VISVESVARAYA TECHNOLOGICAL UNIVERSITY,

BELAGAVI KARNATAKA, INDIA

JAIN COLLEGE OF ENGINEERING AND TECHNOLOGY

HUBBALLI-32

A Seminar report on
‘Secure Symmetric Authentication for RFID tags’
Submitted to
Visvesvaraya Technological University, Belagavi
A technical seminar report submitted in partial fulfillment of the requirement
for the award of
BACHELOR OF ENGINEERING
In
ELECTRONICS AND COMMUNICATION ENGINEERING
2021-2022

Submitted by
Aishwarya Pandit
2JH18EC006
Under the Guidance of
Prof. Poornima Patil
Professor in ECE department
 JAIN COLLEGE OF ENGINEERING AND TECHNOLOGY
HUBBALLI
(Affiliated to Visvesvaraya Technological University, Belagavi)
404/4/5, Hebballi Road, Sai Nagar, Unkal, Hubballi-580032

Department of Electronics and Communication Engineering

CERTIFICATE

Certified that the seminar titled ‘Secure Symmetric Authentication for RFID tags’ is
carried out by Aishwarya Pandit, USN: 2JH18EC006, a bona fide student of Jain College
of Engineering and Technology, in partial fulfillment for the award of the degree of Bachelor
of Engineering in Electronics and Communication Engineering of Visvesvaraya
Technological University, Belagavi during the year 2021-2022. It is certified that all the
corrections/ suggestions indicated for Internal Assessment have been incorporated in the
report. The report has been approved as it satisfies the academic requirements in respect of
the technical seminar prescribed for the said Degree.

Prof.Poornima Patil Mr.Prasanna Pattanshetty DR.Prashanth Bankar

Professor and Guide Asst. Professor and Head Principal

Signature with date and seal:

 ACKNOWLEDGEMENT

First and foremost, we express our gratitude to our project guide Prof. Poornima Patil,
Professor, Dept. of Electronics and Communication. Her willingness to motivate us and her
guidance contributed tremendously to this technical seminar.

I am indebted to Mr. Prasanna Pattanshetty, Head of the Department, and Dr. Prashanth
Bankar, Principal, for their advice and suggestions at various stages of the work.

I am also indebted to the Management of Jain College of Engineering and Technology for
providing an excellent study environment and laboratory facilities. We appreciate the help
and the support rendered by the teaching and non-teaching staff of Electronics and
Communication Engineering.

Besides, we sincerely acknowledge the useful comments and assistance given by our beloved
teacher Prof. Poornima Patil, during the course of this work. Our heartiest thanks to the
professor for reading and correcting this report.

Lastly, we take this opportunity to offer our regards to all of those who have supported us
directly or indirectly in completing this technical seminar.

Aishwarya Pandit
 ABSTRACT

Radio-frequency identification (RFID) is a technology that uses communication via

electromagnetic waves to exchange data between a terminal and an electronic tag attached
to an object, for the purpose of identification and tracking. Some tags can be read from
several meters away and beyond the line of sight of the reader.
Radio-frequency identification involves interrogators (also known as readers), and tags (also
known as labels).
Most RFID tags contain at least two parts. One is an integrated circuit for storing and
processing information, modulating and demodulating a radio-frequency (RF) signal, and
other specialized functions. The other is an antenna for receiving and transmitting the
signal.
There are three types of RFID tags: passive RFID tags, which have no power source and
require an external electromagnetic field to initiate a signal transmission, active RFID
tags, which contain a battery and can transmit signals once an external source
('Interrogator') has been successfully identified, and battery-assisted passive (BAP) RFID
tags, which require an external source to wake up but have significantly higher forward
link capability providing a greater range.
This technology is used for object tracking and monitoring, supply-chain management, and
personalized information services. RFID has many applications; for example, it is used in
enterprise supply chain management to improve the efficiency of inventory tracking and
management.
Numerous authentication protocols for RFID systems were proposed in an attempt to prevent
unauthorized tracking and monitoring, impersonation or cloning, and information leakage.
This paper enhances passive RFID tags with cryptographically secure authentication.
 TABLE OF CONTENTS

CHAPTER Page No.

1. Introduction 1

1.1 EXISTING RFID INFRASTRUCTURE 1

1.2 RFID READER 2

1.3 RFID TAG 2

1.4 INDUCTIVE COUPLING 3

1.5 ELECTROMAGNETIC COUPLING 4

1.6 EXISTING RFID SCENARIOS 5

2. Literature Survey 6

3. Implementation 8

3.1 WORKING 8

3.2 PRIVACY AND SECURITY IN RFID SYSTEMS 9

3.3 PRIVACY MECHANISMS 10

3.4 SYMMETRIC CRYPTOGRAPHY 13

3.5 ASYMMETRIC CRYPTOGRAPHY 14

3.6 AUTHENTICATION PROTOCOLS 15

4. Applications 16
5. Evaluation 18

Conclusion 19

Future Work 20

Reference 21
Secure symmetric authentication for RFID tags Introduction

CHAPTER 1
INTRODUCTION

1.1 EXISTING RFID INFRASTRUCTURE

In the context of Radio Frequency Identification (RFID), the phrase RFID infrastructure
describes the IT infrastructure which is necessary to collect, filter, and enrich raw RFID data
before processing it to the backend systems (business intelligence systems like ERP, etc.). In
this case, we are focusing on the electrical components used in the system along with its
working as the tag goes through various read zones that’s generating massive amounts of data
then incorporated into the existing IT network through legacy systems that are invested by the
company or system owners.

