Elsevier

Decision Support Systems

Volume 95, March 2017, Pages 102-109
Decision Support Systems

On sensor-based solutions for simultaneous presence of multiple RFID tags

https://doi.org/10.1016/j.dss.2017.01.003Get rights and content

Highlights

  • A yoking proof protocol for the simultaneous authentication of multiple RFID tags

  • Critically evaluate the use of ambient conditions in RFID authentication protocols

  • Use temperature in a modified yoking proof protocol

Abstract

A majority of RFID authentication scenarios involve a single tag that is identified independent of other tags in the field of the reader. However, there are situations that necessitate simultaneous authentication of multiple tags as well as the verification of their simultaneous physical proximity to the reader. Juels (2004) introduced yoking proof for simultaneous authentication of multiple RFID tags. Several researchers have since then developed variants of yoking proof using both symmetric and asymmetric cryptography. Given that the ambient conditions are bound to be very similar for all objects that are in close physical proximity to one another, we critically evaluate the use of various relevant ambient conditions for this purpose. Based on our evaluation, we choose to use tag temperature and develop a variant of yoking proof protocol for simultaneous authentication of multiple tags.

Introduction

A majority of RFID (Radio-Frequency IDentification) authentication scenarios involve a single tag that is identified independent of other tags in the field of the reader (e.g., [27]). Simultaneous authentication of multiple RFID tags (e.g., [28]) is sometimes useful or even necessary when (a) the items are required to be simultaneously physically present in the field of the reader (e.g., [20], [35]) or when (b) the confirmed presence of one can be used to confirm the presence of other related tags (e.g., [31]). Examples of the former include the simultaneous presence of specific components for an assembly operation to proceed and medication with associated leaflet [19]. An example of the latter is the known existence of an item on a pallet, whereby the confirmed presence of this item can be used to infer the presence of a related item on the same pallet [30].

Juels [19] was the first to develop an authentication protocol (yoking proof) to determine the simultaneous presence of multiple RFID tags in close physical proximity of one another. Since then, several researchers have identified vulnerabilities in the original yoking proof as well as existing variants of yoking proof and proposed authentication protocols that purportedly are devoid of commonly identified vulnerabilities. The common thread among these authentication protocols is the use of strong connectedness among the messages that are passed among different RFID tags and the use of time stamps to check for unexpected delays in the response from tags to the reader. Connectedness, used to avoid issues related to independent proof by tags that participate in the yoking proof, is ensured through the use of output from a tag as the input to the next tag in the sequence. The reader generally is assumed to use a clock to ensure that the tags respond within a reasonable amount of time to rule out possibilities of relay attacks [32].

A relay attack occurs when at least one adversary simply relays messages between a (honest) reader and a tag, which could either be honest or one that colludes with the adversary to accomplish the attack, with the purpose of impersonating the tag to the reader. In a successful relay attack, the reader is convinced that it is communicating with an authentic/honest tag. The purpose of these attacks include (a) a tag that's physically far away from the reader to successfully pretend that it's in close physical proximity to the reader, (b) entry (e.g., to a building, a car) without the explicit knowledge of the (honest) tag holder (here, someone with a smart card that allows entry into that building, someone with that car's key), among others. Relay attacks are notoriously difficult to address since these attacks do not involve modification to the (possibly encrypted) messages that are passed between reader and tag. Almost all existing automated means to address relay attacks depend on distance-bounding protocols that measure the time taken for messages to travel between tag and reader. The challenge in such distance measurement lies with the accuracy of the clocks used for such a purpose since it is difficult to distinguish something that is an inch away from one that is a mile away due to the speed of light.

To our knowledge, while there have been several cryptographic approaches to developing variants of yoking proofs, none of these existing authentication protocols use external information (e.g., physical proximity, ambient conditions) to aid in the process. For example, ideas based on physical proximity have been discussed from a distance-bounding perspective in the form of close-coupling. The idea behind close-coupling is that the existence and physical proximity of prover (here, RFID tag) pegged to a stationary item near the verifier (here, RFID reader) can be verified based on authentication and distance measurements for prover/coupling-device and prover/verifier pairs. However, this involves authentication and proximity verification of the prover simultaneously by two verifiers (e.g., [30]). In addition to requiring a multi-reader/single-tag authentication protocol (e.g., [20]), the distances between the entities in each of these pairs also need to be simultaneously verified. Nevertheless, the distance-bounding part of the protocol used is subject to the same constraints and issues as discussed above.

Measured ambient conditions are yet another possibility. Several ambient conditions have been mentioned in the literature as possible candidates for addressing relay attacks including light, sound and temperature. Posture/orientation, as measured with accelerometer(s), has also been mentioned as a candidate. Since each of these ambient conditions have associated strengths and weaknesses, it may be necessary to consider the simultaneous use of multiple ambient conditions for improved accuracy. However, real-estate is a premium in devices such as RFID (e.g., [5], [6]) and, more often than not, there is a need to choose among alternatives.

We critically evaluate several ambient condition dimensions for physical proximity determination. Based on the result of this evaluation, we choose temperature as a viable ambient condition for use in a yoking-variant authentication protocol. Our rationale is that the use of cryptography in addition to information on ambient condition would result in a method that is stronger in terms of ensuring the simultaneous existence of multiple RFID tags in the field of the reader. The contribution of this paper is, therefore, twofold: (a) critical evaluation of components that comprise ambient condition and (b) the use of ambient condition information for a variant of yoking proof authentication protocol.

