This document discusses mobile RFID and its security issues. It begins by providing background on RFID technology and its components like tags, readers, middleware, and EPC network. It then explores three application zones for mobile RFID - location-based services, enterprise, and private - and the different security threats and requirements for each. Finally, it proposes a simple security architecture for the location-based services zone to address these threats.

1. A SURVEY OF MOBILE RFID AND ITS SECURITY ISSUES
S.R. Seenivasan, M.C.A., (Ph.D), Asst. Prof.
K.L.N. College of Information Technology
Abstract — Radio Frequency Identification (Uniform Product Code - UPC) must be
(RFID) is currently being used for auto- brought before the reader or laser and labels
identification of objects, assets, pets, and must be scanned one by one. This leads to
people. Its initial success in offering laborious, painstaking, human- error prone,
strategic advantages for businesses, by and time consuming inventory check, and
efficient tracking of inventory in the supply also makes customers in a store to wait in
chain, has left this technology wide open to long queues at the cashier counter. That line-
many applications that are only limited by of-sight between label and reader is often
people‟s imagination. This technology will difficult, impractical, or even impossible to
have a tremendous impact on our society, achieve in industrial environments, therefore
once it starts to assist people in their daily RIFD technology allows accurate and very
life. A right step in this direction would be quick scanning of products in large bulks
Mobile RFID, where a RFID reader chip is thus speeding up the supply chain
integrated into a portable mobile device like management. Other advantages of RFID
mobile phone, and PDA. Mobile RFID technology include: RFID tags can stand a
would help consumers in shopping, and harsh environment, long read ranges,
allows quick and easy access to information, portable database, multiple tag read/ write,
just by bringing their mobile devices near to tracking people, items, and equipment in
an object that has a RFID tag. realtime, etc. [4] gives a detailed description
about RFID technology and its advantages
This paper pioneers in describing Mobile for supply chain management. Passive RFID
RFID‟s new applications and security tags are attached to objects/products and
challenges. It focuses on different Mobile these tags contain tiny, but durable computer
RFID application zones, and their related chips with very small antennas. Passive tags
security threats, and security requirements. are powered-up from the interrogation
Finally it proposes simple security Radio- Frequency (RF) signal of a reader.
architecture for Mobile RFID applications in The tiny computer chips contain an
Location-based Services zone. Electronic Product Code (EPC) that
uniquely identifies the object to which it is
Keywords: Mobile RFID, Mobile RFID attached to, and the antennas automatically
Security, RFID Security transmit this EPC number without requiring
line-of-sight (i.e., visual) scanning, to RFID
1 Introduction readers within a certain RF range.
1.1 RFID Technology 1.2 Building Blocks of RFID Infrastructure
Radio Frequency Identification (RFID) is a This sub-section introduces the four main
means to efficiently, easily, and quickly building blocks of RFID Technology. This
auto-identify objects, assets, pets, and infrastructure is currently being developed
people. So far, RFID technology is used by by EPC global Inc. [2]. This organization is
some big companies like Wal-Mart, Proctor entrusted by industry to establish and
& Gamble Co., Hewlett-Packard, Prada, support a global standard for real-time,
Gillette, GAP, Target Corp., and the automatic identification of information in
Albertsons Inc., to track their inventory in the supply chain of any company, anywhere
the supply chain. With the current barcode in the world.
technology, each product‟s barcode label

2. 1.2.1 RFID Tags [4], after obtaining the contract from
EPCglobal, has invested heavily in building
As mentioned above, every RFID tag
and marketing an EPC Network specifically
contains its unique EPC number. EPC is a
to look up EPC data. It becomes very
globally unique serial number that identifies
necessary to look up each EPC number on a
an item in the supply chain. EPC
central data repository like we do with a
data/number contains: EPC Manager
Web page or other system using DNS.
Number (identifies the company), Object
Keeping EPC data as an unique reference or
class (similar to a stock-keeping unit, also
primary ID, further information about the
called product number), Serial number
respective product is stored on databases and
(specific instance of the object class being
servers of EPC Network. This network
tagged, objects own unique identifier).
assists local company staff and
EPCglobal allocates manufacturers specific
geographically distributed supply chain
blocks of EPC numbers, and manufacturers
partners to easily and efficiently access
then add their own product codes and serial
information on any product they are
numbers to their assigned manufacturer
handling from any location. The EPC
numbers to create unique identifiers - EPCs.