Figure 1.1 Components of RFID System

The basic RFID system consists of an RFID tag and a reader which exchange data by
means of radio waves. RFID is the technology that works on radio frequency and it is used
for the auto-identification of the different objects. As shown in figure 1.1 which refers to the
working of the basic system itself consisting of three elements: RFID tags, RFID readers, and
possibly a computer network that is used to connect the readers. An RFID tag is a small
microchip, with an antenna, holding a unique ID and other information which can be sent
over radio frequency. The information can be automatically read and registered by RFID
readers. The data received by the RFID reader can be subsequently processed by a back-end
database.
Furthermore, we have defined three phases the act of processing RFID data typically has
to go through if working properly.

1|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Introduction

This was done by identifying and generalizing the several steps to be performed. Hence the
abstract task of pre-processing data could be distinguished into three phases:
* Collecting data by managing the RFID-reader(s)
* Enriching this collected data for further use (e.g. by filtering, accumulating, etc.)
* Exchanging enriched data with backend systems.

1.2 RFID READER

Figure 1.2
The RFID reader could be of any size as a handheld or the size of a door. As shown in figure
1.2 the first component of the reader is the signal generator which generates the radio waves
which are transmitted using the antenna and also receives the feedback signals which is
coming from the tag by a receiver or signal detector. Later to process the information of the
data obtained from the tag the microcontroller or the computer is connected.

1.3 RFID TAG

Figure 1.3

2|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Introduction

The RFID tag could be the size of a keychain or a credit card or even in the form of a label.
The first component is the transponder which receives the incoming RF signals and sends the
feedback signal to the reader. In the case of passive tags, the energy that is coming from these
radio waves is stored in the capacitor of the rectifier circuit which is basically used for the
supply to the controller and memory elements.

1.4 INDUCTIVE COUPLING (Near Field Coupling)

Figure 1.4
The RFID reader is continuously sending radio waves with a particular frequency which
serves three main purposes: it induces enough power into the tag, provides a synchronization
clock to the tag, and lastly acts as a carrier for returned data from the tag. The field generated
by the reader is coupled with the antenna of the tag. Due to this mutual coupling, the voltage
gets induced across the coil of the tag. Now some portion of this voltage is getting rectified
and used as a power supply. The induced voltage also of a certain frequency is used to derive
a synchronization clock for the controller.
If we connect a load across this coil, then the current will start flowing through this load and
if we change the impedance of this load then the current flow will also change.
The switching on and off of the load will change the rate of change of current which
generates a voltage across the reader. This process of switching load is called load
modulation which is depicted in figure 1.4. If the load is switched on and off according to the
data in the tag then that is read by the reader in the form of voltage. In this way, we are
generating modulation on a carrier frequency.

3|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Introduction

1.5 ELECTROMAGNETIC COUPLING (Far-Field Coupling)

In the case of figure 1.5, the distance between the reader and the tag is up to a few meters
which is present in ultra-high frequency tags hence the type of coupling used is
electromagnetic or far-field coupling. In this type, the radio waves that are getting sent from
the reader and the backscattering signal from the tag have to be of a stronger range because of
which the power generated should also be much greater.

Figure 1.5

1.6 EXISTING RFID SCENARIOS

Radio Frequency Identification technology enables items, animals, or persons to identify
themselves by means of wireless communication. A small tag containing a microchip and
antenna is applied to commercial products, animals, or human Beings.
There are different kinds of tags that differ in shape, size, storage capability, and frequency
range and can be active, semi-active, or passive. An active chip is equipped with its own
energy cell for broadcasting whereas a semi-active chip is also battery-assisted but the energy
is used for the power supply of the microchip’s circuitry but not for broadcasting the chip’s
information.
Therefore, the battery life of semi-active chips is longer compared to the life of an active
chip. The passive tag on the other hand does not have a battery cell at all. It uses the power
carried in the reader’s signal to emit its data. There are four main frequency bands commonly
in use:

