Escolar Documentos
Profissional Documentos
Cultura Documentos
INFORMATION TECHNOLOGY
INDIVIDUAL ASSIGNMENT
CE00542-7
Research Proposal
TOTAL (%)
Research Proposal
For
2|Page
Acknowledgment
First of all I would like to express my deepest appreciation to Dr. Harinda Fernando for the
valuable guidance and advice given to me throughout this module. Also I really appreciate
the useful comments, remarks; engagement & support given to me for complete this research
proposal.
Secondly I would like to express my true appreciation to APIIT management for giving me
this valuable opportunity to follow this MSC program in your esteem institute and finally I
thank my family and friends who helped me throughout this semester.
3|Page
1. Abstract
Radio Frequency Identification (RFID) is emerging technology using around the world that
caught the attention of many people. RFID tags are small, wireless devices/microchips that
can store data to help identify objects and people. RFID enabled devices become more
common in our day to day tasks and it make things easy. RFID Enabled Credit Cards,
Electronic wallets and RFID embedded smartphones are becoming more popular. However
with the RFID implementation it will raise number of potential concerns related to
information security, privacy and venerability of sensitive data.
The purpose of the research is to discuss RFID technology, its usage, security issues,
venerability threats of using RFID and assessing current RFID authentication protocol
models and develop more advanced, integrated security framework to overcome above
issues.
4|Page
2. Table of Contents
1. Abstract...............................................................................................................................4
2. Table of Contents................................................................................................................5
3. List of Figures.....................................................................................................................6
4. Introduction.........................................................................................................................7
5. Background.........................................................................................................................8
5.3 Spoofing......................................................................................................................9
7. Related work.....................................................................................................................12
9. Approach...........................................................................................................................13
12. Timeline........................................................................................................................17
13. Bibliography..................................................................................................................18
5|Page
3. List of Figures
6|Page
4. Introduction
In this section we will explain the background of Radio Frequency Identification (RFID), its
usage, advantages and current security viabilities of RFID to give a clear picture of the main
purpose of the thesis.
In 1935 Radio Frequency Identification or RFID was invented by Sir Robert Alexander
Watson-Watt to detect approaching aircrafts (Jones & Chung , 2011), from then RFID
technology opens a new frontier expanding extensively and evolved to different areas. For
many years Radio Frequency Identification (RFID) devices was used to simplify day to day
work in industrial sector. In the last decade RFID identified as e immerging technology and
starts adapting to many other sectors including consumer goods, retail services, inventory and
supply chain management and even humans are tagged with RFID chips to collect health
information and broad range of other applications.
Modern day RFID microchips can be physically embedded to devices such as mobile phones,
credit cards and also available as programmable Tags as well. These RFID data can access or
read from specially designed RFID readers or scanners. There are many advantages and
benefits of using RFID technology;
The main advantage of this technology is RFID enabled devices no need to be physically
connected to each other to communicate or transfer data. For example credit card with
embedded RFID no need to be swipe in the credit card machine, with RFID it just have to
move or gesturing closer to the RFID Reader and this will establish connection or transfer
data without any physical touch between the card and the reader.
While the RFID usage widely spread due to its numerous benefits there is potential issue
arise when considering the privacy and security. Especially when it comes to RFID Enabled
credit cards and Electronic wallets there is possible risk of stealing information without any
physical access and there are many incidents reported regarding Wireless identity theft
gathering an individuals personal information without any contact.
7|Page
5. Background
As mentioned in the introduction RFID systems are widely used in many levels, since it being
evolved to store sensitive personal data such as credit card information satisfaction of privacy
and security must be in height level. While improving the RFID technology in the past few
years researchers and technologist trying to enhance the security and identify the possibilities
of enhancing RFID.
In 2008 The Government of the Hong Kong Special Administrative Region published a
research report regarding concepts behind RFID technology and the associated security
issues and threats in using RFID technology, along with possible measures on how to tackle
them and law enforcement (The Government of the Hong Kong Special Administrative
Region, 2008).
When considering the privacy and security there are number of possible vulnerabilities and
threats can be identified in Radio Frequency Identification system;
Radio signals transmitted from the RFID enabled device/Card or tag, reads by signal receiver
from several meters away by unauthorized person/identity theft and gain access to the data
(Jones & Chung , 2011).
Traffic analysis tools can track predictable tag responses over time. Correlating and
analyzing the data could build a picture of movement, social interactions and financial
transactions. Abuse of the traffic analysis would have a direct impact on privacy (The
Government of the Hong Kong Special Administrative Region, 2008).
8|Page
5.3 Spoofing
This allows intruders to perform reading or writing in to RFID Cards or tags and change the
identity of tags to gain an unauthorized or undetected advantage. (The Government of the
Hong Kong Special Administrative Region, 2008).
These are integrity attacks in which the attacker uses a tags response to a rogue readers
challenge to impersonate the tag. The main concern here is in the context of RFIDs being
used as contactless identification cards (in substitution of magnetic swipe cards) to provide
access to secured areas and/or resources. In such applications, RFIDs can be more vulnerable
than other mechanisms, again due to their ability to be read at a distance by covert readers.
