Beruflich Dokumente
Kultur Dokumente
MSc Security Technology In collaboration with The University of Wales And the British Institute of Technology and E-commerce
September 2012
Page | 1
Abstract
As we know that todays we are living in digital world, wireless technology such as mobile phones, satellite navigation, Assets tracking devices, scanners and RFID tags. In my current research topic I will discuss about more detail in RFID tags, how many types of tags, what is the purpose of these tags, their reliability and acceptance in current market. I will also discuss about the structure of RFID and its Architectural methodology. Beside I will also discuss about the measure attacks which could harm and manipulating the tags. In further detail we will discuss about their international standard which is defined in ISO/IEC 14443. Which providing the detail information about its range and transmitting methods. Radio frequency identification (RFID) proved their efficiency and controlling assets in real world for reducing the risk of damage and loss. It will help to secure the channel from manufacturer to consumer. Their cost effective tags such as passive for low cost goods will provide better security of goods and assets tracking. In further I will discuss about some organization that using successfully those tags for providing better customer service and tracking their assets. Cryptographic method will also discuss in those tagging systems.
Page | 2
Acknowledgement
I would like to appreciate those who helped me a lot for this research work without their efforts I would have not been as successful as it was. Therefore I would like to mention following names of following people.
First of all I would like to extend my gratitude for my research work supervisor, Dr Hassan Al Saeedy who has guided me throughout this research work, with his best knowledge and skills overcome to help me for completing this research work.
Secondly, I would like to thanks my lecturer, Dr Ahmed Alnaemi. Who spend his precious time to guide me throughout my working papers and keep advising me about how to work and what should I have to mention in my report.
At last not least I would like to appreciate my family who gave me this opportunity to go away from home and pursue the research degree at one of UK best University.
Finally, I would like to thanks my all house mate's for their help and support during my studies and stay.
Page | 3
Table of Content 1. Chapter 1: Introduction & History about RFID 1. Introduction...7 1.1. History.......8 2. Chapter 2: Literature & Review of RFID System 2. Basic System of RFID.........11 2.1. Types of Tags.11 2.2. Passive Tags....11 2.3. Active Tags....12 2.4. Semi Passive Tags12 2.5. Readers.12 2.6. RFID Readers Functions13 2.7. Middleware.. 14 2.8. Radio Waves15 2.9. Barcode17 3. Chapter 3: RFID Key Generation, Distribution and Management Protocols 3. Symmetric key cryptography.20 3.1. Public key cryptography (Asymmetric cryptography)20 3.2. RSA Algorithms21 3.3. Kerberos.23 3.4. One-time key session25 4. Chapter 4: RFID Market Research & Adoption 4. RFID in Market...27 4.1. RFID in Animal..27 4.2. RFID in Logistics28 4.3. RFID in Pharmaceuticals31 4.4. RFID in Asset Tracking..33 4.5. RFID Application Software....35 5. Chapter5: Vulnerable Attacks & Countermeasures 5. RFID Security, Attacks & Countermeasures ..38 5.1. RFID Virus Attack.38 5.2. RFID Worm Virus..39 5.3. Disabling or Removing the Tags39 5.4. Sniffing Attack on RFID...39 5.5. Cloning the RFID Tags.......40 5.6. SQL Injection on RFID Tags....40 5.7. Jamming the RFID Signals....40 5.8. Mutual Authentication on RFID Tags.41 5.9. Countermeasure on RFID41 6. Conclusion.....42 7. Bibliography..............43
Page | 4
List of Figures 1. Figure 0: Radar Apparatus [1]...1 2. Figure 1: Passive Tag Model [5].1 3. Figure 2: RFID Passive Tag [6]..1 4. Figure 3. RFID Active Tags [7]..1 5. Figure 4. RFID Semi Passive Tags [8]1 6. Figure 5. RFID Reader [9]...1 7. Figure 6. RFID Middleware [10].1 8. Figure 7. Radio Wave Frequency Chart [11]..1 9. Figure 8. Sample of Barcode [12]1 10. Figure 81.Public key Cryptography example[19]1 11. Figure 8.2. Kerberos Protocol [21].1 12. Figure 9. Source IDTechEx [13]..1 13. Figure 10. Source enhancing the supply chain by zebra [14]..1 14. Figure 11. Author: Dirk Rodgers (RFID is Dead)[16]1 15. Figure 12 Bar Codes, RFID Technology, GPS Tracking [17]1 16. Figure 13 Classification of RFID Attacks[18].1
Page | 5
Page | 6
Page | 7
1.1.History: During the World War II it was used by British army in 1939 for indentifying the enemies and suspicious aircrafts. Every aircraft has their own transmitter installed in their system, which send signals to the centre which received by the ground radar. In 1950's and 1960's advance technology has been used in radar and for radio frequency (RF) Communication. Theoretically it was proved that how to use RF energy for indentify any objects remotely, those research papers published by the US, Europe and Japanese Scientist. New York Port Authority in US completed the first advance RFID system in 1971. it has been used passive integrated signals with 16-bit transponder in tool device. In 23 of January 1973, Mario w.Cardullo received first United State Patent for an Active RFID tag with re-writable memory. The same year 1973 Charles Walton from California, he unlock the door without using any key with the help of passive transponder patent. He made a card with an integrated transponder sending the signals to door receiver for unlock processing. Its like a shopkeeper personal identity card number which stored in the RFID tag, valid card can activate the door unlock. Charles Waltons licensed this technology to the schlag, a lock manufacturer and some more companies. US Government have been starting use of RFID in 1970's for tracking their nuclear assets, Such as nuclear weapons which goes through the RFID readers at the gate and provide safest capital. Toll collection system was introduced in the middle of 1980s; it has been widely used in commercial properties such as, road, tunnels and building all over world. Those scientists also created the toll system, using the UHF radio wave they work on the passive RFID tag system for electric cattle. This device has used the energy to reflect back to modulator signals known for the reading device technical reverse signals, further development in company using low frequency (125 kHz), transponders in cards for controlling access to buildings. The company move ahead further for high frequency (13.56 MHz), which has been not used on regular base but also been used in most of worldwide locations. Radio Frequency (RF) provides long range and faster transmitting data processing.
