27444045(neelamatha)

Abstract— Radio Frequency Identification (RFID) is currently being used for auto-
identification of objects, assets, pets, and people. Its initial success in offering
strategic advantages for businesses, by efficient tracking of inventory in the supply
chain, has left this technology wide open to many applications that are only limited
by people’s imagination. This technology will have a tremendous impact on our
society, once it starts to assist people in their daily life. A right step in this direction
would be Mobile RFID, where a RFID reader chip is integrated into a portable mobile
device like mobile phone, and PDA. Mobile RFID would help consumers in shopping,
and allows quick and easy access to information, just by bringing their mobile
devices near to an object that has a RFID tag. This paper pioneers in describing
Mobile RFID’s new applications and security challenges. It focuses on different Mobile
RFID application zones, and their related security threats, and security requirements.
Finally it proposes simple security architecture for Mobile RFID applications in
Location-based Services zone.

Keywords: Mobile RFID, Mobile RFID Security, RFID Security

1. Introduction portable database, multiple tag read/

write, tracking people, items, and
1.1RFID Technology equipment in real-time, etc. Later we
gave a detailed description about RFID
Radio Frequency Identification technology and its advantages for
(RFID) is a means to efficiently, easily, supply chain management.
and quickly auto-identify objects, Passive RFID tags are attached
assets, pets, and people. So far, RFID to objects/products and these tags
technology is used by some big contain tiny, but durable computer
companies like Wal-Mart, Proctor & chips with very small antennas.
Gamble Co., Hewlett-Packard, Prada, Passive tags are powered-up from the
Gillette, GAP, Target Corp., and the interrogation Radio-Frequency (RF)
Albertsons Inc., to track their inventory signal of a reader. The tiny computer
in the supply chain. With the current chips contain an Electronic Product
barcode technology, each product’s Code (EPC) that uniquely identifies the
barcode label (Uniform Product Code - object to which it is attached to, and
UPC) must be brought before the the antennas automatically transmit
reader or laser and labels must be this EPC number without requiring line-
scanned one by one. This leads to of-sight (i.e., visual) scanning, to RFID
laborious, painstaking, human-error readers within a certain RF range.
prone, and time consuming inventory
check, and also makes customers in a 1.2 Building Blocks of RFID
store to wait in long queues at the Infrastructure
cashier counter.
That line-of-sight between label This sub-section introduces the four
and reader is often difficult, main building blocks of RFID
impractical, or even impossible to Technology. This infrastructure is
achieve in industrial environments, currently being developed by
therefore RIFD technology allows EPCglobal Inc. This organization is
accurate and very quick scanning of entrusted by industry to establish and
products in large bulks thus speeding support a global standard for real-time,
up the supply chain management. automatic identification of information
Other advantages of RFID technology in the supply chain of any company,
include: anywhere in the world.
RFID tags can stand a harsh
environment, long read ranges, 1.2.1 RFID Tags
As mentioned above, every RFID tag Just like the global look-up
contains its unique EPC number. EPC is system such as the Domain Name
a globally unique serial number that Service (DNS), VeriSign, after obtaining
identifies an item in the supply chain. the contract from EPCglobal, has
EPC data/number contains: EPC invested heavily in building and
Manager number (identifies the marketing an EPC Network specifically
company), Object class (similar to a to look up EPC data. It becomes very
stock-keeping unit, also called product necessary to look up each EPC number
number), Serial number (specific on a central data repository like we do
instance of the object class being with a Web page or other system using
tagged, objects own unique identifier). DNS. Keeping EPC data as a unique
EPCglobal allocates manufacturers reference or primary ID, further
specific blocks of EPC numbers, and information about the respective
manufacturers then add their own product is stored on databases and
product codes and serial numbers to servers of EPC Network. This network
their assigned manufacturer numbers assists local company staff and
to create unique identifiers - EPCs. geographically distributed supply chain
Further information about the partners to easily and efficiently
product is stored on a network of access information on any product
servers and databases called EPC they are handling from any location.
Network. Therefore, unique EPC The EPC Network consists of three
number acts like a pointer directing main components: Object Naming
the RFID reader to the right entity on Service (ONS), the EPC-Information
the EPC Network from where the Services (EPC-IS), and the EPC-
reader can download additional related Discovery Services (EPC-DS).
data about the product it scanned.
 The ONS like DNS is an
1.2.2 RFID Readers authoritative global directory of
EPC-IS. EPC data is registered
RFID readers are used to scan within the ONS. A retailer may
RFID tagged items. RFID readers send need to get information about
scanned EPC data for processing the product it has just received.
to EPC Middleware. He scans the EPC number of the
product’s RFID tag and sends it
1.2.3 EPC Middleware to the ONS. ONS returns the
location of the manufacturer’s
In order to handle the billions of EPC-IS. This query process is
reads that happen in a typical transparent to the retailer takes
warehouse we need is to have a only milliseconds to execute.
middleware (filtering software) for the
readers. The data created by an RFID  EPC-IS are individual
reader needs to be filtered and companies’ publicly accessible
smoothed before it is useful for any databases that contain the
application. Hence EPC Middleware details related to a product.
manages real-time read events and EPC-IS would contain the EPC
information, provides alerts, and data, product description, size,
manages the basic read information weight, packaging, shipments,
for communication to EPC-IS as well as product arrival and departure
company’s other existing information details, and various other data
systems. It enables efficient useful that are appropriate to share
data exchange between RFID readers with supply chain partners.
and EPC Network.

