What is the role of RFID in Information Security?

Information SecuritySafe & SecurityData Structure

The implementation of RFID systems in high security software has appear into focus. It is adequate to consider the increasingly famous PayPass credit card-paying system or patient recognition. These solutions needed the integration of specific security supplements into the current systems, which are able to avoid unauthorized access or login.

These advanced authentication systems disclose the fact of possessing a secret. The purpose of using an appropriate algorithm is to avoid the compromise of the private key. Today's high security RFID systems have the capability of avoiding the following attacks −

Mutual symmetric authentication − Mutual symmetric authentication depends on a three step process among the reader and transponder in accordance with the ISO 9798-2 standard, which verify both parties knowledge of the secret cryptographic key simultaneously.

Derived key authentication − Each transponder is equipped with a private key to enhance safety. To achieve this, first the sequence number of the transponder should be extracted. The secret key is generated with the support of a master key and a cryptographic algorithm.

As a result, each transponder receives its own ID, and a sequence number that is connected to the master key on the downlink channel. As the first step of the common authentication, the reader fetch the ID of the transponder. With the support of the master key, the special encryption structure of the reader generates the private key of the reader.

Encrypted connection − There are two types of attackers including the first type attempts to continue in the background and retrieve valuable data in a passive method by interception. The second type actively participates in the data exchange, and change its content for its own benefit.

Cryptographic solutions can be utilized against both method of attackers. The value of data will be encrypted, and, as a result, the attacker cannot draw some conclusions on its initial content. Data link encryption works on the same principle. In case of sequential encoding, each character is encrypted individually, while in block coding encryption is completed by character blocks.

The stream encoders are a group of cryptographic algorithms which encrypt the characters of the open text in succession, but by multiple functions. First, a random key will be created, which will be the shared key among the parties in the information exchange. The key will have an XOR connection with the characters of the open text. The random key should have at least the similar length as the open text, therefore statistical attacks of the repeated patterns can be expected.

Other security recommendations − In case of Hash-based access control, by taking into account the resource management of low-cost smart tags, a simple security process based on one-way hash functions will be displayed in the followings. Generally, the scheme is performed by using hardware.

Updated on 09-Mar-2022 07:26:58