multiple layers of papers which called smart labels. These kind of small tags are embedded into the items such as clothes and jewelry’s.

As we discuss about RFID tags there are three types of RFID tags such as Active Tags, Passive Tags and Semi-Passive tags. As follow we will discuss more in detail about these types of tags

2.2. Passive Tags: In an RFID passive tags obtain power from RFID reader those passive tags contain antenna to generate power from its transponder, passive tags are contain very small population of data such as id number or product information. This antenna will generate enough power to activate the signals between tags and transponders. a distance between 6 meter to 10 millimeters these tags could be activated. An RFID cannot carry any internal power therefore its quite cheap and reliable for short description use.

Page | 11

Fig1 [5] Passive Tag Model Fig2 [6] RFID Passive tagSome tags are measured 0.15mm by 0.15mm and can be thinner than the piece of paper. There are many retail organization been using this technology from EPC Global RFID Tags. International standard organization ISO defines their policy standard such as their limits, frequency power, and antenna designs. That information available on ISO 18000-6 and ISO 14443.it is also very simple for manufacturer to print those tags with antenna. Passive tags are commonly working under 12kHz, 134.2 kHz, 13.56 MHz and below fewer than 100MHz although there also using high frequency HF passive tags which could operate at 900MHz and 2.45GHz. Those high frequency tag are more expensive and need more processing during the manufacturer processing and can support up to 2Mb data storage.

2.3. Active Tags:

Active Tags are working on their own internal power circuits its not need for antenna reader to activate the signals. Those tags are keep sending their signals to near transponders, those tags are transmitting their frequency under their power limit, such as mobile SIM communication every SIM contact to their near frequency reader and forward those signal to relevant base communication from the base it will connect to the master base and provide them to authorized the incoming and outgoing calls. Active tags are working in the same way, they are quite expensive and we can input more data on those tags. These tags have more internal memory and also can use cryptographic protocols to prevent any attacks. There are many advantages of active tags but there are some disadvantages as well likewise their cost and manufacturer process. Active tags can normally generate power of 2.45GHz although all description about active tags is mention in ISO standards. These tags can be used for locating & tracking warehouse inventory, asset management, vehicle management, detect and record the item and also used for prisoners detection and monitoring.

Fig3 [7] RFID Active Tags 2.4. Semi Passive Tags: A semi-passive tags work much like the case of passive RFID tags. Its uses internal power to communicate environmental condition but radio frequency RF signals generated by the reader to interrogate like passive tags readers. Those tags can run automatically with the sensor on real time clock. Those tags are help to monitor the temperature with their internal power and can work without readers. Semi passive tags

Page | 12

are compliant with the EPC Class 1 Gen2/ISO 18000-6C standards. We recommend those tags to record temperature during the transportation and store the sensitive goods data such as fruits, vegetables, sea food, dairy goods and pharmaceutical products which required sensitive temperature readings.

Fig4 [8] RFID Semi Passive Tags

2.5. Readers: An RFID reader is a device that can be used is to interview an RFID tag. The reader sends out has an antenna, the radio waves, the tag responds with its data. A number of factors the distance at which a label can be read from the beach. The frequency for the identification, antenna gain, orientation and polarization of the reader antenna and the transponder antenna, as well as the placement of the label on the object to be identified to be used has any effect on the RFID system range. Basically RFID readers provide various functions in-tags, will not send interrogation signals, power and antennas passive tags, semi-passive tags, encodes the data sent to and read data decoding beacon received from the tag. It usually consists of transmitter and receiver, a control unit and a coupling element (antenna). The reader may be fixed or mobile. It sends out electromagnetic waves. The bandwidth of the drive depends on the used radio frequency and power. You can use an additional interface, which can convert radio waves from RFID tags to the computer system, computer system or a programmable logic controller to be fitted. It contains one or more edits antennas.

Fig5 [9] Motorola's MC9090-G handheld RFID reader

2.6. RFID Reader’s Functions: RFID reader's task is to examine ways tags. The RFID interrogation is wireless and since the distance is relatively short. Line of sight between the reader and tags is not necessary. A reader comprises an RF module, which serves as transmitter and receiver radio signals. The transmitter includes an oscillator for

Page | 13

generating the carrier frequency, a modulator for providing data to the commands carrier signal and an amplifier are incident sufficient to increase the signal to wake up the label. The receiver has a demodulator for extracting the data returned and also includes an amplifier for amplifying the signal processing. A microprocessor control unit provides the operating system and the filter of memory and store the device data. Multi single-modal supports 1D, 1D and 2D bar code scanning, RFID and EPC Gen 2 imaging. Supports and dense reader mode (DRM) employs a simple integration of RFID technology allows processes within the supply chain. This device offers industry testing biggest decline, a seal to IP64 and integrated internal antennas. Reader’s multiple configurations available that support standards around the combination of acoustic and visual clues world. Unique can easily lead to a real-time workers item. Enable own real time communications data with integrated 802.11a / b / g. Reduces user fatigue in bar code scanning and RFID tag reading applications intensives.

2.7. Middleware: Middleware is application which creates the bridges between the RFID tags and their entire physical resources. This is the primary source of connection to the data. It helps to process the hardware and software data connection for inventory management business and goods identification. It provide the visual identification of the tag, convert data information to its credentials. It’s processing the algorithms and data repository information within its operating system. That information manages by the information technology service department or an organization authorized person who deal with those system. This middleware system allow user to monitor all goods and can implement on it beside it’s also allow user to give an orders and modify their configuration on reader interface. It’s also help user to collect the data and filtering through the channel of supply managment. It manages the entire enterprise resources planning (ERP), warehouse management system and build the customer relationship. Middleware system can work alone with the RFID reader system and change the whole process. Some of simple examples we can see on tags on bagging on airport where all baggage’s may move on the belt where all will be separate via the flight tags to the different location, each baggage goes to their exact location where it have to be. During this process middleware application and hardware interfere to filter all tags and relocate the whole process. It’s analyzing the large amount of data and capturing. RFID technology proves their automatic process help to manage the supply chains and other business domain such as aircraft maintenance and hospitals pharmacy stuff. RFID management functionality provides routing, reader management and data processing. This will provide the meaningful information of the raw data.RFID middleware application should full fill the requirement of data filtering and capturing tag information’s. That captured data can be broadcast to business partners for indicating their interest of data. Middleware should have to response immediately to their local interaction to the physical device but must sure that the date been providing is to the authorized entity and prevent any spoofing attacks, keep update to monitor their application updates and schedule changes. There are many applications whoever their interest different subset to capture the tags data. Some tags are not only providing the memory of that tag data but also provide the other information of the data which help for filtering. Middleware application also provides the read the additional memory data and in some conditions allows writing. Some additional data can be used for different purpose such as expiry date to exchange the data where no network access for Information service team. IT management team performs to tackle the incidents, changes and configuration

Page | 14

management of RFID Tracking solutions. In Current time many organization in retail are using the tags for the indemnification and tracking for their goods such as clothes, electronic device and groceries item. An RFID middleware should comply with the ISO Standards and consider all legal guidelines to supply the data collections and this requirement will also relate to the security, performance and scalability.