1.2.4 EPC Network  The EPC-DS interacts with

Information Services
throughout the life of the
 product and maintains a history In near future, Mobile RFID
of each status change for the would equip people to carry along with
EPC tag. As products make their them a portable RFID reader in their
way across multiple points mobile phones. This extends mobility,
throughout the supply chain, allowing people to scan RFID tagged
this process of products being items as and when they want and
scanned, and the knowledge of provides an easier, user-friendly
their data within EPC-IS being approach to quickly and efficiently
passed on, repeats itself. The access information from RFID tags. [3]
registration of this product Nokia is now offering portable RFID
knowledge by each EPC-IS into readers that even interoperate with
the EPC-DS enables full supply- mobile phones. Thus every individual
chain visibility. By enquiring is capable of carrying a RFID reader
EPC data from ECP-DS any embedded in his mobile
member of the supply chain phone/portable device, making RIFD
can obtain real-time, complete readers ubiquitous. With the presence
visibility of the supply chain. of billions of geographically distributed
RFID tagged items all around,
1.2Mobile RFID Technology providing us with instant real-time
information, it becomes necessary to
As mentioned above, most look up each EPC number of a
applications of RFID for tagging and tagged item on a publicly accessible
tracking items have been for central data repository. Therefore,
operations within a single big company minor modifications to the RFID
and its supply chain partners. The infrastructure described in section 1.2,
reason being, RFID tag costs are still would best suit
relatively high, but they are declining this future Mobile RFID technology.
quickly and approaching a level at
which it becomes practical to tag 1.3.1 Applications of Mobile RFID
products at the item level. This will
open the door for large-scale use of Once the RFID tags become
RFID tags on consumer goods. Very cheap, we can literally attach them to
soon we can realize, one of the visions as many items as possible. As a result,
of automatic identification and just by bringing mobile devices near to
ubiquitous computing, which is the a RFID tagged object, we can quickly
creation of an “Internet of Objects”. and easily download information held
In such a highly connected by that object and view it via mobile
network; devices, objects, items of any phone’s display screen. For example:
kind dispersed through an enterprise  We can download information
or in our society can talk to each other, about a particular location by
providing real-time information about scanning RFID tagged sign
the objects, location, contents, posts, and landmarks
destination, and ambient conditions.
This communication allows much-  We can download bus routes by
sought-after, efficient and easy scanning RFID tagged Buses
machine to machine identification,
communication, and decision making.
Thus RFID technology will have a  We can download prices of RFID
tremendous impact on our society, tagged merchandise sold at
once it starts to assist people in their stores, published in catalogs for
daily life. A right step in this direction Compare Shopping.
would be Mobile RFID, where a RFID
reader chip is integrated into portable  We can download movies,
mobile devices like mobile phones, and music, trailers, show timings,
Personal Digital Assistants (PDA). and theater locations by
 scanning RFID tagged movie In a location-based services zone,
posters, music CDs, etc. service providers can provide us with
services “related to” and “available at”
 We can download current menu that location. The coverage of this
being served at a particular zone is very large which includes all
restaurant by scanning its RFID public places. In this zone, service
tag, published in a restaurants providers and vendors want to provide
catalog services that are available at
customer’s current location. To
 We can make a quick call or accomplish this, service providers
send an instant message by deploy RFID tagged items/devices all
scanning RFID tagged around, which provide us with instant
photographs, business cards, real-time information about services
address books, etc. available at that location. However the
communications between the mobile
1.3Related Work RFID and EPC network must be
secured.
We strongly believe that Mobile Mobile RFID thus identifies and
RFID technology has a great future and interacts with such smart
it’s a very challenging research area. It devices/items and obtains services like
is poised to be one of the future killer information about a particular location
applications and services of mobile by scanning RFID tagged sign posts,
communications. Since Mobile RFID and landmarks, download bus routes
technology is still in its infancy stage, by scanning RFID tagged Buses,
to the best of our knowledge we did download prices of RFID tagged
not find any literature that discusses merchandize sold at stores, for
about security for Mobile RFID Compare Shopping, download movies
technology. This paper could be the information, trailers, show timings, and
first of its kind to discuss about the nearest theater locations by scanning
vision and security challenges of RFID tagged movie posters etc.
Mobile RFID technology. Security framework for this zone is
very much open. In this zone all RFID
tagged items respond to every mobile
2. Mobile RFID Application RFID, otherwise the main purpose of
Zones these items to provide instant
information would be defeated.
Applications of Mobile RFID can be Therefore in this zone there would be
broadly categorized into three zones no security requirements for
namely: Location-based Services (LBS) authentication and securing the
Zone, Enterprise Zone, and Private communications between RFID tag and
Zone. Security threats and security mobile RFID. But there is one problem,