Network [4] consists of three main
Further information about the product is
components: Object Naming Service (ONS),
stored on a network of servers and databases
the EPC-Information Services (EPC-IS), and
called EPC Network. Therefore, unique EPC
the EPC-Discovery Services (EPC-DS).
number acts like a pointer directing the
RFID reader to the right entity on the EPC The ONS like DNS, is an authoritative
Network from where the reader can global directory of EPC-IS. EPC data is
download additional related data about the registered within the ONS. A retailer
product it scanned. may need to get information about the
product it has just received. He scans
1.2.2 RFID Readers the EPC number of the product‟s RFID
RFID readers are used to scan RFID tagged tag and sends it to the ONS. ONS
items. RFID readers send scanned EPC data returns the location of the
for processing to EPC Middleware. manufacturer‟s EPC-IS. This query
process is transparent to the retailer
1.2.3 EPC Middleware takes only milliseconds to execute.
In order to handle the billions of reads that EPC-IS are individual companies‟
happen in a typical warehouse we need is to publicly accessible databases that
have a middleware (filtering software) for contain the details related to a product.
the readers. The data created by an RFID EPC-IS would contain the EPC data,
reader needs to be filtered and smoothed product description, size, weight,
before it is useful for any application. Hence packaging, shipments, product arrival
EPC Middleware manages real-time read and departure details, and various other
events and information, provides alerts, and data that are appropriate to share with
manages the basic read information for supply chain partners.
communication to EPC-IS as well as
company‟s other existing information The EPC-DS interacts with Information
systems. It enables efficient useful data Services throughout the life of the product
exchange between RFID readers and EPC and maintains a history of each status
Network. change for the EPC tag. As products make
1.2.4 EPC Network their way across multiple points throughout
the supply chain, this process of products
Just like the global look-up system such as being scanned, and the knowledge of their
the Domain Name Service (DNS), VeriSign data within EPC-IS being passed on, repeats

3. itself. The registration of this product even interoperate with mobile phones. Thus
knowledge by each EPC-IS into the EPC-DS every individual is capable of carrying a
enables full supply-chain visibility. By RFID reader embedded in his mobile
enquiring EPC data from ECP-DS any phone/portable device, making RIFD
member of the supply chain can obtain real- readers ubiquitous. With the presence of
time, complete visibility of the supply chain. billions of geographically distributed RFID
tagged items all around, providing us with
1.3 Mobile RFID Technology instant real-time information, it becomes
As mentioned above, most applications of necessary to look up each EPC number of a
RFID for tagging and tracking items have tagged item on a publicly accessible central
been for operations within a single big data repository. Therefore, minor
company and its supply chain partners. The modifications to the RFID infrastructure
reason being, RFID tag costs are still described in section 1.2, would best suit this
relatively high, but they are declining future Mobile RFID technology.
quickly and approaching a level at which it 1.3.1 Applications of Mobile RFID
becomes practical to tag products at the item
level. This will open the door for large-scale Once the RFID tags become cheap, we can
use of RFID tags on consumer goods. Very literally attach them to as many items as
soon we can realize, one of the visions of possible. As a result, just by bringing mobile
automatic identification and ubiquitous devices near to a RFID tagged object, we
computing, which is the creation of an can quickly and easily download
“Internet of Objects”. information held by that object and view it
via mobile phone‟s display screen. For
In such a highly connected network; example:
devices, objects, items of any kind dispersed We can download information about a
through an enterprise or in our society can particular location by scanning RFID
talk to each other, providing real-time tagged sign posts, and landmarks.
information about the objects, location,
We can download bus routes by
contents, destination, and ambient
scanning RFID tagged Buses
conditions. This communication allows
We can download prices of RFID tagged
much-sought-after, efficient and easy
merchandise sold at stores, published in
machine to- machine identification,
catalogs for Compare Shopping
communication, and decision making. Thus
RFID technology will have a tremendous We can download movies, music,
impact on our society, once it starts to assist trailers, show timings, and theater
people in their daily life. A right step in this locations by scanning RFID tagged
direction would be Mobile RFID, where a movie posters, music CDs, etc.
RFID reader chip is integrated into portable We can download current menu being
mobile devices like mobile phones, and served at a particular restaurant by
Personal Digital Assistants (PDA). scanning its RFID tag, published in a
restaurants catalog
In near future, Mobile RFID would equip We can make a quick call or send an
people to carry along with them a portable instant message by scanning RFID
RFID reader in their mobile phones. This tagged photographs, business cards,
extends mobility, allowing people to scan address books, etc.
