A SURVEY OF MOBILE RFID AND ITS SECURITY ISSUES S.R. Seenivasan, M.C.A., (Ph.D), Asst. Prof. K.L.N. College of Information TechnologyAbstract — Radio Frequency Identification (Uniform Product Code - UPC) must be(RFID) is currently being used for auto- brought before the reader or laser and labelsidentification of objects, assets, pets, and must be scanned one by one. This leads topeople. Its initial success in offering laborious, painstaking, human- error prone,strategic advantages for businesses, by and time consuming inventory check, andefficient tracking of inventory in the supply also makes customers in a store to wait inchain, has left this technology wide open to long queues at the cashier counter. That line-many applications that are only limited by of-sight between label and reader is oftenpeople‟s imagination. This technology will difficult, impractical, or even impossible tohave a tremendous impact on our society, achieve in industrial environments, thereforeonce it starts to assist people in their daily RIFD technology allows accurate and verylife. A right step in this direction would be quick scanning of products in large bulksMobile RFID, where a RFID reader chip is thus speeding up the supply chainintegrated into a portable mobile device like management. Other advantages of RFIDmobile phone, and PDA. Mobile RFID technology include: RFID tags can stand awould help consumers in shopping, and harsh environment, long read ranges,allows quick and easy access to information, portable database, multiple tag read/ write,just by bringing their mobile devices near to tracking people, items, and equipment inan object that has a RFID tag. realtime, etc.  gives a detailed description about RFID technology and its advantagesThis paper pioneers in describing Mobile for supply chain management. Passive RFIDRFID‟s new applications and security tags are attached to objects/products andchallenges. It focuses on different Mobile these tags contain tiny, but durable computerRFID application zones, and their related chips with very small antennas. Passive tagssecurity threats, and security requirements. are powered-up from the interrogationFinally it proposes simple security Radio- Frequency (RF) signal of a reader.architecture for Mobile RFID applications in The tiny computer chips contain anLocation-based Services zone. Electronic Product Code (EPC) that uniquely identifies the object to which it isKeywords: Mobile RFID, Mobile RFID attached to, and the antennas automaticallySecurity, RFID Security transmit this EPC number without requiring line-of-sight (i.e., visual) scanning, to RFID1 Introduction readers within a certain RF range.1.1 RFID Technology 1.2 Building Blocks of RFID InfrastructureRadio Frequency Identification (RFID) is a This sub-section introduces the four mainmeans to efficiently, easily, and quickly building blocks of RFID Technology. Thisauto-identify objects, assets, pets, and infrastructure is currently being developedpeople. So far, RFID technology is used by by EPC global Inc. . This organization issome big companies like Wal-Mart, Proctor entrusted by industry to establish and& Gamble Co., Hewlett-Packard, Prada, support a global standard for real-time,Gillette, GAP, Target Corp., and the automatic identification of information inAlbertsons Inc., to track their inventory in the supply chain of any company, anywherethe supply chain. With the current barcode in the world.technology, each product‟s barcode label
1.2.1 RFID Tags , after obtaining the contract from EPCglobal, has invested heavily in buildingAs mentioned above, every RFID tag and marketing an EPC Network specificallycontains its unique EPC number. EPC is a to look up EPC data. It becomes veryglobally unique serial number that identifies necessary to look up each EPC number on aan item in the supply chain. EPC central data repository like we do with adata/number contains: EPC Manager Web page or other system using DNS.Number (identifies the company), Object Keeping EPC data as an unique reference orclass (similar to a stock-keeping unit, also primary ID, further information about thecalled product number), Serial number respective product is stored on databases and(specific instance of the object class being servers of EPC Network. This networktagged, objects own unique identifier). assists local company staff andEPCglobal allocates manufacturers specific geographically distributed supply chainblocks of EPC numbers, and manufacturers partners to easily and efficiently accessthen add their own product codes and serial information on any product they arenumbers to their assigned manufacturer handling from any location. The EPCnumbers to create unique identifiers - EPCs. Network  consists of three mainFurther information about the product is components: Object Naming Service (ONS),stored on a network of servers and databases the EPC-Information Services (EPC-IS), andcalled EPC Network. Therefore, unique EPC the EPC-Discovery Services (EPC-DS).number acts like a pointer directing theRFID reader to the right entity on the EPC The ONS like DNS, is an authoritativeNetwork from where the reader can global directory of EPC-IS. EPC data isdownload additional related data about the registered within the ONS. A retailerproduct it scanned. may need