Page | 8
European Companies start using to track their assets and containers to use 13.56 MHz frequency tags. Todays in current market 13.56 MHz RFID technology been used for contact less smart cards, payment system and for controlling access. IBM scientist created the patent of an ultra high frequency UHF radio frequency identification system in the year of 1990's. Ultra high frequency offer more than 20 meter of range and a faster transmitting the data in good conditions. There has been idea discuss about the cost method to put only serial number on the label which will reduce the cost of tag. in the data base it will secure the serial number of the tag and available on internet for authorities to access. Before that tags was caring the information about the product and the container which travel during the movement from one point to another there was risk of reading information by intruders. Once they change into RFID technology it will help to business and their partner to monitor the shipment from factory to warehouse and retail points. Everything has automatically known by the manufacturer and merchandisers where the shipments have been reached. Mid of 1990's it was not used commercially but with the help of IBM they has tested this technology with Wall Mart. they sold IBM Intermec Patents. This Intermec radio frequency tag systems are been used for monitoring the agriculture departmental stocks. Because of the less information about the international standards and low sale ratio technology was seems to be more expensive. in the year of 1999 some organization such as uniform code council, EAN international , Procter & Gamble and Gillette operate their funds to open an auto id center at MIT for purpose of research on ultra high frequency. Two of their scientists sanjay sharma and david brock have work usage of low cost radio frequency (RFID) tags. In 1999 and 2003 Auto id center won the title of RFID supplying to over 100 major companies and U.S Department of defense. During the year it has been change to auto id labs and EPC Global. They are responsible of managing and continued of funding in Research and development of EPC technology. They open some laboratories in UK, Switzerland, Japan, China and Australia. There are two air interface protocols been developed by the electronic product code (EPC) class1 and class 0, those numbers are connected with the network architecture connected to the internet for RFID tag data. In 2004 EPC Global ratified as a standard of 2nd generation and spread their acceptance worldwide. Ref [2][3][4]
Page | 9
Page | 10
Page | 11
Some tags are measured 0.15mm by 0.15mm and can be thinner than the piece of paper. There are many retail organization been using this technology from EPC Global RFID Tags. International standard organization ISO defines their policy standard such as their limits, frequency power, and antenna designs. That information available on ISO 18000-6 and ISO 14443.it is also very simple for manufacturer to print those tags with antenna. Passive tags are commonly working under 12kHz, 134.2 kHz, 13.56 MHz and below fewer than 100MHz although there also using high frequency HF passive tags which could operate at 900MHz and 2.45GHz. Those high frequency tag are more expensive and need more processing during the manufacturer processing and can support up to 2Mb data storage.
are compliant with the EPC Class 1 Gen2/ISO 18000-6C standards. We recommend those tags to record temperature during the transportation and store the sensitive goods data such as fruits, vegetables, sea food, dairy goods and pharmaceutical products which required sensitive temperature readings.
2.5. Readers: An RFID reader is a device that can be used is to interview an RFID tag. The reader sends out has an antenna, the radio waves, the tag responds with its data. A number of factors the distance at which a label can be read from the beach. The frequency for the identification, antenna gain, orientation and polarization of the reader antenna and the transponder antenna, as well as the placement of the label on the object to be identified to be used has any effect on the RFID system range. Basically RFID readers provide various functions in-tags, will not send interrogation signals, power and antennas passive tags, semi-passive tags, encodes the data sent to and read data decoding beacon received from the tag. It usually consists of transmitter and receiver, a control unit and a coupling element (antenna). The reader may be fixed or mobile. It sends out electromagnetic waves. The bandwidth of the drive depends on the used radio frequency and power. You can use an additional interface, which can convert radio waves from RFID tags to the computer system, computer system or a programmable logic controller to be fitted. It contains one or more edits antennas.
