Elsevier

Computer Networks

Volume 67, 4 July 2014, Pages 89-103
Computer Networks

Scalable RFID security framework and protocol supporting Internet of Things

https://doi.org/10.1016/j.comnet.2014.03.023Get rights and content

Abstract

Radio-frequency identification (RFID) is seen as one of the requirements for the implementation of the Internet-of-Things (IoT). However, an RFID system has to be equipped with a holistic security framework for a secure and scalable operation. Although much work has been done to provide privacy and anonymity, little focus has been given to performance, scalability and customizability issues to support robust implementation of IoT. Also, existing protocols suffer from a number of deficiencies such as insecure or inefficient identification techniques, throughput delay and inadaptability. In this paper, we propose a novel identification technique based on a hybrid approach (group-based approach and collaborative approach) and security check handoff (SCH) for RFID systems with mobility. The proposed protocol provides customizability and adaptability as well as ensuring the secure and scalable deployment of an RFID system to support a robust distributed structure such as the IoT. The protocol has an extra fold of protection against malware using an incorporated malware detection technique. We evaluated the protocol using a randomness battery test and the results show that the protocol offers better security, scalability and customizability than the existing protocols.

Introduction

With its capability to store and wirelessly communicate information as well as automatically identify and track objects in real time, radio frequency identification (RFID) is considered as one of the enabling technologies of the Internet of Things (IoT). IoT refers to uniquely identifiable smart objects (things) and their virtual representations in an Internet-like structure [1]. The potential applications of IoT are limitless and will permeate economic, health, community and private lives.

An RFID system consists of RFID tags and RFID readers where a reader transmits an encoded radio signal to interrogate the RFID tags. The RFID reader is capable of reading multiple tags simultaneously, making it very useful for retail supply chain as replacement of barcodes, patient identification in healthcare situations, document tracking, curbing counterfeit branding, etc. When interrogated by the RFID reader, the RFID tag responds with its identification and other information depending on the application and implementation of the RFID system. The tag is very small in size and is normally attached or embedded into the objects to be tracked. Moreover, the tag does not need to be within the line of sight of the reader. In general, RFID tags can be passive, semi-active or active. An active tag has an on-board battery whereas a passive tag has very low computational capability and is powered from the reader’s electromagnetic field. In contrast, the semi-active tag has a small battery on board and is activated when it is in the vicinity of an RFID reader. As passive tags are the most common one, we will focus on this type of RFID tags in this paper.

In this paper, we address the problem of an RFID security protocol for robustly implementing systems such as the IoT. Although RFID has numerous applications, its basic premise of data transmission over the air renders it susceptible to many security problems [2]. In a busy distributed RFID environment, there might be thousands to millions of reads every minute. To make the best use of a passive tag’s power and minimize attacks, a distributed RFID environment requires security protocols that must be scalable and capable of ensuring faster RFID tag read clearance rates [3]. In addition, the security protocols should have a scope of customizability to ensure the adaptability of new efficient techniques without scrapping existing system structures. Although there are many security protocols for RFID [4], [5], [6], [7], [8], most of these protocols are vulnerable to various attacks and have serious shortcomings in scalability and customizability. The scalability and adaptability issues of the exiting security protocols are serious concerns for wide adoption of RFID technology in many distributed applications [3].

In this paper, we propose a scalable and fast RFID security framework that combine authentication, malware detection and identification techniques suitable for busy mobile distributed RFID environments. The proposed protocol has four system components that work at the Application Level Event (ALE) layer of EPCglobal Architecture Framework [9]. We evaluated the proposed framework using a randomness battery test and the results show that the framework offers better security, scalability and customizability than the existing similar frameworks such as [5], [6], [7], [10], [11]. In summary, we make the following main contributions:

  • A new scalable search technique to support a mobile RFID environment and IoT.

  • A security checks handoff (SCH) technique to speed up re-clearance of a tag. To our knowledge there are no RFID protocols in the literature that ensure a faster tag re-clearance process.

  • A simple malware detection technique to fight malware such as SQLIA.

  • A secure communication protocol and a framework to demonstrate the proof of concept.

The rest of the paper is organized as follows. In Section 2, the related work and problem overview are presented. In Section 3, the details of the proposed framework are discussed. In Section 4, the performance evaluation details are presented. The comparative analysis is presented in Section 5. The results show that the proposed framework has improved scalability, security, compatibility and adaptability for mobile RFID systems. The conclusion is presented in Section 6.

Section snippets

Related work and problem overview

In this paper, we address the problem of an RFID security protocol which ensures security, scalability and adaptability for robustly implementing systems such as IoT. In this section, the problem overview and the related work are discussed.

While RFID provides many benefits in different applications and settings, many concerns have been expressed over the security of RFID systems. Some of the security concerns include the desynchronization attack, the Denial of Service (DoS) attack and the

Proposed framework

In this section, we will discuss the framework as well as the system components of the proposed protocol. We will also discuss the proposed search technique and the security check handoff (SCH).

Performance evaluation

To verify viability of the security and scalability of the proposed protocol, we performed a randomness battery test and simulations. In this section, we detail the experimental environment and discuss the results of the experiments.