Fig6 [10] RFID Middleware

2.8. Radio Waves: As we know that radio waves are the electromagnetic spectrum waves which consist of photons in the form of wave. Radio activities such as radio wave frequency are the low frequency and have the high length of waves. Approximately length of waves is 3 Hz that mean the values of wavelengths are three per second which could be about 300 GHz. Although there many modules are under process of defining the clear boundaries of wavelength and their frequencies, the spectrum wavelengths range are equality from .001 meter to hundred thousand kilometers. These waves are the natural recourses, radio waves are the man made process which used by many users. That is considering as fact that the spectrum radio waves are pass through the atmosphere of the earth interception. There are three main frequency classified in RFID Tags. 1. Low frequency (LF)2. High frequency (HF)3. Ultra-high Frequency (UHF)

Low radio frequencies has the between the 30 KHz to 300KJz. most of the world are using the low frequencies for their AM broadcasting. Some of wavelengths are range from 1 to 10 kilometers. The radius of two thousand Kilometer can cover by the ground waves with the antenna. These waves can be detected within the limit of three hundred kilo meter from antenna transmitting. These waves are obstacles with he range of the earth mountains and curve shapes of the earth it can refract the low frequency radio signals. Their strength is not reduced by the absorption as well as the high frequencies. there are several standard time and frequency stations are set such as 40 KHz to 60KHz

Page | 15

for Japanese JJY and 60KHz for MSF in England for Germany DCF44 set 77.5KHz etc. if there is radio wave signals are below 50KHz are capable of penetrating ocean depths under 200 meters, As long as they long will be deep inside. Submarines under the deep water can used this length of waves for their communication. Ground wave emergency network (GWEN) is an organization by US which operate 150 KHz to 175KHz for their satellite communication during the year of 1999, this communication system could use for survive the communication even under the nuclear attack. The international standards organization (ISO) defined the structure, process and policy in (ISO 11784) and (ISO 11785).

High frequencies (HF) are between 3 to 30 MHz, in entire virtual aviation used the spectrum of HF communications. Some of metallic tags are high temperature resistant tags which allow to robust the performance. High frequency (HF) tags are tested at 200 centigrade for at least 6 hours. It’s also certified by the ISO 15693 and ISO 18000-3 standards. Some high frequency tags also allow 1 and 2D barcode printing facility and encodings. Most of tags been used for tracking books, air lines baggage processing and animal tracking etc. Radio frequency identification (RFID) has a significant change to serve a digital enhancement for working in goods environments. there are still some discussion going on that exact location of tag tracking system are still unknown and it’s not solved by the high frequency RFID because of their distance and angles detection values. RFID infrastructure is often design on low cost in order to interrogate with the minimum size of grids interaction. a large grid will allow to cover the largest area of non-directional field. There are three steps of processing RFID tags which will measure the tag distance, first is analyze the signals strength data from the tag that distance will interact with the near field communication or antenna, third main step is the reader application which provide an interface to capture the signals data and process the filtering. The signal strength of data bit is assumed by 8 times with a 12 bit resolution. These are high frequency tags based on the voltage and its magnetic couplings.

Ultra-high Frequency tags are the higher energy tags rather than HF Tags that could be work between the 860 MHz and 930MHz.there range are quite long as compare to HF frequency tags its between 3 to 6 meter of range tags can be read. UHF tags are frequently used for tracking assets such as pallet, dolly and cases. it’s used for satellite communication which allow user to encrypt the communication channels in process. Ultra high frequency designated by the US organization ITU which allow radio frequency range between 300MHz and 3 GHz of electromagnetic waves. Wave length could be 10 centimeter to 1 meter. the main benefit of Ultra high frequency transmission is their short physical wave length that could produce by the high frequency, size of radio wave are related to the same size of transmission and receiver. Ultra high frequencies are widely used for radio transmission and cordless phones. GSM and UMTS or 802.11WIFIi are also adopted the UHF frequency. Ultra high frequency spectrums are used by world wide mobile communication, defense industries and for public safety purpose. Below the chart shows the frequency range:

Page | 16

Fig7 [11] Radio Wave Frequency Chart

2.9. Barcode: As compare to RFID tracking system barcode are very popular and still capture the market because of low cost and simple printing. Many retailers are tracking their assets via this system. Barcodes are the paper base which can read every print individually, its required visibility of clear lining for reading to the reader. It cannot read the tags if there was any dirt and damaged of the barcode it would be hard for the scanner to read the tags lining. Every single tag has to read manually which cost high labor and consuming more time. There are also some difficulties of limited information available on codes and those codes cannot replace or modified it can only replace by the new barcodes. Those barcode comply with the ISO/IEC 15426-1 and ISO/IEC 15426-2. This standard are defines in detail about the verification of measuring the barcode. The international barcode quality of liner specified in ISO/IEC 15426-1 and their 2d properties is specified in ISO/IEC 15415.

There is some more benefit of barcode such as:

* Quickly identify the item and recorded automatically* Price Change of the item can reflect the both side sell price and cost price* In order to analyze the data from the previous data will help to predict the seasonal goods.* Ever single box has assigned the unique identification for shipping* This unique identification will provide the box information such as order number, quantity of box and destinations.* Distribution center goods are been tracked before sending to the retailers, once unique identification get scanned will acknowledge the store to know the source and cost.

Page | 17

Fig8 [12] Sample of Barcode

Page | 18

Chapter 3: RFID Key Generation, Distribution and Management Protocols

Page | 19

Chapter 3: RFID Key Generation, Distribution and Management Protocols

3. Symmetric key cryptography: Symmetric key algorithms can classify of encrypted algorithms which can use the same encryption key to decrypt and encrypt the cipher text and plain text. Those key can be same and identical or can be the simple transformation to process between the two keys. In practice this key response as a shared secret between two and more data to maintain private data attachments. There is one condition for both parties to know the secret key this is the only disadvantages of the symmetric key cryptography as compare to public key cryptography, therefore we should have the correct size of key length and a good algorithms to use the symmetric crypto system. As we are using 128 bit and 256 bit key size, a standard symmetric cryptography we are using the AES crypto system.

3.1. Public key cryptography (Asymmetric cryptography): Asymmetric cryptography also known as public-key cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that can flow secretly. First initial step is a network user receives a public and private key pair from a certificate authority. If a user who wants to send an encrypted text he has to get the recipient’s public key from the available list of public key. They will have to use that key for encrypting the message and send it to recipient. Once it’s received by the recipient, they will decrypt the message with their own private key and this private key is kept secret with the recipients.

