School of Science and Technology 科技學院
Electronic and Computer Engineering 電子工程學系

RFID Security Access System and Solution

Student Wong Yuk Tung
Programme Bachelor of Science with Honours in Cyber and Computer Security
Supervisor Alick Mak
Year 2021/22

Abstract

With the development of science and technology, RFID is already into yours and mine life circle. Moreover, Access systems by using RFID technology is already one of the most important technologies in our life. No matter companies or home. Everyone is using an RFID or NFC Access systems. Meanwhile, a lot of attackers are starting to aim those RFID access systems. The security of RFID access systems become one of the most critical issues.

Therefore, in this project. It would use Arduino to design and implement an RFID access system with security communications base on hash function, Physical attack, Dos attack, Counterfeiting, Spoofing, Man-in-the-middle attack, Eavesdropping and traffic analysis. Also, it would explain the attacking method and how the solution can prevent from those attack to protect the RFID access systems.

To conclude, this project can provide a secure RFID access systems with Arduino. This project suggests different security solution to prevent the RFID access systems from common threats. This project is suitable for different situation. But it still has lot of solution to improve the system efficient.

Demonstration Video

Objectives

The goal of this project is to design and implement an RFID access system. This access system would control the door with authorization. Moreover, to consider the hash function for the secure communication and common RFID threats such as physical attacks, DoS, counterfeiting, spoofing, a man-in-the-middle attack (MITM attack), eavesdropping, and traffic analysis.

To achieve the goal, I will mainly focus on the following objectives:

  1. Build a RFID access systems by using Arduino.
  2. Investigate and develop the security communications base on hash function.
  3. Investigate, design, and implement the solutions about the following common threats:
    • Physical attack
    • Dos attack
    • Counterfeiting
    • Spoofing
    • Man-in-the-middle attack
    • Eavesdropping
    • Traffic analysis

Methodologies and Technologies used

To achieve the project goal. I would focus on the hardware and the software of the RFID systems. I am going to use Arduino to build the systems. Arduino is a company that creates and manufactures single-board microcontrollers and microcontroller kits for making digital devices using open-sources hardware and software. The advantage of Arduino is it can supply different modules for user. Moreover, it has a lot of libraries that support the modules.

RFID ACCESS SYSTEMS

To design and implement an RFID access system. I am going to use Arduino with different modules to build the systems. First, Arduino UNO will be my main control board. Arduino UNO supply 3.3V and 5V output. Also, most of the modules in the market are using 3.3V and 5V. Moreover, Arduino UNO is the most popular model in the market. Furthermore, the community and the support from different libraries are much better to compare with another model. Therefore, the Arduino UNO is the most suitable control board for this project.

Since the Arduino UNO only supply one port for different port type. For example, 3.3V and 5.5V port only has one port can use. Therefore, the port is not enough for all modules. By using DF Robot I/O extension board, it can extend the port by different port type. Second, using an RC 522 RFID modules as my RFID reader. It is a low frequency reader. It can detect the tags within 5cm. For a better user-friendly experience. I decide to add a DF Robot I2C LCD 1602 screen. This screen is used to announce the user the status of the systems and some hints on ID pass or not pass. Also, since there has so many types of door lock. I am going to use a servo step motor to simulate the door lock. Figure 1 show the concept of the RFID access systems. Appendix A lists all the modules on the access systems.

Figure 1. the basic concept of the RFID access systems.

SECURITY COMMUNICATION BASE ON HASH

For security communication, in the RFID access systems that can buy in the market. They usually would add a database to do the authorization with a security communication. Therefore, I am going to setup the security traffic between the database to Arduino CPU. Moreover, I want to add the security communication between the cards and the reader by using SHA256 hash function. Figure 2 shows the concept of the part that I want to build the security communication.

Figure 2. show the concept of the part that I want to build the security communication.

PHYSICAL ATTACK

There have so many ways can launch the physical attack. Especially in RFID access systems, it is because RFID access systems is an electric device. To compare with the traditional door lock. It's much easier to break. The attacker may use hammer to break the case or the control board. Moreover, they may use scissors to cut off the cable or turn off the power. Although to launch the attack may not let them can pass the door. But it can let another user can't pass the systems with an authorized card.