2.6. RFID Readers Functions: RFID reader's task is to examine ways tags. The RFID interrogation is wireless and since the distance is relatively short. Line of sight between the reader and tags is not necessary. A reader comprises an RF module, which serves as transmitter and receiver radio signals. The transmitter includes an oscillator for Page | 13
generating the carrier frequency, a modulator for providing data to the commands carrier signal and an amplifier are incident sufficient to increase the signal to wake up the label. The receiver has a demodulator for extracting the data returned and also includes an amplifier for amplifying the signal processing. A microprocessor control unit provides the operating system and the filter of memory and store the device data. Multi singlemodal supports 1D, 1D and 2D bar code scanning, RFID and EPC Gen 2 imaging. Supports and dense reader mode (DRM) employs a simple integration of RFID technology allows processes within the supply chain. This device offers industry testing biggest decline, a seal to IP64 and integrated internal antennas. Readers multiple configurations available that support standards around the combination of acoustic and visual clues world. Unique can easily lead to a real-time workers item. Enable own real time communications data with integrated 802.11a / b / g. Reduces user fatigue in bar code scanning and RFID tag reading applications intensives. 2.7. Middleware: Middleware is application which creates the bridges between the RFID tags and their entire physical resources. This is the primary source of connection to the data. It helps to process the hardware and software data connection for inventory management business and goods identification. It provide the visual identification of the tag, convert data information to its credentials. Its processing the algorithms and data repository information within its operating system. That information manages by the information technology service department or an organization authorized person who deal with those system. This middleware system allow user to monitor all goods and can implement on it beside its also allow user to give an orders and modify their configuration on reader interface. Its also help user to collect the data and filtering through the channel of supply managment. It manages the entire enterprise resources planning (ERP), warehouse management system and build the customer relationship. Middleware system can work alone with the RFID reader system and change the whole process. Some of simple examples we can see on tags on bagging on airport where all baggages may move on the belt where all will be separate via the flight tags to the different location, each baggage goes to their exact location where it have to be. During this process middleware application and hardware interfere to filter all tags and relocate the whole process. Its analyzing the large amount of data and capturing. RFID technology proves their automatic process help to manage the supply chains and other business domain such as aircraft maintenance and hospitals pharmacy stuff. RFID management functionality provides routing, reader management and data processing. This will provide the meaningful information of the raw data. RFID middleware application should full fill the requirement of data filtering and capturing tag informations. That captured data can be broadcast to business partners for indicating their interest of data. Middleware should have to response immediately to their local interaction to the physical device but must sure that the date been providing is to the authorized entity and prevent any spoofing attacks, keep update to monitor their application updates and schedule changes. There are many applications whoever their interest different subset to capture the tags data. Some tags are not only providing the memory of that tag data but also provide the other information of the data which help for filtering. Middleware application also provides the read the additional memory data and in some conditions allows writing. Some additional data can be used for different purpose such as expiry date to exchange the data where no network access for Information service team. IT management team performs to tackle the incidents, changes and configuration Page | 14
management of RFID Tracking solutions. In Current time many organization in retail are using the tags for the indemnification and tracking for their goods such as clothes, electronic device and groceries item. An RFID middleware should comply with the ISO Standards and consider all legal guidelines to supply the data collections and this requirement will also relate to the security, performance and scalability.
2.8. Radio Waves: As we know that radio waves are the electromagnetic spectrum waves which consist of photons in the form of wave. Radio activities such as radio wave frequency are the low frequency and have the high length of waves. Approximately length of waves is 3 Hz that mean the values of wavelengths are three per second which could be about 300 GHz. Although there many modules are under process of defining the clear boundaries of wavelength and their frequencies, the spectrum wavelengths range are equality from .001 meter to hundred thousand kilometers. These waves are the natural recourses, radio waves are the man made process which used by many users. That is considering as fact that the spectrum radio waves are pass through the atmosphere of the earth interception. There are three main frequency classified in RFID Tags. 1. Low frequency (LF) 2. High frequency (HF) 3. Ultra-high Frequency (UHF) Low radio frequencies has the between the 30 KHz to 300KJz. most of the world are using the low frequencies for their AM broadcasting. Some of wavelengths are range from 1 to 10 kilometers. The radius of two thousand Kilometer can cover by the ground waves with the antenna. These waves can be detected within the limit of three hundred kilo meter from antenna transmitting. These waves are obstacles with he range of the earth mountains and curve shapes of the earth it can refract the low frequency radio signals. Their strength is not reduced by the absorption as well as the high frequencies. there are several standard time and frequency stations are set such as 40 KHz to 60KHz Page | 15
for Japanese JJY and 60KHz for MSF in England for Germany DCF44 set 77.5KHz etc. if there is radio wave signals are below 50KHz are capable of penetrating ocean depths under 200 meters, As long as they long will be deep inside. Submarines under the deep water can used this length of waves for their communication. Ground wave emergency network (GWEN) is an organization by US which operate 150 KHz to 175KHz for their satellite communication during the year of 1999, this communication system could use for survive the communication even under the nuclear attack. The international standards organization (ISO) defined the structure, process and policy in (ISO 11784) and (ISO 11785). High frequencies (HF) are between 3 to 30 MHz, in entire virtual aviation used the spectrum of HF communications. Some of metallic tags are high temperature resistant tags which allow to robust the performance. High frequency (HF) tags are tested at 200 centigrade for at least 6 hours. Its also certified by the ISO 15693 and ISO 18000-3 standards. Some high frequency tags also allow 1 and 2D barcode printing facility and encodings. Most of tags been used for tracking books, air lines baggage processing and animal tracking etc. Radio frequency identification (RFID) has a significant change to serve a digital enhancement for working in goods environments. there are still some discussion going on that exact location of tag tracking system are still unknown and its not solved by the high frequency RFID because of their distance and angles detection values. RFID infrastructure is often design on low cost in order to interrogate with the minimum size of grids interaction. a large grid will allow to cover the largest area of nondirectional field. There are three steps of processing RFID tags which will measure the tag distance, first is analyze the signals strength data from the tag that distance will interact with the near field communication or antenna, third main step is the reader application which provide an interface to capture the signals data and process the filtering. The signal strength of data bit is assumed by 8 times with a 12 bit resolution. These are high frequency tags based on the voltage and its magnetic couplings. Ultra-high Frequency tags are the higher energy tags rather than HF Tags that could be work between the 860 MHz and 930MHz.there range are quite long as compare to HF frequency tags its between 3 to 6 meter of range tags can be read. UHF tags are frequently used for tracking assets such as pallet, dolly and cases. its used for satellite communication which allow user to encrypt the communication channels in process. Ultra high frequency designated by the US organization ITU which allow radio frequency range between 300MHz and 3 GHz of electromagnetic waves. Wave length could be 10 centimeter to 1 meter. the main benefit of Ultra high frequency transmission is their short physical wave length that could produce by the high frequency, size of radio wave are related to the same size of transmission and receiver. Ultra high frequencies are widely used for radio transmission and cordless phones. GSM and UMTS or 802.11WIFIi are also adopted the UHF frequency. Ultra high frequency spectrums are used by world wide mobile communication, defense industries and for public safety purpose. Below the chart shows the frequency range:
Page | 16
2.9. Barcode: As compare to RFID tracking system barcode are very popular and still capture the market because of low cost and simple printing. Many retailers are tracking their assets via this system. Barcodes are the paper base which can read every print individually, its required visibility of clear lining for reading to the reader. It cannot read the tags if there was any dirt and damaged of the barcode it would be hard for the scanner to read the tags lining. Every single tag has to read manually which cost high labor and consuming more time. There are also some difficulties of limited information available on codes and those codes cannot replace or modified it can only replace by the new barcodes. Those barcode comply with the ISO/IEC 15426-1 and ISO/IEC 15426-2. This standard are defines in detail about the verification of measuring the barcode. The international barcode quality of liner specified in ISO/IEC 15426-1 and their 2d properties is specified in ISO/IEC 15415. There is some more benefit of barcode such as: * Quickly identify the item and recorded automatically * Price Change of the item can reflect the both side sell price and cost price * In order to analyze the data from the previous data will help to predict the seasonal goods. * Ever single box has assigned the unique identification for shipping * This unique identification will provide the box information such as order number, quantity of box and destinations. * Distribution center goods are been tracked before sending to the retailers, once unique identification get scanned will acknowledge the store to know the source and cost.
Page | 17
Page | 18
Page | 19
We did discuss before about the traditional symmetric crypto system used a single key to share between the sender and the receiver, but asymmetric cryptography was introduced by the Deffie and Hellman and provides the different approach towards the cryptography techniques. In further we will discuss in detail about the sharing the two keys which can Page | 20
used for public and private key. For example alice can generate the public key and private key where public key will be given to anyone who want to communicate secretly with the alice. Alice kept secret her private key and she can decrypt the encrypted message with her private key and public key. Public key cryptography is not a replacement for the symmetric cryptography. Although there are many ways where we can use the symmetric cryptography such as sending bulk data where huge data communication required. There are many advantages if public key cryptography(asymmetric cryptography), its allow easier way to key distribution beside there is no need for trusted third party or key distribution centre to distribute the keys. There is some more key figure in asymmetric cryptography which provides proof of origin; because the secret key is the entity which is only knowns by single entity. It is provide the natural way of trust relationship between the sender and the recipients. We discussed good things in public key cryptography but there are some disadvantages as well, public key cryptography required the high computational burden and its not fast computational process as compare toe symmetric cryptography. Example of Key Distribution: As discussed in key distribution and certification paper about the key distribution. [20] Suppose also that Alice and Bob want to communicate using symmetric cryptography key. They never met and have not established a shared secret key in advance. How can they now agree on a secret key, because they cannot communicate with each other via the internet cloud? A solution often adopted in practice is to use a Trusted Key Distribution Centre (KDC). The KDC is a server that shares a separate secret symmetric key with each registered user. This button can be manually installed on the server when a user logs in the first place. The KDC knows the secret key of each user and each user can securely communicate with the KDC using this key. See how the knowledge of this key allows a user to obtain a secure key for communicating with other registered users. Suppose Alice and Bob are users of the KDC, but only about their individual touch, KA and KB-KDC KDC-, respectively, for secure communication with the KDC. Alice the first step and the product as shown in the figure. Using KA-KDC to encrypt communication with the KDC, Alice sends a message to the KDC to say (A) wants to communicate with Bob (B). We denote this message, K A-KDC (A, B). As part of this change, Alice must authenticate the KDC (see homework problems), for example, using an authentication protocol and KDC-shared key KA. The KDC, knowing KA-KDC decrypts KA-KDC (A, B). The KDC authenticates Alice. The KDC then generates a random number R1. This is the core value shared by Alice and Bob will be used for symmetric encryption to communicate with each other. This key is known as a session key once, as Alice and Bob use this key for this session only one that is currently in place. The KDC now need to tell Alice and Bob to the value of R1. The KDC sends it to Alice an encrypted message containing the following elements: R1, unique session key that Alice and Bob are used to communicate;
Page | 21
A pair of values of A and R1, encrypted by the KDC using the key of Bob, K B-KDC. We refer to this KB-KDC (A, R1). It is important not only KDC sends Alice the value of R1 for their own use, but also an encrypted version of R1 and the name of Alice encrypted using the key of Bob. Alice cannot decrypt this pair of values in the message (do not know the encryption key Bob), but it did not really need. We will soon see that Alice simply follow this encrypted value pair to Bob (who can read). These elements are placed in a message encrypted using the shared key of Alice. The message from the KDC to Alice is then KA-KDC (R1, KB-KDC (R1)). Alice receives the message from the KDC verifies the nonce, R1 extracted from the message and stores. Alice knows the session key once, R1. Alice also extracted KB-KDC (A, R1) and sends it to Bob. Bob decrypts the message received, KB-KDC (A, R1) using KB-KDC and extracts A and R1. Bob now knows the session key of an hour, R1, and the person with whom you share this button A. Of course, it is responsible for authenticating with Alice R1 before proceeding. [20]
Alice would like to general a public key and a private key. First step she will generates two large random prime numbers which can denote by p and q . Then she compute the composite figure of n=pq, Euler Phi function Q(n)= (p-1)(q-1) She can adopt a random number encryption exponent such as e. gcd(e,Q(n))=1 Now she can find the decryption exponent by the function ed=1 modQ(n) Now we know the public key can be {e,N} And private key can be {d,p,q} Another example of encryption with the RSA is below Bob wishes to send encrypted message M and sending it to the Alice. he will create Alice public key denoted by {e,n}, he will compute the cipher text with the following function, c=me modn Where Alice can decrypt the message with her own private key {d,p,q} with applying the function of m=cd modn It is required that the operations modulo n must required the smaller message rather than m.
