Security in a UHF RFID tag

Do we need security in an RFID tag? What do we even mean by security?
 
In the UHF tags available today there really is no security, in fact in many of the RFID tags that are used in applications today, there is no security. It is not needed, and so there has been no attempts to include it.
 
The one area that this not true is in the area of financial transactions where the predominant standard is ISO/IEC 14443. This standard (the basis of NFC, Near Field Communications) is a High Frequency (13.56 MHz) standard that includes the capability for encryption of the information on a tag. This capability does not exist for UHF tags – at the moment.
 
There have been many meetings of the UHF RFID experts to talk about how to add true security to a UHF RFID system.
 
This majority of RFID applications do not need security. The unique number stored in the tag means nothing to someone reading the tag unless they have access to the databases that explain the meaning of the number. However, some applications want to have more information stored in the tag and some of that information may be sensitive. Hence the need for security.
 
There are several areas that require the use of security. These include untraceability, loss-identification and/or protection, memory-locking, and privilege-management. To allow some of these to be implemented we also need to add file-management capability.
 
In order to achieve security, the tag and the reader have to prove to each other that they are allowed to talk. This is called authentication and it is a necessary process before the tag tells the reader any information. This is the first stage of the secure process.
 
There are several parts to the Authentication process. The tag must declare and prove that it is capable of secure communications. The interrogator must declare that not only is it capable but that it is allowed to access certain information on the tag. There may be information on the tag that not all interrogators are allowed to access, and so there must be a method of creating privilege based access and hence file areas on the tag.
 
Once the tag and interrogator have authenticated each other, then the secure communication can start. By secure communication we mean the "real-time" encryption of the data that passes between the tag and interrogator. This is not the storing of encrypted data, it is the process where the tag has the ability to encrypt anything it communicates to an interrogator.
 
The implications of having an encryption engine on board a passive tag are obviously very wide. The loss of power to the tag during the encryption process means that the data does not get secured and transmitted, so a lot of work has to go into the design of these new tags.
 
One of the areas that the experts have been looking at is what encryption routines should be available.  The group has decided that there should be no restrictions as some applications may only require very simple security while others may need the power of an AES type encryption. the idea is to not include the encryption algorithm informatuon in the air interface standard but to create another document where all the algorithms are detailed.  The manufacturer of the tags would then be able to decide which encryption suite his tags will support.
 
In ISO, the air interface for UHF type C (ISO/IEC 18000-63) will be the first standard to be created for a secure RFID system. The basis for the security is already included in ISO/IEC 29167-1 which is currently in ballot.  The specific information for each type of tag is then included in the air interface standards (ISO/IEC 18000 series). The standard that will specify the security suites has not yet been decided, but there is a proposal that ISO/IEC 29167 be the home for these suites.
 
Not all tags will require security, and the extra cost for the tags will not be something that all applications can bear so these specifications will all be optional.
 
The work has begun to create the standards for this concept, but it will not be complete for a while. In fact we will probably not see the standards published until late in 2012. As the work progresses, I will update the blog with information.

The “new” UHF Standard

UHF RFID has taken off in a big way. Many of us have been saying that RFID is the way of the future and now it is starting to be real. The standard for UHF is ISO/IEC 18000-6 (equivalent to the EPCglobal Gen 2 UHF standard). This standard is one of the air interface standards in the ISO/IEC 18000 series for all of the various frequencies.
 
ISO/IEC 18000-6 is a very large standard. It is available from ISO for about $306.00 and it contains 470 pages. The standard has information and specifications on four different air interfaces (types A, B, C, and D). Type C is the equivalent of the EPCglobal standard and is now the most prevalent UHF standard.
 
The latest version of ISO/IEC 18000-6 contains enhancements to the Type C air interface that are not included in the EPCglobal version. These enhancements allow the use of sensors and provide details of battery assisted passive RFID tags.
 
So with ISO/IEC 18000-6 only having been published in 2010 why am I talking about a new standard?
 
As I explained above, the standard has grown over the years both in size and in price. This has made it difficult to use and with the new enhancements coming, the decision was taken to split the standard into several parts. The new standard will have five parts as follows:
 
ISO/IEC 18000 – General information
ISO/IEC 18000-61 – Type A
ISO/IEC 18000-62 – Type B
ISO/IEC 18000-63 – Type C
ISO/IEC 18000-64 – Type D
 
Part 63 – Type C is the equivalent of the EPCglobal Gen 2 standard and it includes the sensor and battery assist specifications.
 
