INTRODUCTION

RFID systems, owning to their low cost and their convenience in identifying an object without physical contact, have been found in many applications such as manufacturing and supply chain management. An RFID system consists of three parts: tags, the reader and the back-end database. Tags are composed of a microchip for memory and logical operations and an antenna coil for receiving and transmitting wireless signals. The reader interrogates tags for their contents through RF antenna and interface to back-end databases for more functions. The back-end database associates records with tag data collected by the reader (Sarma et al., 2003).

RFID technology and products come into the commercial application stage during 1980-2000. The standardization of RFID technology tend to get attention, RFID products has been wide spreadly adopted and has become a part of people's lives. Zhang et al. (2011) proposed the design and implementation of a dynamic RFID data driven supply chain management which showed the importance and the usefulness of such an artifact for businesses seeking to optimize the performance of their supply chains. The RFID technology is effectively used in Smart Parking System (Idris et al., 2009) to help the users to locate their vehicle even if they use other exits. The integration of RFID (Lo et al., 2009) with intelligent agents in billing systems improves the process, reduces the management cost and provides more flexible stable systems. RFID based clinical decision support system (Al-Safadi and Al-Sulaiman, 2011) was introduced and the health care providers had a chance to track fast and accurate patient, staff and medical records in real time. Zahrani (2010) conducted an investigation regarding the optimization of effectiveness and efficiency in Ubiquitous learning environments through the integration of RFID and wireless technologies (2010) in a sole service network.

Mobile RFID service is defined as a special type of mobile service using RFID tag packing objects and RFID readers attached to mobile RFID terminals. The mobile RFID system is applied in various fields such as retail, bank and supply chain because it has advantages of a RFID system and a mobile device (Zhu et al., 2005). In such applications, RFID readers are installed in intelligent terminals such as PDA or mobile phone and other mobile devices. RFID readers can be mobile while RFID tags are relatively static. In mobile systems, the mobile device plays the role as a reader of the RFID systems. It transmits a query to a tag and identifies the received information from the tag and forwards to the database. The database is given the largest trust in the current mobile environment because it stores all related information with the tags. The information exchange between the mobile readers and the database is responsible for maintaining detailed information of users.

The RFID system causes security and privacy problems such as impersonation, traceability and reply attack because it uses wireless communication with RF signals. For this reason, the mobile RFID system has these problems which are similar to the RFID system and they are more serious than the RFID system because anyone has the mobile device as a reader and obtains information of tagged objects (Konidala and Kim, 2006). Traditionally, it is believed that the communication channel between the reader and the database is safe. However, in the mobile RFID system, the communication between the reader and the database is using wireless channel, thus, the communication channel between the reader and the database is not assumed to be safe (Wu et al., 2009).

Tsudik (2006) proposed a scheme called YA-TRAP (Yet Another Trivial RFID Authentication Protocol). In YA-TRAP, tag T_i shared a unique key k_i with the reader. T_i also stored a timestamp t_i that records the last time at which it was interrogated. Collins (2004) proposed that the tags can be saved either by destroying them or just by partially disabling them. The approach named “Minimalist cryptography” was introduced by Juels (2005) which was also a kind of renaming approach in which tags can change their identity on their own. Juels and Pappu (2003) proposed an approach, re-encryption in which some cryptographic techniques were applied to generate the cipher text but this method was not generalized. Ateniese et al. (2005) made some changes in the re-encryption approach, generalized and named it as Universal re-encryption.

Among existing Two-Factor Authentication mechanisms (Bindu et al., 2008; Chang and Lee, 2008; Hsiang and Shih, 2009; Shieh and Horng, 2008; Wang et al., 2009), mostly used active smart card as authentication tool which consists of hash function, exclusive or random number and timestamp. These methods met the demands of security but they all adopt active smart card of higher cost and secure channel assumption which was a condition unnecessarily, provided in actual environment.