requirements for Mobile RFID differ these publicly available tags can be
with respect to these zones. Figure 1 is fake or must have been illegally
self-explanatory about the various modified and hence
security threats and security no longer truly represent the services
requirements for these three zones. of the tagged item.
Before we gave a detailed description In such an unprotected zone,
of various security and privacy threats establishing appropriate security
for RFID technology and also discussed architecture is very difficult. Mobile
certain proposed security models. RFID must contact many EPC-IS which
might be either genuine or malicious.
1.4Location-based Services (LBS) It should also be able to identify and
Zone securely communicate with only
genuine EPC-IS. But these tasks could
create a huge burden on the low
computing and resource-poor mobile 1.5Private Zone
device.
Our proposed security In this zone, Mobile RFID assists
architecture (explained in the following users in their private space like home,
section) for Mobile RFID - LBS zone garden, garage, car, and workshop. It
describes a convincing trust model and helps them to make an instant call or
secure job delegation to mobile send an instant message by scanning
operator. Therefore the mobile RFID tagged photographs, business
operator can help in reducing the cards, and address books. By scanning
communication and computational RFID tagged household items with a
burden on the mobile RFID. The mobile phone, we can quickly obtain
architecture also provides users information like; when would the milk
privacy protection. stored in the refrigerator expire,
details of the books in the bookshelf,
2.2 Enterprise Zone when was the last time a RFID tagged
plant has been watered, and when to
In this zone Mobile RFID assists change the engine oil, etc.
company’s mobile staff/employees like This zone is small when
inventory checkers, field engineers, compared to the other two zones and
maintenance and repair staff, and therefore it requires a simple security
security guards. It helps them in real- model that can be easily deployed and
time inventory management, work maintained by the user at his home.
attendance log, instructions on how to Users in this zone can buy off-the-shelf
operate tagged items, ‘identification Mobile RFID Kits. These kits can
of’ and ‘access control to’ tagged contain RFID tags, Mobile RFID, related
equipment and secure enclosures, and hardware, and software with user-
proof of staff presence at certain friendly GUI. The software can assist
locations in a building that needs to be the users to easily encode EPC
monitored periodically, etc. numbers of their choice into the RFID
The security framework for tags, create a portable database in
enterprise zone Mobile RFID their PC with details about the tagged
applications could be proprietary and household items, create passwords to
confined to the boundaries of a access these tags and the database,
particular organization. In such a and finally secure the wireless/WiFi
confined and well-monitored zone it’s network in the home environment.
not very difficult to establish and Other option could be, the user
enforce efficient security architecture, can obtain storage space (for free or
trust model, and security & privacy fee) on the EPC Network
policies. With the availability of up-to- (EPCInformation Servers) and via a
date list of registered employees and password protected userfriendly
items/products in a company; website, he can upload his personal
designing and implementing key/ EPC numbers and details of the tagged
password distribution, data integrity & household items. Whenever he scans
confidentiality, identification, his private RFID tag in his home, the
authentication, and access control Mobile RFID contacts his personal page
protocols among staff, RFID readers, on the EPCInformation Server and
RFID tagged items, and EPC Network is downloads the details about the item
moderately easy and mostly risk free in question. This approach alleviates
when compared to LBS zone. user’s burden of configuring his own
Since this zone needs precise security system. The EPCInformation
authentication and security auditing in Server must provide user privacy
order to access RFID tagged items, protection, and secure communication.
issues like user identity privacy and
tag information privacy will not arise.
3. Building Blocks: Mobile communications. But what
protects us from MO turning
RFID – LBS Zone hostile is that it has to very
strictly adhere to and follow
legal, security and privacy
The building blocks of Mobile policies imposed by the law.
RFID infrastructure in LBS zone is Our architecture extends this
similar to above mentioned RFID trust in MO to secure and
infrastructure. Expect that we provide privacy protection for
introduced mobile operator and Mobile RFID transactions. This
eliminated the need of EPC approach is very practical and
Middleware. Since mobile RFID would Threat Security Req. LBS Zone
mostly scan one tagged item at a time, T*& MR* MR& N*
there is no need for filtering software Overall Security
Large
Security Architecture
to make the mobile RFID data clear. Tag
Tag
 Mobile RFID (M-RFID): Mobile Info.Privacy
Killing/Pws x
Protection
Phone with RFID Reader Chip, User Identity Anonymous
x
is used to scan tagged items Privacy Transaction
available Key/Pwd
Trust Model x
everywhere. Compromize Key/Pwd Mgt.
x
& Distribution
Illegal Tag Info. Authentication x
 RFID Tags Access/Cloning Authorization x
/Denial of Service
Attack Access Control x
 Mobile Operator (MO): In the Tag Data
Illegal Tag Info.
current mobile Alteration
Integrity & x
Confidentiality
communications paradigm we Encryption
have already put in a great (symmetric/As x
deal of trust in MO, as it Network symmetric)
Eavesdropping Wireless
handles all our voice and data Network x
communications. It maintains a Security

