Securing RFID-based Authentication Systems Using ParseKey+ Behnam Rahnama Dept. of Computer Engineering European University of Lefke North Cyprus, Mersin 10, Turkey +90 (392) 660 2000 behnam@brahnama.com Atilla Elci Dept. of Computer Engineering Middle East Technical University North Cyprus, Mersin 10, Turkey +90 (392) 661 2991 elci@metu.edu.tr Selcuk Celik Dept. of Comp. Information Systems European University of Lefke North Cyprus, Mersin 10, Turkey +90 (534) 841 5678 selcukcelik@acm.org ABSTRACT Currently RFID authentication systems rely only on matching tag ID with the one kept in database. Additionally, an alphanumerical password might be matched as extra security. However, tag ID and information inside can be compromised. Therefore, a more secure scheme is required in order to enhance safety of access control through RFID tags in particularly highly secure environments such as secure virtual meetings or authentication and access control to access high security locals. We wish to present attendance control system which is more like access control in general as an application of our novel security enhancement on RFID based access control systems. The security enhancement utilizes partial ParseKey+ multi-way authentication scheme. ParseKey+ scatters randomly divided sub-keys into uniformly distributed noise. Generated file is encrypted using AES256 and then it is written into RFID device. Each successful login changes the key and its trace kept in DB in addition to updating the device for future login. Keywords Authentication, RFID based Access Control, ParseKey+, Attendance Control. 1. INTRODUCTION This paper focuses on enhancing security of RFID (Radio Frequency Identification) [1] based access control / authentication systems using ParseKey+ [2]. RFID system utilizes radio waves to transmit information from an integrated circuit tag through a wireless medium to the host computer. Such system consists of three components: the tag (transponder device), the reader (interrogator) and the host computer (controller). The reader communicates with tags in its wireless range and collects information on objects corresponding to each attached tag [3]. [2]RFID system utilizes radio waves to transmit information from an integrated circuit tag through a wireless medium to the host computer. Such system consists of three components: the tag (transponder device), the reader (interrogator) and the host computer (controller). The reader communicates with tags in its wireless range and collects information on objects corresponding to each attached tag [3]. RFID market is being driven by several implementation models, promising efficiencies in supply chain management, manufacturing logistics, and asset management and security. Since it was introduced in the early 1990s, the RFID system has enjoyed tremendous growth of approximately 40% compound annual growth rate (CAGR). Estimates of growth in the world‟s RFID industry range from 23% - 35% annually, and the world market for RFID goods and services is projected to be at least $5 billion by 2011. Although the potential for viable RFID applications appears virtually limitless, security/access control and transportation are still the dominant applications in the RFID market in the current situation. Security/access control, student attendance automation, library applications, parking control, payment systems, and object/personnel tracking can be of greater assistance with the administration and management of schools [4]. RFID technology is improved in recent years. Attachment RFID reader / writer devices are mostly equipped with USB port allowing the system to transfer the information of a particular tag to any type of computational unit supporting USB bus. The In- Circuit Serial Programming (ISP) pins and serial programmer integrated in such systems allow updating of microcontroller firmware from time to time. In addition, sizes of new devices are considerably small and portable [5]. Using mobile phones as electronic wallet with Near Field Communication (NFC) which is an RFID-like wireless communication protocol working in range of 8 inches and data transfer rate of 212Kbps. Its most important difference from RFID is that NFC adopts two-way identification and permanent connection between devices so that it is mainly used for payments, identifying and communication as well as directly transferring data like pictures and documents [6]. 1.1 Identification Technologies Mario Cardullo's in 1973 was the first true ancestor of modern RFID: a passive radio transponder with memory. RFID system is composed of tags (transponders) and tag reader. The two commonly used RFID transponders are active tags (that does contain an internal battery power source that powers the tags chip) and passive tags (that do not have an internal power source, but are externally powered typically from the reader). RFID deployments tend to use (free to air) unlicensed frequencies for their obvious cost benefits. There are 5 technologies of RFID available in market that are i) 125 kHz (LF-Low Frequency), ii) Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Conference’10, Month 1–2, 2010, City, State, Country. Copyright 2010 ACM 1-58113-000-0/00/0010…$10.00.