Abstract
The Internet of Things (IoT) envisions an autonomous network between everyday objects to create real-life services. This enables new applications that necessarily require a high level of security and privacy. In this paper, we present PIONEER—a Prototype for the Internet of Things based on an Extendable EPC Gen2 RFID tag. It is the first prototype that integrates the Internet Protocol Security suite (IPsec) into the new EPC Gen2 Version 2 standard. Furthermore, it integrates all mandatory cryptographic primitives to support IPsec on an RFID tag, i.e., AES-128 for encryption/decryption, 192-bit Elliptic Curve Diffie Hellman (ECDH) for key agreement, and a True Random Number Generator (TRNG). To keep the flexibility high, we further integrated an 8-bit microcontroller that implements the new security features of the EPC Gen2 standard in C code. The entire design was synthesized for a 130 nm CMOS process technology. It requires about 52 kGEs including all necessary components to establish a secure IPsec tunnel between the RFID tag and a client on the Internet. The prototype is fully compliant with already existing Internet and RFID standards and allows first cost estimations for a practical realization of high-security IoT applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Agren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of grain-128 with optional authentication. Int. J. Wire. Mob. Comput. 5(1), 48–59 (2011)
ANSI. Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography. Accredited Standards Committee X9 (2001) (Incorporated)
Arbit, A., Oren, Y., Wool, A.: Toward practical public key anti-counterfeiting for low-cost EPC tags. In: RFID, pp. 184–191. IEEE, April 2011
Ashton, K.: That ‘Internet of Things’ Thing (2009). http://www.rfidjournal.com/articles/view?4986. Accessed 18 Feb 2014
Avoine, G., Carpent, X.: Yet another ultralightweight authentication protocol that is broken. In: Hoepman, J.-H., Verbauwhede, I. (eds.) RFIDSec 2012. LNCS, vol. 7739, pp. 20–30. Springer, Heidelberg (2013)
Ben-Romdhane, M., Graba, T., Danger, J.-L., Mathieu, Y.: Design methodology of an ASIC TRNG based on an open-loop delay chain. In: IEEE International Workshops on New Circuits and Systems Conference (NEWCAS), pp. 1–4, June 2013
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Chang, Y.-C., Chen, J.-L., Lin, Y.-S., Wang, S.M.: RFIPv6 - a novel IPv6-EPC bridge mechanism. In: International Conference on Consumer Electronics - ICCE, pp. 1–2 (2008)
Cherkaoui, A., Fischer, V., Fesquet, L., Aubert, A.: A very high speed true random number generator with entropy assessment. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 179–196. Springer, Heidelberg (2013)
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Daemen, J., Rijmen, V.: The block cipher Rijndael. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 277–284. Springer, Heidelberg (2000)
Dominikus, S., Aigner, M., Kraxberger, S.: Passive RFID technology for the internet of things. In: International Conference for Internet Technology and Secured Transactions (ICITST), pp. 1–8 (2010)
Dominikus, S., Kraxberger, S.: Secure Communication with RFID tags in the Internet of Things. Secur. Commun. Netw., n/a–n/a (2011). http://onlinelibrary.wiley.com/doi/10.1002/sec.398/abstract
Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST (2001)
Engels, D., Kang, Y.S., Wang, J.: On security with the new Gen2 RFID security framework. In: 2013 IEEE International Conference on RFID (RFID), pp. 144–151 (2013)
EPCglobal. EPC Radio-Frequency Identity Protocols Generation-2 UHF RFID Specification for RFID Air Interface Protocol for Communication at 860 MHz - 960 MHz Version 2.0.0 Ratified, November 2013. http://www.gs1.org
Ertl, J., Plos, T., Feldhofer, M., Felber, N., Henzen, L.: A security-enhanced UHF RFID tag chip. In: Euromicro Conference on Digital System Design (DSD), pp. 705–712 (2013)
Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. IEEE Proc. Inf. Secur. 152(1), 13–20 (2005)
Girault, M., Poupard, G., Stern, J., Girault, M., Poupard, G., Stern, J.: On the fly authentication and signature schemes based on groups of unknown order. J. cryptology 19, 463–487 (2006)
Ha, J., Moon, S., Zhou, J., Ha, J.: A new formal proof model for RFID location privacy. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 267–281. Springer, Heidelberg (2008)
Hada, H., Mitsugi, J.: EPC based internet of things architecture. In: IEEE International Conference on RFID-Technologies and Applications (RFID-TA), pp. 527–532 (2011)
Hinz, W., Finkenzeller, K., Seysen, M.: Secure UHF tags with strong cryptography - development of ISO/IEC 18000–63 compatible secure RFID tags and presentation of first results. In: SENSORNETS, pp. 5–13 (2013)
Holleman, J., Otis, B., Bridges, S., Mitros, A., Diorio, C.: A 2.92 uW hardware random number generator. In: European Solid-State Circuits Conference, pp. 134–137 (2006)
Hutter, M., Joye, M., Sierra, Y.: Memory-constrained implementations of elliptic curve cryptography in Co-Z coordinate representation. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 170–187. Springer, Heidelberg (2011)
IANA - Internet Assigned Numbers Authority. Referenced 2014 at http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml
ISO - International Organization for Standardization. Referenced 2014 at http://www.iso.org/