Threat Security Req. Enterprise Zone easily deployable, as the

T&MR MR&N current mobile
Overall Security
Medium communications infrastructure
Security Architecture
Tag
is widely spread and highly
Tag
Info.Privacy
Killing/Pws stable. MO takes responsibility
Protection on behalf of M-RFID to select,
User Identity Anonymous
Privacy Transaction identify, and authenticate
Key/Pwd
Trust Model x x genuine ECP-IS. MO behaving
Compromize Key/Pwd Mgt.
x x like a “Trusted Proxy”
& Distribution
processes the request on
Illegal Tag Info. Authentication x x
Access/Cloning
behalf of the M-RFID, greatly
Authorization x x
/Denial of Service reducing the communication
Attack Access Control x x and computational burden on
Illegal Tag Info. Tag Data the user’s mobile phone and
Alteration Integrity & x
Confidentiality also provides users privacy
Network Encryption protection.
Eavesdropping (symmetric/As x x
symmetric)
Wireless  EPC Network
Network x
Security
record of each subscriber’s call
details, contact information,
and credit card details, etc. It
even has the capability to
easily determine our current
location and tap into our
 Threat Security Req. Private Zone Figure 1: Comparison of Security
T& MR MR&N
Overall Security Threats and Security Requirements of
Small
Security Architecture 3 zones
Tag
Tag
Info.Privacy
Killing/Pws x x
Protection 4. Security Requirements:
User Identity Anonymous
Privacy Transaction
x Mobile RFID - LBS Zone
Key/Pwd
Trust Model x
Compromize Key/Pwd Mgt.
x x We identified the following
& Distribution
Authentication x x
security requirements associated with
Illegal Tag Info.
Access/Cloning Authorization x x
the deployment of Mobile RFID:
/Denial of Service  Secure Job Delegation
Attack Access Control x x
 Trust Model
Tag Data
Illegal Tag Info.
Alteration
Integrity & x  Unauthorized Tag Information
Confidentiality
Encryption
access
(symmetric/As x x  User Privacy Protection
Network symmetric)
Eavesdropping Wireless
 Tag Access-Control
Network x Management
Security
 Tag Access Authorization
 Data Integrity & Confidentiality
4.1 Secure Job Delegation

