Self-identification and two-factor authentication systems based on RFID and biometrics offer a growing number of applications (for all types of personnel who cannot afford to make password errors, people with neurological conditions, Alzheimer's, children, the sick, the illiterate, prison inmates, animals, etc.) because they eliminate the need to remember or memorize any passphrase, PIN, password, answers to random questions, or photo from a matrix or mosaic of many photographs (as in the case of visual passwords). RFID (Radio Frequency Identification) is a technology that allows for the remote identification of objects, products, people, or animals using a small tag (or transponder) that is attached, inserted, embedded, incorporated, or implanted in the entity to be identified. In other words, it offers a method for remotely storing and retrieving data using RFID tags. It presents great potential for all types of industries, services, and applications, and a broad and growing spectrum of possible uses. One of the first areas where it has been used for some time, and where it promises excellent results, is in inventory management to improve the supply chain. But it is also used to identify friendly and enemy entities in wars (delivering projectiles to targets), for keys to open vehicles/gates/doors, in public transport cards (subway, bus, train, tram, elevators, funiculars, etc.), in electronic passports (ePassport, standardized by the ICAO, International Civil Aviation Organization), for event access tickets, implants for tracking and identifying the real-time location of people (the elderly, children, criminals), stolen vehicles, identification of domestic/wild animals (ISO 11784/11785), in the manufacture of makeup powders, for spreading at unauthorized demonstrations, in suspicious vehicles, in libraries to improve book lending and inventory management, as sophisticated sensors for monitoring tire pressure and temperature, access control to buildings, VIP areas, etc. The downside of RFID technology is that it must be protected against potential security and privacy threats (viruses, malicious SQL injections, attacks, etc.).
Biometric technology. Process flow
Biometrics is a technology that allows the registration of people and animals based on their physical (biological, physiological) or behavioral characteristics for self-identification and authentication purposes. Facial recognition is the oldest form of identification method. The biometric process involves several phases. The user provides biometric data during the enrollment process in the biometric system (often combined with RFID to mitigate potential threats). The system extracts the characteristics from the individual's biometric data, creates a template, and stores it for future comparison. During the authentication process, the user again provides their biometric data for verification/identification by the biometric system. The system again extracts the characteristics, creates a template, and compares it to the template(s) from the enrollment phase. A result, or confidence level, is calculated based on the comparison, determining the degree of similarity between the two templates. The comparison is considered positive if the result exceeds a pre-established threshold; otherwise, it is considered negative. Security, of course, depends on the selected threshold. However, the final result of the proposed system will be correlated with the RFID information, which reduces potential false FMNR (False Non-Match Rate) and FRR (False Rejection Rate). FNMR occurs due to changes in the user's biometric characteristics, modifications during the enrollment phase when the data is captured, and changes in how the data is presented. Since 100% match is not possible in a pure biometric system, combining it with RFID improves performance levels.
RFID Tag Characteristics and Classification:
There are many different types of RFID tags depending on their application. The following classification criteria can be identified: (1) Power Source: The following categories exist: (i) Passive tags: These do not have an internal power source. They obtain energy from the electromagnetic field of the reader. (ii) Active tags: These have a battery used for both internal calculations and transmission. (iii) Semi-passive tags: These have a battery for internal calculations; however, the energy required for transmission comes from the electromagnetic field of the reader unit. (2) Frequency Band: The following categories exist: (i) LF tags: These use the 125-134 kHz band and are used for pet identification and inventory tracking. (ii) HF tags: These use the 13.553-13.567 MHz band and are used in smart cards, libraries, and textile product identification. MIFARE tags are based on ISO 14443, use the 13.56 MHz frequency, the technology is from Philips Austria GmbH, and they incorporate encryption capabilities. (iii) UHF tags. They use the 860-960 MHz band and are used for supply chain tracking. (iv) UHF tags. They use the 2.4000-2.4835 GHz band and are used for vehicle fleet identification and wireless highway tolling. (3) Communication range/distance.