Therefore, in the solution. I am going to embed the systems into the door. Moreover, using a changeable module. By embedding the systems into the door. It can protect the important parts of the systems likes CPU. It is because the important parts are all inside the door. Only the reader and the monitor and show out. Therefore, even the attacker wants to break the CPU. They need to break the whole door. Moreover, by using a changeable module. Even the attacker can break the modules that are outside. But we just need to change the modules. Then the systems can work normally. We don't need to rebuild the systems. Figure 3 show the concept of the embed systems.

Figure 3. show the concept of the embed systems

DOS ATTACK

Dos attack is one of the easy launch attacks too. Launching Dos attack has two aims, down the systems or don't let user pass. First, RFID reader only can read one tags at the same time. Therefore, if the attacker wants to launch Dos attack. They just need to stick a unauthorize RIFD tags in the RFID reader. Since RFID reader only can read one card each time. Therefore, another card can't read by the card reader [6]. Second, since the reader keep reading that unauthorized card. If the reading time is long enough. The systems may get down by overload. But to lets the systems get down is hard to do because the reading process

Therefore, to prevent this attack. I am going to add an on/off systems. When the authorize user want to use the systems. They need to turn on the systems first. After they use, they need to close it down. Since the RFID reader only can read the card when the systems have been turned on. Therefore, it can prevent the DOS attack would get down the systems. Moreover, each card only would be read once time. In the program, I am going to set up to half the tags after read. Therefore, each tag would be read once. If they want to read another time. The user needs to remove from the detect area and rescan again.

COUNTERFEITING

Since the ID of the RFID Tags can be change. Therefore, in general. The admin would change the ID of some logical and meaningful ID for easy administration. For example, in hotel. Room 3 in Flat 3, in ID maybe RM3FL3. Therefore, attacker would try to counterfeit some ID to try to pass the systems.

To the prevent this attack. I am going to change the ID to some non-meaningful and non-logical ID. By changing to those non-meaningful and non-logical ID, it can increase the difficulties from the attacker to counterfeiting the ID to pass the systems. Moreover, if the attacker wants to counterfeit some ID one by one. By changing into some long length ID. It can increase the trying time of attacker. Furthermore, to limit the card type as Mifare Card. It is because it supplies a 128bit AES encryption on the tags.

Spoofing and Man-in-the-middle attack

The attacking way of spoofing and man-in-the-middle attack is very similar in RFID. Both attacking way need a high frequency RFID reader. High frequency RFID reader is a reader with a high frequency. Therefore, the attacker can read your RFID card in about 4 to 5m longs. By using the information that read by the high frequency RFID reader, they can change to an empty RFID tag and pass the systems.

Therefore, actually is no way to prevent those attack. The problem is we cannot modify the data already send out though radio waves by existing technology. But to prevent those attack. We can add one more authorization. In my systems. I am going to use two step authorization systems. By using a Bluetooth app and combine with on/off systems. The Bluetooth app is a private app. And the main function of the app is to switch on or switch off the systems. The authorized user would give an .apk file. Therefore, it can limit the user and prevent the app would send out to public. So, if attacker want to attack to the systems. They need to get the Bluetooth app first. Since the app is a private app. It would not be public on Apple Store or Google Play Store. The attacker needs to use lot of time to research the app function or spend lots of time to attack authorized user phone to get the app.

Eavesdropping

To launch the eavesdropping, it basically has two ways. First is break the reader and connect to the computer to eavesdrop the traffic between the reader and the tags. Another way is to use the high frequency RF receiver to collect the changes in the air. And use those signals to recovery the data that though radio wave energy to transmit.

For the first type of eavesdropping. It is almost a type of physical attack. Therefore, the solution is almost same with physical attack. For the second type, although it can be done by a high frequency RF receiver. But the problem is their have so many noises in the air. Although they can collect the signal, but the noises from other devices would affect their result.

