Austrian Researchers Find Security Options for RFID in Open IoT

The Graz University research group has built a prototype UHF RFID tag using an Internet Protocol Security layer to ensure that an RFID tag and its sensor data can be secure, no matter what RFID reader is used to interrogate it.
Published: August 16, 2017

A research group at the Institute of Applied Information Processing and Communications (IAIK), at Graz University of Technology (TU Graz), has developed a prototype for an RFID-based system aimed at providing security of RFID data on an open Internet of Things (IoT) network. Researchers say the technology provides security as sensor- and RFID-based data is collected—potentially in large volume—using virtual private network (VPN)-based software. The UHF EPC RFID tags they developed, which the team dubbed PIONEER, use their own communication channel, the Internet Protocol security (IPSec) protocol, and can require authentication before responding to an RFID reader.

IPSec serves as a tool to secure communications over IP networks. The protocol suite generates a confidential and integrity-protected connection between the tag and the Internet via a VPN connection. According to the researchers, the study found that running an IPsec stack on an EPC Gen 2 tag is feasible and provides secure end-to-end connections between a tag and the Internet—even if a reader being used is not trustworthy—because a secure connection between the tag and the Internet has been created. The reader then simply acts as a router of IP packets to and from the tags.

Hannes Gross

Funded by The Austrian Science Fund (FWF), the Graz researchers are investigating the secure use of RFID in open environments. The security of RFID chips will be a growing concern, the researchers predict, as RFID proliferates along with IoT systems. They cite such examples as smart cars and toys that could be hacked.

Currently, RFID systems are typically closed—data is captured, and is then stored for, and accessed by, a limited number of parties for a specific purpose. A more open IoT-based environment, which the researchers predict will become an alternative, would involve tagging things and enabling RFID readers to serve only as a bridge between the tags and the Internet. This, they say, would then make the data potentially available to a larger, open environment.

This means some proactive development needs to be carried out, the researchers say, in order to ensure that the open environment allows security for the RFID data. “Connecting each and every object and device to the Internet without thinking enough about the security, privacy and safety implications is not a good idea,” says Hannes Gross, TU University’s researcher and doctoral candidate, “and there exist many bad examples where this went wrong.”

Gross argues that existing security solutions would fall short in a large, open environment. Cryptographic processes require larger chips and, therefore, larger tags that could be more expensive, and the use of cryptography could slow down read times. The researchers’ alternative prototype tag, known as PIONEER, uses the ISO/IEC 29167 standard protocol with IPsec, allowing the tag to transmit data in encrypted form.

“In this project,” Gross says, “we looked at sensor-enabled RFID tags as potential participants in a secure and open IoT infrastructure.” The researchers analyzed which security and privacy features were necessary, as well as how seamlessly they might be integrated into an existing Internet infrastructure. They also determined how the required security functionality would be distributed between readers and tags.

“By analyzing different IoT scenarios and checking for possible risks,” Gross says, “we came to the conclusion that in an open IoT system, readers cannot be trusted but need to be considered as possible attackers.” This runs contrary to common assumptions in many systems, such as Electronic Product Code Information Services (EPCIS), in which RFID tags are mainly used to identify themselves to a reader, which then handles the secure communication to a back-end system that processes the information.

In an open IoT environment, the group found, tags would need to be responsible to secure their own communication channel in order to authenticate themselves and the reader, and to protect their identity and the privacy of the individuals who might carry these tags. With open IoT systems, Gross says, there are billions of possible communication partners (other devices), so sharing and maintaining passwords with every one of these devices is impossible. Therefore, they require more sophisticated cryptographic functionality based on public-key cryptography.

The introduction of the ISO/IEC 29167 standard, which provides various cryptographic suites, offers some security. Before that standard was created, Gross says, UHF tags could be easily cloned by simply reading out their EPC identifier and memory. Additionally, the 32-bit ACCESS passwords to restrict memory access did not provide adequate protection against identity theft. In some cases, he says, non-standardized proprietary cryptography was used in closed systems to protect RFID tags, but they could be reverse-engineered and broken.

The project focused on designing an open IoT system based on RFID technology, in which tags wander through an untrusted and potentially hostile environment. “We spend a lot of time thinking about what functionality and cryptographic services are required to protect sensitive data and securely exchange information over the Internet,” Gross says, “and which parts of the system could implement this functionality.” The group aimed not only at providing tag security, but also ensuring that if one was hacked, the entire system would not break down if an attacker succeeded in stealing the keys of one or multiple tags.

The PIONEER tag uses the IPsec protocol integrated into the EPC Gen 2 RFID standard over a self-designed cryptographic suite, which fits into the functionality of the ISO/IEC 29167 standard. The reader translates the communication between any IoT participant and the PIONEER tag, by wrapping the IPsec request and responses into EPC Gen 2 commands. For the project, the researchers also connected different sensors—such as temperature and humidity sensors—over I²C to the PIONEER tag, but the senor board could be easily extended.

The next step, Gross says, is to conduct additional testing before any solutions are commercially released. “We think that we laid good groundwork for further research toward open RFID-based IoT systems,” he states, “and showed the feasibility of such a system.” However, there are still some steps that need to be taken before this technology can be used in commercial products. “In the end, whether this technology will be part of the future IoT environment, and in which form, will depend on how the industry reacts to our ideas.”