The distance depends on the transmission power, the frequency used, and the electronic considerations of the antennas. The following categories exist: (i) Centimeter-range tags. These operate in the low frequency (LF). (ii) Decimeter-range tags. These operate in the high frequency (HF). With higher power and better antennas, a tag can be read at a distance of meters using 13.56 MHz. (iii) Meter-range tags. These operate in the ultra-high frequency (UHF). It is possible to achieve greater distances, even kilometers, and even via satellite. The transmission power is specified in European ETSI standards such as EN-300-330, EN-300-220, EN-300-440, and EN-300-328. The reader-to-tag channel (sending channel) allows for reading at greater distances than the return channel. (4) What is their memory? The tags have at least a few bits to store the UID (Unique Identifier). The UID size is 32 to 128 bits. The UID is usually chosen by the manufacturer and cannot be changed by the user. Tags may have additional memory (EEPROM); 1KB is a typical value for tags with EEPROM. 70KB is the memory size in a passport. WORM (Write Once Read Many) R/W memories are used to store data and metadata. EAS (Electronic Article Surveillance) tags have only one bit (EAS allowed or EAS disabled), are not for identification, and are not true RFID tags. The memory of an ISO 15693 RFID tag acts like normal memory; the RFDump tool can help manipulate tag data using a hex editor-type user interface; malicious SQL and malware injections are possible. (5) What are the computing capabilities? The following categories appear: (i) No computing or memory capabilities. (ii) Possibility of logical operations. For example, to verify a passport. (iii) Symmetric cryptography capability. They perform symmetric encryption such as DES, AES, XTEA, and proprietary algorithms; sometimes they do not need a microprocessor. (iv) Asymmetric or public-key cryptography. They perform algorithms such as ECC, RSA-CRT; they require a microprocessor. (6) Tamper resistance. This is a matter of controversy. Some people believe that caution should be exercised with tamper-resistant tags. (7) Tamper resistance, for example, if the same key is shared by all tags. Others, more reasonable, consider that if the tags are not tamper-resistant, the cost of an attack can be high compared to the gain, and recommend using a different key on each tag. Sometimes, the lack of tamper resistance must be weighed against the fact that the tag is difficult to access, for example, a subcutaneous RFID tag. (8) Types of objects that carry them: ferrous materials, metals, corrosive fluids, insulators, plastics, biological material (using nanotechnology).
The most common are: (i) ISO (International Organization for Standardization), http://www.iso.org . For example: 14443 (ISO-14443A Mifare, 14443B CryptoRF, 14443C/D/E/F), ISO 15693 (Texas Instruments), 11785, 17364, 15459, 24721, 17367, 19762, etc. (ii) EPC (Electronic Product Code), http://www.epcglobalinc.org/ . The EPCglobal Network was developed by the Auto-ID Center, a global research team led by MIT (Massachusetts Institute of Technology) with laboratories around the world. EPCglobal is a non-profit, consensus-based, and neutral standards organization. It has created the Class-1 Gen-2 and Class-0 and Class-1 Gen-1 standards that incorporate kill commands that activate the readers if a certain password is known.
RFID tags can be classified into four classes: (1) Class 1 tags. Passive identification tags. Their minimum features are: (i) An EPC identifier. (ii) A TID (Tag Identifier). (iii) A "kill" function that permanently disables the tag. (iv) Optional password-protected access control. (v) Optional user memory. (2) Class 2 tags. Passive tags with higher functionality. Their features are: (i) An extended TID. (ii) Extended user memory. (iii) Authenticated access control. (iv) Additional features TBD. (3) Class 3 tags. Semi-passive tags. Their features beyond those of Class 2 are: (i) An integrated power supply. (ii) Integrated sensor circuitry. One application is tire pressure detection. (4) Class 4 tags. Active tags. Their features beyond those of Class 3 are: (i) Tag-to-tag communication. (ii) Active communication capabilities. (iii) It has ad-hoc network capabilities.
STRIDE model for RFID threat analysis
This model consists of six aspects (S, T, R, I, D, E): (1) Identity spoofing. This occurs when an attacker successfully impersonates an authorized user. Some examples include: (i) An adversary performs an unauthorized inventory of a competitor's warehouse by scanning the EPC numbers of labels with an unauthorized reader to determine product types and quantities. (ii) An attacker can determine which organization is associated with an EPC number by impersonating an authorized ONS (Object Name Service) user and querying the ONS for EPC numbers. The middleware queries the ONS with the EPC number to determine the URL of the database containing the information for that specific EPC number. If an attacker impersonates an authorized middleware user, they can query and obtain URLs that reveal the location and possible identification of the organization containing the EPC number information. (iii) An attacker determines the complete information of an object by impersonating an authorized user of the database referenced by the ONS. (iv) An attacker impersonates an ONS server and can obtain EPC numbers or respond with invalid URLs that allow for data tampering or a DoS attack. (2) Data tampering. This occurs when an adversary modifies, adds, deletes, or reorders data.