RFID tagged items as and when they want
and provides an easier, user-friendly 1.4 Related Work
approach to quickly and efficiently access We strongly believe that Mobile RFID
information from RFID tags. [3] Nokia is technology has a great future and it‟s a very
now offering portable RFID readers that challenging research area. It is poised to be

4. one of the future killer applications and and nearest theater locations by scanning
services of mobile communications. Since RFID tagged movie posters etc.
Mobile RFID technology is still in its
infancy stage, to the best of our knowledge Security framework for this zone is very
we did not find any literature that discusses much open. In this zone all RFID tagged
about security for Mobile RFID technology. items respond to every mobile RFID,
This paper could be the first of its kind to otherwise the main purpose of these items to
discuss about the vision and security provide instant information would be
challenges of Mobile RFID technology. defeated. Therefore in this zone there would
be no security requirements for
2. Mobile RFID Application Zones authentication and securing the
Applications of Mobile RFID can be broadly communications between RFID tag and
categorized into three zones namely: mobile RFID. But there is one problem,
Location-based Services (LBS) Zone, these publicly available tags can be fake or
Enterprise Zone, and Private Zone. Security must have been illegally modified and hence
threats and security requirements for Mobile no longer truly represent the services of the
RFID differ with respect to these zones. tagged item.
Figure 1 is self-explanatory about the
various security threats and security In such an unprotected zone, establishing a
requirements for these three zones. [1] appropriate security architecture is very
provides a detailed description of various difficult. Mobile RFID must contact many
security and privacy threats for RFID EPC-IS which might be either genuine or
technology and also discusses certain malicious. It should also be able to identify
proposed security models. and securely communicate with only
genuine EPC-IS. But these tasks could
2.1 Location-based Services (LBS) Zone create a huge burden on the lowcomputing
and resource-poor mobile device.
In a location-based services zone, service
providers can provide us with services Our proposed security architecture
“related to” and “available at” that location. (explained in the following section) for
The coverage of this zone is very large Mobile RFID - LBS zone describes a
which includes all public places. In this convincing trust model and secure job
zone, service providers and vendors want to delegation to mobile operator. Therefore the
provide services that are available at mobile operator can help in reducing the
customer‟s current location. To accomplish communication and computational burden
this, service providers deploy RFID tagged on the mobile RFID. The architecture also
items/devices all around, which provide us provides users privacy protection.
with instant real-time information about
services available at that location. However 2.2 Enterprise Zone
the communications between the mobile
RFID and EPC network must be secured. In this zone Mobile RFID assists company‟s
mobile staff/employees like inventory
Mobile RFID thus identifies and interacts checkers, field engineers, maintenance and
with such smart devices/items and obtains repair staff, and security guards. It helps
services like information about a particular them in real-time inventory management,
location by scanning RFID tagged sign work attendance log, instructions on how to
posts, and landmarks, download bus routes operate tagged items, „identification of‟ and
by scanning RFID tagged Buses, download „access control to‟ tagged equipment and
prices of RFID tagged merchandize sold at secure enclosures, and proof of staff
stores, for Compare Shopping, download presence at certain locations in a building
movies information, trailers, show timings, that needs to be monitored periodically, etc.

5. The security framework for enterprise zone into the RFID tags, create a portable
Mobile RFID applications could be database in their PC with details about the
proprietary and confined to the boundaries tagged household items, create passwords to
of a particular organization. In such a access these tags and the database, and
confined and well-monitored zone it‟s not finally secure the wireless/WiFi network in
very difficult to establish and enforce an the home environment.
efficient security architecture, trust model,
and security & privacy policies. With the Other option could be, the user can obtain
availability of up-to-date list of registered storage space (for free or fee) on the EPC
employees and items/products in a
company; designing and implementing key/
password distribution, data integrity &
confidentiality, identification,
authentication, and access control protocols
among staff, RFID readers, RFID tagged
items, and EPC Network is moderately easy
and mostly risk free when compared to LBS
zone.
Since this zone needs precise authentication
and security auditing in order to access
RFID tagged items, issues like user identity
privacy and tag information privacy will not
arise.