Itoh, T., Tsujii, S.: Effective recursive algorithm for computing multiplicative inverses in \(GF(2^m)\). Electron. Lett. 24(6), 334–335 (1988)
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard), Sept 2010. Updated by RFCs 5998, 6989
Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301 (Proposed Standard), Dec 2005. Updated by RFC 6040
Lee, J.-W., Phan, N.D., Vo, D.H.-T., Duong, V.-H.: A fully integrated EPC Gen-2 UHF-band passive tag IC using an efficient power management technique. IEEE Trans. Industr. Electron. 61(6), 2922–2932 (2014)
Lehtonen, M., Ostojic, D., Ilic, A., Michahelles, F.: Securing RFID systems by detecting tag cloning. In: Tokuda, H., Beigl, M., Friday, A., Brush, A.J.B., Tobe, Y. (eds.) Pervasive 2009. LNCS, vol. 5538, pp. 291–308. Springer, Heidelberg (2009)
Lepinski, M., Kent, S.: Additional Diffie-Hellman Groups for Use with IETF Standards. RFC 5114 (Informational), Jan 2008
Mattern, F., Floerkemeier, C.: From the internet of computers to the internet of things. In: Sachs, K., Petrov, I., Guerrero, P. (eds.) Buchmann Festschrift. LNCS, vol. 6462, pp. 242–259. Springer, Heidelberg (2010)
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography, 1st edn. CRC Press Inc., Boca Raton (1996)
Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)
National Institute of Standards and Technology (NIST). FIPS-186-3: Digital Signature Standard (DSS) (2009). http://www.itl.nist.gov/fipspubs/
Noman, A., Rahman, M., Adams, C.: Improving security and usability of low cost RFID tags. In: International Conference on Privacy, Security and Trust (PST), pp. 134–141 (2011)
Pang, L., He, L., Pei, Q., Wang, Y.: Secure and efficient mutual authentication protocol for RFID conforming to the EPC C-1 G-2 standard. In: Wireless Communications and Networking Conference (WCNC), pp. 1870–1875 (2013)
Peris-Lopez, P., Lim, T.-L., Li, T.: Providing stronger authentication at a low cost to RFID tags operating under the EPCglobal framework. In: IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, vol. 2, pp. 159–166 (2008)
Rabin, M.O.: Digitalized Signatures and Public-Key Functions as Intractable as Factorization. Technical report, Cambridge, MA, USA (1979)
Ranasinghe, D.C., Limb, D., Devadas, S., Jamali, B., Zhu, Z., Cole, P. H.: An Efficient Hardware Random Number Generator
Raza, S., Duquennoy, S., Chung, T., Yazar, D., Voigt, T., Roedig, U.: Securing communication in 6LoWPAN with compressed IPsec. In: International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS 2011) (2011)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications (2001). http://csrc.nist.gov/rng/
Safkhani, M., Bagheri, N., Peris-Lopez, P., Mitrokotsa, A., Hernandez-Castro, J.: Weaknesses in Another Gen2-based RFID Authentication Protocol. In: 2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA), pp. 80–84 (2012)
Sample, A., Yeager, D., Powledge, P., Smith, J.: Design of a passively-powered, programmable sensing platform for UHF RFID systems. In: IEEE International Conference on RFID, pp. 149–156, March 2007
Sarma, S., Brock, D.L., Ashton, K.: White Paper: The Networked Physical World (2000). http://www.autoidlabs.org/uploads/media/MIT-AUTOID-WH-001.pdf. Accessed 18 Feb 2014
Schindler, W., Killmann, W.: Evaluation criteria for true (physical) random number generators used in cryptographic applications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 431–449. Springer, Heidelberg (2003)
strongSwan - the OpenSource IPsec-based VPN Solution. Referenced 2014 at http://www.strongswan.org/
Sun, D.-Z., Zhong, J.-D.: A hash-based RFID security protocol for strong privacy protection. IEEE Trans. Consum. Electron. 58(4), 1246–1252 (2012)
Unterluggauer, T., Wenger, E.: Efficient pairings and ECC for embedded systems. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 298–315. Springer, Heidelberg (2014)
Wenger, E.: Hardware architectures for MSP430-based wireless sensor nodes performing elliptic curve cryptography. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 290–306. Springer, Heidelberg (2013)
Wenger, E., Baier, T., Feichtner, J.: JAAVR: introducing the next generation of security-enabled RFID tags. In: Niar, S. (ed.) Digital System Design, pp. 640–647. IEEE (2012)
Wenger, E., Unterluggauer, T., Werner, M.: 8/16/32 shades of elliptic curve cryptography on embedded processors. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 244–261. Springer, Heidelberg (2013)
Yi, X., Wang, L., Mao, D., Zhan, Y.: An Gen2 based security authentication protocol for RFID system. Phys. Procedia 24, Part B, 1385–1391 (2012). (International Conference on Applied Physics and Industrial Engineering 2012)
Acknowledgements
This work has been supported by the Austrian Science Fund (FWF) under the grant number TRP251-N23 (Realizing a Secure Internet of Things - ReSIT) and the FFG research program SeCoS (project number 836628).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Gross, H., Wenger, E., Martín, H., Hutter, M. (2014). PIONEER—a Prototype for the Internet of Things Based on an Extendable EPC Gen2 RFID Tag. In: Saxena, N., Sadeghi, AR. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2015. Lecture Notes in Computer Science(), vol 8651. Springer, Cham. https://doi.org/10.1007/978-3-319-13066-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-13066-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13065-1
Online ISBN: 978-3-319-13066-8
eBook Packages: Computer ScienceComputer Science (R0)