Digital Signal Processing Reference
In-Depth Information
Data Security
RFID systems are increasingly being used in high security applications, such as access
systems and systems for making payments or issuing tickets. However, the use of
RFID systems in these applications necessitates the use of security measures to protect
against
attempted attacks
, in which people try to trick the RFID system in order to
gain unauthorised access to buildings or avail themselves of services (tickets) without
paying. This is nothing new — we only have to look to myths and fairy stories to find
examples of attempts to outsmart
security systems
. For example,
Ali Baba
was able
to gain access to the supposedly secure hideout of the 40 thieves by discovering the
secret password.
Modern
authentication protocols
also work by checking knowledge of a secret (i.e.
a cryptographic key). However, suitable algorithms can be employed to prevent the
secret key being cracked. High security RFID systems must have a defence against the
following individual attacks:
•
Unauthorised reading of a data carrier in order to duplicate and/or modify data.
•
The placing of a foreign data carrier within the interrogation zone of a reader with
the intention of gaining unauthorised access to a building or receiving services
without payment.
•
Eavesdropping into radio communications and replaying the data, in order to imitate
a genuine data carrier ('replay and fraud').
When selecting a suitable RFID system, consideration should be given to crypto-
logical functions. Applications that do not require a security function (e.g. industrial
automation, tool recognition) would be made unnecessarily expensive by the incorpo-
ration of cryptological procedures. On the other hand, in high security applications (e.g.
ticketing, payment systems) the omission of cryptological procedures can be a very
expensive oversight if manipulated transponders are used to gain access to services
without authorisation.
8.1 Mutual Symmetrical Authentication
Mutual authentication between reader and transponder is based upon the principle
of three-pass mutual authentication in accordance with
ISO 9798-2
, in which both
Search WWH ::
Custom Search