The revisions to break the original standard into these parts are currently in progress. The work has just passed the first level of balloting at ISO. This means that early in 2012 the new standards should be approved and we will all be using a new number for the UHF standard.  
 
If you want to know more about the new enhancements to the standard then watch for another article on this subject.
 
If you have questions about the new standards or how you can be a part of the standards efforts then let me know.

UHF (Ultra High Frequency) (860 – 960 MHz) air interface standards

UHF RFID is probably the most noticed RFID at this time.  While there have been more HF tags issued, the high profile nature of UHF has meant that many more people are aware of UHF RFID.

In the world of RFID, UHF is the newcomer to the fold. HF and LF tags were is use in many places when UHF started to become available. The industry needed a longer range passive tag and UHF is the answer.

The technology normally uses propogative technology like 2.45 GHz, and so like 2.45 GHz it has problems around liquids and materials that absorb the frequency. However it is possible to use the technology in a near field (or inductive) mode similar to LF and HF and this gets around the liquid problems.

The technology in Propogative mode can work at distances of 6 – 8 metres which is a big step up from the range of the other technologies. In Near Field mode this is much less (only 10s of centimeters) but it is possible to build tags with antennas that have the capabilities of both modes.

The frequency range 860 – 960 MHz is a very large range, but it is necessary to have a range this large to encompass all of the regulatory areas in the world.  In the USA, the frequency is 902 – 928 MHz, but in Europe it is 865 – 868 MHz, and in Japan the frequency available is 952 – 957.6 Mhz. So if an UHF tag is going to work all over the world it has to be able to work from 860 – 960 MHz. If you are interested in the various UHF frequencies available around the world you can see them here.

UHF has gained a lot of publicity and use with the release of the EPCglobal UHF Gen 2 standard. This standards improved the performance of the original ISO/IEC 18000-6 Type A and Type B air interface protocols.  ISO took the work of EPCglobal, and suggested some changes which were then incorporated back into the EPCglobal standard. ISO released this work as Type C in ISO/IEC 18000-6.

Recently the ISO workgroup has just finished work on changes to ISO/IEC 18000-6 and a new version was published on December 1, 2010. This new version includes several new features:

  • Support for sensors
  • Support for battery assist
  • New Type D air interface based on the TOTAL (Tag Only Talks After Listen) protocol of iPico.

The release of the EPCglobal standard lead to the adoption of UHF by several groups. First of these was Wal-Mart.  Their mandates to force suppliers into tagging cases and pallets were the first time that RFID was seriously used in the retail market place. The US Department of Defense followed shortly after with a mandate to tag items over a specified value. Other organizations have also taken the use of UHF RFID to heart and required the tagging of items to the standards for this frequency.

The latest use of UHF is the tagging of apparel in a test of item level tagging. Wal-Mart has lead the charge with the decision to tag specialty jeans and underwear.  This was quickly adopted by other retailers and is rapidly becoming a major test for RFID.

Information technology — Radio frequency identification for item management — Part 6:Parameters for air interface communications at 860 MHz to 960 MHz

Scope

This part of ISO/IEC 18000 defines the air interface for radio frequency identification (RFID) devices operating in the 860 MHz to 960 MHz Industrial, Scientific, and Medical (ISM) band used in item management applications. It provides a common technical specification for RFID devices that can be used by ISO committees developing RFID application standards. This part of ISO/IEC 18000 is intended to allow for compatibility and to encourage inter-operability of products for the growing RFID market in the international marketplace. It defines the forward and return link parameters for technical attributes including, but not limited to, operating frequency, operating channel accuracy, occupied channel bandwidth, maximum effective isotropic radiated power (EIRP), spurious emissions, modulation, duty cycle, data coding, bit rate, bit rate accuracy, bit transmission order, and, where appropriate, operating channels, frequency hop rate, hop sequence, spreading sequence, and chip rate. It further defines the communications protocol used in the air interface.

