Design and Implementation of secure RFID Systems

RFID technology with an increasing popularity in manufacturing, supply chain management, inventory control, etc. continues to flourish as an inherent part of virtually every ubiquitous environment. Because of its low production costs and tiny size, RFID gadgets are considered as a replacement technology for bar codes and other means of traditional identification tools. The advantage of RFID is the ability of authentication from a distance.

Although authentication from distance is an advantage it brings new problems that have to be solved. These problems can be summarized as the confidentiality of the data that is sent during authentication, impersonating the authentic tags and changing of the data by unauthorized persons. Because of these problems the authentication methods used in RFID technology should be implemented securely.

Although, public key cryptography has the necessary primitives to solve the identification problem in a general setting, the most promising current studies hinted that implementing these cryptographic primitives on the low-cost tags would not be possible in the near future. However, it is clear that the industry seriously needs mechanisms which comply with the RFID specifications while addressing the security and privacy issues. This necessity has attracted the interest of the security community, and many authentication protocols have been proposed recently. Nevertheless, it is shown that majority of these proposals do not provide security and privacy.

But the practical implementation effects are not considered in the protocol proposals. Two examples can be given as 1) The operation time in tags and readers is ignored 2) It is supposed that all the bits of the data are sent in parallel at once. Because of this when the protocols are implemented the effects like the operation and communication time can result security problems which are ignored in the mathematical definitions.

In this project, tags, readers and the RF communication layer will be designed and implemented in order to implement the RFID authentication protocols which are shown to be resistant against known mathematical attacks. The security holes that are the result of practical effects will be investigates. The protocols will be tried to improve in order to get rid of these security problems, if this is not possible then the implementation of the protocol will be terminated.

The tags should be designed as low power consuming and in low area sizes because of their mobility. The readers should be designed in order to communicate with many tags simultaneously. These performance needs cannot be reached by just hardware or software implementations. Because of this the systems will be designed by hardware/software co design method. The hardware/software partitioning of the system will be performed by CoWare program by taking the SystemC model and the performance constraints. The advantage of using this kind of tool is the ability of co simulation of hardware and software parts and getting the performance estimates produced by using the model of chosen platforms. Until these estimates meet the requirements the partitioning can be repeated. After the partitioning meets the requirements a VHDL or Verilog code for the hardware part and a C code for the software part can be taken from the tool. This approach shortens the design time. There is no previous work which uses this approach for design of security systems so far.

The protocols that are decided to be secure during the design time will be implemented by using FPGAs, microprocessors and RF communication circuits. Known attacks will be applied on these implementations by using the information gathered from the RF communication channel. These attacks can be passive aiming just reading the data in the channel or active aiming altering the data, relaying the communication, resending a data which was sent before, and redirecting the data as acting like the communication channel between a tag and the reader. In this project, first the design will be changed, if not enough the mathematical definition of the protocol will be changed in order to be resistant against these kinds of attacks.

An identification number special for each tag is used in the protocols. Nowadays this number is stored in the memory. This method of storage means big area and high power consumption to reach the memory. Hence, physical unclonable functions are proposed in order to identify digital circuits. This construction uses the fact that two different combinational circuits with the same functionality which are implemented in two different integrated circuits will have different physical properties like latency. In this project this construction will be used as the identification number of the tags.

Side channel attacks amplify the flows in the implementation characteristics in order to capture the secret parameters used in cryptographic primitives. In side channel analysis, attacker uses the normal functions in order to collect some physical and electrical effects of a cryptographic device while it is operating in a normal mode. If those effect reveals some unwanted information about the secret key, this leakage is called side channel information and these effects are called side channels.

In low power designs of cryptographic primitives, it turn out to be that operation time, power dissipation and electromagnetic radiation is more related to the input data. In other words, extra caution is needed while designing low power cryptographic devices as they are widely open to side channel attacks. In this respect, RFID tags and readers are subject to side channel attacks and in this project we will design architectures strong against known side channel attacks. However, it is a well known fact that countermeasure implementations increase the area and power dissipations in designs. Therefore, we will address a trade-off between side channel countermeasures and performance in our architectures.

The steps of the project can be summarized as follows:

1) Implementation of the RFID authentication protocols by using hardware/software codesign methodology.

2) Applying passive and active attacks to the implementations of the RFID security protocols by using the measurements from the commucation channel.

3) Improving the implementations if not enough the mathematical definitions of the RFID security protocols in order to be resistant againts the passive and active attacks which are applied by using the measurements from the communication channel.

4) Applying side-channel attacks to the implementations of the tag and reader by using the timing, power consumption and electromagnetic radiations.

5) Improving the implementations of the tag and reader in order to be resistant against side-channel attacks