3.3. Kerberos:
Kerberos is a protocol which provides the authentication in computer network and based on session ticket granting to allow each node for mutual communication and authentication. Client and server both use that model for mutual authentication; it does verify each other identity. Kerberos protocols are very effective against the eavesdropping and replay attacks on the network. Kerberos protocol build on symmetric key cryptography and required thirst party trusted plate form, its also can use for public key cryptography in certain phase of authentication. Kerberos was first developed by the MIT that use the symmetric key encryption techniques and KDC. The Kerberos authentication server (AS) plays the central node of key distribution centre. The AS is repository of not only the secure keys for all host but also has the limit the privileges of the each host what they can access and what kind of services should be available for them.
Page | 23
Alice in contact with the Kerberos AS, indicating that it wants to use Bob. All communications between Alice and. AS is encrypted using a secret key shared between Alice and the AS in Kerberos, Alice first gives his name and password for the local host. Alice as local host and then determine once secret session key to encrypt the communication between Alice and the AS authenticates AS. The Alice checks that have access privileges to Bob, and generates a symmetric session key only, R1, for communication between Alice and Bob. The authentication server (Kerberos in language, now known as the ticket-granting server) sends Alice the value of R1, and also a ticket for the services of Bob. The ticket contains the name of Alice, the unique session key, R1, and an expiration date, all encrypted with the secret key of Bob (Bob and known only by the AS). Alice ticket is valid until its expiration date, and will be rejected by Bob filed after that date. For Kerberos V4, the maximum lifetime of a ticket is approximately 21 hours. Alice sends the ticket to Bob. It also sends along a timestamp encrypted-R1 is used as a nonce. Bob decrypts the ticket with its secret key, obtains the session key, and decrypts the date and time using the session key just learned. Bob returns the timestamp value plus one (Kerberos V5) or simply seal (Kerberos V5). The latest version of Kerberos (V5) provides support for multiple authentication servers, the delegation of access rights and renewable inputs.
Page | 24
Page | 25
Page | 26
instruments are currently helps this technology to more efficiently the look after for animals feeding stations, health matters and water base for animals. The same RFID technology used to track the white lipped peccaries or pigs to track them in Amazon when they are heading for their meals. World Wildlife Fund (WWF) researchers recently adopt these radio frequency identification transponders to track those white lipped peccaries and those animal which weighting more than 100 pond. They try to read passive tags which been register in the reader , and those reader allocated in four different point to read the passive tags been attached to the animals it was successful when you have pre register data correspondence in different check point but its still need reader performance to read the passive tags in different position as we know that the passive tags are the only low cost and such a efficient work, but this cannot be reliable for long time and range could affect the performance of tracking the animals identification.WWF researchers also worked on the very high frequency and GPS system but its cost them to high and those tags seems to them very attractive and convenience in many situation during the progress of their research. Very high frequency tagging system for per animal cost them about 300$ as GPS also cost them about 3000$.this technology is attractive for the researcher to get the satellites information for GPS based tag location. Most of the tags place in animal ear because where it can survive more during the time they grown. In the year of May 11 2007 department of agriculture (USDA) in US published their progress report on RFID based projects for national animal identification system. they have more than sixteen project on RFID which employed many varieties of RFID system and functional methods for animal to track their locations. Those all tags used low frequency RFID tags, at start it was about to 60% of read rate for tags but in further progress enhance the more improvement. one of the person said that I did transfer my location and my address to chip registration on my dog, if my dog lost anywhere, someone may know how to track the owner of the dog because of its chip which is permanent form of unique identification this technology has very broad applications and function and I must say its not worthless this kind of investment make sense to look ahead in future prospectus. ISO 11784 and 11785 are international standards that Radio Frequency Identification (RFID) of animals that rule is usually done by implanting a chip in a little under the skin of the animal. Its required bit transmission by a transponder and interpreted by the receiver normally bit stream defined the code of identification and ensure the correct recipient. International standards organization ISO describe in detail about the structure of the unique identification code and ISO 11785 described the characteristics of the transmission protocol wise versa between transmitter and transponders. These standards are also updated in ISO 14223 for animal controls transponders.
