---

---

10/17/2006 14:22

Secure wireless transmission - RFID tags with digital certificate of authenticity

Guido Weber Corporate Communications, Corporate Technology
Siemens AG

RFID tags for contactless tracking of goods are enjoying growing popularity. But the protection of wirelessly transmitted information from product pirates can only be ensured with an elaborate and costly local infrastructure. Developers at Siemens have come up with efficient security processes that can be implemented on the tiny RFID chips. This provides a means of guaranteeing the security of these tags and of the data stored on them at considerably less costs.

RFID chips (Radio Frequency Identification Devices) are well on the way to becoming established in the field of logistics and for the individualized, forgery-proof marking of products. RFID tags carry an internal chip containing information such as destination address or sell-by date. This information can be called up by wireless signal, for instance in the incoming goods reception department at a company. In contrast to reading bar codes, this procedure does not require a line of sight. The small data carriers can even be read out through packaging. However, without protective measures this wireless link has its own inherent dangers and product pirates could eavesdrop on the data during transmission. If they were able, for example to copy the data record or the identification number of high-quality branded garments, these could be reproduced any number of times and written onto false radio tags. Cheap imitations would then pass as valuable original products throughout the whole delivery chain. It is therefore imperative to make RFID wireless traffic forgery-proof. Although existing procedures today guarantee adequate data security, they are relatively costly in terms of computing effort. On the other hand, procedures involving less intensive computing require an elaborate infrastructure and existing processes do not fit on the small RFIDs. "Our aim was to offer our customers a solution that does not tie them to the infrastructure and makes it unnecessary, for example, to have a permanent connection to a database," explains Dr. Stephan Lechner, head of Security Research at CT. "What we were seeking was a solution that would provide a mobile, self-contained means of checking the authenticity of RFIDs."

Mathematicians from Corporate Technology (CT) in Munich have now found a method for compressing the necessary processes to such a degree that they can now run on RFIDs as well. This global first provides a user-friendly means of using authenticity verification on a large scale. The researchers from Munich make use of what experts in the field call asymmetrical encryption, as distinct from "symmetrical encryption." With conventional symmetrical encryption, the reader unit used for scanning the code and the radio tag itself both use the same secret key. That makes for a highly complex solution since it requires the storing of hundreds of RFID keys for a large number of different products in the reader. Although it's possible to link a reader with a database that manages the keys, for example via the Internet, this also increases the complexity of the entire RFID system.

With the asymmetrical system, the researchers from Munich have found a way of avoiding this jungle of data, since with this method only the RFID code needs a kind of security certificate. This certificate can be recognized by the reader unit, but it cannot be copied or changed. What makes this possible is a complex mathematical signature of the tag information. The usual way of generating this signature is to multiply long prime numbers together for which it is necessary to store considerable volumes of data. Although the chips on EC cards or smart cards have no problem processing this amount of data, up until now this has been far beyond the capability of a tiny radio tag. Using intelligent computing, the researchers have succeeded in reducing the data volume by more than half. "We don't represent the information with large primary numbers any longer, but as a point on a curve, which is also a widely used technique," states Dr. Lechner. "We achieve the data reduction simply by leaving out coordinates. We weave a kind of mathematical web which, although thinned out, provides a workable solution that we can rely on." The new Siemens method is so space-saving in operation that for the first time it is possible to accommodate asymmetrical processes on RFID chips. This is all the more remarkable because at the end of 2004 the subject was regarded as so difficult that it was not included in the international study by the Federal Office for Security in Information Technology.

In the future, the new RFID tag process could be used for contactless, automatic access control, or music and software CDs, for instance, could be provided with integrated or adhesive tags. As another example, the new process could allow mobile customs patrols to check the authenticity of goods at any point during transport. Another application is for freight documents. "It's not that uncommon today for entire containers to be stolen from container depots with forged freight documents," said Lechner. "When the legal owner comes along later to pick up the goods, they're already gone." In order to prevent this form of theft, freight documents and containers could be linked via RFID tags using asymmetrical cryptography. The goods would not be released unless the freight document contained the right certificate. "Given the volume of freight documents in circulation, an authenticity check of this kind is only practical with decentralized checking of the certificates on a mobile terminal. Now for the first time we provide the basis for this." Dr. Lechner and his team are in the process of customizing their method to different applications in the various Siemens Groups. The goal for the future is to make asymmetrical cryptography available on RFID tags for external customers as well.

---

<
Identification and tracking of goods in the logistics chain involve the exchange of data between the ...
Source: Siemens
None

---

Criteria of this press release:
Economics / business administration, Electrical engineering, Energy, Mathematics, Media and communication sciences, Physics / astronomy, Traffic / transport
transregional, national
Research results
English

---