Wang et al. (2010) proposed a low-cost RFID mutual authentication protocol based on the method of HMAC under the assumption that the Hash function was secure, the property that the new protocol can achieve mutual authentication between reader and tag. Lei et al. (2010) proposed a one-way Hash based low-cost authentication protocol with forward security and analyzed its efficiency but the computation load was not taken into consideration. Yeh and Lo (2010) developed a robust EPC GEN-2 conformed protocol, called TRAP-3, to pursue stronger anonymity property and security feature. Unfortunately, TRAP-3 still suffered from the de-synchronization attacks. Lei et al. (2009) proposed an improved lightweight authentication protocol using substring functions and analyzed its property. The previous protocols (Wong et al., 2006; Tuyls and Batina, 2006) for RFID security were scalable but traceable. Randomized hash lock scheme (Weis et al., 2003) was untraceable but unscalable.

There is scant published research on the feasible rogue-scanning and eavesdropping ranges for mobile RFID (Juels, 2006). Such research would benefit both mobile RFID security analyses and public policy formulation. The importance of mobile RFID privacy in restricted environment such as military operations reinforces an oft-neglected point: Privacy is not just a consumer concern. The enhanced supply-chain visibility that makes mobile RFID so attractive to industry can also, in another guise, betray competitive intelligence. Enemy forces monitoring or harvesting mobile RFID communications in a military supply chain could learn about troop movements. In civilian applications, similar risks apply. For example, many retailers see item-level RFID tagging as a means to monitor stock levels on retail shelves and avoid out-of-stock products. Individually tagged objects could also make it easier for competitors to learn about stock turnover rates; corporate spies could walk through shops surreptitiously scanning items (Melski et al., 2007).

Wang and Chin (2009) modified some of the vulnerabilities. To prevent replay attacks, the tag generated a random nonce as soon as it receives the query from the Reader. In Dimitriou’s protocol (Dimitriou, 2008) the new owner updated the secret key in a private environment (e.g., home) where adversaries are assumed to be absent. This assumption is questionable because there is no need to encrypt any of the messages between tag and reader in such ‘private’ environments. The protocol proposed by Chen et al. (2008) had some fundamental vulnerabilities such as transmission of the tag’s ID, EPC, the serial number of the product and the brand signature in clear text from tag to reader.

Although, mobile RFIDs provide relevant opportunities, they involved considerable information security threats (Juels, 2006), such as cloning of original tags and privacy violation. A critical threat is represented by data tampering which consists in the malicious changing of data recorded in the tag memory. The tampering has many dangerous effects, such as incoherence in the information system, exposure to opponent attacks and mistakes in the production flow. Several solutions to various security issues in mobile (Zhong and Yang, 2006) and pervasive technologies have been provided but problems as tampering in RFID still represent a critical threat for data security. Potdar and Chang (2006) introduced fragile watermark in RFID tags to prevent tampering but the scheme was insecure and it cannot discriminate which part of RFID tags was tampered.

Yamamoto et al. (2008) proposed a tamper detection solution which was based on a technique known as a digitally signed journal (Suzuki and Harrison, 2006); this proposal was promising but it required modification in the existing EPC-C1G2 tags. Madan et al. (2006) proposed watermarking based tamper detection solutions for RFID tags where the Serial Number field was used as the cover medium to detect any modification occurring either in the EPC Manager (EM) or in the Object Class (OC) but not for both at the same time.

To deal with the tampering problems in mobile RFID environment, the use of cryptographic protocols is required. However, designing cryptographic protocols for RFID tags is challenging as an RFID tag is a low-cost device with limited computational power (Garfinkel and Rosenberg, 2005). It is infeasible to implement public key cryptographic primitives and block ciphers. As a result, a new approach to design cryptographic protocols for RFID tags which employ an only lightweight primitive is required. The most popular lightweight primitive used in designing cryptographic protocols for Mobile RFID is hash function. Therefore, this study aims at filling the gap in mobile RFID security study, analyzing the characteristics of data tampering in RFID-based information systems and surveying the state-of-the-art of RFID tampering protection, in order to provide readers with an exhaustive overview on risks and on proposed defenses against tampering. This study is specially focused on tampering with data in tag memories, since this threat represents a critical open issue. Furthermore, the most recent and effective general purpose security approaches for RFID tags are analyzed, evaluating their ability to effectively protect against tampering.

