Security in RFID works quite different from conventional network security. Due to the hardware obstacle, it is difficult to directly employ the existing security approaches to the area of RFID networks. Most of the security concerns can be addressed by the services of confidentiality , availability and integrity. When we review a real system in practice, however, authenticity and privacy are also on our list of consideration.
1 Each party in the transumption should not leak data to any unauthorized parties (this illegal act is sometimes called skimming), therefore it is extremely important to build a secure channel in the system. Especially in a commercial application, the data stored in the RFID tag is sometimes highly confidential. The standard solution for keeping sensitive data secret is to encrypt the data with a secret key, known only to the sender and receiver. The receiver would then decrypt the data, and thus achieve confidentiality.
2 In the wireless environment, the information exchanged between two parties needs to be confidential when sensitive data, such as personal bio-matrix, must not be collected by an eavesdropper 3. Fortunately, with the implementation of confidentiality, the attacker may be unable to steal information. However, the adversary may modify the message in transit without knowing the message of content. For instance, the lack of authentication in the simple Diffie-Hellman key exchange protocol makes it vulnerable to man in the middle attack. Message authentication codes, hash functions and digital signatures can guarantee message integrity and as well as authenticity.
Availability is an important aspect of reliability, especially when a reader needs to be ready to authenticate every incoming user that may enter its communication range at certain time intervals. For example, the functionality of the network must be ensured to resist denial-of-service attacks (DoS). The typical countermeasures include Quality of Service (Qos).
In any network communication, authentication proves the claimed identity of of the other parties, and it is an important security measure for preventing counterfeiting behaviors. Both the reader and user need to confirm the identity of each party involved in the communication The use of authentication may also be required in applications, such as security entry systems. In addition, a system equipped with strong authentication indicates a system of proving knowledge of a secret of the other party without revealing it.