RFID ASIA :: Radio Frequency Identification (RFID) Community in Asia


Putting RFID Network Security in Perspective


Monday, February 26, 2007
Adi Tedjasaputra.
by Adi Tedjasaputra

With more organisations are considering the use of RFID network technology, it is time to enhance the RFID network security measures. The Internet seems to be invented just yesterday. It comes as no surprise to many people because the recent statistics show that the total worldwide internet usage penetration was only 16.6% by January 11, 2007. Nevertheless, there is no doubt that the impact of the Internet on society has become more significant with the 202.9% growth of Internet usage since the year 2000. On the other hand, the Internet of Things, with RFID technology as its key enabler, has only started to become headlines for the past few years. One of the the most popular RFID networks is EPCglobal Network.

The heart of EPCglobal Network lies in the component or service called Object Naming Service (ONS) Root, as it was originally designed to anticipate the use of Electronic Product Code (EPC). The design of ONS Root is not completely new, because it is actually derived from the design of Domain Name System (DNS) Root.

The main similarity between ONS Root and DNS Root is the way they both return requests of data that are available in other servers, but not their own servers. DNS Root will return requests for root namespace domain with corresponding Top-level Domain (TLD) nameservers. ONS Root, in comparison, will return the network address of services where the corresponding data of the EPC in request is stored.

The benefits of not re-inventing the wheel, familiarity and easier implementation are naturally the strengths of the EPCglobal network, due to the experience with the Internet infrastructure. However, these benefits also come with some weaknesses. One of the weaknesses is the vulnerability of the ONS Root to Denial-of-Service (DoS) attacks, inherited from DNS Root.

In the Internet history, there were only two significant incidents recorded on DoS attacks to DNS Root servers, i.e. in 2002 and recently on February 2007. The worst impacts on DoS attacks to DNS Root servers in 2002 were the malfunction of 9 DNS Root servers from 13 servers spread geographically across the globe. The recent attack in February 2007 has resulted in two badly suffered servers and others saw heavy traffic (Wikipedia, DNS Backbone DDoS Attacks). These attacks, however, have provided some insights to one of the main risks in adopting EPCglobal network, i.e. security.

With the current total worldwide internet usage penetration of only about 16.6%, it is already difficult to imagine some major changes to the Internet infrastructure and cope with DoS attacks. Some efforts such as local data caching, server power and bandwidth improvement can only alleviate the impacts of such attacks on DNS Root servers. Egress filtering can significantly prevent from such attacks only when the use is widespread, at the expense of inconvenience for false positive traffic identification and additional measures. There is currently no silver bullet for DoS attacks.

EPCglobal Network, by design, is also susceptible to DoS attacks. Using similar mechanism with DNS in resolving EPC data requests, the ONS Root servers become vulnerable to DoS attacks. Any organisation planning to embark on EPCglobal Network will cringe finding out that the EPCglobal Network infrastructure inherits security weaknesses similar to DNS'.

While it is already difficult for changing the Internet infrastructure with only 16.6% penetration rate, there is still a hope for EPCglobal Network. Different from the Internet infrastructure, the development of ubiquitous RFID networks and sensors, including EPCglobal Network, is still in a very early stage. This state of affairs has provided a second change to design a secure and robust RFID network and sensor infrastructure that can have a significant impact for the worldwide society in the future, especially when it is no longer the Internet of Things, but also the Internet of People.

The writer is the Founder of RFID ASIA - The Prominent RFID Community in Asia.

Send your comments.

Labels: , , , ,


RFID ASIA on Facebook


RFID ASIA Journals

QR Code

   QR Code of RFID ASIA.

(); tml>