Comparative study

We performed a comparative study between the proposed protocol and some of the existing protocols related to our protocol. Tables 4 and 5 set out the summary of the comparative study. In the table, the notation “X“ denotes “not satisfied”, “Δ” means “partially satisfied” and “√” means “fully satisfied”. Table 4 shows the scalability comparison between the proposed protocol and related existing protocols in terms of scalability technique and computational complexity. Regarding scalability, the

Conclusions and future work

The Internet of Things concept has revolutionized the way RFID security protocols are developed for distributed systems. Most RFID systems work on a platform of homogeneous or heterogeneous distributed systems. The SCH and improved identification technique in the proposed protocol make the security trade-offs minimal. The protocol has parameters to limit the read numbers of a tag which helps to control the tag read. Overall, this is a security protocol that has the potential to ensure secure

Biplob R. Ray has eight years of experience within the Education, IT and Recruitment industries in Philippines and Australia. He has worked as a system programmer and team leader in HSG, Philippines. He has also worked as an analyst programmer and research assistant in Telstra and Deakin University respectively. Biplob Ray has been teaching University of Ballarat and Melbourne Institute of Technology as a Lecturer (Casual) since 2008. He has published a number of peer reviewed papers and book

References (36)

  • I. Erguler et al.

    A salient missing link in RFID security protocols

    EURASIP J. Wireless Commun. Netw.

    (2011)
  • EPCglobal. <http://www.gs1.org/gsmp/kc/epcglobal> (retrieved...
  • D. Molnar, D. Wagner, Privacy and security in library RFID: issues, practices, and architectures, in: V. Atluri, B....
  • S. Fouladgar, H. Afifi, Scalable privacy protecting scheme through distributed rfid tag identification, in: Proceedings...
  • Dirk Henrici, Paul MÄuller, Hash-based enhancement of location privacy for radio-frequency identification devices using...
  • M. Mohan, V. Potdar, E. Chang, Recovering and restoring tampered RFID data using steganographic principles, in: IEEE...
  • K. Rhee et al.
  • Rolando Trujillo-Rasua et al.

    Scalable trajectory-based protocol for RFID tags identification

    RFID-TA

    (2011)
  • Cited by (55)

    • A comprehensive survey of prominent cryptographic aspects for securing communication in post-quantum IoT networks

      2020, Internet of Things (Netherlands)
      Citation Excerpt :

      Various attacks that can be done on this layer ranging from stolen devices to bootstrapping attacks, all lead to various anomalies. In context of RFID technology, de-synchronizing attack is best suitable for jamming attacks [25]. With the intention of blocking the communication channel, attacker sends the radio frequency signals through the desired channel, preferably electrical, so that the entities involved are not able to communicate with each other [26].

    • Secure the ownership of WoT devices using secure ownership transfer framework

      2023, International Journal of Information Technology (Singapore)
    • IoT Based Localization and Tracking by Using MIMO Antenna Technology

      2023, ICSPC 2023 - 4th International Conference on Signal Processing and Communication
    View all citing articles on Scopus

    Biplob R. Ray has eight years of experience within the Education, IT and Recruitment industries in Philippines and Australia. He has worked as a system programmer and team leader in HSG, Philippines. He has also worked as an analyst programmer and research assistant in Telstra and Deakin University respectively. Biplob Ray has been teaching University of Ballarat and Melbourne Institute of Technology as a Lecturer (Casual) since 2008. He has published a number of peer reviewed papers and book chapters on network security and health informatics. He has served as a member of technical program committee for several international conferences and as a reviewer for a number of journal papers since 2010.

    Jemal H. Abawajy is a Professor at the School of Information Technology, Deakin University, Australia. He is a senior member of IEEE and leads the Parallel and Distributed Computing Lab at Deakin University. Professor Abawajy is actively involved in funded research and has published more than 200 articles in refereed journals, conferences and book chapters. He is currently principal supervisor of 10 PhD and co-supervisor of 3 PhD students. Professor Abawajy is on the editorial member of several journals and has guest-edited several journals. Professor Abawajy has been a member of the organizing committee for over 100 international conferences serving in various capacity including chair, general co-chair, vice-chair, best paper award chair, publication chair, session chair and program committee.

    Morshed Chowdhury received his PhD from Monash University, Australia in 1999. Dr. Chowdhury is an academic staff member in the School of Information Technology, Deakin University, Australia. Prior to joining Deakin University, he was an academic staff in Gippsland School of Computing and Information Technology, Monash University, Australia. Dr. Chowdhury has more than 12 years of industry experience in Bangladesh and Australia. As an International Atomic Energy Agency (IAEA) fellow he has visited a number of International Laboratory/Centres such as Bhaba Atomic Research Centre, India, Brookhaven National Laboratory, New York, USA, International Centre for Theoretical Physics (ICTP)-Italy. Dr. Chowdhury’s current research interests are RFID security, wireless network security & security of social networks. He has published more than sixty eight research papers including a number of journal papers, conference papers and book chapters. He has organized a number of international conferences and served as a member of the technical and program committee of several international conferences since 2001. He is also acted as reviewer of many journal papers.

    View full text