But in China, already has device and cards can provide a reader and tags functions [8]. Those devices and cards are maliciously targeting RFID access systems. With the development of those maliciously device and cards, those device and cards and focusing on the credit card and NFC device.

Actually, we cannot deter the attacker to eavesdropping the traffic by using the high frequency RF receiver. It is because we don't have any technology can deter the signal in the air. But we can add more authorization systems to increase the difficulties.

Therefore, I am going to use two step authorization systems by using a Bluetooth app and combine with on/off systems. The Bluetooth app is not public. Only the authorized user would get the .apk file. Therefore, if the attacker can't get the app. Then they would not have any chance to open the systems. Therefore, the Bluetooth app would become the first step of authorization.

TRAFFIC ANALYSIS

To analysis the traffic on the systems. We need to have a logging system. The aim of the logging systems is to record the traffic to analysis if there has any unusual behavior. For example, an unauthorized ID is keep reading by the RFID reader. Then the systems may get attacking by DOS attack. Therefore, the logging systems can help the admin to understand to status of the systems.

By making the logging systems. I am going to use Python to make a script. By using Python, the advantages are it can use on different platforms. Python is supporting on Window, Linux, Mac. As long as the device is connected to the systems. The script can keep logging the traffic on the systems. Moreover, by using Python, it can provide lots of different library. Therefore, it can provide more function like print out to a file. Show the record with a time stamp.

Experiment

In these sections, it would show the experiment or implementation step by step and to explain how the systems can be down. Also, it would explain each step by details.

MODIFY CARD ID

First, in methodology item 3.5. The Card ID need to change to some non-meaningful and non-logical ID to prevent counterfeiting. To change the card ID. I am using a BC750 RFID Writer to change the ID. Figure 4 shows the device. I had prepared 2 Cards for the project. The original card ID is “00351232” and “00231123”. See Figure 5 and 6. Then by using the app provide by the BC750 RFID reader. We can change the Card ID. The new Card ID is “4A91B403” and “004CB403”. See figure 7 and 8.

Figure 4. show the device that use to change the Tags ID

Figure 5. the original card ID “00351532”

Figure 6. the original card ID “00231123”

Figure 7. shows the Card ID has changed to 4A91B403

Figure 8. shows the Card ID has changed to 004CB403

ARDUINO BOARD INSTALLATION

To install the Arduino Board together with different modules. We need to use jumper cable to connect. Appendix A list all the modules would use in the RFID access systems. Figures 9 and 10 show the PCB design of the RFID access systems. Appendix C shows the photo of the installation photo.

Figure 9. show the PCB design between Arduino board and extension board

Figure 10. show the PCB design for different modules

Mobile App Control

At the result. The mobile app can successfully control the RFID access systems. To show the result. I had prepared an Android tablet to test. As you can see in figure 12, circled in red. That's the app to control the RFID reader. Figure 13 show the interface of that app. To begin with. We need to connect to the Bluetooth and choose the device in the app. See figure 11 to 15. By default, the systems have been turned on for administration. In figure 11 to 19, it would show the result of using different button in the app and show how to control the RFID readers.

Figure 11. show it has connected to the systems though Bluetooth

Figure 12. the app that control the system

Figure 13. show the interface of the app

Figure 14. show the systems by default is on

Figure 15. show the selection page of Bluetooth choices

Figure 16. showing the interface after connecting Bluetooth device

Figure 17. show press “Close” Button and the RFID readers has turn down.

Figure 18. show press “Start” button and the RFID readers has bee

Figure 19. showing the interface that when press “Disconnect”

Result & Discussion

In this section, it would show the result of the implementation part. Moreover, it would discussion some problems that facing while implementation.

SECURITY COMMUNICATIONS BASED ON THE HASH FUNCTIONS

In methodology item (SECURITY COMMUNICATION BASE ON HASH). It mentions that I want to set up a security communication based on hash function between database and Arduino CPU, RFID reader and tags. But in the final systems. It doesn't add those function. It has two main reasons.

First, between the database and Arduino CPU. If want to add a database into the system. It needs to use Wi-Fi connection. It is because Arduino doesn't provide Ethernet connection. But during the project, I figure out that Arduino doesn't provide any security solution in the control board. That's mean the attacker can easily take the control of Arduino thought the Wi-Fi connection.