to get information about the product it has just received. He scans1.2.2 RFID Readers the EPC number of the product‟s RFIDRFID readers are used to scan RFID tagged tag and sends it to the ONS. ONSitems. RFID readers send scanned EPC data returns the location of thefor processing to EPC Middleware. manufacturer‟s EPC-IS. This query process is transparent to the retailer1.2.3 EPC Middleware takes only milliseconds to execute.In order to handle the billions of reads that EPC-IS are individual companies‟happen in a typical warehouse we need is to publicly accessible databases thathave a middleware (filtering software) for contain the details related to a product.the readers. The data created by an RFID EPC-IS would contain the EPC data,reader needs to be filtered and smoothed product description, size, weight,before it is useful for any application. Hence packaging, shipments, product arrivalEPC Middleware manages real-time read and departure details, and various otherevents and information, provides alerts, and data that are appropriate to share withmanages the basic read information for supply chain partners.communication to EPC-IS as well ascompany‟s other existing information The EPC-DS interacts with Informationsystems. It enables efficient useful data Services throughout the life of the productexchange between RFID readers and EPC and maintains a history of each statusNetwork. change for the EPC tag. As products make1.2.4 EPC Network their way across multiple points throughout the supply chain, this process of productsJust like the global look-up system such as being scanned, and the knowledge of theirthe Domain Name Service (DNS), VeriSign data within EPC-IS being passed on, repeats
itself. The registration of this product even interoperate with mobile phones. Thusknowledge by each EPC-IS into the EPC-DS every individual is capable of carrying aenables full supply-chain visibility. By RFID reader embedded in his mobileenquiring EPC data from ECP-DS any phone/portable device, making RIFDmember of the supply chain can obtain real- readers ubiquitous. With the presence oftime, complete visibility of the supply chain. billions of geographically distributed RFID tagged items all around, providing us with1.3 Mobile RFID Technology instant real-time information, it becomesAs mentioned above, most applications of necessary to look up each EPC number of aRFID for tagging and tracking items have tagged item on a publicly accessible centralbeen for operations within a single big data repository. Therefore, minorcompany and its supply chain partners. The modifications to the RFID infrastructurereason being, RFID tag costs are still described in section 1.2, would best suit thisrelatively high, but they are declining future Mobile RFID technology.quickly and approaching a level at which it 1.3.1 Applications of Mobile RFIDbecomes practical to tag products at the itemlevel. This will open the door for large-scale Once the RFID tags become cheap, we canuse of RFID tags on consumer goods. Very literally attach them to as many items assoon we can realize, one of the visions of possible. As a result, just by bringing mobileautomatic identification and ubiquitous devices near to a RFID tagged object, wecomputing, which is the creation of an can quickly and easily download“Internet of Objects”. information held by that object and view it via mobile phone‟s display screen. ForIn such a highly connected network; example:devices, objects, items of any kind dispersed We can download information about athrough an enterprise or in our society can particular location by scanning RFIDtalk to each other, providing real-time tagged sign posts, and landmarks.information about the objects, location, We can download bus routes bycontents, destination, and ambient scanning RFID tagged Busesconditions. This communication allows We can download prices of RFID taggedmuch-sought-after, efficient and easy merchandise sold at stores, published inmachine to- machine identification, catalogs for Compare Shoppingcommunication, and decision making. ThusRFID technology will have a tremendous We can download movies, music,impact on our society, once it starts to assist trailers, show timings, and theaterpeople in their daily life. A right step in this locations by scanning RFID taggeddirection would be Mobile RFID, where a movie posters, music CDs, etc.RFID reader chip is integrated into portable We can download current menu beingmobile devices like mobile phones, and served at a particular restaurant byPersonal Digital Assistants (PDA). scanning its RFID tag, published in a restaurants catalogIn near future, Mobile RFID would equip We can make a quick call or send anpeople to carry along with them a portable instant message by scanning RFIDRFID reader in their mobile phones. This tagged photographs, business cards,extends mobility, allowing people to scan address books, etc.RFID tagged items as and when they wantand provides an easier, user-friendly 1.4 Related Workapproach to quickly and efficiently access We strongly believe that Mobile RFIDinformation from RFID tags.  Nokia is technology has a great future and it‟s a verynow offering portable RFID readers that challenging research area. It is poised to be
