Secure Authentication Using ISO 15693 RFID Tags
The authentication process with ISO 15693 tags involves generating a signature using a hash of the tag UID and a private key. This signature, programmed during manufacturing, must match with the one generated by the reader for successful authentication. Advantages include enhanced security with private key authentication, memory savings, fast authentication times, and difficulty in counterfeiting due to small tag form factor. However, vulnerabilities exist concerning unencrypted data transmission over the air and potential exposure of information stored on tags.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Using ISO 15693 tags for Authentication Eddie LaCost Embedded RF
Authenticated RFID Model Signature is generated using hash of tag UID and private key. This signature is programmed and locked to the tag during manufacturing. Reader must also know private key. To authenticate tag, reader will first read the UID and all memory blocks of the tag. Reader will hash the UID with the secret key to generate the signature and compare to the signature of the tag. HASH Suggestion: SHA1 (160bit) Time for Authentication (28.8 ms) MSP430 UID HASH TAG Secret Key Signature Reader UID HASH Tag Signature Secret Key Signature If equal Authenticate
Authentication Time UID Inventory = 6mS, Read Single Block x5=22.8mS. Total time of 28.8mS Perform SHA1 Hash in Reader as soon as UID from Tag is read. It would run in parallel to reading out Hash from Tag. Estimated time for HASH operation in reader @ 1ms
Advantages Security: proposed scheme offers a certain level of security using Private Key Authentication compared to simple UID verification Memory Saving: With Hash function technique, the Reader needs to know the Private Key only and there is no need to store UID of every Tag in the reader Authentication time in ms very fast and suitable for application Small form factor of tags may make counterfeit tags difficult Extra road block to counterfeiting available using custom commands (next slide)
Road blocks to Counterfeiting Tag-it HF-I Pro offers write block with password command. Password is 32 bits long. Tag must be programmed & locked with password and Reader must also know password Using Inventory with AFI . If correct AFI(application family identifier) is not written to the tag, it will not respond to the readers inventory command. This is an 8 bit block. Can be locked. Using DSFID(data storage field ID) block. DSFID is not a part of the main user memory blocks. Using this memory to write some extra data could deter cloning as this field may not always be checked. This is an 8 bit block.
Vulnerabilities Data is not encrypted over the air - deemed low risk of exposure. Unless used UID are checked against a database for duplicates & follow up revocation, counterfeited tags could still be validated. Public key would not provide higher level of security for anti-counterfeiting. Vulnerabilities for exposure of information on the Tag and scheme to access a database for comparison and revocation remain weak points in both public and private key.
TI IC & Software Offerings In addition to Tag, Reader and MSP430 solutions, TI can provide optimized SHA1 code