4|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Introduction

1. Low-frequency range (125 or 134.2 kHz)

2. High-frequency range (13.56 MHz)
3. Ultra-high frequency range (UHF) (868 to 956 MHz)
4. Microwave frequency range (2.45 GHz or 5.8 GHz)
The information stored on the tags is read by a tag reader, which induces the necessary power
into the passive tags, so they can emit their data. The reader can be a handheld or a fixed
installed device like a walkthrough reader. It receives the identification data and supplements
it with further data from local or global databases.
The distance from which a tag reader can receive data from the tag can be very short (0.2 mm
up to a few meters for passive tags) to a very long distance (tens of meters). The RFID
applications can be used in various fields. They can be found in baggage tracing used by
airlines to reduce the number of lost baggage with the deployment of RFID technology.
“Pervasive Computing” and “Ubiquitous Computing” respectively mark a new development
in information and communication technology. “Pervasive” stands for “(everything)
penetrating”, and “ubiquitous” for omnipresent. In the future, more and more things of daily
use will be equipped with microelectronics. The new emerging so-called “Smart Objects”
will nearly influence all areas of everyday life. Computers will complete their services
increasingly invisibly and hidden in the background. Radio Frequency Identification (RFID)
is one of those emerging technologies. In the next few years, this technology will be deployed
in the mighty industrial sector. Many big and small firms intend in the early future to provide
their goods, if yet not done, with this technology, hoping to organize their business process
more efficiently.
RFID technology is not applied by the masses yet and the use normally encloses just a few
partners so that their own specifications can be used. Metro for example is using a centralized
computer, the RFID-product-flow-system, to store all data of the RFID tags. A barrier to
RFID is the fact that RFID technology demands integration into the company‟s existing
software. This is the case when realizing benefits exceeding the applications which already
could be realized with the help of barcodes. Additional efforts and expenses are now implied.
An example is the data registration regarding individual products. Software like SAP RFID
has the goal to integrate the different technologies coming along with the RFID technology.
Independently of SAP, many IT architectures include several layers. There are for example
the transponder level followed by the RFID-reader which passes the information on to the
middleware. The middleware in turn is responsible for offering basic services like filtering
and bundling up the massive amount of data as well as integrating the following complex and
distributed applications like ERP or SCM. Edge wear for example is responsible for detecting
and correcting reading mistakes. Challenges Regarding the Introduction of RFID Nowadays
companies trying to introduce RFID chips in the retail segment are faced with consumer
protection groups having doubts and objections concerning the customers‟ data protection.
Also, various newspaper articles covering the topic address these concerns.

5|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Literature Survey

CHAPTER 2
LITERATURE SURVEY

This chapter deals with the different literature and studies based on different sources such as
books and the internet. The following related literature and studies may help the researchers
to develop the proposed system.
*On Student Monitoring using RFID
According to Kassim M. (2012), this paper describes the development of a student
attendance system based on Radio Frequency Identification (RFID) technology. The existing
conventional attendance system requires students manually sign the attendance sheet every
time they attend a class. Having a system that can automatically capture student attendance
by flashing their student card at the RFID reader can really save all the mentioned troubles.
This is the main motive of the system and in addition, having an online system accessible
anywhere and anytime can greatly help the lecturers to keep track of their student’s
attendance looking at the bigger picture, deploying the system throughout the academic
faculty will benefit the academic management as student attendance to classes is one of the
key factors in improving the quality of teaching and monitoring their student’s performance.
Besides, this system provides valuable online facilities to related academic management staff,
especially for the purpose of student progress monitoring. (www.studymode.com)

*RFID Technology Based Attendance Management System

According to Sumita Nainan and et.al (2013), the primary aim of the research is to
uniquely identify individual students based on their unique tag identifiers. The research
should shower light on how scalable and efficient the system is. A systematic and serialized
approach is required to solve this conundrum. The key characteristics of the application
include; Perform automated attendance, Generate a report of attendees for a particular course,
Error-free tag identifier detection, Easy scalability to incorporate more records, Integrity, and
security in data storage.
This paper concentrates on the principal purpose to overcome human errors while recording
student attendance and the creation of a data-centric student attendance database system with
improved overall efficiency. (ijcsi.org)

*Development of Student Monitoring System with the use of Low-Frequency Radio

Frequency Identification (RFID) and Short Messaging Service (SMS)
According to Rhowel M. Delosa (2011), this study aimed to develop a Student
Monitoring System using low-frequency Radio Frequency Identification (RFID) and Short
Messaging Service (SMS) in order to keep track of the students within the school premises. A
computer program is to be developed to interact with the system. A series of tests were
conducted to prove the accuracy of the entire system. With the aid of the Chi-square test, the
researcher determined the significant difference between the observed and expected data. The
developed software can capture and record the name, entry, and exit times of students.

6|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Literature Survey

Moreover, the developed software can monitor the entry and exit time, account balance, and
schedules of current classes of the student through the Short Messaging Service (SMS).
Future studies related to the topic may focus on the use of high-frequency radio frequency
(RF) readers instead of low-frequency radio frequency (RF) readers. This will facilitate
convenience for the students by just wearing or hanging the identification card with an RF tag
every time the student enters and exits the school premises. (ejournals.ph)

*Polytechnic University of the Philippines Student Monitoring using RFID with SMS
Advisory
According to Rommel Del Rosario (2012), the purpose of this system is to monitor the
arrival and departure of Polytechnic University of the Philippines students. The students will
use their RFID card (Radio Frequency Identification) to enter the school premises. The reader
will detect if the RFID card is registered on the database of the school. The function of SMS
(Short Message Service) Advisory is it will give the parents the information regarding the
time of the arrival and departure of their children on the PUP campus even though they are at
home. Some features of this system are SMS Advisory and Announcement.
(www.behance.net)

*Student Monitoring System using RFID via Website and Android

According to Kathy Dela Cruz and et.al (2014), this study has current issues like, parents
are unable to monitor their children, youth computer addiction, peer pressure, and students
will be more adept at making excuses such as using the school activities as the reason without
the proof that there are involved in the said activity. The proposed solution to the problem is a
combination of a Radio Frequency Identification system, a website, and an Android
application.
The objectives of the study are to monitor the student’s time when entering or leaving the
school, provide parents with the school’s announcement, give them an electronic document
Parental Consent Form, and the system also has its dynamic options such as changing school
hours and alerting if a student is still inside the school premises late at night.
The study uses the school websites and android applications as communication tools for the
parents. Hardware components such as an RFID antenna will be installed at the school gate
and RFID tags on the student’s ID. School computer servers and Android phones will be used
for the software component. (prezi.com)

*School of Information Technology Faculty Monitoring using Radio Frequency

Identification (RFID)
According to Justin Lee and et.al (2013), this study was to improve the faculty monitoring
of the University of Baguio in the School of Information Technology Department. This helps
the Student Assistant to easily locate the Faculty Members if needed and can generate a
summary report. This may also lessen the tardiness of Faculty Members.
RFID systems also provide good personal security access to confidential data. (ubsit-fms-
rfid.weebly.com

7|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

CHAPTER 3
IMPLEMENTATION

This section will see how the proposed system is implemented and what are the various types
in it. In order to simulate RFID systems, we have used the client-server architecture. There
are three parties involved in the communication that are the RFID tag, RFID reader, and
backend server. The reader and server use one port for the communication whereas the reader
and tag use another. There is no direct communication between the server and tag hence they
can only communicate via reader. Let’s first look at the need for implementation of the
authentication process by taking into account the various threats caused to the systems and
later the protocols are discussed.

3.1 WORKING
The RFID tags consist of an antenna and a silicon chip that contains a receiver, a modulator,
control logic, memory, and a power system. Depending on how the system is powered, they
are labeled as passive, semi-passive, or active tags: –
*Passive Tags: Passive tags are small and cheap. They use the energy of the reader to respond
which makes them readable over decades but results in a short reading range and bad
reliability.
*Active Tags: Active tags have a power source of their own, which results in a larger reading
range and good reliability. Their lifetime is limited by the lifetime of the power source.
*Semi-Passive Tags: Semi-passive tags have a battery but use the power of the reader to
transmit messages. This results in good reliability but limited range. Another criterion for
categorizing RFID tags is how they respond to readers. A tag that communicates with every
reader is called promiscuous and one that needs some kind of authenticating, e.g. via
password, is called secure.
Like other technology, RFID systems can be divided into different layers. There are three
layers:
*Application Layer: the application layer deals with user-defined information,e.g.
information about the tagged object or a(unique) identifier.
*Communication Layer: the communication layer specifies how the reader and tag
communicate. Identifiers to isolate a specific tag are found here, just as collision avoidance
protocols.
*Physical Layer: the physical layer defines the physical rules for the communication, such as
frequency, data encoding, modulation, etc.
MAC Implementation: MACs (Message Authentication Codes) are one yet very simple
approach for secure identification of RFID tags. Each of the so-called μ-chips (MAC-
equipped RFID chips) has a 128-bit ID which is permanently stored on the chip at
manufacturing time. This ID consists of an encrypted MAC and the chip data. The MAC is

8|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

created by taking a part (or all) of the chip data by applying a hash function and encryption
with a secret key.
This secret key is known to the manufacturer and the clients. The tag needs to authenticate
the reader and therefore the reader performs an exclusive or operation with the label
timestamps old and new. The chip then tests if Told matches to its timestamp and, if positive,
stores new. It will then wait for the reader to send K and Rnr1 after an exclusive or operation.
After verifying that the reader did send the key stored in the memory of the chip, it grants the
right of manipulating its resources to the reader. Alternatively, two secrets A and B can be
used, but for this method, the chip has to be able to generate a random number. The key B is
then used by the chip with a random number of its own and the reader compares the obtained
value B with the corresponding value he gets from the database.

Figure 3.1

3.2 Privacy and Security in RFID Systems

Considering security, RFID systems can be used as part of access control systems. For these
applications it is possible to combine different identification methods like retinal scans or
fingerprints with the unique number of an RFID tag to grant or refuse entry or access, thus
creating a higher level of scarceness. Given these usage scenarios, there is an increasing
demand for mechanisms to ensure security and privacy. The most important issue for the
private sector might be traceability whereas the commercial users of RFID systems want their
data to be secured against competitive intelligence.
There are two main security problems in RFID systems. The first is about attacks that try to
prevent the system from functioning by means of denial of service attacks or something alike.
One can do very little against this problem because if someone jams the specific radio band
no communication is possible and the only possible action against this is to find the jamming
device and deactivate it. The second problem is information leakage, i.e. the tag telling the
attacker something about the tagged item. Information leakage can be avoided by sending an
identifier that has nothing to do with the item.

9|P a ge
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

The attacker has then to contact the database to determine which item it is, but the database
will reject his request because he will not be able to authenticate himself as an authorized
reader. In order to gain non-traceability, the identifier has to be different in each question. In
our report, we will regard a secure RFID system as a system, in which only authenticated
readers can access the tag’s data (either directly from the tag or from a database using the
tag’s identifier).

