Austrian Researchers Find Security Options for RFID in Open IoT

The Graz University research group has built a prototype UHF RFID tag using an Internet Protocol Security layer to ensure that an RFID tag and its sensor data can be secure, no matter what RFID reader is used to interrogate it.
By Claire Swedberg
Aug 16, 2017

A research group at the Institute of Applied Information Processing and Communications (IAIK), at Graz University of Technology (TU Graz), has developed a prototype for an RFID-based system aimed at providing security of RFID data on an open Internet of Things (IoT) network. Researchers say the technology provides security as sensor- and RFID-based data is collected—potentially in large volume—using virtual private network (VPN)-based software. The UHF EPC RFID tags they developed, which the team dubbed PIONEER, use their own communication channel, the Internet Protocol security (IPSec) protocol, and can require authentication before responding to an RFID reader.

IPSec serves as a tool to secure communications over IP networks. The protocol suite generates a confidential and integrity-protected connection between the tag and the Internet via a VPN connection. According to the researchers, the study found that running an IPsec stack on an EPC Gen 2 tag is feasible and provides secure end-to-end connections between a tag and the Internet—even if a reader being used is not trustworthy—because a secure connection between the tag and the Internet has been created. The reader then simply acts as a router of IP packets to and from the tags.

Hannes Gross
Funded by The Austrian Science Fund (FWF), the Graz researchers are investigating the secure use of RFID in open environments. The security of RFID chips will be a growing concern, the researchers predict, as RFID proliferates along with IoT systems. They cite such examples as smart cars and toys that could be hacked.

Currently, RFID systems are typically closed—data is captured, and is then stored for, and accessed by, a limited number of parties for a specific purpose. A more open IoT-based environment, which the researchers predict will become an alternative, would involve tagging things and enabling RFID readers to serve only as a bridge between the tags and the Internet. This, they say, would then make the data potentially available to a larger, open environment.

This means some proactive development needs to be carried out, the researchers say, in order to ensure that the open environment allows security for the RFID data. "Connecting each and every object and device to the Internet without thinking enough about the security, privacy and safety implications is not a good idea," says Hannes Gross, TU University's researcher and doctoral candidate, "and there exist many bad examples where this went wrong."

Gross argues that existing security solutions would fall short in a large, open environment. Cryptographic processes require larger chips and, therefore, larger tags that could be more expensive, and the use of cryptography could slow down read times. The researchers' alternative prototype tag, known as PIONEER, uses the ISO/IEC 29167 standard protocol with IPsec, allowing the tag to transmit data in encrypted form.

"In this project," Gross says, "we looked at sensor-enabled RFID tags as potential participants in a secure and open IoT infrastructure." The researchers analyzed which security and privacy features were necessary, as well as how seamlessly they might be integrated into an existing Internet infrastructure. They also determined how the required security functionality would be distributed between readers and tags.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations