RFID-enabled Extensible Authentication Framework and Its ...

More documents

Recommendations

Info

port multiple readers, each of multiple states is maintained in the memory of tags until the authentication processes is finished. Be- cause the lack of memory, instances are stored in the memory circularly (e.g. round robin queuing). • Timer-driven authentication in the middleware. A middleware maintains each instance from each valid response on a timer- driven basis because multiple tags can respond to a request message. The terminated instances are discarded. • Pass-through behavior. RFID readers act as “pass-through agents” without authentication method layer functionalities so that they are compatible with multiple authentication methods. • Mutual authentication support. Authentication framework should support mutual authentication as well in order to prevent the ac- cesses from unauthorized readers. • Authentication method negotiation.To support multiple authentication methods, negotiation should be provided in the framework. • Logging supports. A middleware stores event logs such as authentication failures and ownership transfer so that it can detect attacks or manage the system effectively. 3.2 EAP and Its Limitation in RFID Sys- tems The RFID system architecture is very similar to the WLAN architecture. First, they are using RF signal to communicate between RFID tags and readers; and between access points (APs) and supplicants. 17
Moreover, readers and APs are the interfaces of the RFID applications and Internet services respectively. Mutual authentications in WLANs are performed between an authentication server (e.g. RADIUS server) and supplicants not between APs and supplicants because of rogue AP problems. In the same manner, authentications can be done between a middleware and tags, and readers act as “pass-through agents” so that RFID readers do not need to concern credentials used in authentication methods and policy decision. This similarity makes us think Extensible Authentication Protocol (EAP) [17] to be probably adoptable to RFID systems. EAP is usually used in wireless LANs but not limited to wireless LANs. It is, in fact, a universal authentication framework which can be used any network environment. It supports multiple authentication methods including vendor-specific methods. There are more than 40 authentication methods defined in RFCs. Each method takes different approaches to authenticate EAP peer only or both EAP peer and authenticator in mutual. EAP-MD5, LEAP, EAP-TLS, EAP-TTLS, PEAP are widely used in WLANs and they have different performances and security features using various cryptographic primitives. Through the EAP negotiation, a peer and an authenticator can choose an authentication method they want. From this point of view, Dantu et al. [25] examined and evaluated existing EAP methods for RFID systems. However, they overlooked the main difference between WLANs and RFID systems. In WLAN, EAP methods are used in the IEEE 802.1X phase not only for authentication but also for generation of key materials. Using a key derived from IEEE 802.11i 4-way handshake, data can be encrypted. Unlike continuous data exchange in WLANs, passive RFID tags respond only when a reader requests in the authentication process. That means RFID systems do not need a key or key material for further continuous data 18
Page 1 and 2: A Thesis for the Degree of Master R
Page 3 and 4: RFID-enabled Extensible Authenticat
Page 5 and 6: M.S. 20042055 Abstract Sungbae Ji R
Page 7 and 8: Contents Abstract i Contents iii Li
Page 9 and 10: List of Figures 3.1 REAF Message Pa
Page 11 and 12: DB Database List of Abbreviations E
Page 13 and 14: EK(str) Block cipher encryption of
Page 15 and 16: 1.1 Motivation and Objectives (1) A
Page 17 and 18: encryptions at the tag side which m
Page 19 and 20: II. Preliminaries 2.1 Security and
Page 21 and 22: Table 2.1: RFID Applications Applic
Page 23 and 24: GEs, 8,400 GEs, and 7,300 GEs respe
Page 25 and 26: tags against cloning. The EnhancedT
Page 27 and 28: the inventory response is contradic
Page 29: An RFID reader relays messages betw
Page 33 and 34: 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
Page 35 and 36: authentication is done successfully
Page 37 and 38: packets between the tag and the mid
Page 39 and 40: IV. REAF Methods and Applications I
Page 41 and 42: Table 4.1: Comparison with other Ha
Page 43 and 44: On receiving BC-OA1-Response, M dec
Page 45 and 46: Table 4.2: Security Properties of R
Page 47 and 48: 4.3 Applications In this section, w
Page 49 and 50: V. Conclusion In this thesis, we pr
Page 51 and 52: RFID 시스템을 위한 확장가
Page 53 and 54: References 1. EPCglobal Inc, EPC Ra
Page 55 and 56: quency Identification Systems, Secu
Page 57 and 58: Acknowledgement This thesis is the
Page 59 and 60: Name : Sungbae Ji Date of Birth : O
Page 61 and 62: Publications (1) 2007.02 지성배,

RFID-enabled Extensible Authentication Framework and Its ...

Create successful ePaper yourself

Delete template?

Save as template?