2.3 Private Zone Network (EPCInformation Servers) and via
a password protected user friendly website,
In this zone, Mobile RFID assists users in he can upload his personal EPC numbers
their private space like home, garden, and details of the tagged household items.
garage, car, and workshop. It helps them to Whenever he scans his private RFID tag in
make an instant call or send an instant his home, the Mobile RFID contacts his
message by scanning RFID tagged personal page on the EPCInformation Server
photographs, business cards, and address and downloads the details about the item in
books. By scanning RFID tagged household question. This approach alleviates user‟s
items with a mobile phone, we can quickly burden of configuring his own security
obtain information like; when would the system. The EPCInformation Server must
milk stored in the refrigerator expire, details provide user privacy protection, and secure
of the books in the bookshelf, when was the communication.
last time a RFID tagged plant has been
watered, and when to change the engine oil, 3. Building Blocks: Mobile RFID - LBS
etc. Zone
The building blocks of Mobile RFID
This zone is small when compared to the infrastructure in LBS zone is similar to
other two zones and therefore it requires a above mentioned RFID infrastructure.
simple security model that can be easily Expect that we introduced mobile operator
deployed and maintained by the user at his and eliminated the need of EPC
home. Users in this zone can buy off the Middleware. Since mobile RFID would
shelf Mobile RFID Kits. These kits can mostly scan one tagged item at a time, there
contain RFID tags, Mobile RFID, related is no need for filtering software to make the
hardware, and software with user-friendly mobile RFID data clear.
GUI. The software can assist the users to
easily encode EPC numbers of their choice

6. Mobile RFID (M-RFID): Mobile Phone 4.1 Secure Job Delegation
with RFID Reader Chip, is used to scan
tagged items available everywhere. The Mobile RFID on behalf of its owner
RFID Tags may need to communicate with ONS, EPC-
Mobile Operator (MO): In the current IS to retrieve the information of a particular
mobile communications paradigm we have tagged item. It should identify and
already put in a great deal of trust in MO, as authenticate genuine EPC network and be
it handles all our voice and data able to secure the entire transaction and also
communications. It maintains a record of protect the owner‟s privacy. But these tasks
each subscriber‟s call details, contact could create a huge burden on the low-
information, and credit card details, etc. It computing and resource-poor mobile device
even has the capability to easily determine and is certainly not user friendly. Therefore
our current location and tap into our it would be lot easier for the mobile device
communications. But what protects us from to securely delegate its work to a nearby
MO turning hostile is that it has to trusted high-computing and resource-rich
entity, the mobile operator. This approach
Figure 1: Comparison of Security Threats helps in reducing the communication and
and Security Requirements of 3 zones computational burden on the mobile device.
very strictly adhere to and follow legal,
4.2 Trust Model
security and privacy policies imposed by the
law. Our architecture extends this trust in
Establishing an efficient and convincing
MO to secure and provide privacy protection
trust model is very much required to ensure
for Mobile RFID transactions. This
secure transactions, key distribution, and job
approach is very practical and easily
delegation. With existence of a trust model,
deployable, as the current mobile
it would be lot easier for the mobile device
communications infrastructure is widely
to delegate its work to the mobile operator.
spread and highly stable. MO takes
responsibility on behalf of M-RFID to
4.3 Authorized Tag Information Access
select, identify, and authenticate genuine
Scenario: Alice goes to a shopping mall. She
ECP-IS. MO behaving like a “Trusted
uses her Mobile RFID reader to know the
Proxy” processes the request on behalf of
price, and manufacturer details of a
the M-RFID, greatly reducing the
particular commodity. The commodity‟s
communication and computational burden
RFID tag must not reveal other sensitive
on the user‟s mobile phone and also
details like the number of pieces sold so far,
provides users privacy protection.
its profit margin, and stock availability, etc.
EPC Network in order to prevent corporate espionage. This
information is strictly for the shopping malls
4 Security Requirements: Mobile RFID
inventory checking staff
- LBS Zone
We identified the following security 4.4 User Privacy Protection
requirements associated with the
deployment of Mobile RFID: Scenario: Charlie stalks Alice into the
elevator. Charlie has a RFID reader
Secure Job Delegation embedded in his mobile phone. Charlie can
Trust Model easily scan and read sensitive information
Unauthorized Tag Information Access off any RFID tagged item that Alice is
User Privacy Protection carrying in her bag/purse. After scanning a
Tag Access-Control Management particular RFID tag for information, the
Tag Access Authorization identity and location of Alice must not be
Data Integrity & Confidentiality revealed to the vendor or the service

7. provider. This personal information could Step 5: ONS responds with URL of the
allow service providers and vendors to EPC-IS related to the EPC number in
generate detailed profiles of the user, his question
buying interests, and transactions Step 6: MO fetches the anonymous M-
information. RFID certificate from its database and
sends it along with EPC number to the
4.5 Tag Access-Control Management URL of EPC-IS. The certificate does not
Sometimes information from the tags needs contain the identity of M-RFID but
to be available to authorized parties only. contains some related information like
But for mobile RFID scenario, the set of age, proof of privileged membership,
authorized parties is constantly changing, etc.
making access management a priority for Step 7: EPC-IS verifies the certificate
businesses. Therefore providing tag and checks the access-control list in its
information based on the privileges of the database.