strategy and policy formulation of logistics channel route management strategy in logistics implementation and modification in logistics analyzing logistics performance measuring
There is some more recourse which used to control the all logistic functions such as their inbound transport, outbound transport, and mode of transport. controlling the data information securely , warehouse management , what kind of material been us used , material management, planning for distribution where it goes to , whats there routes are, quality management , carrier management and customization these are the all sort of thing which look after for logistics supply. Each and every aspect need detail description but we are just highlights the things which need to be sorted before we go further in making the logistics supply to technical way of RFID. This is a real fact that RFID technology provides the visibility and tracking the goods with a great potential of efficiency and effectiveness in supply chain management. In logistic supply chain management RFID application successfully brings the vast favor such as inventory management rationalization, transportation optimization within the limit of organization network and provides effective and efficient monitoring of production life cycle etc. Behind every successful business there was main key is their efficiency in work, how they deliver, are they deliver on time, are there quantity are correct. There are many large organization has adopted the RFID technology such as wall mart in USA and Tesco in UK both big retail organization which structured there goods based on RFID monitoring technology. Its required for all companies to study their all parameters of RFID system before the adoption. RFID is a diverse collection of technical approaches for many applications in a wide range of industries. As the simplest, is the previous technology, bar codes, this technology has the potential to significantly alter how processes occur and how companies work. Each application of RFID must take in order to clear business benefits. We have seen in recent years the emergence of consumer applications, the RFID technology bring about a new technology into the mainstream, and as he gains understanding and credibility by clearly visible consumer applications that demonstrate its effectiveness in millions of people, their place in the supply chain automation grow. There are also a variety of applications around this technology available for an organization. You may find that you already have is the transport and the use of an RFID tag, or even its most previous level of barcodes at RFID to identify a wireless connection to objects or people. It is sometimes known as Dedicated Short Range Communication (DSRC). Once in the connection is established with a unique identifier for an item, and the automation of a variety of processes. An example is the sorting of packages along a conveyor system. The process of reading to the points in a distribution system speakers and their position on the path to their destination has to be identified. This information can now be known to a monitoring station. This is real-time information that can be shared with the sender, with freight, and wait with the customer on the air. The program will be automatically directed to the appropriate dock door, truck, conveyor belt, etc. The expedition can in transit in case of change of plans, all to be diverted without human intervention. This real-time decisionmaking power is in the hands of many business operations up and down the supply of this vital information easily accessible chain. Having Management provides rapid response to Page | 29
changes in demand, and it allows a company to provide better service for customers. The very popularity of the bar code in many areas of supply chain said its borders. Traditional bar codes can only be a small amount of information, usually around 20 characters and cannot be reprogrammed. RFID tags can have up to 8 Kbytes and can reprogram. Radio frequency identification in supply chain management need to be discuss in detail about each and every single entity but we are discussing main key features such as manufacturing, supply management , inventory control, asset management, tracing and tracking and work process. FID operation give provides the 100% inventory visibility, tracking goods, major reductions and shrinkage; calculate the losses, data management work process, enable tag to provide real time information in database, providing unique identification, sharing data with the partner in supply management network. at the manufacturing plant, they receive pallets at the dock door where they include the unique identification RFID tags. All received goods been checked in three areas either its go to inventory or production or return goods. If there is any return good will creates another identification of smart tags to return back to suppliers. All goods cases are read by the forklift reader which update the system about the product and product location where they will be stored in the warehouse, this system help forklift driver to find exact location to store the goods in warehouse. Goods which required further productions are linked to finish production line where all raw material been handling for finish goods, RFID smart tags are generating to identify the system data base that which contents need to be relocate. All components read by case unit level and updated goods in the system. When this goods move to the work progress line they read the system belt station and divert to its base work station. A smart label has to be attached in every unit of product. Some of products required inspection for quality checking so those project relocate to the quality control processing, this quality control provide the documentation which move through the supply chain. This is the time when all finish goods need to stored forklift reader system ready to read the system data information and store the goods to the exact locations. All inventories been stored in warehouse and in warehouse finished goods send to related distribution centre are collecting the pallets. As soon as pallets leave the warehouse dispatch door, reader will update the reading of the goods been loaded to the truck and shipping out. At distribution centre all pallets read by the base point of where the reader records the inventory description and filter the unordered deliver or any suspect item. Once Again the same procedure following where the forklift reader read the smart label and guide to place the exact location. At the distribution centre many suppliers are collecting their good and supplying it to the retail destination. All pallets been wrapped and protected and kept they stable. As we know that every smart label been placed on the pallet which encoded the shipping information. All outbound deliver been updated on the system those base reader at the receiving bay are update the system which goods are accepted or which one need to be send it back, which goods need to be one the shelf or which one need to be store in warehouse. Forklift base reader will encoded the tag information and keep guiding to the driver where to place the goods. Once the deliver been received shelf reading system will put alarm for filling or low quantity at shelf if its empty it will sorted automatically to alarm the user that shelf been empty and need to fill this deliver to fill the gaps. All tags been inactivated once the supply chain process completed and all pallet or dollies can be ready to reuse. [14]
Page | 30
the product such as expiry date, manufacturer date etc. this information can be seen be the user level via their handset or PDA's or FDA's. The normal atmosphere is now become very intense, because the FDA's has to impose the safety status to secure the drugs approving. As we know in current market drugs price are getting higher and higher after that if they get illigitment and fake drugs it would case them hyper and more anger on pharmaceutical companies beside increase the cost of drugs also reduce the growth of the generated revenue. There many things which need to be consider because we large population of healthcare organization who care for their patients, they have to be sure that the drugs which they are prescribed to patients is authentic.