Fig 8.1[19] Public key Cryptography example

We did discuss before about the traditional symmetric crypto system used a single key to share between the sender and the receiver, but asymmetric cryptography was introduced by the Deffie and Hellman and provides the different approach towards the cryptography techniques. In further we will discuss in detail about the sharing the two keys which can

Page | 20

used for public and private key. For example alice can generate the public key and private key where public key will be given to anyone who want to communicate secretly with the alice. Alice kept secret her private key and she can decrypt the encrypted message with her private key and public key. Public key cryptography is not a replacement for the symmetric cryptography. Although there are many ways where we can use the symmetric cryptography such as sending bulk data where huge data communication required.

There are many advantages if public key cryptography(asymmetric cryptography), its allow easier way to key distribution beside there is no need for trusted third party or key distribution centre to distribute the keys. There is some more key figure in asymmetric cryptography which provides proof of origin; because the secret key is the entity which is only known’s by single entity. It is provide the natural way of trust relationship between the sender and the recipients. We discussed good things in public key cryptography but there are some disadvantages as well, public key cryptography required the high computational burden and it’s not fast computational process as compare toe symmetric cryptography.

Example of Key Distribution: As discussed in key distribution and certification paper about the key distribution. [20] Suppose also that Alice and Bob want to communicate using symmetric cryptography key. They never met and have not established a shared secret key in advance. How can they now agree on a secret key, because they cannot communicate with each other via the internet cloud? A solution often adopted in practice is to use a Trusted Key Distribution Centre (KDC).

The KDC is a server that shares a separate secret symmetric key with each registered user. This button can be manually installed on the server when a user logs in the first place. The KDC knows the secret key of each user and each user can securely communicate with the KDC using this key. See how the knowledge of this key allows a user to obtain a secure key for communicating with other registered users. Suppose Alice and Bob are users of the KDC, but only about their individual touch, KA and K B-KDC

KDC-, respectively, for secure communication with the KDC. Alice the first step and the product as shown in the figure.

Using KA-KDC to encrypt communication with the KDC, Alice sends a message to the KDC to say (A) wants to communicate with Bob (B). We denote this message, KA-KDC (A, B). As part of this change, Alice must authenticate the KDC (see homework problems), for example, using an authentication protocol and KDC-shared key KA.The KDC, knowing KA-KDC decrypts KA-KDC (A, B). The KDC authenticates Alice. The KDC then generates a random number R1. This is the core value shared by Alice and Bob will be used for symmetric encryption to communicate with each other. This key is known as a session key once, as Alice and Bob use this key for this session only one that is currently in place. The KDC now need to tell Alice and Bob to the value of R1. The KDC sends it to Alice an encrypted message containing the following elements:R1, unique session key that Alice and Bob are used to communicate;

Page | 21

Fig 8.1[19] Public key Cryptography example

A pair of values of A and R1, encrypted by the KDC using the key of Bob, KB-KDC. We refer to this KB-KDC (A, R1). It is important not only KDC sends Alice the value of R1 for their own use, but also an encrypted version of R1 and the name of Alice encrypted using the key of Bob. Alice cannot decrypt this pair of values in the message (do not know the encryption key Bob), but it did not really need. We will soon see that Alice simply follow this encrypted value pair to Bob (who can read).These elements are placed in a message encrypted using the shared key of Alice. The message from the KDC to Alice is then KA-KDC (R1, KB-KDC (R1)).Alice receives the message from the KDC verifies the nonce, R1 extracted from the message and stores. Alice knows the session key once, R1. Alice also extracted KB-KDC

(A, R1) and sends it to Bob.

Bob decrypts the message received, KB-KDC (A, R1) using KB-KDC and extracts A and R1. Bob now knows the session key of an hour, R1, and the person with whom you share this button A. Of course, it is responsible for authenticating with Alice R1 before proceeding. [20]

3.2. RSA Algorithms: The RSA Algorithm is the most popular asymmetric key algorithms (public key algorithms) and was introduce by Rivest,Shahmir and Adleman from MIT in year 1977.RSA based on exponentiation in finite field of integers modulo a prime number, its takes O((log n)3) operation which can be easy to use. It can accomplished the repeated loops but also use the large numbers of integer operations.RSA algorithms required the finding the long prime numbers. The RSA security based on the intractability factors of the product of two large primes. Some time facing the difficulty when we have the large size of factorizations. When we are factorizing of RSA composite will takes O(e logn logn logn) operations required which is quite hard.For example:

Page | 22

Alice would like to general a public key and a private key. First step she will generates two large random prime numbers which can denote by p and q . Then she compute the composite figure of n=pq, Euler Phi function

Q(n)= (p-1)(q-1)

She can adopt a random number encryption exponent such as e.

gcd(e,Q(n))=1

Now she can find the decryption exponent by the function ed=1 modQ(n)

Now we know the public key can be {e,N}And private key can be {d,p,q}

Another example of encryption with the RSA is below

Bob wishes to send encrypted message M and sending it to the Alice.he will create Alice public key denoted by {e,n}, he will compute the cipher text with the following function,

c=me modn

Where Alice can decrypt the message with her own private key {d,p,q} with applying the function of m=cd modn

It is required that the operations modulo n must required the smaller message rather than m.

3.3. Kerberos: Kerberos is a protocol which provides the authentication in computer network and based on session ticket granting to allow each node for mutual communication and authentication. Client and server both use that model for mutual authentication; it does verify each other identity. Kerberos protocols are very effective against the eavesdropping and replay attacks on the network. Kerberos protocol build on symmetric key cryptography and required thirst party trusted plate form, it’s also can use for public key cryptography in certain phase of authentication. Kerberos was first developed by the MIT that use the symmetric key encryption techniques and KDC. The Kerberos authentication server (AS) plays the central node of key distribution centre. The AS is repository of not only the secure keys for all host but also has the limit the privileges of the each host what they can access and what kind of services should be available for them.

Page | 23

Fig 8.2[21] Kerberos Protocol

Alice in contact with the Kerberos AS, indicating that it wants to use Bob. All communications between Alice and. AS is encrypted using a secret key shared between Alice and the AS in Kerberos, Alice first gives his name and password for the local host. Alice as local host and then determine once secret session key to encrypt the communication between Alice and the AS authenticates AS. The Alice checks that have access privileges to Bob, and generates a symmetric session key only, R1, for communication between Alice and Bob. The authentication server (Kerberos in language, now known as the ticket-granting server) sends Alice the value of R1, and also a ticket for the services of Bob. The ticket contains the name of Alice, the unique session key, R1, and an expiration date, all encrypted with the secret key of Bob (Bob and known only by the AS). Alice ticket is valid until its expiration date, and will be rejected by Bob filed after that date. For Kerberos V4, the maximum lifetime of a ticket is approximately 21 hours. Alice sends the ticket to Bob. It also sends along a timestamp encrypted-R1 is used as a nonce. Bob decrypts the ticket with its secret key, obtains the session key, and decrypts the date and time using the session key just learned. Bob returns the timestamp value plus one (Kerberos V5) or simply seal (Kerberos V5). The latest version of Kerberos (V5) provides support for multiple authentication servers, the delegation of access rights and renewable inputs.

