IMPLEMENTATION OF AES ALGORITHM FOR SECURED WIRELESS TRANSMISSION OF DATA FOR RFID BASED TRANSACTIONS

Dhiraj S. Ganachari¹, Lingaraj N. Mailgond²,Mohan R³,Kavitha Narayan B.M⁴.

1Student , ²Student, ³Student, ⁴Assistant Professor

Dept of Telecommunication, Dr. Ambedkar Institute of Technology, Bangalore-560056, Karnataka, India.

1dhiraj.ganachari@gmail.com,²kiran.mailgond@gmail.com, ³mohanr.2108@gmail.com, ⁴kavitha.narayan73@gmail.com

Abstract-The biggest challenge for current RFID technology is to provide the necessary benefits while avoiding any threats to the privacy of its users. Although many solutions to this problem have been proposed, almost as soon as they have been introduced, methods have been found to circumvent system security and make the user vulnerable. We are proposing an advanced mutual authentication protocol between a tag and the back-end database server for a RFID system to ensure system security integrity. The three main areas of security violations in RFID systems are forgery of the tags, unwanted tracking of the tags, and unauthorized access to a tag’s memory. Our proposed system protects against these three areas of security violations. Our protocol provides reader authentication to a tag, exhibits forgery resistance against a simple copy, and prevents the counterfeiting of RFID tags. Our advanced mutual-authentication protocol uses an AES algorithm as its cryptograph primitive. Since our AES algorithm has a relatively low cost, is fast, and only requires simple hardware, our proposed approach is feasible for use in RFID systems. In addition, the relatively low computational cost of our proposed algorithm compared to those currently used to implement similar levels of system security makes our proposed system especially suitable for RFID systems that have a large number of tags.

Index Terms— AES algorithm, Decryption, Encryption, NIST, RFID system, ZigBee.

I. INTRODUCTION

RADIO-FREQUENCY IDENTIFICATION (RFID) is an emerging technology. It is the next generation of an optical barcode with several major advantages over an optical barcode since a line-of-sight between the reader and the barcode is not needed, and several tags can be read simultaneously. RFID technology is rapidly finding more diversified applications in today’s marketplace.

A RFID system consists of three parts: the radio-frequency (RF) tags, the RF readers, and the back-end database server.

The back-end server associates records with the tag data collected by the readers. Tags are typically composed of a microchip for storage and performing logical operations and a coupling element such as an antenna coil for wireless communications. Memory chips on the tags can be read only, write-once/read-many, or fully writable. Each memory chip holds a unique ID and other pertinent information transmitted to the tag reader using a RF. The tag readers interrogate the tags using a RF antenna and interact with the back-end database for more functionality.

However, RFID tags may pose a considerable security and privacy risk to organizations and individuals using them. Since a typical tag answers its ID to any reader and the replied ID is always the same, an attacker can easily copy the system by reading out the data of a tag and duplicating it to bogus tags.

Unprotected tags may have vulnerabilities to eavesdropping, location privacy, spoofing, or denial of service (DOS).

Unauthorized readers may compromise privacy by accessing tags without adequate access control. Even when the content of the tags is protected, individuals may be tracked through predictable tag responses.

Even though many cryptographic primitives can be used to remove these vulnerabilities, they cannot be applied to a RFID system due to the prohibitive cost of including protection for each and every RFID tag. The RFID tag is the most costly item in a RFID system as such systems inherently use at least a minimum of several tags. Economic constraints usually dictate that the tags cost as little as possible and that as few as possible are used. Power consumption, processing time, storage, and gate count are all severely limited.

In this paper, we propose a new mutual authentication protocol that uses AES (Advanced Encryption Standard) for the security of a RFID system. The algorithm originates from the initiative of the National Institute of Standards and Technology (NIST) in 1997 to select a new symmetric key encryption algorithm. From the initial candidates [3], Rijndael algorithm was selected as the Advanced Encryption Standard (AES) [2] due to the combination of security, performance, efficiency, ease of implementation and flexibility. Rijndael is a symmetric byte-oriented iterated (each iteration is called a round) block cipher that can process data blocks of 128 bits (4 words), using keys with length of 128, 192 and 256 bits.

Rijndael is capable of processing additional block sizes (160, 192 and 244 bits) and key lengths (160 and 244 bits), however they are not adopted in AES. Our implementation refers to AES algorithm.

The architecture is perfectly suited for wireless communication and is very practical in its implementation.

ZigBee is a specification for a suite of high level communication protocols using small, low-power digital radios based on an IEEE 802 standard for personal area networks. Applications include wireless light switches, electrical meters with in-home-displays, and other consumer and industrial equipment that require short-range wireless

transfer of data at relatively low rates. The technology defined by the ZigBee specification is intended to be simpler and less expensive than other WPANs, such as Bluetooth. ZigBee is targeted at radio-frequency (RF) applications that require a low data rate, long battery life, and secure networking. ZigBee has a defined rate of 250 Kbit/s best suited for periodic or intermittent data or a single signal transmission from a sensor or input device.

II. SYSTEMBLOCKDIAGRAM

A.ENCRYPTION:

Fig. 1: Block diagram of Encryption.

B.DECRYPTION:

Fig. 2: Block diagram of Decryption.

Data is retrieved from an RFID tag using RFID reader. The data is acquired as per the requirement from the sensor and sent to the microcontroller system. Microcontroller controls the data acquisition as per the requirements of the user. Then the data is processed in an embedded system and sent to the PC for encryption using one of the advanced standard algorithms.