3.3 Privacy Mechanisms

Privacy can be realized by different means. The simplest approach is to kill the tag, i.e.
making the tag unreadable by detaching the antenna or by other means. This is very good
protection for the privacy of the tag owner but the tag is then unusable. A softer method is the
shielding of the tag from the reader, so the tag cannot hear the request by the reader. This
method is suitable only for some scenarios, e.g. specially shielded wallets for tagged money,
tagged credit cards, etc. (an instruction to construct such a wallet by simple means can be
found in).
Another thing one can do to protect one’s privacy is to carry a so-called blocker tag. It is an
active tag that broadcasts random numbers on the radio band, thus preventing any other tag
reading. This is again a very efficient privacy mechanism but it makes using RFID benefits
harder and this method requires a lot of energy. The most promising, but yet sparsely
researched, techniques are protocols that restrict access to the content of the tag.
In our paper, we will regard a privacy-protecting RFID system as either system, in which
only authenticated readers can link two sightings of the same tag (software privacy
protection) or as a system, in which reading the tag is(temporarily) prevented by physical
means (hardware privacy protection).
In contrast to security issues, it is not sufficient to guarantee privacy, i.e. infect non
traceability, on the application layer. It must be ensured on all three layers.
Application Layer: to ensure non-traceability, the tag has to provide different messages each
time it is questioned. The reader has to understand these different messages but for an
attacker, they have to look like random numbers. Either the tag can generate a new number of
its own, e.g. by applying a hash function (this method is secure but hardly scalable), or the
reader gives the new value to the tag. In this case, the messages to the tag may only be used
once and they have to look like random numbers to the attacker. This is a difficult goal,
which unfortunately not all protocols achieve.
Communication Layer: the most important challenge for the communication layer is the
simulation with collision avoidance mechanisms. Simulations are needed to guarantee
undisturbed communication between a reader and many tags in its proximity. The reader and
the tags agree on dividing the radio band by means of time division. These simulation
methods can be either deterministic or probabilistic.

10 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

Most deterministic approaches use a tree walk algorithm, in which the reader questions
increasing prefixes of the identifiers until only one tag responds. This is a security risk
because a tag could be traced in an uncompleted simulation session (because the identifier
cannot be changed during a simulation process).
Most probabilistic approaches are based on a slotted variant of the Aloha protocol. In this
method, the reader tells the surrounding tags to answer in defined slots. If a collision in slot x
appears, the reader questions the tags to retransmit if they transmitted in slot x before. An
attacker could question a single tag, save the slot x in which the tag answered, and then
follow this tag by always telling it, that there was a collision in slot x (the reader has to store
the new slot after each interrogation). Another tag will only respond if it is also in an
uncompleted simulation session and did transmit in slot x in the previous round, which is
highly unlikely. A timeout, which aborts the simulation process after an unusually long time
could solve these problems. Another problem discussed is the lack of randomness, caused by
poor random number generators in the tag and/or bad protocol specifications, which results in
the traceability of the tags. – Physical Layer: due to different standards for the
communication between the tag and the reader, it could be possible to track a person by
following his/her characteristic mix of standards. Another problem with the physical layer is
radio fingerprinting. Each type of tag behaves a little bit differently while sending and this is
called its fingerprint. So, an attacker could follow a specific tag or again a specific mix of
tags with a high probability. Tag owners can be tracked by comparing scanned EPCs. This
can be avoided by simply „killing‟ the tag, which means destroying the tag by disconnecting
the antenna and/or destroying the rectification circuit. This removes all privacy concerns but
prevents many benefits for the customer. Another possibility is to recode the tag with the
original EPC shortened to the product information thus preventing the unique identification.
However, it is still possible to violate privacy by examining the types of products someone
carries.
*Recoding
It is possible that RFID tags can be used for competitive intelligence. Considering tags
without proper authentication protocols it would be easy to monitor the shelves of a store by
simply walking through it with a reader hidden in a backpack. There are two possible
solutions. The first and easiest solution requires killing all tags, as described, before placing
the tagged items on the shelves. This solution prevents the usage of all other benefits, like
monitoring the inventory of the store. Another solution is to use store-specific tag IDs, which
cannot be understood without knowledge of the internal information systems of the store.
This could be achieved by rerecording the EPC with an internal code.
*Re-encryption of Tags
As explained in the earlier section, RFID tags with an EPC usually respond to questioning
readers by sending their EPC without verifying the authorization of the reader. This imposes
a threat to security and privacy, so it is crucial to control access to the tags EPC or to allow
the reader to respond to the questioning with a response that does not contain the EPC. This
technique requires at least class 2 tags because their content must be rewritable. The retailer
concatenates the EPC with a random number, encrypts the result, and stores it on the tag. The
key to this encryption is only known to the retailer.

