Scalable RFID security framework and protocol supporting Internet of Things
Introduction
With its capability to store and wirelessly communicate information as well as automatically identify and track objects in real time, radio frequency identification (RFID) is considered as one of the enabling technologies of the Internet of Things (IoT). IoT refers to uniquely identifiable smart objects (things) and their virtual representations in an Internet-like structure [1]. The potential applications of IoT are limitless and will permeate economic, health, community and private lives.
An RFID system consists of RFID tags and RFID readers where a reader transmits an encoded radio signal to interrogate the RFID tags. The RFID reader is capable of reading multiple tags simultaneously, making it very useful for retail supply chain as replacement of barcodes, patient identification in healthcare situations, document tracking, curbing counterfeit branding, etc. When interrogated by the RFID reader, the RFID tag responds with its identification and other information depending on the application and implementation of the RFID system. The tag is very small in size and is normally attached or embedded into the objects to be tracked. Moreover, the tag does not need to be within the line of sight of the reader. In general, RFID tags can be passive, semi-active or active. An active tag has an on-board battery whereas a passive tag has very low computational capability and is powered from the reader’s electromagnetic field. In contrast, the semi-active tag has a small battery on board and is activated when it is in the vicinity of an RFID reader. As passive tags are the most common one, we will focus on this type of RFID tags in this paper.
In this paper, we address the problem of an RFID security protocol for robustly implementing systems such as the IoT. Although RFID has numerous applications, its basic premise of data transmission over the air renders it susceptible to many security problems [2]. In a busy distributed RFID environment, there might be thousands to millions of reads every minute. To make the best use of a passive tag’s power and minimize attacks, a distributed RFID environment requires security protocols that must be scalable and capable of ensuring faster RFID tag read clearance rates [3]. In addition, the security protocols should have a scope of customizability to ensure the adaptability of new efficient techniques without scrapping existing system structures. Although there are many security protocols for RFID [4], [5], [6], [7], [8], most of these protocols are vulnerable to various attacks and have serious shortcomings in scalability and customizability. The scalability and adaptability issues of the exiting security protocols are serious concerns for wide adoption of RFID technology in many distributed applications [3].
In this paper, we propose a scalable and fast RFID security framework that combine authentication, malware detection and identification techniques suitable for busy mobile distributed RFID environments. The proposed protocol has four system components that work at the Application Level Event (ALE) layer of EPCglobal Architecture Framework [9]. We evaluated the proposed framework using a randomness battery test and the results show that the framework offers better security, scalability and customizability than the existing similar frameworks such as [5], [6], [7], [10], [11]. In summary, we make the following main contributions:
- •
A new scalable search technique to support a mobile RFID environment and IoT.
- •
A security checks handoff (SCH) technique to speed up re-clearance of a tag. To our knowledge there are no RFID protocols in the literature that ensure a faster tag re-clearance process.
- •
A simple malware detection technique to fight malware such as SQLIA.
- •
A secure communication protocol and a framework to demonstrate the proof of concept.
The rest of the paper is organized as follows. In Section 2, the related work and problem overview are presented. In Section 3, the details of the proposed framework are discussed. In Section 4, the performance evaluation details are presented. The comparative analysis is presented in Section 5. The results show that the proposed framework has improved scalability, security, compatibility and adaptability for mobile RFID systems. The conclusion is presented in Section 6.
Section snippets
Related work and problem overview
In this paper, we address the problem of an RFID security protocol which ensures security, scalability and adaptability for robustly implementing systems such as IoT. In this section, the problem overview and the related work are discussed.
While RFID provides many benefits in different applications and settings, many concerns have been expressed over the security of RFID systems. Some of the security concerns include the desynchronization attack, the Denial of Service (DoS) attack and the
Proposed framework
In this section, we will discuss the framework as well as the system components of the proposed protocol. We will also discuss the proposed search technique and the security check handoff (SCH).
Performance evaluation
To verify viability of the security and scalability of the proposed protocol, we performed a randomness battery test and simulations. In this section, we detail the experimental environment and discuss the results of the experiments.
Comparative study
We performed a comparative study between the proposed protocol and some of the existing protocols related to our protocol. Tables 4 and 5 set out the summary of the comparative study. In the table, the notation “X“ denotes “not satisfied”, “Δ” means “partially satisfied” and “√” means “fully satisfied”. Table 4 shows the scalability comparison between the proposed protocol and related existing protocols in terms of scalability technique and computational complexity. Regarding scalability, the
Conclusions and future work
The Internet of Things concept has revolutionized the way RFID security protocols are developed for distributed systems. Most RFID systems work on a platform of homogeneous or heterogeneous distributed systems. The SCH and improved identification technique in the proposed protocol make the security trade-offs minimal. The protocol has parameters to limit the read numbers of a tag which helps to control the tag read. Overall, this is a security protocol that has the potential to ensure secure
Biplob R. Ray has eight years of experience within the Education, IT and Recruitment industries in Philippines and Australia. He has worked as a system programmer and team leader in HSG, Philippines. He has also worked as an analyst programmer and research assistant in Telstra and Deakin University respectively. Biplob Ray has been teaching University of Ballarat and Melbourne Institute of Technology as a Lecturer (Casual) since 2008. He has published a number of peer reviewed papers and book
References (36)
- et al.