(Burmester & Medeiros, 2014)
As discussed above when considering the benefits and advantages of RFID system its clear
this technology gives great good to different fields around the globe and in future more and
more people will adopt this technology from high end industrial production to individual
humans such as Credit cards, Electronic Wallets and retails shops etc. Meantime with all this
benefits, risk of compromising privacy and security also increased, if sensitive data such as
Credit card information is compromised, the effects could be devastating. There for its
essential to identify the current security measures, weakness and venerabilitys of RFID
security and develop advance security system to ensure the integrity and confidence of data.
9|Page
6. Aim and scoop
The main aim is to study the current state of RFID security and privacy concepts and
understand the physical principle of Radio Frequency Identification system. In this
framework the main components will be physical layer of RFID systems and software
implementations. To develop enhanced security for the proposed system these two
components will be analyses more deeply as mentioned in below;
10 | P a g e
6.1 Type of Hardware :-
Available Signal
Strength from Tag to High Very Low Moderate
Reader
Communication
Long Range (100m or more) Short range (up to 10m) Moderate range (up to 100m)
Range
Encryption of RF signals
Authentication methods
Cryptographic primitives
Security Algorithms
11 | P a g e
7. Related work
In 2008, The Government of the Hong Kong Special Administrative Region conducted a
research regarding RFID attacks security threats. According to the research they have
identified some type of low-cost passive and basic RFID tags cannot execute standard
cryptographic operations like encryption, strong pseudorandom number generation, and hashing
(The Government of the Hong Kong Special Administrative Region, 2008). Also they identified
main areas to be concerned when considering the RFID Security;
Reader Integrity
Personal Privacy
2011, (Juels & Christof, 2001) 7th international workshop for RFID Security Ari Jules &
Christof Paar submitted a research paper regarding RFID Security and Privacy. In this
research they have analyzed Skipjack - lightweight block ciphers designed by U.S National
Security Agency (NSA). This embedded application has algorithm with hardware efficient
block cipher. And defined the type of attacks (Juels & Christof, 2001);
Other than the above mentioned there are many researches are conducted to identify security
and privacy vulnerabilities and experiments and implementations to overcome the RFID
issues and below mentioned are few important research studies,
12 | P a g e
Privacy and Security Aspects of RFID Tag by Dong-Her Shih - Department
of Information Management, National Yunlin University of Science and
Technology
But this can be overcome by gathering expired Credit cards and by using
programmable RFID Tags.
9. Approach
13 | P a g e
new metrics considering reliability, efficiency and performance. Finals deliverables are
depending on bellow mentioned security protocols and methods;
Hash Lock
14 | P a g e
10. Data collection methods and instruments
Following devices and methods will be used to collect and data.
RFID Tags
15 | P a g e
Figure 4 - RFID Skimmer (Kirschenbaum, 2006)
Hypothesis for new efficient authentication protocol system that prevents the RFID
attacks and address privacy and security of future RFID system based on research
including Elliptic Curve algorithm.
12. Timelines
16 | P a g e
Figure 6 - Timeline - dissertation
13. Bibliography
Anon., 2015. Hypotheses and Tests. Boundless.
Baig, M., 2012. RFID technology: Advantages and Disadvantages. [Online] Available at:
http://mbaigrfidreport.blogspot.com/2012/04/rfid-technology-advantages-and.html [Accessed
8 September 2015].
Beal, V., 2015. Data Encryption Standard (DES). [Online] Available at:
http://www.webopedia.com/TERM/S/symmetric_key_cryptography.html [Accessed 09
September 2015].
Burmester, & Medeiros, B., 2014. RFID Security: Attacks, Countermeasures and.
Tallahassee, FL 32306: Florida State University.
Dixit, V., Verma, H. & Singh, A., 2011. Comparison of various Security Protocols in RFID.
International Journal of Computer Applications.
17 | P a g e
Impinj, Inc., 2015. The Different Types of RFID Systems. [Online] Available at:
http://www.impinj.com/resources/about-rfid/the-different-types-of-rfid-systems/ [Accessed
09 September 2015].
Jones, C. & Chung , C.A., 2011. RFID and Auto-ID in Planning and Logistics. NY: CRC
Press.
Juels, A., 2006. RFID Security and Privacy: A Research Survey. IEEE JOURNAL ON
SELECTED AREAS IN COMMUNICATIONS.
Juels, A. & Christof, P., 2001. RFID Security and Privacy. Amherst: Springer.
Karygiannis, , Eydt, , Barber, G. & Bunn, L., 2007. NIST Issues Guidelines for Ensuring
RFID Security. Gaithersburg: The National Institute of Standards and Technology (NIST)
U.S.
Kirschenbaum, I., 2006. How to Build a Low-Cost, Extended-Range RFID Skimmer. [Online]
Available at:
https://www.usenix.org/legacy/event/sec06/tech/full_papers/kirschenbaum/kirschenbaum_ht
ml/kw-usenix06-forhtml.html [Accessed 10 September 2015].
nfoSec Institute, 2013. Symmetric and Asymmetric Encryption - InfoSec Resource. [Online]
Available at: http://resources.infosecinstitute.com/symmetric-asymmetric-encryption/
[Accessed 9 September 2015].
The Government of the Hong Kong Special Administrative Region, 2008. RFID SECURITY.
Hong Kong: HKSAR.
18 | P a g e