RFID application system security and ISO/IEC security standards

As we all know, RFID technology is mainly a technology that quickly identifies and Stores information through radio waves without contact, combines wireless communication with data access technology, and then connects to the database system to achieve non-contact two-way communication, thereby achieving the purpose of identification. For data exchange, an extremely complex system is connected in series. In the RFID system, the reading, writing and communication of RFID electronic tags are realized through electromagnetic waves. According to the communication distance, it can be divided into near-field and far-field. For this reason, the data exchange mode between RFID read/write equipment and RFID tags is also divided into load modulation and backscatter modulation.

Let's understand the security of RFID application system through the following aspects.

RFID systems are mainly divided into the following categories:

Security requirements for RFID systems:

RFID security assumptions:

Working frequency: UHF long-distance tags are more susceptible to interference from wireless signals;

Label cost: the number of gates used for security modules should not exceed 5k gates;

The size of data transmission: each tag can transmit 500bit, and the reading time does not exceed 1s;

Resistance to data tampering: under physical attack, the data inside the tag will be leaked;

Communication: The communication between the RFID Reader and the RFID tag is not safe, and the channel between the RFID reader and the database is safe;

Write limit: You can limit the number of write devices to the tag memory.

RFID Privacy Protection Agreement:

RFID privacy protection measures:

Security Threats of Distance Limiting Protocol:

1. Distance spoofing: For some malicious tags, outside the distance limited by the RFID reader, deceive the RFID read-write device to make it think that it is within the legal range;

2. Counterfeit attack: Disguise an RFID tag and deceive the RFID reader into thinking it is a legitimate tag in the RFID system;

3. Man-in-the-middle attack: Communicate with the RFID tag and the RFID reader at the same time, collect the messages sent by the RFID tag, and use these messages to deceive the RFID reader, making the RFID reader think that the other party is a legitimate tag, and the distance is limited In the range.

The ISO/IEC safety standard system mainly consists of the following aspects:

1. ISO/IEC 18000

Clarified the positioning and guiding principles of the RFID air interface protocol;

Provides a unified reference and standardized parameters;

Specific air interface parameters are specified for different frequency bands;

A variety of working modes are provided under the same frequency band to meet the requirements of different data transmission rates and recognition rates in different applications.

2. ISO/IEC 18000-1 Air Interface Protocol

lSO/IEC 18000-1 air interface protocol specifies the signal waveform, command and response formats for communication between RFID readers and tags. As long as different devices meet the requirements of the same standard, they can carry out normal information exchange.

The protocol framework of the ISO/IEC security protocol:

Principles for the use of ISO/IEC safety standards:

1. ISO/IEC 18000 needs to meet the requirements of wireless spectrum policies of various countries and regions. At the same time, it is necessary to provide a unified application framework for different fields, allowing different users to make trade-offs according to performance requirements, so as to meet the application requirements of different fields.

2. The air interface allows different working modes, but the applicable occasions of various modes are required to be given in the standard, especially for some special working modes, which need to be clearly pointed out in the standard.

3. The transparency of intellectual property rights is emphasized. ISO/IEC is not responsible for negotiation on patent issues contained in the air interface, and users are required to abide by relevant statements.

RFID Air Interface Threats:

ISO IEC 18000-6 Type-C:

ISO/IEC 18000-6 security mechanism:

The air interface communication protocol specification is the information exchange between RFID readers and RFID electronic tags, which is to realize the interconnection and interoperability between the production equipment of different manufacturers. In the application of UHF RFID, the air interface protocol is the basis for solving the interface standard problems of each layer.

The air interface protocol ISO 18000-6 of UHF RFID technology is basically a specification that integrates the product specifications of some existing RFID manufacturers and the label architecture requirements proposed by EAV-UCC. The air interface protocol includes the physical layer and the media Access Control (MAC) layer. The physical layer includes data frame structure definition, adjustment/demodulation, encoding/decoding, link timing, etc., with no restrictions on data content and data structure. The current UHF RFID air interface protocols are mainly ISO 18000-6B protocol and EPC C1GEN2 protocol (EPC C1GEN2 protocol, now ISO 18000-6C protocol). Generally speaking, the definition of ISO 18000-6C protocol is more complete, and the existing products basically follow this protocol.