Page | 24

3.4. One-time key session: We saw earlier that a session key is generated once by a KDC for use in symmetric encryption key in one sitting between the two parties. Use of session keys both from the KDC, a user is relieved of the obligation to determine a priori its own shared key for the network entity of each and every one to communicate with. Instead, the user only needs a shared secret key for communication with the KDC, and you will receive a unique session key from the KDC for all your communications with other network entities.Once the session keys can also used in public key cryptography. A technique of public key cryptography such as RSA is orders of magnitude more computationally expensive than symmetric key system such as DES. Therefore, public key systems are often used for authentication. Once both parties are mutually authenticated, then use the public key encrypted communication to agree on a common vision of a symmetric session key. This symmetric session key is used to encrypt the rest of the communication technique using a symmetric encryption more efficient, such as the DES.

Page | 25

Chapter 4: RFID Market Research & Adoption

Page | 26

Chapter 4: RFID Market Research & Adoption

4. RFID in Market: If we go back in 2003 where retail market leaders wall mart have said that they need all their suppliers to use the RFID tags for their pallets, cases and goods of dollies by end of 2006, beside that Department of Defense (DOD) also taking the low cost passive tags for its weapons tracking. Some research analyst predict RFID market will grow up to hundred billion dollars but the technology didn't reach the target as expected but its work well as many organization are seems to keen about to avail this technology for smarten up their structure operation with powerful low cost RFID tags. Some of research organization has also predict that RFID tags will generate more the 70 billion by 2012 and 2017 its seems like far away to generate hundred billion per year but researcher are keep tracking on it. The researcher founds that the growth of RFID has increasing year by year about 20% every year. Government organization has already adopted the technology for their defense sector for to fight against any forgery or attacks. In year 2007 Pakistan has the adopted the RFID tags in its e-Passport, more than 90 countries have adopted the RFID chips embedded in their passports.The transport industry and logistic supply chain has the vast majority who uses the RFID technology, those tags are used to track high and low value assets. In further detail we will discuss where in an organization has adopted the RFID Tags to smarten their business operations before that we can look below a chart about the purchases forecast result which is expected by 2011 to 2021 by the report issued on idtechex.

Fig9 [13] RFID Purchase report by IDTech

4.1. RFID for Animals: The Radio Frequency identification (RFID) tagging help to calculate the things which kept the record of animals related activities such as feeding, tracking, any medical prescription by vet. The main similar problem occur when the RFID frequency not in range or they gone far away from their own feeding base but this could be change by the increasing the performance of the reader. In USA Texas

Page | 27

instruments are currently helps this technology to more efficiently the look after for animals feeding stations, health matters and water base for animals.The same RFID technology used to track the white lipped peccaries or pigs to track them in Amazon when they are heading for their meals. World Wildlife Fund (WWF) researchers recently adopt these radio frequency identification transponders to track those white lipped peccaries and those animal which weighting more than 100 pond. They try to read passive tags which been register in the reader , and those reader allocated in four different point to read the passive tags been attached to the animals it was successful when you have pre register data correspondence in different check point but it’s still need reader performance to read the passive tags in different position as we know that the passive tags are the only low cost and such a efficient work, but this cannot be reliable for long time and range could affect the performance of tracking the animals identification.WWF researchers also worked on the very high frequency and GPS system but its cost them to high and those tags seems to them very attractive and convenience in many situation during the progress of their research. Very high frequency tagging system for per animal cost them about 300$ as GPS also cost them about 3000$.this technology is attractive for the researcher to get the satellites information for GPS based tag location. Most of the tags place in animal ear because where it can survive more during the time they grown.In the year of May 11 2007 department of agriculture (USDA) in US published their progress report on RFID based projects for national animal identification system. they have more than sixteen project on RFID which employed many varieties of RFID system and functional methods for animal to track their locations. Those all tags used low frequency RFID tags, at start it was about to 60% of read rate for tags but in further progress enhance the more improvement. one of the person said that I did transfer my location and my address to chip registration on my dog, if my dog lost anywhere, someone may know how to track the owner of the dog because of its chip which is permanent form of unique identification this technology has very broad applications and function and I must say it’s not worthless this kind of investment make sense to look ahead in future prospectus.

ISO 11784 and 11785 are international standards that Radio Frequency Identification (RFID) of animals that rule is usually done by implanting a chip in a little under the skin of the animal. It’s required bit transmission by a transponder and interpreted by the receiver normally bit stream defined the code of identification and ensure the correct recipient. International standards organization ISO describe in detail about the structure of the unique identification code and ISO 11785 described the characteristics of the transmission protocol wise versa between transmitter and transponders. These standards are also updated in ISO 14223 for animal controls transponders.

3.2. RFID in Logistics: RFID is being discussed as the latest technology to help manage the problems of logistics and inventory management to learn from all companies. The visibility of the RFID technology in materials between all members of the supply chain is improved and the accuracy of the information is shared, greatly improved.

There are some goals to achieve in logistics such as linking firm's and logistics strategy logistics organization goals and decisions

Page | 28

strategy and policy formulation of logistics channel route management strategy in logistics implementation and modification in logistics analyzing logistics performance measuring

There is some more recourse which used to control the all logistic functions such as their inbound transport, outbound transport, and mode of transport. controlling the data information securely , warehouse management , what kind of material been us used , material management, planning for distribution where it goes to , what’s there routes are, quality management , carrier management and customization these are the all sort of thing which look after for logistics supply. Each and every aspect need detail description but we are just highlights the things which need to be sorted before we go further in making the logistics supply to technical way of RFID. This is a real fact that RFID technology provides the visibility and tracking the goods with a great potential of efficiency and effectiveness in supply chain management. In logistic supply chain management RFID application successfully brings the vast favor such as inventory management rationalization, transportation optimization within the limit of organization network and provides effective and efficient monitoring of production life cycle etc. Behind every successful business there was main key is their efficiency in work, how they deliver, are they deliver on time, are there quantity are correct. There are many large organization has adopted the RFID technology such as wall mart in USA and Tesco in UK both big retail organization which structured there goods based on RFID monitoring technology. It’s required for all companies to study their all parameters of RFID system before the adoption.