This part of ISO/IEC 18000 specifies the physical and logical requirements for a passive-backscatter, Interrogator-Talks-First (ITF) or tag-talks-only-after-listening (TOTAL) RFID system. The system comprises Interrogators, and tags, also known as labels. An Interrogator receives information from a tag by transmitting a continuous-wave (CW) RF signal to the tag; the tag responds by modulating the reflection coefficient of its antenna, thereby backscattering an information signal to the Interrogator. The system is ITF, meaning that a tag modulates its antenna reflection coefficient with an information signal only after being directed to do so by an Interrogator, or TOTAL, meaning that a tag modulates its antenna reflection coefficient with an information signal upon entering an Interrogator's field after first listening for Interrogator modulation in order to determine if the system is ITF or not.

In detail, this part of ISO/IEC 18000 contains one mode with four types. The detailed technical differences between the four types are shown in the associated parameter tables.

Types A, B and C are ITF. Type A uses Pulse-Interval Encoding (PIE) in the forward link and an adaptive ALOHA collision-arbitration algorithm. Type B uses Manchester in the forward link and an adaptive binary-tree collision-arbitration algorithm. Type C uses PIE in the forward link and a random slotted collision-arbitration algorithm.

Type D is TOTAL based on Pulse Position Encoding or Miller M=2 encoded subcarrier.

 

2.45 GHz air interface standards

So called microwave RFID operates in the 2.45 GHz band and is available all over the world.  The technology uses radio propagation techniques which mean that range is typically limited by the amount of power transmitted by the reader. (NOTE:  According to RF literature, 2.45 GHz falls in the UHF band, however, this frequency RFID tag is normally referred to as a microwave tag). Many companies offering 2.45 GHz also offer active tag systems which increase the range considerably.

The big problem with propogative RFID systems is that they are very vulnerable to the effects of moisture and metal. An exposed tag (paper label) can be almost useless if it gets wet.

Unlike HF and LF RFID systems that use inductive coupling, propogative systems use backscatter of the reader’s carrier wave to piggy-back their reply on.  This means that the reader talks to the tag, then sends plain CW (carrier wave). The tag modulates this carrier wave with the response and the reader is able to detect the modulation of its own carrier. The signal from the tag is very small and so the reader has to be very sensitive to detect and demodulate the signal.

Systems that use 2.45 GHz can be either active or passive systems. The range of a passive system is limited to a few metres at best, and more typically around one metre. Active systems can give read ranges approaching several tens of metres.

In ISO/IEC JTC 1/SC 31 the standard is ISO/IEC 18000-4: Information technology — Radio-frequency identification for item management — Part 4: Parameters for air interface communications at 2,45 GHz

Description from the standard.

Scope

This part of ISO/IEC 18000 defines the air interface for radio frequency identification (RFID) devices operating in the 2,45 GHz Industrial, Scientific, and Medical (ISM) band used in item management applications. The purpose of this part of ISO/IEC 18000 is to provide a common technical specification for RFID devices that may be used by ISO committees developing RFID application standards. This part of ISO/IEC 18000 is intended to allow for compatibility and to encourage inter-operability of products for the growing RFID market in the international marketplace. This part of ISO/IEC 18000 defines the forward and return link parameters for technical attributes including, but not limited to, operating frequency, operating channel accuracy, occupied channel bandwidth, maximum EIRP, spurious emissions, modulation, duty cycle, data coding, bit rate, bit rate accuracy, bit transmission order, and where appropriate operating channels, frequency hop rate, hop sequence, spreading sequence, and chip rate. This part of ISO/IEC 18000 further defines the communications protocol used in the air interface.

This part of ISO/IEC 18000contains two modes. The first is a passive tag operating as an interrogator talks first while the second in a battery assisted tag operating as a tag talks first. The detailed technical differences between the modes are shown in the parameter tables.

MODE 1: Passive backscatter RFID system

The FHSS backscatter option or the narrow band operation RFID system shall include an interrogator that runs the FHSS backscatter option 1 RFID protocol or in narrow band operation, as well as one or more tags within the interrogation zone.

MODE 2: Long range high data rate RFID system

This clause describes a RFID system, offering a gross data rate up to 384 kbit/s at the air interface in case of Read/Write (R/W) tag. In case of Read Only (R/O) tag the data rate is 76,8 kbit/s. By using of battery powered tags such a system is well designed for long-range RFID applications. This air interface description does not explicit claim for battery assistance in the tag.

There are other technologies that use the 2.45 GHz frequency bands which could be considered similar to RFID. These will be discussed in another post.