11 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

When requested, the tag sends the encrypted data, which will appear as random numbers to
an attacker. An authorized RFID reader can decrypt the message and receives the original
EPC and the random number. Then, it can rewrite the EPC on the tag, again padded with a
random number and encrypted with a key. And even the customer can encrypt the EPC with
its own key, so only he and authorized persons can access the EPC. With this technique, the
end-user has all the benefits of having unique EPCs on his tagged items without the privacy
issues occurring with promiscuous tags.
*Pseudonym Protocol
The two main problems concerning privacy are the linking of two sightings of tag and
ownership transfer, where only the new owner should be able to read the tag. These problems
could be solved by a protocol proposed by Molnar, and Operand Wagner, which we will
describe in this section. What is new in this protocol is delegation. A tag generates a
pseudonym ID code with its secret key and sends this ID code, which a normal reader (a
reader who is not generally allowed to access this specific tag and therefore does not own the
secret key) does not understand. The reader passes this ID code to the appropriate trusted
center which gives information about the real ID of the tag to the reader if it can authorize
itself by well-established cryptographic means towards the trusted center. The trusted center
has been given all relevant data about the tag, i.e. the secret key, the ID code, access policies,
etc., on the rollout of the tag. An authorized reader is able to decipher the real ID code by
himself. With two responses of a specific tag being never the same, the problem of
traceability is solved, because an attacker cannot link two sightings of the same tag. The
concept which is used here is called Controlled Delegation which means, that the trusted
center decides whether it gives the information to the reader or not. It is important that the
trusted center does not give the key to the reader because then the reader would be able to
read the tag all time, which also opens the door for physical attacks on the reader’s memory
to get the key. So the trusted center deciphers the ID and passes it on to the reader. The next
time the reader sees the tag, it will not recognize the tag as the one read before. But also, if
the reader should be able to read the tag a limited number of times, this is possible. Therefore,
the trusted center gives the real ID of the tag and the next n pseudonym IDs the tag will
respond to, where n is the number of times the tag should be readable by this reader.
Ownership transfer is also made secure with this technique. When a tag changes hands, the
trusted center simply does not grant access to the old owner anymore and grants access to the
new owner. A method to improve scalability and enhance the delegation between different
trust center entities and/or readers, i.e. giving secrets to enable permanent readability, can
also be found.
*Privacy-Protecting Tag
A simple way to protect the privacy of tag owners is to reduce the size of the antenna, thus
reducing the read range of a tag. It would still be readable and fully functional, but the reader
would have to be significantly nearer to the tag. IBM proposed such an architecture of tags
with alterable antenna size. This altering could be done by scratching off a printed conduit
that links two parts of the antenna or by stripping off a part of the antenna at a built-
imperforation line.

12 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

With this method, the read range can be reduced from a few meters down to 2.5 to 5
centimeters. Even with highly amplified readers, the thread range would not exceed about 15
centimeters according to estimations by IBM. This is a significant improvement to consumer
privacy because one can control the readability of the tags easily by not letting a reading
device come very close to the tag but the tag can still be used for applications useful for the
consumer.
The new emerging so-called “Smart Objects” will nearly influence all areas of everyday life.
Computers will complete their services increasingly invisibly and hidden in the background.
Radio Frequency Identification (RFID) is one of those emerging technologies. In the next few
years, this technology will be deployed in the mighty industrial sector.
Many big and small firms intend in the early future to provide their goods, if yet not done,
with this technology, hoping to organize their business process more efficiently. While on the
one hand, these positive commercial capabilities exist, there is an intense social debate on the
implication of this technology. When RFID tags are attached to the products in retail and
from there arrive homes, then it could result in ubiquitous surveillance of people on the basis
of their owned objects. Companies may be enthusiastic about this new possibility but the idea
of integrated chips in objects surrounding us as well as the opportunity for quiet
communication among each other calls a discomfort to many citizens
The main security threats in RFID systems are forgery of tags, unwanted tracking of
customers, and unauthorized access to the tag’s memory. So here, we propose authentication
protocols for RFID systems. These protocols allow protecting high-value goods against
adversary attackers.
There are various mechanisms to ensure that the security services can be guaranteed.

3.4 Symmetric Cryptography

Symmetric cryptography, also known as secret-key cryptography is based on encryption
and decryption with the same key. The key and the plaintext are fed to an algorithm that
generates the cipher text. It is always assumed that the algorithm is known to the attacker but
not the key. Block Ciphers: Block ciphers break the plain text into blocks usually 8 or 16
bytes long and operate on them independently. Usually, the last block is padded with the
number of pad bytes added so that the receiver knows which bytes to discard. Multiple
appearances of similar text also result in similar patterns in the cipher text. This can be
avoided by using feedback modes. The most common feedback mode is the cipher block
chaining (CBC) mode where the current block of plain text is XOR with the previous cipher
text. Stream Ciphers: Stream ciphers generate a pseudo-random key stream based on the key
and XOR it with the plain text to generate the cipher text. The key stream is independent of
the input data. Decrypting is the same as encrypting because the XOR function applied twice
produces the original input.

13 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

Stream ciphers are generally faster and use less code than block ciphers. The most common
stream cipher RC4 is probably twice as fast as the fastest block cipher. Stream cipher keys
should be used only once. Symmetric Algorithms: Triple-DES (Data Encryption Standard) is
an adaption of the obsolete DES algorithm to meet modern security standards. It applies the
DES algorithm 3 times and thus uses key lengths of 168 bits instead of 56 bits. The
disadvantages of the 3DES algorithm are that encryption and decryption are very slow.

3.5 Asymmetric Cryptography

Asymmetric cryptography is also known as public-key cryptography and applies two
different keys. One key called the public key is used to encrypt data. The cipher text can only
be decrypted by the second key: the private key.
Asymmetric-key cryptography requires extremely costly arithmetic operations and is
therefore out of question for RFID systems today. Strong authentication protocols, such as
challenge-response protocols are widely used today.