one of the future killer applications and and nearest theater locations by scanningservices of mobile communications. Since RFID tagged movie posters etc.Mobile RFID technology is still in itsinfancy stage, to the best of our knowledge Security framework for this zone is verywe did not find any literature that discusses much open. In this zone all RFID taggedabout security for Mobile RFID technology. items respond to every mobile RFID,This paper could be the first of its kind to otherwise the main purpose of these items todiscuss about the vision and security provide instant information would bechallenges of Mobile RFID technology. defeated. Therefore in this zone there would be no security requirements for2. Mobile RFID Application Zones authentication and securing theApplications of Mobile RFID can be broadly communications between RFID tag andcategorized into three zones namely: mobile RFID. But there is one problem,Location-based Services (LBS) Zone, these publicly available tags can be fake orEnterprise Zone, and Private Zone. Security must have been illegally modified and hencethreats and security requirements for Mobile no longer truly represent the services of theRFID differ with respect to these zones. tagged item.Figure 1 is self-explanatory about thevarious security threats and security In such an unprotected zone, establishing arequirements for these three zones.  appropriate security architecture is veryprovides a detailed description of various difficult. Mobile RFID must contact manysecurity and privacy threats for RFID EPC-IS which might be either genuine ortechnology and also discusses certain malicious. It should also be able to identifyproposed security models. and securely communicate with only genuine EPC-IS. But these tasks could2.1 Location-based Services (LBS) Zone create a huge burden on the lowcomputing and resource-poor mobile device.In a location-based services zone, serviceproviders can provide us with services Our proposed security architecture“related to” and “available at” that location. (explained in the following section) forThe coverage of this zone is very large Mobile RFID - LBS zone describes awhich includes all public places. In this convincing trust model and secure jobzone, service providers and vendors want to delegation to mobile operator. Therefore theprovide services that are available at mobile operator can help in reducing thecustomer‟s current location. To accomplish communication and computational burdenthis, service providers deploy RFID tagged on the mobile RFID. The architecture alsoitems/devices all around, which provide us provides users privacy protection.with instant real-time information aboutservices available at that location. However 2.2 Enterprise Zonethe communications between the mobileRFID and EPC network must be secured. In this zone Mobile RFID assists company‟s mobile staff/employees like inventoryMobile RFID thus identifies and interacts checkers, field engineers, maintenance andwith such smart devices/items and obtains repair staff, and security guards. It helpsservices like information about a particular them in real-time inventory management,location by scanning RFID tagged sign work attendance log, instructions on how toposts, and landmarks, download bus routes operate tagged items, „identification of‟ andby scanning RFID tagged Buses, download „access control to‟ tagged equipment andprices of RFID tagged merchandize sold at secure enclosures, and proof of staffstores, for Compare Shopping, download presence at certain locations in a buildingmovies information, trailers, show timings, that needs to be monitored periodically, etc.
The security framework for enterprise zone into the RFID tags, create a portableMobile RFID applications could be database in their PC with details about theproprietary and confined to the boundaries tagged household items, create passwords toof a particular organization. In such a access these tags and the database, andconfined and well-monitored zone it‟s not finally secure the wireless/WiFi network invery difficult to establish and enforce an the home environment.efficient security architecture, trust model,and security & privacy policies. With the Other option could be, the user can obtainavailability of up-to-date list of registered storage space (for free or fee) on the EPCemployees and items/products in acompany; designing and implementing key/password distribution, data integrity &confidentiality, identification,authentication, and access control protocolsamong staff, RFID readers, RFID taggeditems, and EPC Network is moderately easyand mostly risk free when compared to LBSzone.Since this zone needs precise authenticationand security auditing in order to accessRFID tagged items, issues like user identityprivacy and tag information privacy will notarise.2.3 Private Zone Network (EPCInformation Servers) and via a password protected user friendly website,In this zone, Mobile RFID assists users in he can upload his personal EPC numberstheir private space like home, garden, and details of the tagged household items.garage, car, and workshop. It helps them to Whenever he scans his private RFID tag inmake an instant call or send an instant his home, the Mobile RFID contacts hismessage by scanning RFID tagged personal page on the EPCInformation Serverphotographs, business