Moreover, since the Arduino UNO is an 8-bit microcontroller board. It can hardly process any significant amount of data. The attacker can easily launch any attack like ping of death attack to Arduino, and it may cause it down. Even some libraries can supply a security solution on Wi-Fi connection. But it would cost a huge amount of memory usage to hold the traffic security. Therefore, although adding a database is convenient for admin to do the authorization. Meanwhile, it would bring a huge security issue to the Arduino. So, I decide to not use database to do the authorization.

Second, between the RFID reader and tags. Since the data are transmit though the radio wave.

But within existing technology. We can't modify any data that has transmit by radio waves. Therefore, it is impossible to build any security communication though radio waves between RFID readers and Tags. Therefore, I try to use another method to try to make a similar result as security communication by hash function.

Another method is before doing authorization with the ID. Using hash function to authorize the card true and false. In figure 7 and 8. You can see that actually we can modify the sector in the Tags. Therefore. I want to add a hash value in the second sector. So, the reader can load the second sector to authorize the hash vale. But one of the problems of this method is that some attack, like eavesdropping, spoofing and man-in-the-middle attack. They can directly copy all the data in the tags or device. That's mean even I modify another sector. The attacker can copy that sector into another tags. Therefore, the way of I want to be done actually can't work.

Although there has some technology newly supply call SRFID. And it can supply a new way by using hash function to build a security communication. The reader would be using a hash value to synchronize a secret information to generate a unique RFID tags ID. Therefore, the ID would be changed each time. That's mean even the attacker can copy the ID. But the attacker can't get the secret information. Therefore, attacker cannot match the value with the reader. But this way has so much limitation.

But this solution is not suitable in our design too. First, Arduino is an 8-bit microcontroller. It cannot hold that's among of data. Moreover, the scheme required a database server to help to calculate the value. But as mentioned before. Arduino does supply and security features. Therefore, its systems are not suitable for our design.

That's the two reason why security communication cannot deploy into my systems. The big two reason is Arduino doesn't provide security features and didn't have enough calculation power.

Conclusion

To summarize this project. This project has introduced an RFID access system with security solutions. This project has targeted some common threats and implement the security solution into the RFID access systems. With the development of science and technology, attacker must have more chance to attack on RFID technology. Moreover, with the development of technology. Attacker must have more tools to attack on RFID technology. Although some of the attack like eavesdropping, man-in-the-middle attack, spoofing cannot deter them by the existing technology. But with the solution provide in this project, it must increase the difficulties for attacker to attack.

Moreover, during this project. This secure RFID access systems is suitable for different situation. It supplies a two step authorization system. With the existing technology, two step authorization system is out of the most secure authorization systems. It is because the attacker needs to spend more time on attacking to compare with single authorization systems. The cost performance ratio is not high enough for attacker to spend lots of time to attack. Therefore, this system is suitable for different situation, like home, office, school, etc.

But in the future, this project must have some place can be improved. First, I choose to use Arduino UNO as my main control board is because Arduino is a company that focus on microcontroller. Moreover, it is open sources. Therefore, Arduino must have the best support and community compare with another brand. But during the project, I figure out that Arduino doesn't provide any security solution. Moreover, Arduino IDE is using C and C+ programming language. But with the development of libraries, more and more libraries prefer to using C# and python as the programming language. It is because those programming provide a better performance. Although the Arduino has provided a convert language function, but while converting. It has a high chance that would crash or has error.

Therefore, maybe using Raspberry Pi maybe would has a better performance than Arduino. Raspberry Pi is a small single-board computers. It can support C, C+, C#, Python 2 and Python 3. Moreover, the specification is much better than Arduino. For example, Raspberry Pi can have at most 8 GB memory. But Arduino only support 32MB memory. Therefore, more function and more security solution can be done within Raspberry Pi. Also, since Raspberry Pi support lots of programming languages. It has more libraries support than Arduino.