The Mobile RFID on behalf of its

owner may need to communicate with
ONS, EPC-IS to retrieve the information
of a particular tagged item. It should
identify and authenticate genuine EPC
network and be able to secure the
entire transaction and also protect the
owner’s privacy. But these tasks could
create a huge burden on the low-
computing and resource-poor mobile
device and is certainly not user
friendly. Therefore it would be lot
easier for the mobile device to
securely delegate its work to a nearby
trusted high-computing and resource-
rich entity, the mobile operator. This
approach helps in reducing the
communication and computational
burden on the mobile device.

4.2 Trust Model

Establishing an efficient and

convincing trust model is very much
required to ensure secure transactions,
key distribution, and job delegation.
With existence of a trust model, it
would be lot easier for the mobile
device to delegate its work to the
mobile operator.

4.3 Authorized Tag Information

Access
  Gold card Members or certain
Scenario: Alice goes to a privileged members of certain
shopping mall. She uses her Mobile organizations
RFID reader to know the price, and
manufacturer details of a particular  Staff of a particular
commodity. The commodity’s RFID tag organization
must not reveal other sensitive details
like the number of pieces sold so far,  Security guards
its profit margin, and stock availability,
etc. in order to prevent corporate  Construction workers
espionage. This information is strictly
for the shopping malls inventory 4.7 Data Integrity &
checking staff. Confidentiality
4.4 User Privacy Protection We must keep the data that
resides in a tag secure and also
Scenario: Charlie stalks Alice provide Secure Electronic Data
into the elevator. Charlie has a RFID Interchange (EDI) transactions
reader embedded in his mobile phone. between the Mobile RFID, Mobile
Charlie can easily scan and read Operator, and EPC Network.
sensitive information o® any RFID
tagged item that Alice is carrying in
her bag/purse. After scanning a
5. Security Architecture:
particular RFID tag for information, the Mobile RFID - LBS Zone
identity and location of Alice must not
be revealed to the vendor or the This section describes our
service provider. This personal proposed security architecture of the
information could allow service Mobile RFID as depicted in Figure 1.
providers and vendors to generate
detailed profiles of the user, his buying  Step 1: M-RFID scans a RFID tag
interests, and transactions
information.  Step 2: RFID tag responds with
EPC number
4.5 Tag Access-Control
Management
 Step 3: M-RFID authenticates
itself to MO via login ID/pwd
Sometimes information from
and sends the EPC number to
the tags needs to be available to
MO
authorized parties only. But for mobile
RFID scenario, the set of authorized
parties is constantly changing, making  Step 4: MO sends EPC number
access management a priority for to the ONS
businesses. Therefore providing tag  Step 5: ONS responds with URL
information based on the privileges of of the EPC-IS related to the EPC
the user in question is very essential. number in question

4.6 Tag Access Authorization  Step 6: MO fetches the

anonymous M-RFID certificate
Certain RFID tags needs to from its database and sends it
respond to mobile RFID readers whose along with EPC number to the
owners are URL of EPC-IS. The certifi- cate
does not contain the identity of
 Above 18 years old M-RFID but contains some
related information like age,
 proof of privileged membership, between M-RFID and MO. This provides
etc. secure job delegation, trust model,
data integrity and confidentiality
 Step 7: EPC-IS verifies the between MRFID and MO.
certificate and checks the
access-control list in its
database.