Efficient probabilistic communication protocol for the private identification of RFID tags by means of collaborative readers
Comput. Netw.
(2011) - et al.
Scalable RFID security protocols supporting tag ownership transfer
Comput. Commun.
(2011) - et al.
Predictive protocol for the scalable identification of RFID tags through collaborative readers
Comput. Ind.
(2012) - et al.
A distributed architecture for scalable private RFID tag identification
Comput. Netw.
(2007) Pervasive Mob. Comput.
(2006)SQLIA detection and prevention approach for RFID systems
J. Syst. Softw.
(2013)That ‘Internet of Things’ thing
RFID J.
(2009)- et al.
Security assessment of EPCglobal architecture framework
AUTO-ID Labs
(2006) - Ray, Chowdhury, Pham, Mutual authentication with malware protection for RFID system, in: Annual International...
- et al.
Security flaws in a recent RFID delegation protocol
Personal Ubiquitous Comput.
(2012)
A salient missing link in RFID security protocols
EURASIP J. Wireless Commun. Netw.
Scalable trajectory-based protocol for RFID tags identification
RFID-TA
Cited by (55)
Internet of Things for sustainable railway transportation: Past, present, and future
2022, Cleaner Logistics and Supply ChainA comprehensive survey of prominent cryptographic aspects for securing communication in post-quantum IoT networks
2020, Internet of Things (Netherlands)Citation Excerpt :Various attacks that can be done on this layer ranging from stolen devices to bootstrapping attacks, all lead to various anomalies. In context of RFID technology, de-synchronizing attack is best suitable for jamming attacks [25]. With the intention of blocking the communication channel, attacker sends the radio frequency signals through the desired channel, preferably electrical, so that the entities involved are not able to communicate with each other [26].
Trace malicious source to guarantee cyber security for mass monitor critical infrastructure
2018, Journal of Computer and System SciencesSecure the ownership of WoT devices using secure ownership transfer framework
2023, International Journal of Information Technology (Singapore)Analysis of Consumer IoT Device Vulnerability Quantification Frameworks
2023, Electronics (Switzerland)IoT Based Localization and Tracking by Using MIMO Antenna Technology
2023, ICSPC 2023 - 4th International Conference on Signal Processing and Communication
Biplob R. Ray has eight years of experience within the Education, IT and Recruitment industries in Philippines and Australia. He has worked as a system programmer and team leader in HSG, Philippines. He has also worked as an analyst programmer and research assistant in Telstra and Deakin University respectively. Biplob Ray has been teaching University of Ballarat and Melbourne Institute of Technology as a Lecturer (Casual) since 2008. He has published a number of peer reviewed papers and book chapters on network security and health informatics. He has served as a member of technical program committee for several international conferences and as a reviewer for a number of journal papers since 2010.
Jemal H. Abawajy is a Professor at the School of Information Technology, Deakin University, Australia. He is a senior member of IEEE and leads the Parallel and Distributed Computing Lab at Deakin University. Professor Abawajy is actively involved in funded research and has published more than 200 articles in refereed journals, conferences and book chapters. He is currently principal supervisor of 10 PhD and co-supervisor of 3 PhD students. Professor Abawajy is on the editorial member of several journals and has guest-edited several journals. Professor Abawajy has been a member of the organizing committee for over 100 international conferences serving in various capacity including chair, general co-chair, vice-chair, best paper award chair, publication chair, session chair and program committee.
Morshed Chowdhury received his PhD from Monash University, Australia in 1999. Dr. Chowdhury is an academic staff member in the School of Information Technology, Deakin University, Australia. Prior to joining Deakin University, he was an academic staff in Gippsland School of Computing and Information Technology, Monash University, Australia. Dr. Chowdhury has more than 12 years of industry experience in Bangladesh and Australia. As an International Atomic Energy Agency (IAEA) fellow he has visited a number of International Laboratory/Centres such as Bhaba Atomic Research Centre, India, Brookhaven National Laboratory, New York, USA, International Centre for Theoretical Physics (ICTP)-Italy. Dr. Chowdhury’s current research interests are RFID security, wireless network security & security of social networks. He has published more than sixty eight research papers including a number of journal papers, conference papers and book chapters. He has organized a number of international conferences and served as a member of the technical and program committee of several international conferences since 2001. He is also acted as reviewer of many journal papers.