Jul 22, 2009Passive ultrahigh-frequency (UHF) RFID tags compliant with EPCglobal's Gen 2 protocol are used for tracking cases and pallets of goods in the supply chain; for performing quick, accurate inventory on individual products and on high-value assets; and, in some cases, for identifying individuals. But the existing protocols for securing these tags and the data encoded to them are weak. While a number of research organizations and security companies have proposed various approaches that could be utilized to improve the security of these types of RFID tags, none have yet been adopted. But the Tag Security Research Group hopes that will soon change, and after carrying out on an experiment involving a prototypical tag, its members wrote a white paper explaining their vision for more secure EPC Gen 2 tags.
The Tag Security Research Group is part of the BRIDGE project (Building Radio frequency IDentification solutions for the Global Environment). The three-year, €13 million ($18.5 million) project is funded, in part, by the European Union, and is dedicated to the research, development, training and demonstration of the effective use of RFID systems—specifically, those employing the EPCglobal standards framework (see EU Pledges $9.5M to Study, Promote RFID Business Applications).
Representatives from BT, SAP, Benedicta, AT4 Wireless, CAEN RFID, Confidex, UPM Raflatac and GS1 UK all participated in the research group and contributed to the project, as did representatives from four different universities—Graz University of Technology , ETH Zurich, the University of Fudan and the University of Cambridge. Funding for the group came, in part, from the EU grant, with the remaining provided by group member companies.
The tag-security white paper can be downloaded from the BRIDGE Web site (click on WP4 Security White Paper, under the Publications heading).
The aim of the Tag Security Research Group, and the white paper, is to provide suggestions, as well as a proof of concept, for a means of deploying EPC Gen 2 tags that support a robust security protocol between the tag and interrogator. The current Gen 2 air-interface protocol includes an option to use a password to protect tag data, thus preventing it from being altered by an unauthorized party. The password is static, however—meaning it never changes—and passes between the tag and reader in plain text, enabling it to be easily intercepted. What's more, the password does not prevent the tag data from being interrogated by any EPC Gen 2 reader.
Consequently, the only means of ensuring an EPC Gen 2 tag will not be read by an unauthorized party is to employ the protocol's kill command. But the problem with such a command is that it renders a tag permanently unreadable, thereby negating any value the tag holds in terms of authenticating a product warranty, return or exchange. In addition, current tag security measures do not provide adequate protection from attempts to counterfeit EPC tags, says Andrea Soppera, BT Research's supply chain innovation manager, and one of the white paper's coauthors.
Like other proposals for improving EPC tag security, the Tag Security Research Group's approach relies on the use of cryptography (see Researchers Say Sharing Is the Key to Privacy for EPC Tags and An RFID Tag Data Security Infrastructure Approach for Items). Specifically, the document's authors suggest security measures "based on a symmetric cryptographic approach, implemented in a way that the reading distance of low-cost tags is not reduced. In symmetric cryptography, identical cryptographic keys are used for both decryption and encryption." The group focuses on widely adopted standard data security methods, such as the Advanced Encryption Standard (AES).
The group had to employ a battery-assisted tag because the chips currently available for standard EPC passive tags are not sophisticated enough to support the cryptography functions. "The average Gen 2 chip right now has 5,000 gates," Soppera states. "To do the cryptography, we used a chip with an addition 3,000 gates." And so, in order for the group's proposed tag security measures to be deployed in the real world, an RFID chipmaker would need to fabricate a chip containing at least 3,000 additional gates. To store the cryptographic key needed to perform the security protocols, the chip would also require at least 128 bits of additional memory, compared with a conventional EPC Gen 2 chip. Tags with more than one key would require even more memory.
In order to perform the key exchange, the data transmission between the tag and interrogator would take slightly longer than the current non-encrypted exchange using standard Gen 2 tags. For the AES cryptography used in the prototype, this would add 15 milliseconds to the reading time. Based on this, Soppera says, 50 of the secure tags could be read in 2.5 seconds.
Additionally, Soppera notes, the tag maker would likely need to design a tag antenna that could support the key exchange between the tag and reader, since this requires a greater amount of RF power than the simple query-response used to interrogate an unencrypted tag ID. But because the security commands could be deployed using the existing EPC Gen 2 air-interface protocol, and because the firmware needed to execute the cryptography and key exchange could be uploaded to standard Gen 2 readers, the Tag Security Research Group considers its proposal for secure tags feasible.
It would, of course, result in an RFID tag that would be more expensive than standard Gen 2 tags—which currently cost around 10 cents apiece in large volume orders. But because the tags would most likely be used for applications in which high-value products are tracked, or in which data security is a high priority, end users would likely be willing to pay a premium for the tags. Exactly how much more the tags would cost is unknown, Soppera says, and would be completely dependent on the volumes of tags that end users demand (the greater the volumes, the lower the per-tag costs). It could be on the order of a $1 per tag, he says, though that is merely an estimate.
"What we've seen [in this prototype] and are hoping to do with this white paper, is to draw attention to end users that [Gen 2 tag security] is now possible," says David Lyon, EPCglobal's business manager for GS1 UK and another of the white paper's coauthors. According to Lyon, this research should foster new discussions with various stakeholders in the RFID industry, beginning with chipmakers that would need to make a commitment to fabricate new chips for secure tags. However, he also notes that passive high-frequency (HF) tags used in payment and other applications are already made with chips capable of supporting encryption.
If tag manufacturers develop products based on the research group's proposal, they would not be the first UHF RFID tags on the market capable of encryption, though they would be the first fully passive ones to rely on open standards. Startup firm SecureRF has been developing RFID tags that protect data with asymmetrical cryptographic keys, using a proprietary method known as the Algebraic Eraser, since 2005 (see SecureRF Creates New Encryption Method). The company also sells a battery-assisted version of its encryptable passive tag that can support an onboard temperature sensor (see Countering RFID Counterfeiters and SecureRF Announces Temperature-Logging EPC Tag With Data Protection) and is designed for authenticating goods being tracked in the supply chain.