RFID is a diverse collection of technical approaches for many applications in a wide range of industries. As the simplest, is the previous technology, bar codes, this technology has the potential to significantly alter how processes occur and how companies work. Each application of RFID must take in order to clear business benefits. We have seen in recent years the emergence of consumer applications, the RFID technology bring about a new technology into the mainstream, and as he gains understanding and credibility by clearly visible consumer applications that demonstrate its effectiveness in millions of people, their place in the supply chain automation grow. There are also a variety of applications around this technology available for an organization. You may find that you already have is the transport and the use of an RFID tag, or even its most previous level of barcodes at RFID to identify a wireless connection to objects or people. It is sometimes known as Dedicated Short Range Communication (DSRC). Once in the connection is established with a unique identifier for an item, and the automation of a variety of processes.An example is the sorting of packages along a conveyor system. The process of reading to the points in a distribution system speakers and their position on the path to their destination has to be identified. This information can now be known to a monitoring station. This is real-time information that can be shared with the sender, with freight, and wait with the customer on the air. The program will be automatically directed to the appropriate dock door, truck, conveyor belt, etc. The expedition can in transit in case of change of plans, all to be diverted without human intervention. This real-time decision-making power is in the hands of many business operations up and down the supply of this vital information easily accessible chain. Having Management provides rapid response to

Page | 29

changes in demand, and it allows a company to provide better service for customers. The very popularity of the bar code in many areas of supply chain said its borders. Traditional bar codes can only be a small amount of information, usually around 20 characters and cannot be reprogrammed. RFID tags can have up to 8 Kbytes and can reprogram.

Radio frequency identification in supply chain management need to be discuss in detail about each and every single entity but we are discussing main key features such as manufacturing, supply management , inventory control, asset management, tracing and tracking and work process. FID operation give provides the 100% inventory visibility, tracking goods, major reductions and shrinkage; calculate the losses, data management work process, enable tag to provide real time information in database, providing unique identification, sharing data with the partner in supply management network. at the manufacturing plant, they receive pallets at the dock door where they include the unique identification RFID tags. All received goods been checked in three areas either its go to inventory or production or return goods. If there is any return good will creates another identification of smart tags to return back to suppliers. All goods cases are read by the forklift reader which update the system about the product and product location where they will be stored in the warehouse, this system help forklift driver to find exact location to store the goods in warehouse.Goods which required further productions are linked to finish production line where all raw material been handling for finish goods, RFID smart tags are generating to identify the system data base that which contents need to be relocate. All components read by case unit level and updated goods in the system. When this goods move to the work progress line they read the system belt station and divert to its base work station. A smart label has to be attached in every unit of product. Some of products required inspection for quality checking so those project relocate to the quality control processing, this quality control provide the documentation which move through the supply chain. This is the time when all finish goods need to stored forklift reader system ready to read the system data information and store the goods to the exact locations. All inventories been stored in warehouse and in warehouse finished goods send to related distribution centre are collecting the pallets.As soon as pallets leave the warehouse dispatch door, reader will update the reading of the goods been loaded to the truck and shipping out. At distribution centre all pallets read by the base point of where the reader records the inventory description and filter the unordered deliver or any suspect item. Once Again the same procedure following where the forklift reader read the smart label and guide to place the exact location. At the distribution centre many suppliers are collecting their good and supplying it to the retail destination. All pallets been wrapped and protected and kept they stable. As we know that every smart label been placed on the pallet which encoded the shipping information. All outbound deliver been updated on the system those base reader at the receiving bay are update the system which goods are accepted or which one need to be send it back, which goods need to be one the shelf or which one need to be store in warehouse. Forklift base reader will encoded the tag information and keep guiding to the driver where to place the goods. Once the deliver been received shelf reading system will put alarm for filling or low quantity at shelf if its empty it will sorted automatically to alarm the user that shelf been empty and need to fill this deliver to fill the gaps. All tags been inactivated once the supply chain process completed and all pallet or dollies can be ready to reuse. [14]

Page | 30

Figure 10 [14] Source enhancing the supply chain by zebra

4.3. RFID in Pharmaceuticals: There are real health problem for counterfeit the drugs and medicines, people are keen to concern there security which is currently growing in pharmaceutical field. There are many organizations that are making fake drugs to target the pharmaceutical company’s products; they are making the drugs which contain inactive ingredients, incorrect quantity of mixers, wrong dosages and contamination with different illegitimate drugs. Those fake drugs can harm badly to the human beings. People have trust on drugs that it will recover their pain but if it’s get wrong product which cause them to the pain. This is not the only bad situation facing by pharmaceutical companies there are some more like availability of the product on the shelves, they are also counterfeiting with this to control their stock level. Therefore pharmaceutical companies required the drug pedigree to ensure there ordered drugs are authentic through the supply chain process. RFID technology give the big impact on supply chain as we discuss before that it would help supply chain to track and tracing information with embedded with encode would provide effective and efficient control on drugs moving through the channel. There is still problem facing on pharmaceutical organization to control their assets on unit level because unit level is costly and not possible in some product to cover with every unit with smart label, but it would work excellent with pallets, cases and boxes level for tracking those drugs. There some more benefit of using RFID is that it’s not only allowing drugs to process through the supply chain process it’s also give us authenticity of the product where its comes from every station reader provides the information of the drugs detail. An RFID tags consist all information about

Page | 31

the product such as expiry date, manufacturer date etc. this information can be seen be the user level via their handset or PDA's or FDA's. The normal atmosphere is now become very intense, because the FDA's has to impose the safety status to secure the drugs approving. As we know in current market drugs price are getting higher and higher after that if they get illigitment and fake drugs it would case them hyper and more anger on pharmaceutical companies beside increase the cost of drugs also reduce the growth of the generated revenue.There many things which need to be consider because we large population of healthcare organization who care for their patients, they have to be sure that the drugs which they are prescribed to patients is authentic.

Figure 11 [16] Author: Dirk Rodgers (RFID is Dead)

Federal government and state are regular working on counterfeiting the drugs in USA they are getting solution which required recording and communication for drugs pedigree, mutual authenticity from one point to second point will provide tracking and recording each path of the channel. FID technology create it easy to making sure that all drugs are authentic, and it will create the mutual electronic pedigree to record each and every step when it is on point of supply docks through the retail point. This electronic pedigree system allows patient safety and their health care’s to counterfeit the drugs identifications and quarantine them and make a electronic logs. Those suspect products filtering increase the efficiency of the system and try to recall the product in to the system. FID is live on case level but its dead on the unit level. It doesn’t not mean that pharmaceutical companies will not considered complete loss of RFID because they are considering their price tag on the case level which is worth to them, Many of the manufacturer using the barcode to impose in per unit and not to use the RFID tags. 2d barcodes can also work on cases and pallets in supply chain management process. in USA a big retail organization wall mart are providing the strength counterfeiting of pharmaceutical products with Radio frequency identification (RFID) tagging system , RFID system provides the track and trace facility however there is issue of cost but this could be under control they are under process of reducing the cost. We can say that it would be the ideal for pharmaceutical organization to use of RFID tags for their packaging.

