Mobile Agent for RFID Protection - A Review
Mobile-RFID is the term used to define those RFID services making use of the telecommunication network as the communication channel for getting information from a RFID-enabled object (tag); as such, mobile devices or PDAs are used as RFID readers. Mobile RFID enables a whole new set of services, based on the principle that a mobile device will offer both mobility and a broader reader range. These two principles add, at the same time, security issues to the already well known standard security and privacy concerns derived from RFID technology: information leakage, location, etc. Mobile Agent for RFID protection (MARP) defines a communication schema to enable security communication between the RFID-tags, readers and back-end servers, by providing an extra component working as a proxy between the reader and the RFID-tag. In this paper, a detailed description of MARP is presented, the range of services on which it can be used, together with some security issues with its countermeasures and available alternatives.
Analysis and Issues on MARP
- MARP assumes that communication between the backend server and the RFID-readers is secure. Most of the time, such channel is well protected; in telecom networks such us GSM/GRPS, the data transmission is encrypted, making sniffing almost impossible. But MARP is not only targeted to GSM/GPRS access; in principle, WLAN access is also part of Mobile-RFID and, in case such channel is not secure, MARP fails to bring privacy.
- The transmission of the control key or PINt from the database store towards the MARP-enabled device is not defined by MARP itself. This may prove to be a positive point, in the sense that, by submitting such key via different channel (SMS, email or bluetooth for instance), the probability of getting it by an intruder will be lower. Nevertheless, MARP should force to the users, during the registration phase, to change such key in order to avoid an intruder get access to the RFID-tag, since an intruder may be able to get access, for instance, to the email account of the RFID-tag owner. This alternative is also suggested in an enhanced version - eMARP - and defined as "one-way hash function and self refreshed PINt.
- The public key mechanism used by MARP can be a logistic problem for successful deployments
- MARP security schema defines the main steps needed to handle a secure communication between the RFID readers, MARP component itself and the tags. What about privacy of the reader carrying user? What about the MARP carrying user?. Since this is not part of MARP specification itself, some research must be done on this area.
- Another very important issue, mentioned by the same authors in an enhanced version of MARP, is the fact that RFID-tags must always be present in the communication, which is needed to avoid a tag falsification. In MARP, the presence of tag guarantees validity. On the other hand, the backend server knows both the RFID-tag identity Uidt and its secret key Keyt; MARP component only knows Uidt, and a hash value of the secret key h(Keyt); so, during privacy protection phase, the backend server should be able to verify RIFD-tags identity.
Analysis and Issues on MARP
- MARP assumes that communication between the backend server and the RFID-readers is secure. Most of the time, such channel is well protected; in telecom networks such us GSM/GRPS, the data transmission is encrypted, making sniffing almost impossible. But MARP is not only targeted to GSM/GPRS access; in principle, WLAN access is also part of Mobile-RFID and, in case such channel is not secure, MARP fails to bring privacy.
- The transmission of the control key or PINt from the database store towards the MARP-enabled device is not defined by MARP itself. This may prove to be a positive point, in the sense that, by submitting such key via different channel (SMS, email or bluetooth for instance), the probability of getting it by an intruder will be lower. Nevertheless, MARP should force to the users, during the registration phase, to change such key in order to avoid an intruder get access to the RFID-tag, since an intruder may be able to get access, for instance, to the email account of the RFID-tag owner. This alternative is also suggested in an enhanced version - eMARP - and defined as "one-way hash function and self refreshed PINt.
- The public key mechanism used by MARP can be a logistic problem for successful deployments
- MARP security schema defines the main steps needed to handle a secure communication between the RFID readers, MARP component itself and the tags. What about privacy of the reader carrying user? What about the MARP carrying user?. Since this is not part of MARP specification itself, some research must be done on this area.
- Another very important issue, mentioned by the same authors in an enhanced version of MARP, is the fact that RFID-tags must always be present in the communication, which is needed to avoid a tag falsification. In MARP, the presence of tag guarantees validity. On the other hand, the backend server knows both the RFID-tag identity Uidt and its secret key Keyt; MARP component only knows Uidt, and a hash value of the secret key h(Keyt); so, during privacy protection phase, the backend server should be able to verify RIFD-tags identity.
Comments