Federal government and state are regular working on counterfeiting the drugs in USA they are getting solution which required recording and communication for drugs pedigree, mutual authenticity from one point to second point will provide tracking and recording each path of the channel. FID technology create it easy to making sure that all drugs are authentic, and it will create the mutual electronic pedigree to record each and every step when it is on point of supply docks through the retail point. This electronic pedigree system allows patient safety and their health cares to counterfeit the drugs identifications and quarantine them and make a electronic logs. Those suspect products filtering increase the efficiency of the system and try to recall the product in to the system. FID is live on case level but its dead on the unit level. It doesnt not mean that pharmaceutical companies will not considered complete loss of RFID because they are considering their price tag on the case level which is worth to them, Many of the manufacturer using the barcode to impose in per unit and not to use the RFID tags. 2d barcodes can also work on cases and pallets in supply chain management process. in USA a big retail organization wall mart are providing the strength counterfeiting of pharmaceutical products with Radio frequency identification (RFID) tagging system , RFID system provides the track and trace facility however there is issue of cost but this could be under control they are under process of reducing the cost. We can say that it would be the ideal for pharmaceutical organization to use of RFID tags for their packaging.
Page | 32
Page | 33
Figure 12[17] Bar Codes, RFID Technology, GPS Tracking, and Fixed Assets
Transportation and logistics a big place where the need of RFID is most important, shipping, freight and distribution center are using the RFID technology for tracing and tracking the records. FID tags will allow freight agent to identify the owner of the goods, its also allow freight forwarding agent to know the characteristics of the goods, its also allow them to see the bill of lading information , their original destination and where its final destination. Some RFID tags are been use for car and vehicle tracing if the car been stolen they can detect the location via the RFID tag information. Passport identity , the first e-passport used in Malaysia, those passport keep the information of the traveler their time of arrival , date departure and place of entry etc. than many other companies starting e-passport such as Norway, Japan, Pakistan, Spain, Serbia, USA,UK etc. Standard of RFID chip was set by the ISO/IEC 14443 documents. RFID chip caring many information in to the chip such as, date of birth, issue of passport, expiry date, issue date, place of issue, name , surname, sex of the person, this information is stored in MRZ data ling, which called machine readable zone. This is the small amount of data which can help to identify the person with the naked eye. RFID technology can use for the museums stuff, all historical assets can be tracked and trace via RFID technology, that will provide the end user information application to the museums. other good benefit of the RFID tags in museum that allow user to record the data on their own RFID card for example in museum of California user got their RF card at the check point when the go through all stuff in the museum they could record the information of the historical stuff and this information they can read it at home, it will save the time of reading and listening at the museum which is normally we can see in our museum where we have given head phone or somewhere pre recorded phone facility available where we have to stay and listen the information about the history. Page | 34
windows XP based computers. This software can integrated with the activewave reader which provides the access control, inventory management control, tag based on container or pallet tracking, every product tracking information throughout the manufacturers. Asset tracking, people tracking in hospitals, control on parking permits, car tracking etc. its also ensure users to customize the application integrated with the product information through the RFID tags. Users can also integrated with the application programming interface (API) and its physical layers protocols to interface the RFID readers. As their website mention that they are using the VLSI integrated circuit in their activewave RFID readers computing technology. This system will allow developing RFID readers control panel positioning and adjacent to other process. The core of the activewave system are built around the RFID readers, RFID tags, end user ,hosts and windows based application softwares. Between the reader and the host all communication through via secure wireless link. Activewave reader has a capability to read multiple tags at same time; it can read the tag between the distances of 100 to 140 feet. One single Activewave reader can cover up to 30,000 square feet for area. Activewave RFID integrated solutions provides the hand free operation, multi tagging functionality, high performance on security, unlimited virtual memory, quite easy for system integration, user friendly, reliability of active tag at lower power, wireless connection facility between the user and the host.
Page | 36
Page | 37
Chapter5: Vulnerable Attacks & Countermeasures 5. RFID Security, Attacks & Countermeasures:
Security in RFID is system is live in real operation because of RFID tags are easy to attack via the radio waves, and can be easy for third parties or middleware to read the tag contents without the acknowledgment of the authentic party. there are many other attack consist on RFID such as cloning tags, chip removing , collision with the tag standards these issue are very considerable at high point. Beside there are some issue been discussed on passport chips and smart cards. Some viruses and sql injection can cause the damage of the data information. There are number of inherent vulnerabilities which have serious implication on security potentials. There are some structure methods on RFID network which can develop the classification of RFID attacks. Those classification attacks define in figure given below.
5.1. RFID Virus Attack: viruses a text file contain source of codes which can normally infect on .exe, .com and Microsoft word files etc. viruses need user interaction to propagate for example virus can come in to system via the floppy disk, USB drive, flash drive or any email which caring the .exe extension file attachments can be virus, clicking to any web link which could payload the trigger of downloading for .exe files. The system will not get down unless user performs any task. Viruses contain files only effect on local machine, it cannot effect on other machine on the network unless user interface interact with the infected file executed to the other machine. Main aim of the virus is to infect the files, and those infected files can be copied to other machine via the user Page | 38
interaction. Virus is code which cannot run itself, its only run when host machine activate the infected file. 5.2. RFID Worm Virus: A RFID worm may cause interruption in complete network and it does provide help to give unauthorized access to the attacker. The worm can infect the RFID system application and it can give way to compromise with the RFID server and Middleware application. The worm is the application which can replicate itself over the network. There are no need for human interaction it will copy itself to the host machine via the server. Once the RFID tags infected it will also infect the other tags over the network and this process will kept working to next source of the tag. There continuously of the infection can cause the exploiting the security flaws in wide network. A worm application can distinguish with the virus and payload the trigger of the virus without human interaction. A worm can delete the files and to execute the update patches of the application software which allow other worms to install in the machine that will reduce the security of the system and allow system to buffer over flow. A worm can also offer to allow hackers to enter via backdoor without acknowledgment of the authorized person. A worm allows hacker to access to the server and get the information of the tag and modify or manipulate them. The size of RFID tag are to small in size which can contain the whole application of the worm but its only contain the pay load files which can access to the system viruses and allow other worm application to download itself via web browser. Those tags are containing the binary codes for downloading and executing the worm or the shell commands. Binary code and shell commands does the same role. Shell command using the low space as compare to binary code shell commands are portable. there are some database which allow user to attack via the SQL injection commands , this SQL command allow users to inject the codes in to the database server and its help them if the middleware program written on C or C++ language because of these language allow worm to buffer overflows the system and run out of the memory error. I haven't seen any buffer overflows where worm has been used but it is possible to execute the shell commands for creating the worm.