Page | 32

4.4. RFID in Asset Tracking: Radio frequency identification (RFID) is a groundbreaking awesome technology for tracing and keeps tracking the record of assets. It will track the information of moving object, transfer object data throughout their base stations. Some tags are expensive as the attached with the battery power some will work on reader power, some tags may use local radio wave power of source to read the tags. As we discuss before that we can use RFID tags in pharmaceuticals industries and supply chain warehouse or we can track the animal report of feeding and movements etc. there are many more things were we can use this tags such as we use this for clothing, even RFID tags can be implanted within the human body but this things will highly concern about the privacy of the human being, prisoners has been attached by the RFID tags to control them within the limit of area where they can freely move, this things will help to reduce number of prisoner in to the prison and help to reduce the cost of prisoners to keep them in prisons. We discuss about the passive tags which are cheap and more usable product in market for smart labeling to the object and reader has to read it manually every tag some tags can be read without concern of human interactions.Identity card or electric identity which is criticizing by the UK people they did not accept this and government has to back down on that project as their just won't accept any kind of identity which they have been followed by the authority although these identity card been impose on foreigners to keep record of their movement, it could disturb someone privacy but it will allot with the authentic identity of the person as chip information data and RFID will help authorities to figure out the location and the information of the person at any events. Nowadays most of the electronics cards known as smart cards has attached RFID tags , UK travel Oyster card is one the simple example of that. RFID tags can use for plastics products and high value electronics such as laptop, printers, monitors, televisions etc.

Defense department in USA called DOD they have been using RFID tags for their weapon movements tracking. Those tags placed in every unit to secure the unique identity of each object. It will increase the efficiency of the object availability and locations. FID can manage all kind of stuff such assets, people, inventory, objects etc. Many tags are placed on books, cars, car keys, mobile phones and other expensive stuff.

RFID tags can also place on sports related objects. there is another simple example at Heathrow airport, they are using the 2d barcode RFID tags for tracking and moving the baggage, each bag will caring the tag and information of the destination of the passenger and move that baggage automatically to the same flight, even there is any flight been in change in other airport that tag will help to the airport staff to move with passenger. During the year of 2010 we see the increment of RFID performance and reliability in internationally market, this credit goes to the EPCglobal who driven the standard of RFID adoption in current market. They developed auto id center for EPCglobal network at USA.

Page | 33

Figure 12[17] Bar Codes, RFID Technology, GPS Tracking, and Fixed Assets

Transportation and logistics a big place where the need of RFID is most important, shipping, freight and distribution center are using the RFID technology for tracing and tracking the records. FID tags will allow freight agent to identify the owner of the goods, it’s also allow freight forwarding agent to know the characteristics of the goods, it’s also allow them to see the bill of lading information , their original destination and where its final destination. Some RFID tags are been use for car and vehicle tracing if the car been stolen they can detect the location via the RFID tag information. Passport identity , the first e-passport used in Malaysia, those passport keep the information of the traveler their time of arrival , date departure and place of entry etc. than many other companies starting e-passport such as Norway, Japan, Pakistan, Spain, Serbia, USA,UK etc. Standard of RFID chip was set by the ISO/IEC 14443 documents. RFID chip caring many information in to the chip such as, date of birth, issue of passport, expiry date, issue date, place of issue, name , surname, sex of the person, this information is stored in MRZ data ling, which called machine readable zone. This is the small amount of data which can help to identify the person with the naked eye.

RFID technology can use for the museums stuff, all historical assets can be tracked and trace via RFID technology, that will provide the end user information application to the museums. other good benefit of the RFID tags in museum that allow user to record the data on their own RFID card for example in museum of California user got their RF card at the check point when the go through all stuff in the museum they could record the information of the historical stuff and this information they can read it at home, it will save the time of reading and listening at the museum which is normally we can see in our museum where we have given head phone or somewhere pre recorded phone facility available where we have to stay and listen the information about the history.

Page | 34

4.5. RFID Application Software: There are many software’s available in market for RFID solution but before we go for any particular software we have ensure that tool will help to improve the managing high value tools and proven its critical to enable in business process. It should help customer to emulating the tools as well as it has to provide the reliability of the middleware, and easy for users to understand the tools. Some of RFID application software is discuss below which has been adopted by the organizations.

TRANCENDS, that will deliver the RFID sensor based software, which provide the solution in retail business, healthcare, supply chain industries, asset management, Government assets management and aerospace industries. There open source RIFIDI Edge server leading the RFID software application platform, they have approximately sixty thousands users over the hundred & thirty-five countries. TRACENDS organization based in South and North America. There are some more benefits of RIFIDI application such as its low cost and lower TCO, installation is in easy way, easy for user to understand and learn, Accelerating the RFID application developing and integration, provide high performance on plat form and unit scalable. There some more application feature like its lightweight, high performance based platform on OSGi and Java, Beside also support ALE, standard based plug-in API readers.CEP/ESP provides customization for RFID, it has ability to merge the ALE and CEP modules for creating the dynamically RFID applications, web server are built-in on the application, RMI and JMS integration are easy to use.

TUPASS, Radio frequency identification (RFID) has proven their technology that can provide the benefit to return on investment it can deliver the unique visibility, Tupass is one of RFID application software designed to handle the RFID data and store RFID tags information, it will integrated with the back end existing business server and other third parties. They have some special functionality which need for practicing in business. This application proven that it can improve their ability in inventory management in the supply chain process. Increasing the visibility to the supply chain, providing the real time data communication into the supply chain. It can also provide the detail information of the product source and its destination, providing the tag reading without interaction of any line of sight reading tags. Increasing the speed of processing, increasing the real time decision taking support. Why we can choose Tupass what other source it can offer to grow the business, there are some other tools which available in Tupass such as it modules which can offer the flexibility to update as you business changes. Module pricing are very minimum in range. SAAS software as a service, this service will provide the virtually eliminates risk, as large expenses associated system purchases. Every single module design to meet specific requirement of the users. It allow secure browser to access via the internet. It can help with pocket PCS,PDA's and smart phone etc. that software can reduce the IT software support requirement, reducing hardware servers, reducing training on the software, customization the application, cost changing dramatically and responding to new opportunities when its increases.