SECURITY REQUIREMENTS OF RFID

The RFID system consists of the tag, reader and database. User information or item information is sent to the database after the tag receives power from the reader. The database compares the tag information and stored information and sends authorization data to the tag after authorization. For this procedure to be processed properly, fabrication of data transfer must be prevented. However, the communication channel between the tag and reader is wireless, thus exposed to third parties. Therefore, this chapter deals with security requirements of RFID systems.

Authentication: All components of the system should go through an authentication process. The RFID is comprised of a tag, reader and database. Each part should provide authentication to each other. The tag should send secret values which have been previously agreed upon, to each component to become authorized.

Anonymity: Even if data is acquired from a tag, it should not be trackable to a tag. If identification values are set, anonymity cannot be guaranteed.

Confidentiality: Values used in security protocol should not be exposed and only authorized users may share them. All components should share a secret value to authenticate each other.

TAMPER ATTACKS IN RFID NETWORK

The greatest threat for RFID Information System is represented by data tampering. The most well-known data tampering attacks control data and the main defense against it is the control flow monitoring for reaching tamper-evidence. However, tampering with other kinds of data such as user identity data, configuration data, user input data and decision-making data, is also dangerous (Chen et al., 2005).

Some solutions were proposed, such as a tamper-evident compiler and micro architecture collaboration framework to detect memory tampering (Zhang et al., 2006). A further threat is the tampering with application data, involving mistakes in the production flow, denial of service, incoherence in the information system and exposure to opponent attacks. This kind of attack is especially dangerous for RFID systems, since one of the main RFID applications is the automatic identification for database real-time updating.

Tamper attacks may occur anywhere in the EPC network which include tags, readers, middleware, EPCIS (Electronic Product Code Information Services) repository, EPCIS accessing application, local ONS (object name service) and enterprise application database. The possible tamper attacks on RFID system can be classified into four categories based on the locations where they may be attacked:

RFID tag tampers: Tampering attacks on RFID tags can be divided into three types:

RFID stream tamper: In RFID applications, data are treated as a continuing stream instead of static datasets, delivered over a wireless network. Since streaming data are usually transmitted over unreliable networks, malicious parties can easily inject offensive data into the stream. Van Le et al. (2007) revealed a replay attack during RFID communications which the attacker uses a tag’s response to a rogue reader’s challenge to impersonate the tag to destroy stream integrity. In such applications, RFIDs can be more vulnerable than other mechanisms, due to their ability to be read at a distance by covert readers.

Electronic pedigree tamper: Some regulatory agencies have implemented provisions requiring pedigree for products in an attempt to ensure only authentic products are distributed through the supply chain (Guo et al., 2007). Clearly an item's electronic pedigree plays a vital role through counterfeit and gray market detection, shrinkage avoidance and accurate and autonomous unit level inventory management but if this electronic pedigree was accessed unauthorized, illegally modified, or fabricated, most of the aforementioned advantages may be lost.

Object naming service data tamper: ONS (Object Naming Service) can be considered as a DNS (Domain Name System) server; therefore, the security threats related to DNS server are also applicable to ONS (EPCglobal, 2007). Threats in this category include file corruption, unauthorized updates, ONS cache poisoning, IP address spoofing and data interception.

PROPOSED METHOD

The purpose of proposed protocol is that the information communicated between tag and reader is secure.

Table 1:	Notations of proposed protocol

Also, this protocol use lightweight operation for efficiency of reader and tag to provide security against tampering attacks.

The proposed method can be used in a mobile environment. In the mobile environment, the reader and database can be applied in a wireless environment and can therefore be perceived as insecure channels. The proposed method is based on the insecure communication channel between the tag and the reader. This method provides mutual authentication between the tag and database and therefore provides anonymity to the tag user.

The notations used in the proposed method are summarized in Table 1.

Mobile RFID reader has to register and authenticate itself to the server. The server authenticates the reader and sends an ID_R and R to the reader. The proposed method is illustrated in Fig. 1.