Second, can replace other physical security solution than using embed systems. Using embed system can provide a strong security solution. During the project, I figure out that actually is hard to install the embed systems. By using embed systems. It needs to cut a place from the door to place the system. Therefore, the cost of using these systems become higher. Moreover, if need to upgrade the systems or adding more modules. It needs to reinstall the systems again. The cost performance ratio of embed system are not good enough. Maybe using another solution can provide a better cost performance ratio than embed system.

Jonathan Chiu
Marketing Director
3DP Technology Limited

Jonathan handles all external affairs include business development, patents write up and public relations. He is frequently interviewed by media and is considered a pioneer in 3D printing products.

Krutz Cheuk
Biomedical Engineer
Hong Kong Sanatorium & Hospital

After graduating from OUHK, Krutz obtained an M.Sc. in Engineering Management from CityU. He is now completing his second master degree, M.Sc. in Biomedical Engineering, at CUHK. Krutz has a wide range of working experience. He has been with Siemens, VTech, and PCCW.

Hugo Leung
Software and Hardware Engineer
Innovation Team Company Limited

Hugo Leung Wai-yin, who graduated from his four-year programme in 2015, won the Best Paper Award for his ‘intelligent pill-dispenser’ design at the Institute of Electrical and Electronics Engineering’s International Conference on Consumer Electronics – China 2015.

The pill-dispenser alerts patients via sound and LED flashes to pre-set dosage and time intervals. Unlike units currently on the market, Hugo’s design connects to any mobile phone globally. In explaining how it works, he said: ‘There are three layers in the portable pillbox. The lowest level is a controller with various devices which can be connected to mobile phones in remote locations. Patients are alerted by a sound alarm and flashes. Should they fail to follow their prescribed regime, data can be sent via SMS to relatives and friends for follow up.’ The pill-dispenser has four medicine slots, plus a back-up with a LED alert, topped by a 500ml water bottle. It took Hugo three months of research and coding to complete his design, but he feels it was worth all his time and effort.

Hugo’s public examination results were disappointing and he was at a loss about his future before enrolling at the OUHK, which he now realizes was a major turning point in his life. He is grateful for the OUHK’s learning environment, its industry links and the positive guidance and encouragement from his teachers. The University is now exploring the commercial potential of his design with a pharmaceutical company. He hopes that this will benefit the elderly and chronically ill, as well as the society at large.

Soon after completing his studies, Hugo joined an automation technology company as an assistant engineer. He is responsible for the design and development of automation devices. The target is to minimize human labor and increase the quality of products. He is developing products which are used in various sections, including healthcare, manufacturing and consumer electronics.

Course Code Title Credits
  COMP S321F Advanced Database and Data Warehousing 5
  COMP S333F Advanced Programming and AI Algorithms 5
  COMP S351F Software Project Management 5
  COMP S362F Concurrent and Network Programming 5
  COMP S363F Distributed Systems and Parallel Computing 5
  COMP S382F Data Mining and Analytics 5
  COMP S390F Creative Programming for Games 5
  COMP S492F Machine Learning 5
  ELEC S305F Computer Networking 5
  ELEC S348F IOT Security 5
  ELEC S371F Digital Forensics 5
  ELEC S431F Blockchain Technologies 5
  ELEC S425F Computer and Network Security 5
 Course CodeTitleCredits
 ELEC S201FBasic Electronics5
 IT S290FHuman Computer Interaction & User Experience Design5
 STAT S251FStatistical Data Analysis5
 Course CodeTitleCredits
 COMPS333FAdvanced Programming and AI Algorithms5
 COMPS362FConcurrent and Network Programming5
 COMPS363FDistributed Systems and Parallel Computing5
 COMPS380FWeb Applications: Design and Development5
 COMPS381FServer-side Technologies and Cloud Computing5
 COMPS382FData Mining and Analytics5
 COMPS390FCreative Programming for Games5
 COMPS413FApplication Design and Development for Mobile Devices5
 COMPS492FMachine Learning5
 ELECS305FComputer Networking5
 ELECS363FAdvanced Computer Design5
 ELECS425FComputer and Network Security5