Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Cryptography Scheme and Secure Protocol for Safety Secure Scheme Construction in 13.56Mhz RFID

13.56Mhz RFID 환경에서 안전한 보안 스킴 구축을 위한 암호 스킴 및 보안 프로토콜 연구

  • Kang, Jung-Ho (Department of Computer Science, Soongsil University) ;
  • Kim, Hyung-Joo (Department of Computer Science, Soongsil University) ;
  • Lee, Jae-Sik (Department of Computer Science, Soongsil University) ;
  • Park, Jae-Pyo (Graduate School of Information Science, Soongsil University) ;
  • Jun, Moon-Seog (Department of Computer Science, Soongsil University)
  • Received : 2013.02.13
  • Accepted : 2013.03.07
  • Published : 2013.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

What is RFID Microchip tag attached to an object, the reader recognizes technology collectively, through communication with the server to authenticate the object. A variety of RFID tags, 13.56Mhz bandwidth RFID card, ISO/IEC 14443 standards based on NXP's Mifare tag occupies 72.5% of the world market. Of the Mifare tags, low cost tag Mifare Classic tag provided in accordance with the limited hardware-based security operations, protocol leaked by a variety of attacks and key recovery vulnerability exists. Therefore, in this paper, Cryptography Scheme and Secure Protocol for Safety Secure Scheme Construction in 13.56Mhz RFID have been designed. The proposed security scheme that KS generated by various fixed values and non-fixed value, S-Box operated, values crossed between LFSR and S-Box is fully satisfied spoofing, replay attacks, such as vulnerability of existing security and general RFID secure requirement. Also, It is designed by considering the limited hardware computational capabilities and existing security schemes, so it could be suit to Mifare Classic now.

RFID란 개체에 Micro Chip이 내장된 태그를 부착하여 리더를 통해 개체를 인식한 후 서버와의 통신을 통해 개체를 인증하는 기술을 총칭한다. 다양한 RFID 태그 중, ISO/IEC 14443 표준 기반의 NXP사의 Mifare 태그는 13.56Mhz 대역의 RFID 카드로, 전 세계 시장의 72.5%를 점유하고 있다. Mifare 태그 중, 저가 태그인 Mifare Classic 태그는 제한적인 하드웨어 연산을 기반으로 보안이 제공됨에 따라, 다양한 공격에 의해 프로토콜 노출 및 키 복구 취약점이 발생하였다. 이에 본 논문에서는 13.56Mhz RFID 환경에서 안전한 보안 스킴 구축을 위한 암호 스킴 및 보안 프로토콜을 설계하였다. 제안하는 보안 스킴은 KS 생성 시 다양한 고정값과 비고정값을 사용하고, S-Box 연산을 수행하며, LFSR 연산과 S-Box 연산에 사용되는 값을 교차시켜, 기존 보안 스킴의 취약점과 스푸핑, 재생 공격과 같은 일반적인 RFID 보안 요구사항을 만족한다. 또한, 제한된 하드웨어 연산 능력과 기존 보안 스킴의 연장선상에서 설계되어, 현재 사용되는 Mifare Classic에 바로 적용 가능하다.

Keywords

References

  1. ISO/IEC 14443-1:2008, Identification cards - Contactless integrated circuit cards - Proximity cards - Part 1: Physical characteristics
  2. ISO/IEC 14443-2:2010, Identification cards - Contactless integrated circuit cards - Proximity cards - Part 2: Radio frequency power and signal interface
  3. ISO/IEC 14443-3:2011, Identification cards - Contactless integrated circuit cards - Proximity cards - Part 3: Initialization and anticollision
  4. ISO/IEC 14443-4:2008, Identification cards - Contactless integrated circuit cards - Proximity cards - Part 4: Transmission protocol
  5. NXP, "NXP takes lead on security for contactless smart cards", November, 2011.
  6. de Koning Gans, G., Hoepman, J.-H., Garcia, F.D. "A practical attack on the MIFARE Classic", Proceedings of the 8th Smart Card Research and Advanced Application Workshop (CARDIS 2008). LNCS, vol. 5189, pp.267-282. Springer, Heidelberg, 2008. DOI: http://dx.doi.org/10.1007/978-3-540-85893-5_20
  7. Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, and Bart Jacobs, "Dismantling Mifare Classic", ESORICS 2008, LNCS 5283, pp. 97-.114, 2008. DOI: http://dx.doi.org/10.1007/978-3-540-88313-5_7
  8. Flavio D. Garcia Peter van Rossum Roel Verdult Ronny Wichers Schreur, "Wirelessly Pickpocketing a Mifare Classic Card", 30th IEEE Symposium on Security and Privacy, 2009.
  9. Russell Ryan, Zack Anderson, Alessandro Chiesa, "Anatomy of a Subway Hack", Defcon, 2008.
  10. MBC,http://imnews.imbc.com/replay/nwdesk/article/ 2587138_5780.html
  11. Il-Ho Park, "Design of Mutual Authentication Protocol using Key Exchange in RFID System", KAIS's Spring Conference, 2010.
  12. Woo Sik Bae, Jong Yun Lee, "Random Number-based Security Authentication Protocol for RFID System", KAIS's Spring Conference, 2010.
  13. NXP, "MF1ICS70 Functional specification", Rev. 4.3 . 14, December, 2009.
  14. S. Piramuthu, "On existence proofs for multiple RFID Tags", IEEE Computer Society Press. In IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU 2006, pp. 317-320, June 2006. DOI: http://dx.doi.org/10.1109/PERSER.2006.1652252
  15. Yungjoo Hwang, Soomi Lee, Donghun Lee, Jongin Lim, "Authentication Protocols for Low-Cost RFID in Ubiquitous Environment", CISC'S04, pp. 120-122, Jun. 2004.
  16. Hung-Yu Chien, Che-Hao Chen, "Mutual authentication protocol for RFID conforming to EPC class-1 generation-2 standards", Computer Standards & Interfaces, vol. 29, Elsevier Science Publishers, pp. 254 -259, Feb. 2007. DOI: http://dx.doi.org/10.1016/j.csi.2006.04.004