Figure 3.5

3.6 Authentication Protocols Based On Challenge-Response Methods:

*TAG AUTHENTICATION:
Here, the tag authenticates itself against a reader. The origin of the tag can be proved and
forgery is prevented. The protocol works as follows:
The reader sends an authentication request, addressed with the ID of the tag. It contains a
nonce, generated by the reader. The tag encrypts the nonce with the secret key and sends the
result back to the reader, which can then verify the result A-SRAC Protocol.

14 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Implementation

*READER AUTHENTICATION:
This method is used for authenticated access to the tag’s memory. In this when answering the
inventory request, the tag indicates with a flag that the reader has to authenticate itself.
The reader answers the challenge and sends a request to reveal the tags ID. Then only the tag
sends its ID in plaintext and grants the reader access to the memory.
*MUTUAL AUTHENTICATION:
In this, both parties authenticate themselves against each other. Like in the former protocols
the tag answers the inventory request with a nonce and requests authentication from the
reader. The reader answers the challenge and sends another challenge for the tag. The tag
answers the reader’s challenge and both are authenticated. In this the ID is never sent in plain,
so all three security threats can be prevented.
*INTERLEAVED AUTHENTICATION PROTOCOL:
The protocol mentioned above only works when the result of the cryptographic primitive is
available within the time defined for the tag’s response. As this time is very short a
modification of this authentication scheme was proposed where the calculation time for the
algorithm is of minor importance. For this purpose, authentication is split into two parts:
Authentication request(AR) and Response request(RR).
When evaluating the security risks to RFID systems in the medium and long term, it is
important to consider the costs an attacker has to spend as well the costs and efficiency of
countermeasures. Rising fixed and variable costs with additional security mechanisms can be
justified when a great number of pieces are produced.

Figure 3.6

15 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Applications

CHAPTER 4
APPLICATIONS

*RFID technology has received more and more attention in many areas like manufacturing
companies, agriculture, hospitality, industries, parking management, and transportation
sectors. Major applications of RFID are given below:

->Healthcare Applications
RFID applications in healthcare could save important resources that can further contribute to
better patient care. RFID applications could reduce the number of errors by tagging medical
objects in the healthcare setting such as patients‟ files and medical equipment tracking in a
timely manner. RFID further improves the situation for patients‟ care by integrating medical
objects involved throughout the patients‟ care. RFID based timely information about the
location of objects would increase the efficiency and effectiveness of paramedical staff
leading to improved patients‟ experience.

-> Baggage Applications

Airline industries, package and delivery services lose a lot of money on lost or late delivery
of baggage/packages. Handling a large number of packages from many places to various
destinations on different routes can be very complex. In this scenario, the RFID application
provides the best resource management, effective operation, and efficient transfer of
packages. RFID helps to identify the packages and provide records that can advise the
industry on possible areas that may require some improvements. It also keeps customers
informed about their packages.

-> Toll Road Applications

RFID applications make the toll collection/charging better with improved traffic flow, as
cars/vehicles cannot pass through toll stations without stopping for payment. RFID is used to
automatically identify the account holder and make faster transactions [6]. This application
helps to keep good traffic flow and to identify traffic patterns using data mining techniques
that can inform the administration or decision support systems. For example, the information
can be used to report the traffic conditions or to extend and develop future policies.

-> Asset Tracking and Locating Objects

RFID can be used to prevent misplacement of items or to locate items. An asset is tagged
with an RFID chip for its physical verification. A database is used to keep track of item
movements.

16 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Applications

-> Libraries of RFID Labels

RFID can be used in libraries for management of the books. For this management RFID use
many components like tag, reader, self-check-out/in, book drop reader, middleware, etc. With
the help of these components, it manages the process of borrowing and returning the book.
RFID remembers to be already borrowed books while borrowing the book and already
returned books while returning the book.

-> Animal Identification

This is one of the earliest RFID applications. The RFID tag can be injected to remain under
the skin of an animal. This process is less painful and there is no identification mark with the
help of which tag can be removed or modified. RFID chip inside the tag is „Read-only‟ so
data cannot be modified. This chip contains much information like date of birth, last
vaccination is done, any medical history, and distinguishing features about the animal.

-> Anti-Theft System

Any item can be protected by using an RFID anti-theft tag attached by a strong string or a
plastic band to the item. If anyone walks to the exit with this item, RFID door antennas
placed near the exit will detect the presence of a tag and sound an alarm.

-> Waste Management

RFID can be used for waste management also. An RFID tag is attached to each waste bin and
every garbage truck has an RFID reader attached to it. When the waste bin is emptied into the
truck then the reader read the tag and transmits data to the truck driver’s cabin wirelessly. At
end of the route, data is transmitted to a central server. This data includes waste bin numbers,
collected at what time, and who was a waste collector.

-> National Identification

National identification has been the biggest problem for all the countries. For identification
RFID technology can be used. A user has only a single card with an embedded RFID chip.
This RFID tag number then points to an online database that is accessed by multiple agencies.
A single ID card needs to be issued for identification.
The RFID tag can be attached to animals, plants, and the particular human body. The
technology is capable of preventing medical accidents in the health industry. The RFID
tag system is able to obtain and store blood pressure and body temperature.
Other applications include an efficient paper roll management system and improved asset
management and accountability.