ACTIVEWAVE, this organization developed several different applications on specific field of RFID software’s. It can run on windows me, windows 2000 and

Page | 35

windows XP based computers. This software can integrated with the activewave reader which provides the access control, inventory management control, tag based on container or pallet tracking, every product tracking information throughout the manufacturers. Asset tracking, people tracking in hospitals, control on parking permits, car tracking etc. it’s also ensure users to customize the application integrated with the product information through the RFID tags. Users can also integrated with the application programming interface (API) and its physical layers protocols to interface the RFID readers. As their website mention that they are using the VLSI integrated circuit in their activewave RFID readers computing technology. This system will allow developing RFID readers control panel positioning and adjacent to other process. The core of the activewave system are built around the RFID readers, RFID tags, end user ,hosts and windows based application software’s. Between the reader and the host all communication through via secure wireless link. Activewave reader has a capability to read multiple tags at same time; it can read the tag between the distances of 100 to 140 feet. One single Activewave reader can cover up to 30,000 square feet for area. Activewave RFID integrated solutions provides the hand free operation, multi tagging functionality, high performance on security, unlimited virtual memory, quite easy for system integration, user friendly, reliability of active tag at lower power, wireless connection facility between the user and the host.

Page | 36

Chapter5: Vulnerable Attacks & Countermeasures

Page | 37

Chapter5: Vulnerable Attacks & Countermeasures

5. RFID Security, Attacks & Countermeasures: Security in RFID is system is live in real operation because of RFID tags are easy to attack via the radio waves, and can be easy for third parties or middleware to read the tag contents without the acknowledgment of the authentic party. there are many other attack consist on RFID such as cloning tags, chip removing , collision with the tag standards these issue are very considerable at high point. Beside there are some issue been discussed on passport chips and smart cards. Some viruses and sql injection can cause the damage of the data information. There are number of inherent vulnerabilities which have serious implication on security potentials. There are some structure methods on RFID network which can develop the classification of RFID attacks. Those classification attacks define in figure given below.

Figure 13[18] Classification of RFID Attacks

5.1. RFID Virus Attack: viruses a text file contain source of codes which can normally infect on .exe, .com and Microsoft word files etc. viruses need user interaction to propagate for example virus can come in to system via the floppy disk, USB drive, flash drive or any email which caring the .exe extension file attachments can be virus, clicking to any web link which could payload the trigger of downloading for .exe files. The system will not get down unless user performs any task. Viruses contain files only effect on local machine, it cannot effect on other machine on the network unless user interface interact with the infected file executed to the other machine. Main aim of the virus is to infect the files, and those infected files can be copied to other machine via the user

Page | 38

interaction. Virus is code which cannot run itself, its only run when host machine activate the infected file.

5.2. RFID Worm Virus: A RFID worm may cause interruption in complete network and it does provide help to give unauthorized access to the attacker. The worm can infect the RFID system application and it can give way to compromise with the RFID server and Middleware application. The worm is the application which can replicate itself over the network. There are no need for human interaction it will copy itself to the host machine via the server. Once the RFID tags infected it will also infect the other tags over the network and this process will kept working to next source of the tag. There continuously of the infection can cause the exploiting the security flaws in wide network. A worm application can distinguish with the virus and payload the trigger of the virus without human interaction. A worm can delete the files and to execute the update patches of the application software which allow other worms to install in the machine that will reduce the security of the system and allow system to buffer over flow. A worm can also offer to allow hackers to enter via backdoor without acknowledgment of the authorized person. A worm allows hacker to access to the server and get the information of the tag and modify or manipulate them. The size of RFID tag are to small in size which can contain the whole application of the worm but its only contain the pay load files which can access to the system viruses and allow other worm application to download itself via web browser. Those tags are containing the binary codes for downloading and executing the worm or the shell commands. Binary code and shell commands does the same role. Shell command using the low space as compare to binary code shell commands are portable. there are some database which allow user to attack via the SQL injection commands , this SQL command allow users to inject the codes in to the database server and its help them if the middleware program written on C or C++ language because of these language allow worm to buffer overflows the system and run out of the memory error. I haven't seen any buffer overflows where worm has been used but it is possible to execute the shell commands for creating the worm.

5.3. Disabling or Removing the Tags: There are ways to kill the tags via the possible attack of disable the RFID tags which can destruct the whole operation of the tagging system. There are some ways to render the RFID tags and destruct them completely with the KILL command. hence the RFID Tags has some poor physical layer security which can easily remove from the item in some way such as clothing etc. there are some theft who are manipulating with the tags in the supermarkets they change the low price tag with the high price item and those tags get wrong information at the checkout. It can cause the damage to the business this kind of attack does not need any technical skills but this attack can work only few units or few item it cannot work on large scale.

5.4. Sniffing Attack on RFID: Sniffing is the mode of attack which can attack via the network and the wireless; it will communicate between the transponders and the reader that will counterfeit between the communications. it can obtain the unique identification (UID) and user meta data information without acknowledgment of the authorized person. It is simple and basic attack on the structures and RFID tags. It can continuously replay

Page | 39

the attack to get the access to control the systems. Intruder access to the information between the two end users it can access via the IP packets or raw data from any network port. Sniffing the RFID packet can give access to the attacker to get the information and can modify the tag information within the communication channels. It’s required more secure channel to countermeasure this problem.

5.5. Cloning the RFID Tags: there are another attack mode on RFID is cloning the tag data, cloning is the tag data which copied to another tag or can change their unique identification, for example if you identity card data has been hacked by the hacker and they can create the fake identity with your information which could be valid for the authorization. Those attacks are very generic to the RFID system, it is prove that it’s not a big deal to manipulate the tag information and clone the tag with cheap price and no need more expertise in the current system because there are many program available in the market for rewritable and reprogrammable tags. Some of passive tags have been always a good target to clone the information because of its small memory; attacker can gain the access and insert the malicious code in to it. The passive tag has less security as compare to active tags.

5.6. SQL Injection on RFID Tags: SQL injection it can be short access code which allow access to the database system, it will communicate with the middleware , this short code are malicious it can also put trigger to run out the memory buffer overflow for example if the code says that read the id 1= a instead of reading the id1=a it will read the injected code idX=a because of short code injected value x it will run the loop with the value of x , every time it will run the same different copied value on every single segment on the memory location. There are some to avoid this problem such as denying the multiple read of x value or set the value of the id beside MYSQL provide the different security it won’t allow user to send the sql commands. Web servers are generally connected with the scripts which is embedded with the sql quires or CGI scripts. There are many web page which allow user to fill the form even banking sector has the same system to send any query from the customers this will allow user to send the data or sql code via that application forms, some time web server can ignore the sql codes which can harm the system network.

5.7. Jamming the RFID Signals: The Jamming techniques has used by the police by using the jammer and broadband jamming for transmitter. It can also attack against the anti collision system (RSA attack), it can prevent the reading of the RFID Tag. It can allow to service denial attack against the RFID system. this jammer will jammed the all radio waves and can banned the frequencies to access but it has limit to certain frequencies and power to stop that radio waves in different area. those jammer could affect the all process of the communication channel between the tags and the readers if it can place near the reader, if will block the reader reading because their radio waves jammed , and has to read every tag manually if its arrived at the docks , automatics system will be effected and whole supply chain interrupted. There some product which can also cause to interrupt the signals such as product covered with the foil paper or if product in deep water.