 Step 8: Depending on the

access rights of that certificate,
EPC-IS responds to MO with
related data about the EPC
number in question.

 Step 9: MO sends the EPC

information to the M-RFID. This
communications can be
Figure 2: Mobile RFID - LBS Zone
encrypted using an established
Security Architecture
session-key
5.1.2 Mutual Authentication
 Step 10: MO stores details of mechanism between MO and EPC-
this transaction in the database IS
of this M-RFID. Later, M-RFID
can query some information Since MO and EPC-IS are
about the tags it accessed resource rich entities, they both can
previously on a particular date, authenticate each other via PKI-based
time, and location (for compare certificates. Thus providing data
shopping) and also items it integrity and confidentiality.
purchased.
5.1.3 Anonymous Certificates for
 Step 11: M-RFID can purchase Identity management,
tagged items. MO can pay the authentication, and authorization
vendor on behalf of M-RFID and
later get the money from M- M-RFID can request anonymous
RFID via monthly telephone certificate from MO. This certificate
bills. When a tagged item is does not contain the true identity of
purchased MO makes sure that MRFID but contains other details like
the details of that particular age, whether the user is a gold card
EPC number is removed from member or not, staff or visitor, etc.
EPC-IS. This prevents adversary This protects the privacy of the owner
to scan and know the details of of M-RFID and also assists EPC-IS to
the purchased items in the provide corresponding information
handbag of M-RFID’s owner. about the EPC number in question.

5.1 Security Solutions 5.1.4 M-RFID privacy

5.1.1 Mutual Authentication Our approach protects both

mechanism between M-RFID and location and information privacy of M-
MO RFID. With the use of anonymous
certificate the vendor or the service
A simple ID/Password provider of the tagged item can never
authentication for M-RFID and MO’s PKI know the true identity of the M-RFID’s
certificate verification by M-RIFD is owner. And once the tagged item is
necessary for mutual authentication purchased by MRFID, MO makes sure
that its reference is deleted from the deployable, as the current mobile
EPC-IS. This way even though, an communications infrastructure is
adversary can scan the handbag of widely spread and highly stable. And
Alice, he can no longer obtain vendors can still use the popular RFID
information about the tagged items EPC network. As our future work we
purchased by Alice as their references would propose more concrete security
are deleted from EPC-IS. architectures for the other two zones
of Mobile RFID applications and also
propose a simple, secure and privacy
6. Conclusions preserving payment phase for Mobile
RFID applications.
This paper provides future
vision and security challenges of References
Mobile RFID. We mentioned the
various security threats and security [1] Ari Juels, “RFID Security and
requirements at different zones of Privacy: A Research Survey”, RSA
Mobile RFID applications namely LBS, Laboratories, 2005,
enterprise, and private zones. And
proposed simple security architecture [2] EPCglobal Web site, 2005,
for the LBS zone, that fits the RFID EPC http://www.
Network. The advantages of this EPCglobalinc.org
architecture are as follows: simple,
involves less user interactions, secure [3] Nokia, “RFID Phones - Nokia Mobile
job delegation between Mobile RFID RFID Kit”,
and Mobile Operator. Also the Mobile http://europe.nokia.com/nokia/0,,5573
Operator conceals the identity of 9,00.
users, as a result service providers and Html
vendors of tagged items cannot
maintain users detailed profiles and [4] VeriSign, “The EPCglobal Network:
location information, this protects Enhancing the Supply Chain”, White
users privacy. It could be a good Paper 2005,
revenue generator for the mobile http://www.verisign.com/stellent/group
operator and service providers through s/
commissions for every transaction. Our public/documents/white_paper/002109
approach is practical and easily .pdf
 Mobile
RFID
Security
Issues
Presented
By

C Chakravarthi Jonnadula
Deevi Lalitha Rani
¾ B.Tech (CSE) ¼
B.Tech (CSE)
(LBRCE,Mylavaram) (SIET,
Garividi)