cards, and address and downloads the details about the item inbooks. By scanning RFID tagged household question. This approach alleviates user‟sitems with a mobile phone, we can quickly burden of configuring his own securityobtain information like; when would the system. The EPCInformation Server mustmilk stored in the refrigerator expire, details provide user privacy protection, and secureof the books in the bookshelf, when was the communication.last time a RFID tagged plant has beenwatered, and when to change the engine oil, 3. Building Blocks: Mobile RFID - LBSetc. Zone The building blocks of Mobile RFIDThis zone is small when compared to the infrastructure in LBS zone is similar toother two zones and therefore it requires a above mentioned RFID infrastructure.simple security model that can be easily Expect that we introduced mobile operatordeployed and maintained by the user at his and eliminated the need of EPChome. Users in this zone can buy off the Middleware. Since mobile RFID wouldshelf Mobile RFID Kits. These kits can mostly scan one tagged item at a time, therecontain RFID tags, Mobile RFID, related is no need for filtering software to make thehardware, and software with user-friendly mobile RFID data clear.GUI. The software can assist the users toeasily encode EPC numbers of their choice
Mobile RFID (M-RFID): Mobile Phone 4.1 Secure Job Delegation with RFID Reader Chip, is used to scan tagged items available everywhere. The Mobile RFID on behalf of its owner RFID Tags may need to communicate with ONS, EPC-Mobile Operator (MO): In the current IS to retrieve the information of a particularmobile communications paradigm we have tagged item. It should identify andalready put in a great deal of trust in MO, as authenticate genuine EPC network and beit handles all our voice and data able to secure the entire transaction and alsocommunications. It maintains a record of protect the owner‟s privacy. But these taskseach subscriber‟s call details, contact could create a huge burden on the low-information, and credit card details, etc. It computing and resource-poor mobile deviceeven has the capability to easily determine and is certainly not user friendly. Thereforeour current location and tap into our it would be lot easier for the mobile devicecommunications. But what protects us from to securely delegate its work to a nearbyMO turning hostile is that it has to trusted high-computing and resource-rich entity, the mobile operator. This approachFigure 1: Comparison of Security Threats helps in reducing the communication andand Security Requirements of 3 zones computational burden on the mobile device.very strictly adhere to and follow legal, 4.2 Trust Modelsecurity and privacy policies imposed by thelaw. Our architecture extends this trust in Establishing an efficient and convincingMO to secure and provide privacy protection trust model is very much required to ensurefor Mobile RFID transactions. This secure transactions, key distribution, and jobapproach is very practical and easily delegation. With existence of a trust model,deployable, as the current mobile it would be lot easier for the mobile devicecommunications infrastructure is widely to delegate its work to the mobile operator.spread and highly stable. MO takesresponsibility on behalf of M-RFID to 4.3 Authorized Tag Information Accessselect, identify, and authenticate genuine Scenario: Alice goes to a shopping mall. SheECP-IS. MO behaving like a “Trusted uses her Mobile RFID reader to know theProxy” processes the request on behalf of price, and manufacturer details of athe M-RFID, greatly reducing the particular commodity. The commodity‟scommunication and computational burden RFID tag must not reveal other sensitiveon the user‟s mobile phone and also details like the number of pieces sold so far,provides users privacy protection. its profit margin, and stock availability, etc. EPC Network in order to prevent corporate espionage. This information is strictly for the shopping malls4 Security Requirements: Mobile RFID inventory checking staff- LBS ZoneWe identified the following security 4.4 User Privacy Protectionrequirements associated with thedeployment of Mobile RFID: Scenario: Charlie stalks Alice into the elevator. Charlie has a RFID reader Secure Job Delegation embedded in his mobile phone. Charlie can Trust Model easily scan and read sensitive information Unauthorized Tag Information Access off any RFID tagged item that Alice is User Privacy Protection carrying in her bag/purse. After scanning a Tag Access-Control Management particular RFID tag for information, the Tag Access Authorization identity and location of Alice must not be Data Integrity & Confidentiality revealed to the vendor or the service
