Authentication Methods for Secure Data Transfer Over Wireless Channels

Andrew Otal, Yiming Qian, Guangyu Zhu
supervised by Dr. Gul Khan, FLC

This project focuses on wireless data communication authentication for a passive INTEL WISP RFID tag which will be later on hosted on an e-Health card. The design will address the security and costs concerns of wireless data communication to meet the company Kela Medical's requirements. ZigBee is chosen as the platform to simulate authentication of an RFID network as it represents a cheap, ideal and efficient alternative wireless technology to showcase our demonstration. An RFID system composes of an RFID tag, an RFID reader and a back-end server. We use two of the Xbee devices as the tag and the reader, and the third one as an attacker. The PC acts as the back-end server, which performs most of the intensive computation at the reader's side.

Authentication is a way for an object to prove its identity to a communication partner which is used to prevent unwanted third party access. A tag would transmit an identity key to an authentic reader where only authorized reader can read and write to a tag. A tag would essentially prove its identity to a reader through a question and answer method preventing unauthorized tags from interfering in the communication process.

In Cryptography, encryption is a method for transforming plaintext by using a cipher which is an algorithm for performing encryption or decryption and converting the plaintext into cipher-text which makes it unreadable to anyone except those with a key. The XTEA has been selected as the encryption cipher in our design as it is more secure, and has a lower execution time and uses up less memory. LCAP was chosen as our protocol due to the lower computation and communication cost and optimized storage capacity.

As soon as a message arrives at the serial port, the micro-controller will first look for the Start Byte then the Command Byte. If the command is valid, the data is read otherwise the succeeding data is discarded and the micro-controller looks for the next Start Byte. LED's are used as indicators where they indicate the current state of the tag in the state machine and determine the success or failure of the authentication by blinking. For the communication, on the reader side, the reader generated a random number (32 bit) which is sent to the reader. The serial port is then scanned and checks for the incoming message. When message m2 is received, it is decrypted, and then message m3 is encrypted and sent out. The serial port is scanned to check for the incoming message and message m4 is received and the data is parsed. The message m4 is decrypted and authentication is determined by the reader and tag. On the tag side, the incoming message m1 is received, it is then decrypted and message m2 is encrypted and sent. The incoming message m3 is received where it is decrypted, message m4 is then encrypted and sent. Finally the tag receives the acknowledged or not-acknowledge reply. The reader will load information from a database located on the PC which is assumed to be secure and any time or memory cost on the PC side will be ignored.

For the implementation, four protocol models have been implemented which are the LCAP and MAP Authentication Protocols and the XTEA and Extended XTEA Encryption-based Authentication Protocols. To demonstrate the performance of the proposed design, 4 types of attacks will be implemented during the authentication processes which are Cloning, Replay, Man in the Middle and Dos attacks.

Project targeted applications: Any company or business which requires secure authentication of the transfer of data wirelessly such as the medical industry providing patients the ability to have their medical records scanned automatically if they enter a Hospital or even retail stores which can provide customers the ability to shop wirelessly by having their credit cards scanned automatically and pay for goods and services without requiring a physical medium to do so.