Some examples: (i) An attacker modifies the content of a tag. For example, a tag on a passport to change its status from terrorist to terrorist. (ii) An attacker adds multiple tags to an object. This can make it appear as if there are more products inside. (iii) An attacker deletes the data on a tag. For example, an unauthorized reader issues "kill" commands. A thief physically destroys tags to avoid paying or for privacy reasons. (iv) An attacker reorders the data on a tag or rearranges tags from expensive products to inexpensive ones. (v) An attacker modifies the tag's return signal to the reader. (vi) An attacker impersonates an ONS server and responds with the wrong URL to an ONS query from a manager. (vii) An attacker modifies, adds, deletes, or rearranges data in a database containing information about EPC numbers. (3) Repudiation. This occurs when a user denies an action and there is no evidence to prove that the action was performed. Some examples: (i) A retailer refuses to accept a certain pallet, package, or product. A non-repudiation protocol is needed to ensure that neither the sender nor the receiver can deny actions. (ii) The owner of the EPC number denies having information about the product to which the RFID tag is associated; this can result in the warranty being denied for repair or return. (4) Information Disclosure. This occurs when information is exposed to an unauthorized user. It is a threat to privacy if the information pertains to an individual. Some examples: (i) A bomb explodes in a restaurant when a certain number of citizens from a specific country are detected, identified by their passport tags. (ii) A screen detects the tags a person is wearing and displays purchase recommendations in a store. (iii) An adversary can conduct an unauthorized inventory. (iv) An attacker can create a duplicate tag with the same EPC number and return a counterfeit product for a refund. (5) Denial of Service. This denies service to legitimate users. Some examples: (i) An attacker sends "kill" commands (obtaining the password) to tags in a supply chain to disrupt business operations and cause financial losses. (ii) An attacker inhibits RF communications or simulates a large number of tags to overwhelm anti-collision protocols. (iii) An attacker places an energy-absorbing tag that prevents legitimate tags from being energized. (iv) An attacker destroys or physically moves tags attached to objects. (v) An attacker shields the tags with a Faraday cage. The passport is placed in an aluminum pouch. (vi) An attacker with a high-powered reader interferes with the authorized reader and renders the system unavailable. (vii) An attacker performs a DoS attack on the servers that store the EPC numbers of the readers. (viii) An attacker performs a DoS attack against ONS. (ix) An attacker sends URL queries to a database, causing the database to query and thus deny access to authorized users. (6) Privilege escalation. This occurs when an unprivileged user or attacker gains higher privileges on the system than they are authorized to, for example, by using buffer overflow. Some examples: (i) An attacker logs into the database to obtain product information and can escalate their privileges, moving from user to root server administrator and writing or adding malicious data to the system.
Final Considerations
Our research group has been working on self-identification systems for over fifteen years. We have analyzed and synthesized various schemes and platforms combining RFID and biometrics.
This article is part of the activities developed within the LEFIS-APTICE (funded by Socrates. European Commission ).
Literature
- Areitio, J. “Identification and analysis of user authentication technologies.” Conectrónica Magazine. No. 106. April 2007.
- Areitio, J. “Analysis of biometric technology: Accuracy-performance parameters.” Conectrónica Magazine. No. 114. February 2008.
- Areitio, J. “Identification and analysis of biometric cryptography.” Conectrónica Magazine. No. 117. May 2008.
- Areitio, J. “Information Security: Networks, Computing, and Information Systems.” Cengage Learning-Paraninfo. 2008. -
Areitio, J. “Analysis of identification, authentication, and biometrics.” Conectrónica Magazine. No. 99. July 2006.
- Yanushkevich, S., Shmerko, V., and Popel, D. “Biometric Inverse Problem.” CRC Press. 2005.
- International Biometric Industry Association: http://www.ibia.org .
- Biometric Consortium: http://www.biometrics.org .-
- International Biometric Group: http://www.biometricgroup.com .
- Fingerprint Vendor Technology: http://fpvte.nist.gov/index.html .
- Buchanan, WJ “The Handbook of Data and Networks Security”. Springer. 2009.
- Cole, PH and Ranasinghe, DC “Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting”. Springer. 2007.
- Thornton, F. and Lathem, C. “RFID Security”. Syngress. 2006.
Author:
Prof. Dr. Javier Areitio Bertolín – E.Mail:
Professor at the Faculty of Engineering. ESIDE.
Director of the Networks and Systems Research Group. University of Deusto.