provider. This personal information could Step 5: ONS responds with URL of theallow service providers and vendors to EPC-IS related to the EPC number ingenerate detailed profiles of the user, his questionbuying interests, and transactions Step 6: MO fetches the anonymous M-information. RFID certificate from its database and sends it along with EPC number to the4.5 Tag Access-Control Management URL of EPC-IS. The certificate does notSometimes information from the tags needs contain the identity of M-RFID butto be available to authorized parties only. contains some related information likeBut for mobile RFID scenario, the set of age, proof of privileged membership,authorized parties is constantly changing, etc.making access management a priority for Step 7: EPC-IS verifies the certificatebusinesses. Therefore providing tag and checks the access-control list in itsinformation based on the privileges of the database.user in question is very essential. Step 8: Depending on the access rights of that certificate, EPC-IS responds to4.6 Tag Access Authorization MO with related data about the EPCCertain RFID tags needs to respond to number in question.mobile RFID readers whose owners are Step 9: MO sends the EPC information to the M-RFID. This communications Above 18 years old can be encrypted using an established Gold card Members or certain privileged session-key members of certain organizations Step 10: MO stores details of this Staff of a particular organization transaction in the database of this M- Security guards RFID. Later, M-RFID can query some Construction workers information about the tags it accessed previously on a particular date, time,4.7 Data Integrity & Confidentiality location (for compare shopping) and also items it purchased.We must keep the data that resides in a tag Step 11: M-RFID can purchase taggedsecure and also provide Secure Electronic items. MO can pay the vendor on behalfData Interchange (EDI) transactions of M-RFID and later get the money frombetween the Mobile RFID, Mobile Operator, M- RFID via monthly telephone bills.and EPC Network. When a tagged item is purchased MO5. Security Architecture: Mobile RFID - makes sure that the details of that particular EPC number is removed from LBS Zone EPC-IS. This prevents adversary to scanThis section describes our proposed security and know the details of the purchasedarchitecture of the Mobile RFID as depicted items in the handbag of M-RFID‟sin Figure 1. owner. Step 1: M-RFID scans a RFID tag Step 2: RFID tag responds with EPC number Step 3: M-RFID authenticates itself to MO via login ID/PWD and sends the EPC number to MO Step 4: MO sends EPC number to the ONS
5.1 Security Solutions 6 Conclusions5.1.1 Mutual Authentication mechanism This paper provides future vision and between M-RFID and MO security challenges of Mobile RFID. WeA simple ID/Password authentication for M- mentioned the various security threats andRFID and MO‟s PKI certificate verification security requirements at different zones ofby M-RIFD is necessary for mutual Mobile RFID applications namely LBS,authentication between M-RFID and MO. enterprise, and private zones. And proposedThis provides secure job delegation, trust a simple security architecture for the LBSmodel, data integrity and confidentiality zone, that fits the RFID EPC Network. Thebetween MRFID and MO. advantages of this architecture are as follows: simple, involves less user5.1.2 Mutual Authentication mechanism interactions, secure job delegation between between MO and EPC-IS Mobile RFID and Mobile Operator. Also the Mobile Operator conceals the identity ofSince MO and EPC-IS are resource rich users, as a result service providers andentities, they both can authenticate each vendors of tagged items cannot maintainother via PKI-based certificates. Thus users detailed profiles and locationproviding data integrity and confidentiality. information, this protects users privacy. It5.1.3 Anonymous Certificates for Identity could be a good revenue generator for the management, authentication, and mobile operator and service providers authorization M-RFID can request through commissions for every transaction. anonymous certificate from MO. Our approach is practical and easily deployable, as the current mobileThis certificate does not contain the true communications infrastructure is widelyidentity of MRFID but contains other details spread and highly stable. And vendors canlike age, whether the user is a gold card still use the popular RFID EPC network. Asmember or not, staff or visitor, etc. This our future work we would propose moreprotects the privacy of the owner of M- concrete security architectures for the otherRFID and also assists EPC-IS to provide two zones of Mobile RFID applications andcorresponding information about the EPC also propose a simple, secure and privacynumber in question. preserving payment phase for Mobile RFID applications.5.1.4 M-RFID privacyOur approach protects both location and Referencesinformation privacy of M-RFID. With the  Ari Juels, “RFID Security and Privacy:use of anonymous certificate the vendor or A Research Survey”, RSA Laboratories,the service provider of the tagged item can 2005,never know the true identity of the M-  EPCglobal Web site, 2005, http://www.RFID‟s owner. And once the tagged item is EPCglobalinc.orgpurchased by MRFID, MO makes sure that  Nokia, “RFID Phones - Nokia Mobileits reference is deleted from the EPC- IS. RFID Kit”,This way even though, an adversary can http://europe.nokia.com/nokia/0,,55739,00htscan the handbag of Alice, he can no longer mlobtain information about the tagged items  VeriSign, “The EPCglobal Network:purchased by Alice as their references are Enhancing the Supply Chain”, White Paperdeleted from EPC-IS. 2005, http://www.verisign.com/stellent/groups/ public/documents/white_paper/002109.pdf