17 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Evaluation

CHAPTER 5
EVALUATION

*Criteria for evaluation

Current literature dealing with RFID middleware offers several criteria for evaluating RFID-
Systems. We have summarized the most common ones to the following topics:

Scalability An increase in throughput rates could cause the infrastructure to collapse. Being in
the line of fire middleware has to offer features for dynamically balancing processing loads
and handling large amounts of data and their preprocessing(like database lookups, updates,
etc.).Additionally, this topic covers the question of how to extend an already implemented
system.

Commitment To Standards Supporting common standards simplifies upgrading, migrating,

and scaling of existing infrastructure. Concerning this topic, we concentrate on the exchange
of information between the enricher layer and the backup systems. This topic goes hand in
hand with the question of application integration.

Level Of Processing and Enriching Data Besides collecting data, RFID middleware needs to
filter and enrich raw RFID data in order to transform those flows into single events.

18 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Conclusion

CONCLUSION

After examining the three fields of Health care, Games, and Human Activity Detection with
regard to the usage of RFID technology we will now try to present the overall observations
and draw some conclusions. The scenarios presented show that RFID technology is a
technology with a promising future, even if there are still some problems and limitations that
need to be solved.
Tag detection not requiring human intervention reduces employment costs and eliminates
human errors from data collection. As no line-of-sight is required, tag placement is less
constrained. RFID tags have a longer read range than, e. g., barcodes. Tags can have
read/write memory capability, while barcodes do not. An RFID tag can store large amounts
of data. Unique item identification is easier to implement with RFID than with barcodes.
Tags are less sensitive to adverse conditions (dust, chemicals, physical damage, etc.).
Above all, there is the need for small tags but especially for smaller readers. In the field of
gaming, small tags are necessary for cards, puzzle pieces, or counters. There is also a demand
for smaller readers that can be integrated into areas of board games. Regarding Healthcare the
wrist band scenario indicates the requirement for smaller tags as well, so the wrist band may
be built very small and does not handicap the patients. In the human activity scenarios
describing the GETA sandals and the bracelet, the need for smaller readers is obvious. Of
course, there are quite small tags available but not for a price that allows an unlimited
extensive integration. Ina card game with 52 cards like the smart playing cards presented in
the section, very small tags needs to be attached to each card. The same applies to puzzles
like the smart jigsaw puzzle with 1000 smart pieces and of course to healthcare systems since
each test tube, blood bottle, and all patients may be equipped with tags or readers. If you
consider only one tag, a price of about 20 Cent is no object, but if you have to integrate
thousands of tags in a small application it gets relevant. The matter of size becomes even
more problematic as the RFID tags and readers are combined with other technologies leading
to enriched functionalities but also to larger sizes than the motion-sensitive WISPs.

19 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags Future work

FUTURE WORK

RFID technology uses radio waves to automatically identify people or objects. After sixty
years of development, RFID is being used in many fields. There are some problems needed to
be overcome before RFID technology becomes widespread in the world. One major problem
is the high costs, the other is a privacy issue. After avoiding problems, the RFID technology
will be a big help to humans. The price of RFID tags is expected to decrease.

RFID tags will only become cheaper and more powerful with improving technology and
design experience. Some standards for the RFID systems are under development. Also, there
is an improvement in tag life expectancy and durability in past few years. The RFID
technology brings new opportunities as well as challenges to the AIDC infrastructure.
Although RFID suffers from many limitations but still Demand RFID systems is increasing
day by day. RFID tags can combine with sensors of different kinds. This would allow the tag
to report not simply the same information over and over, but identifying information along
with current data picked up by sensors. Over time, the proportion of “scan-it-yourself” will
increase. RFID technology does not replace barcodes. This technology improves barcodes by
adding functions that existing barcode technology fails to achieve.

A hex keypad can be interfaced to a microcontroller board by which the user can enter his
password then the lock can be opened. This ensures even if someone has a card then also
without the password he can’t get access. Implementing the security systems with different
levels by using different types of MI fare cards. Cryptanalysis of the link between the card
and reader. Study of other RFID techniques for better service and security. Interfacing the
system with a GSM so that data can be transmitted through messages.

Figure 7.1

20 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags References

REFERENCES

[1 ] S. E. Sarma, S. A. Weis, and D. W. Engels. RFID Systems and Security and Privacy
Implications. In Cryptographic Hardware and Embedded Systems – CHES 2002, 4th
International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers,
volume 2523 of Lecture Notes in Computer Science, pages 454–470. Springer, 2002.
[2] S. A. Weis. Security and Privacy in Radio-Frequency Identification Devices. Master’s
thesis, Massachusetts Institute of Technology, Cambridge, MA 02139, May 2003.
[3] S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels. Security and Privacy Aspects of
Low-Cost Radio Frequency Identification Systems. In Security in Pervasive Computing, 1st
Annual Conference on Security in Pervasive Computing, Boppard, Germany, March 12-14,
2003, Revised Papers, volume 2802 of Lecture Notes in Computer Science, pages 201–212.
Springer, 2004.

21 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi
Secure symmetric authentication for RFID tags References

22 | P a g e
Dept. Of ECE 2021-22 JCET, Hubballi