the attack to get the access to control the systems. Intruder access to the information between the two end users it can access via the IP packets or raw data from any network port. Sniffing the RFID packet can give access to the attacker to get the information and can modify the tag information within the communication channels. Its required more secure channel to countermeasure this problem.
Page | 41
6. Conclusion
RFID system is increasing widely in real life there for its security has been very critical, everyday facing the new challenges. it this research I just simply review the critical information of RFID technology, their more module need to be discuss in detail such as their protocol in security, their tagging information etc. there many other attack modes which can be considering and some more countermeasures need to be discussed. We try to combine the whole structure in simple way to give the good understanding of the RFID system. Threats can come to the business but good business man has to tackle the situation under their budget. There some point need to be research on that field. There is more detail in SQL injections need to be verify by the readers and its need more extra work in detail to cope this situation when its occurred. RFID system depends on the software tools which available in the market therefore we need to ensure that all software should occupy the capability to secure the information throughout the whole supply. The debate is keep going on the cost, as business relationship will start from that point, RFID prove that its efficient, cost effective and reliable for the business continuity and controlling the asset tracking. Their set or rules are described by the international standard organization (ISO), there are many active tags and passive tags module need to be discuss in detail about their frequency and tag data capacity in detail and the mode of binary codes to be store in the tags. RFID technology should be adopted by the organization as its worth of saving the business and the investments.
Page | 42
Bibliography
1. Figure [0] The History of RFID Technology by Mark Roberti at rfidjournal.com 2. Ref [2] http://dspace.mit.edu/bitstream/handle/1721.1/56570/15-912Spring2005/NR/rdonlyres/Sloan-School-of-Management/15-912Spring-2005/D8B41B98-2CC845A0-B59F-5B4FE2A10E54/0/rfidwhyisndustry.pdf 3. Ref [3] http://www.rfidjournal.com/article/articleprint/1338/-1/1 4. Ref [4] http://en.wikipedia.org/wiki/RFID
5. Figure [1] Scienceprog.com article 16 October 2007, how does RFID tag technology works. 6. Figure [2] IPaper knowledge centre report www2.ministries-online.org 7. Figure [3] http://image.made-in-china.com/4f0j00OBGaIeHzYVoD/RFID-Active-Tag-Nfc2432a-.jpg.
8. Semi-Passive RFID Response Tag Series 13005. gaorfid.com 9. Motorola's MC9090-G handheld RFID reader 10. Figure [6] http://rfid-lab.pl 11. Figure [7] taken from Sunday, January 16, 2011 blogspot.co.uk, Radio Wave 12. Figure [8] taken from Barcode Data link web description barcode scanner (barcodedatalink.com). 13. Figure [9] Source IDTechEx 14. Enhancing the supply chain by zebra supply chain 15. Figure [10] Source enhancing the supply chain by zebra. 16. Figure [11] Author: Dirk Rodgers (RFID is Dead, April 12th, 2010) rxtrace.com 17. Figure [12] Bar Codes, RFID Technology, GPS Tracking, and Fixed Assets Posted by Joe Lewis (b1fixedassets.com) 18. Figure 13 Classification of RFID Attacks taken form Aikaterini Mitrokotsa, Melanie R. Rieback and Andrew S. Tanenbaum Publication of Classification of RFID Attacks Department of Computer Science, Vrije Universiteit De Boelelaan 1081A, 1081 HV Amsterdam, The Netherlands 19. Figure [8.1] taken from Key distribution centre http://210.43.128.116/jsjwl/net/kurose/security/keydist.htm 20. Key distribution example by http://210.43.128.116/jsjwl/net/kurose/security/keydist.htm 21. Figure [8.2] Kerberos source from zeroshell.org
Page | 43
Internet Explorer 1. Open the Internet Explorer. 2. Click on the wrench icon and select OptionsUnder the Hood (tab) Click Content settings CookiesShow Cookies and other site data. FireFox 1. From the select Tools MenuOptions 2. Go to the Privacy tabShow Cookies 3. The process to look at the cookies in firefox Google Chrome 1. From the select Customize and control MenuOptions (like a wrench symbol) 2. Go to the Under the Hood tab Find Content settingsCookies 3. Click on Show cookies and other site data
Page | 44
Appendix B: Abbreviations
Radio Frequency Identification RFID
Radio Frequency
RF
GWEN
High Frequency
HF
VHF
Low Frequency
LF
SQL
AES
DES
ISO
IEC
WWF
EPC
UHF KDC
Page | 45