The details of the proposed method are described in following steps.

The server encrypts the identity information of the tag ID_T using the key R known between the server and reader. It forwards the encrypted information to the reader.

Fig. 1:	Proposed Method

IMPLEMENTATION

In this section, focus is on the security module implementation cost for the RFID tag because the passive RFID tag is hardware constrained device. The implementation of the complex encryption schemes such as public key encryption or the symmetric key encryption is currently very rough task in that type of devices. Although, the complex encryption scheme equipped tag could be implemented, the tag would cost more. Therefore, the implementation cost should be considered very carefully before implementing the security module into the Active or Passive tag.

Excluding the basic need for RFID tag fabrication such as antenna, IC and memory area, only 1,000 ~ 3,500 gates can be assigned for security module implementation. To verify whether the proposed scheme can be implemented practically, experiment is made on the total number of gates for the proposed scheme. It has been designed in such a way that the data and pseudonym may be implemented in parallel.

Fig. 2:	Complete Setup

Therefore, 128 XOR modules are needed and the register which stores the 128 bit-length temporal data for implementation of the nonce or the ID of tag is also needed. However, these basic needs can be reduced by reducing the bit-length of data which the implementation module takes for input.

For example, if the implementation module takes 64 bit-length data as the input then the number of XOR module for the data padding and register size for the temporal input/output data storage can be reduced almost by half. In the proposed work, this module can be implemented within 5,208 gates if it is assumed that the implementation module is designed to take 32 bit-length data as input data. The total gates of the work are even smaller than those of the AES module or MD-4. Through experiment, especially in security and performance viewpoint, it is found that the work has the advantage of composition of hash and exclusive-or than just applying the hash function or the exclusive-or.

The proposed method is implemented and tested on a RFID reader prototype model. Wireless mode of communication is used in between the RFID reader and mobile phone to make it act as a Mobile RFID reader. The objective of the experiment is to validate various aspects introduced in the proposed method and display the results.

The complete setup used for testing the proposed system is shown in Fig. 2. The Mobile RFID reader has to first register to obtain a username (ID_R) and password (R). The login screen of the reader is shown in Fig. 3.

Fig. 3:	Mobile Reader login

Fig. 4:	Mobile Reader querying the tags

The reader forwards a query and gets a response from the tag and it is displayed in Fig. 4. The complete details about the tag will be obtained by the reader after the authentication process and the result of it is shown in Fig. 5.

To test the effectiveness and security of the proposed system, testing is conducted from various aspects.

Fig. 5:	Server returns details to Mobile Reader

On hardware, a reader is selected and on software, programs are designed to conduct testing from various aspects such as accessing, decryption, modifying tag data, damaging and copying tag.

Testing result could be concluded as following:

ANALYSIS AND COMPARISONS

Analysis and comparison in functionalities: To analyze the functionalities in the proposed mechanism, the symbols are defined in Table 2. In some related works (Bindu et al., 2008; Chang and Lee, 2008; Hsiang and Shih, 2009; Shieh and Horng, 2008; Wang et al., 2009), the user identification is applied with active RFID tags and the low-cost requirement (C2) is unable to accomplish. The detailed comparisons in functionalities are shown in Table 3.

Efficiency analysis: Besides security, care is also taken about how efficient a RFID system operates.

Table 2:	Notations for the analysis and comparisons

Table 3:	The functionalities of schemes compared

The efficiency of a RFID system is measured by computation load on a tag, communication load and computation load on the back-end server.

CONCLUSION

A more comprehensive approach to address data tampering problem in mobile RFID environment is proposed in the hope to inspire more research in this field. It is very imperative to protect unauthorized access to the tag in order to prevent the violation of privacy and confidential information stored in it. Moreover, the proposed method is a mutual authentication system that will be able to protect unauthorized or malicious readers from accessing the information stored in the RFID tags. In conclusion, the mutual agreement protocol can offer data security enhancement and privacy protection capability at reader side under an insecure and wireless mobile RFID system.