The remainder of the paper is organized as follows: We briefly discuss yoking proof and a few of its variants in Section 2. We then present a critical evaluation of several ambient condition components in Section 3. In Section 4, we present our proposed authentication protocol, a variant of yoking proof, that incorporates ambient condition information. We conclude in Section 5 with a brief discussion on ambient conditions and the proposed authentication protocol.

Section snippets

Proofs for simultaneous presence

We use the following notations throughout the rest of the paper:

  • r1, r2: k-bit nonce generated by T1, T2

  • x1, x2: secret keys of RFID tags T1, T2

  • MAC: Message Authentication Code

  • MACx[m]: MAC using secret key x on message m

  • P12: proof tags T1 and T2 scanned simultaneously

  • rR: k-bit nonce generated by the reader

  • rT1: k-bit nonce generated by tag-1

  • rT2: k-bit nonce generated by tag-2

  • TT1: tag-1 temperature as measured by tag-1

  • TT2: tag-2 temperature as measured by tag-2

  • PR,PT1,PT2: Public key of the reader

Critical evaluation of ambient conditions

Several researchers have proposed the use of ambient conditions for RFID tag authentication with the observation that both prover and verifier share the same environment during authentication. Ambient condition is a composite that comprises several components including temperature, pressure, light, sound, among others. RFID or NFC (Near Field Communication) devices with appropriate sensors (e.g., [2], [7]) can measure their ambient conditions. The literature on the use of ambient conditions for

The proposed protocol

We first discuss the essential requirements of the proposed protocol, then present the protocol, followed by analysis of its security and privacy properties.

Discussion and conclusion

Cryptography, and sometimes time, have been used to ensure security and privacy in published RFID authentication protocols. Although single RFID authentication is the most common scenario that is considered in extant RFID authentication protocols, cases where multiple RFID tags need to be simultaneously authenticated are not uncommon. Juels [19] introduced yoking proof to address these cases. Since then, researchers have developed variants of yoking proof with different approaches for a variety

Selwyn Piramuthu is a Professor of Information Systems at the University of Florida and a member of the RFID European Lab in Paris. His research interests include RFID systems.

References (34)

  • M. Buckner et al.

    GPS and Sensor-Enabled RFID Tags

    (2001)
  • C.L. Chen et al.

    Using RFID yoking proof protocol to enhance inpatient medication safety

    J. Med. Syst.

    (2012)
  • H.Y. Chien et al.

    Tree-Based RFID Yoking Proof

  • I. Coisel et al.

    Untangling RFID Privacy Models

  • A. Czeskis et al.

    RFIDS and Secret Handshakes: Defending Against Ghost-and-Leech Attacks and Unauthorized Reads with Context-Aware Communications.

  • T. van Deursen et al.

    Algebraic Attacks on RFID Protocols

    Information Security Theory and Practices: Smart Devices, Pervasive Systems and Ubiquitous Networks (WISTP 2009) (LNCS 5746)

    (2009)
  • D. Dolev et al.

    On the security of public key protocols

    IEEE Trans. Inf. Theory

    (1983)
  • Cited by (16)

    • On addressing RFID/NFC-based relay attacks: An overview

      2020, Decision Support Systems
      Citation Excerpt :

      Ma and Saxena [47] suggest that a new and promising way to protect RFID-based systems against relay attacks is to enable RFID tags with the capability to sense ambient conditions. Specifically, they suggest leveraging the use of the RFID tag's on-board sensor (e.g., Piramuthu and Doss [58]) to acquire appropriate information on the tag's environment or that of the tag itself in order to achieve proximity-checking. In a similar vein, although Schurmann and Sigg [64] do not directly develop a solution against RFID-based relay attacks, they propose a fuzzy cryptographic communication channel between devices by comparing their background audio patterns such as that in clap, music, snap, speak, and whistle.

    • A novel means to address RFID tag/item separation in supply chains

      2018, Decision Support Systems
      Citation Excerpt :

      Similarly, Halevi et al. [13] indicate that mobile RFID tags may present different motion patterns. In addition, several recent studies such as Urien and Piramuthu [34], Piramuthu and Doss [26], and Tu and Piramuthu [30] also rely on ambient conditions to help ensure that RFID tag and reader are truly at the same physical location. A few other publications address the tangentially related RFID tag separation issue in other domains.

    • Lightweight non-distance-bounding means to address RFID relay attacks

      2017, Decision Support Systems
      Citation Excerpt :

      Moreover, such temperature differences are all statistically significant (p < 0.01) according to pair-wise t-test for samples with unequal variances. Although not related to relay attack, Piramuthu and Doss [40] consider the use of temperature sensors to confirm the close physical proximity and simultaneous presence of two RFID tags in the field of the reader. After considering a few different ambient condition measures such as light, pressure, and sound, they chose temperature as the ambient condition of interest for this application due to its non-directional property.

    View all citing articles on Scopus

    Selwyn Piramuthu is a Professor of Information Systems at the University of Florida and a member of the RFID European Lab in Paris. His research interests include RFID systems.

    Dr. Robin Doss joined the School of Information Technology, Deakin University, Australia, in 2003 and is currently the Associate Head of School (Development & International). Prior to joining Deakin University, he was part of the technical services group at Ericsson Australia and a research engineer at RMIT University. Robin received a Bachelor of Engineering in Electronics and Communication Engineering from the University of Madras, India in 1999, and a Master of Engineering in Information Technology and a PhD in Computer Systems Engineering from the Royal Melbourne Institute of Technology (RMIT), Australia in 2000 and 2004 respectively. His PhD thesis was on mobility prediction for next generation wireless networks. In 2007, he also completed a Graduate Certificate in Higher Education from Deakin University.

    View full text