user in question is very essential. Step 8: Depending on the access rights
of that certificate, EPC-IS responds to
4.6 Tag Access Authorization MO with related data about the EPC
Certain RFID tags needs to respond to number in question.
mobile RFID readers whose owners are Step 9: MO sends the EPC information
to the M-RFID. This communications
Above 18 years old can be encrypted using an established
Gold card Members or certain privileged session-key
members of certain organizations Step 10: MO stores details of this
Staff of a particular organization transaction in the database of this M-
Security guards RFID. Later, M-RFID can query some
Construction workers information about the tags it accessed
previously on a particular date, time,
4.7 Data Integrity & Confidentiality location (for compare shopping) and also
items it purchased.
We must keep the data that resides in a tag Step 11: M-RFID can purchase tagged
secure and also provide Secure Electronic items. MO can pay the vendor on behalf
Data Interchange (EDI) transactions of M-RFID and later get the money from
between the Mobile RFID, Mobile Operator, M- RFID via monthly telephone bills.
and EPC Network. When a tagged item is purchased MO
5. Security Architecture: Mobile RFID - makes sure that the details of that
particular EPC number is removed from
LBS Zone EPC-IS. This prevents adversary to scan
This section describes our proposed security and know the details of the purchased
architecture of the Mobile RFID as depicted items in the handbag of M-RFID‟s
in Figure 1. owner.
Step 1: M-RFID scans a RFID tag
Step 2: RFID tag responds with EPC
number
Step 3: M-RFID authenticates itself to
MO via login ID/PWD and sends the
EPC number to MO
Step 4: MO sends EPC number to the
ONS

8. 5.1 Security Solutions 6 Conclusions
5.1.1 Mutual Authentication mechanism This paper provides future vision and
between M-RFID and MO security challenges of Mobile RFID. We
A simple ID/Password authentication for M- mentioned the various security threats and
RFID and MO‟s PKI certificate verification security requirements at different zones of
by M-RIFD is necessary for mutual Mobile RFID applications namely LBS,
authentication between M-RFID and MO. enterprise, and private zones. And proposed
This provides secure job delegation, trust a simple security architecture for the LBS
model, data integrity and confidentiality zone, that fits the RFID EPC Network. The
between MRFID and MO. advantages of this architecture are as
follows: simple, involves less user
5.1.2 Mutual Authentication mechanism interactions, secure job delegation between
between MO and EPC-IS Mobile RFID and Mobile Operator. Also the
Mobile Operator conceals the identity of
Since MO and EPC-IS are resource rich users, as a result service providers and
entities, they both can authenticate each vendors of tagged items cannot maintain
other via PKI-based certificates. Thus users detailed profiles and location
providing data integrity and confidentiality. information, this protects users privacy. It
5.1.3 Anonymous Certificates for Identity could be a good revenue generator for the
management, authentication, and mobile operator and service providers
authorization M-RFID can request through commissions for every transaction.
anonymous certificate from MO. Our approach is practical and easily
deployable, as the current mobile
This certificate does not contain the true communications infrastructure is widely
identity of MRFID but contains other details spread and highly stable. And vendors can
like age, whether the user is a gold card still use the popular RFID EPC network. As
member or not, staff or visitor, etc. This our future work we would propose more
protects the privacy of the owner of M- concrete security architectures for the other
RFID and also assists EPC-IS to provide two zones of Mobile RFID applications and
corresponding information about the EPC also propose a simple, secure and privacy
number in question. preserving payment phase for Mobile RFID
applications.
5.1.4 M-RFID privacy
Our approach protects both location and References
information privacy of M-RFID. With the [1] Ari Juels, “RFID Security and Privacy:
use of anonymous certificate the vendor or A Research Survey”, RSA Laboratories,
the service provider of the tagged item can 2005,
never know the true identity of the M- [2] EPCglobal Web site, 2005, http://www.
RFID‟s owner. And once the tagged item is EPCglobalinc.org
purchased by MRFID, MO makes sure that [3] Nokia, “RFID Phones - Nokia Mobile
its reference is deleted from the EPC- IS. RFID Kit”,
This way even though, an adversary can http://europe.nokia.com/nokia/0,,55739,00ht
scan the handbag of Alice, he can no longer ml
obtain information about the tagged items [4] VeriSign, “The EPCglobal Network:
purchased by Alice as their references are Enhancing the Supply Chain”, White Paper
deleted from EPC-IS. 2005,
http://www.verisign.com/stellent/groups/
public/documents/white_paper/002109.pdf