Page | 40

5.8. Mutual Authentication on RFID Tags: Mutual authentication required for identification and authentication of the data between one point to second point, as symmetric authentication method provide the legitimate entities of the tag in to the communication channel, both entities can be verified from the middleware. ISO/IEC 9798-2 based protocols discuss the all method of the Symmetric authentication protocols of challenge method between one ends to other end. Antenna based tags can be read through the other reader therefore its required mutual authentication with the reader and the tags itself to verify the data information. Cryptographically function allows RFID system to secure the data in encrypted form, key sharing between the user and the reader was encrypted and secure. Challenge response will provide efficient way to authorize the tags data. If the tag data does not consist the same key than server will simply avoid the tag reading. Key has been secure to the server it cannot be publish to the users. Most of the RFID system using the symmetric algorithms because its use of computational power processing, we have two encryption form to work symmetric cryptography and asymmetric cryptography. One is key sharing algorithms and other has the computational automation.

5.9. Countermeasure on RFID: if there is will there are way to tackle the situation , Cryptographic function provide the reduction of the attack if we can use some good protocols such as AES, triple DES and RSA function etc. we learned that cipher system will allow RFID data to ensure the security of the tags and deny the access of the unauthorized activity, if any attacker can get information through the channel it will get the information with encode with the protocols and required the decryption key to access the data, without the access key it won’t allow them to access the data. There are some active tags are based on the biometric information for its functionality it will reduce the risk. Beside reader function can help to prevent the DOS attack if it can read only one time functionality or it can set the limit of access the data after that request it can block the activity. Creating session is one of the secure processes of RFID communication channel, if session is delay or continuous request will avoid the transaction. It limit will also help to prevent the denial of service attack. Cryptographic functions are work very healthy but its depend on their algorithms , if the algorithms are correct and using the good cryptographic method it can help otherwise that could bypass the functionality and increase the risk of the attack. There are research modules going on quantum computing which can allow user to get the data from the AES and triple DEs protocols but these machines are under process and only use for the top class government organizations. The one way function can achieve the result of the RFID pseudo-random key functional.

Page | 41

6. Conclusion

RFID system is increasing widely in real life there for its security has been very critical, everyday facing the new challenges. it this research I just simply review the critical information of RFID technology, their more module need to be discuss in detail such as their protocol in security, their tagging information etc. there many other attack modes which can be considering and some more countermeasures need to be discussed. We try to combine the whole structure in simple way to give the good understanding of the RFID system. Threats can come to the business but good business man has to tackle the situation under their budget. There some point need to be research on that field. There is more detail in SQL injections need to be verify by the readers and its need more extra work in detail to cope this situation when it’s occurred.

RFID system depends on the software tools which available in the market therefore we need to ensure that all software should occupy the capability to secure the information throughout the whole supply. The debate is keep going on the cost, as business relationship will start from that point, RFID prove that it’s efficient, cost effective and reliable for the business continuity and controlling the asset tracking. Their set or rules are described by the international standard organization (ISO), there are many active tags and passive tags module need to be discuss in detail about their frequency and tag data capacity in detail and the mode of binary codes to be store in the tags. RFID technology should be adopted by the organization as its worth of saving the business and the investments.

Page | 42

Bibliography

1. Figure [0] The History of RFID Technology by Mark Roberti at rfidjournal.com2. Ref [2] http://dspace.mit.edu/bitstream/handle/1721.1/56570/15-912Spring-2005/NR/rdonlyres/Sloan-School-of-Management/15-912Spring-2005/D8B41B98-2CC8-45A0-B59F-5B4FE2A10E54/0/rfidwhyisndustry.pdf3. Ref [3] http://www.rfidjournal.com/article/articleprint/1338/-1/14. Ref [4] http://en.wikipedia.org/wiki/RFID5. Figure [1] Scienceprog.com article 16 October 2007, how does RFID tag technology works.6. Figure [2] IPaper knowledge centre report www2.ministries-online.org7. Figure [3] http://image.made-in-china.com/4f0j00OBGaIeHzYVoD/RFID-Active-Tag-Nfc-2432a-.jpg.8. Semi-Passive RFID Response Tag Series 13005. gaorfid.com9. Motorola's MC9090-G handheld RFID reader 10. Figure [6] http://rfid-lab.pl11. Figure [7] taken from Sunday, January 16, 2011 blogspot.co.uk, Radio Wave12. Figure [8] taken from Barcode Data link web description barcode scanner (barcodedatalink.com).13. Figure [9] Source IDTechEx 14. Enhancing the supply chain by zebra supply chain 15. Figure [10] Source enhancing the supply chain by zebra.16. Figure [11] Author: Dirk Rodgers (RFID is Dead, April 12th, 2010) rxtrace.com17. Figure [12] Bar Codes, RFID Technology, GPS Tracking, and Fixed Assets Posted by Joe Lewis (b1fixedassets.com) 18. Figure 13 Classification of RFID Attacks taken form Aikaterini Mitrokotsa, Melanie R. Rieback and Andrew S. Tanenbaum Publication of Classification of RFID Attacks Department of Computer Science, Vrije Universiteit De Boelelaan 1081A, 1081 HV Amsterdam, The Netherlands19. Figure [8.1] taken from Key distribution centre http://210.43.128.116/jsjwl/net/kurose/security/keydist.htm20. Key distribution example by http://210.43.128.116/jsjwl/net/kurose/security/keydist.htm21. Figure [8.2] Kerberos source from zeroshell.org

Page | 43

Appendix A: Open Cookies

Internet Explorer1. Open the Internet Explorer.2. Click on the wrench icon and select Options→Under the Hood (tab) →Click Content settings→ Cookies→Show Cookies and other site data.

FireFox1. From the select Tools Menu→Options2. Go to the Privacy tab→Show Cookies3. The process to look at the cookies in firefox

Google Chrome1. From the select Customize and control Menu→Options (like a wrench symbol)2. Go to the Under the Hood tab →Find Content settings→Cookies3. Click on “Show cookies and other site data” 

Page | 44

Appendix B: Abbreviations

Radio Frequency Identification RFID

Radio Frequency RF

Ground Wave emergency Network GWEN

High Frequency HF

Very High Frequency VHF

Low Frequency LF

Structured Query Language SQL

American Encryption Standard AES

Data Encryption Standard DES

International Organization for Standardization ISO

International Electro technical Commission IEC

World Wildlife Fund WWF

Electronic Product Code EPC

Ultra High Frequency UHF

Key Distribution Centre KDC

Page | 45