Encryption is the process of converting a plaintext message into cipher text which can be decoded back into the original message. An encryption algorithm along with a key is used in the encryption and decryption of data. There are several types of data encryptions which form the basis of network security. Encryption schemes are based on block or stream ciphers. The type and length of the keys utilized depend upon the encryption algorithm and the amount of security needed.

The encrypted data is sent to the server through a ZigBee modem as the transmitter. At the receiver end, for servers, a

microcontroller based decryption circuit is employed. The data can be processed and analyzed as per the requirements. For the security and attendance systems it can be proceed for further action.

III. SYSTEMIMPLEMENTATION

The hardware requirements are RFID, Microcontroller, ZigBee & LCD.

A. THEAESCIPHER

The Rijndael proposal for AES defined a cipher in which the block length and the key length can be independently specified to be 128, 192, or 256 bits. The AES specification uses the same three key size alternatives but limits the block length to 128bits. A number of AES parameters depend on the key length. In the description of this section, we assume a key length of 128bits, which is likely to be the one most commonly implemented. Rijndael was designed to have the following characteristics:

1. Resistance against all known attacks.

2. Speed and Code compactness on a wide range of platforms.

3. Design simplicity.

The input to the encryption and decryption algorithms is a single 128-bit block. The block is depicted as a square matrix of bytes. This block is copied into the state array, which is modified at each stage of encryption or decryption. After the final stage, state is copied to an output matrix. Similarly, the 128-bit key is depicted as a square matrix of bytes. This key is then expanded into an array of key schedule words; each word is four bytes and the total key schedule is 44 words for the 128-bit keynote that the ordering of bytes within a matrix is by column. So, for example, the first four bytes in matrix, the second four bytes occupy the second column, and so on.

Similarly, the first four bytes of the expanded key which form a word, occupy the first column of the w matrix.

The AES Cipher Table

Table 1: Different Key Lengths

Key size

(words/bytes/bits)

4/16/128 6/24/192 8/32/256 Plaintext block size

(words/bytes/bits)

4/16/128 4/16/128 4/16/128

Number of rounds 10 12 14

Round key size (words/bytes/bits)

4/16/128 4/16/128 4/16/128

Expanded key

size(words/bytes)

44/176 52/208 60/240

B.THE AESCIPHER BLOCK DIAGRAM

Fig. 3: Flow Diagram of AES.

C.ENCRYPTION

(i). Structure of Key and Input Data

Both the key and the input data (also referred to as the state) are structured in a 4x4 matrix of bytes.

(ii).Substitute Bytes (Substitute Byte Operations)

There are different ways of interpreting the Subbytes operation. In this application report, it is sufficient to consider the Sub bytes step as a lookup in a table. With the help of this lookup table, the 16 bytes of the state (the input data) are substituted by the corresponding values found in the table(S- box)

Fig. 4: Sub-bytes operation.

(iii). S-Box

Table 2: S-Box

(iv). Shift Rows (Shift-Rows Operations)

As implied by its name, the Shift-rows operation processes different rows. A simple rotate with a different rotate width is performed. The second row of the 4x4 byte input data (the state) is shifted one byte position to the left in the matrix, the third row is shifted two byte positions to the left, and the fourth row is shifted three byte positions to the left. The first row is not changed.

Fig. 5: Shift rows operation.

(v). Add Round Key (Add-Round-Key Operations)

The Add-round-key operation is simple. The corresponding bytes of the input data and the key are XORed /Subtracted.

Fig. 6: Add round key operation.

D.DECRYPTION

The AES decryption is basically traverses the encryption algorithm in the opposite direction. The basic modules constituting AES Decryption are explained in detail below:

(i).Substitute Bytes (Substitute Byte Operations)

There are different ways of interpreting the Subbytes operation. In this application report, it is sufficient to consider the Subbytes step as a lookup in a table. With the help of this lookup table, the 16 bytes of the state (the input data) are substituted by the corresponding values found in the table (inverse S-box).

Fig. 7: Inverse Sub-bytes operation.

(ii). Inverse S-Box

Table 3: Inverse S-Box

(iii). Shift Rows (Shift-Rows Operations)

As implied by its name, the Shift-rows operation processes different rows. A simple rotate with a different rotate width is performed. The second row of the 4x4 byte input data (the state) is shifted one byte position to the right in the matrix, the third row is shifted two byte positions to the right, and the fourth row is shifted three byte positions to the left. The first row is not changed.

Fig. 8: Inverse Shift rows operation.

(iv) Add Round Key (Add-Round-Key Operations)

The Add-round-key operation is simple. The corresponding bytes of the input data and the key are XORed /Added.

Fig. 9: Inverse Add round key operation.

E. AESALGORITHM

(i). Algorithm for AES Encryption

Step 1: Enter plaintext.

Step 2: Declare standard S-Box.

Step 3: Substitute Byte - Split the value of plaintext into two nibbles and map the first nibble to the corresponding row and second nibble to the corresponding column of S-Box.

Step 4: Shift Rows – The first row is left unchanged. Each byte of the second row is shifted one position to the left.

Similarly, the third and fourth rows are shifted by offsets of two and three respectively.

Step 5: Add Round Key – XOR/Subtract each byte of the shifted matrix with the corresponding standard key matrix.

Step 6: Cipher text is obtained.

(ii). Algorithm for AES Decryption

Step 1: Enter cipher text into a matrix.

Step 2: Declare standard inverse S-Box.

Step 3: Add Round Key – XOR/Add each byte of cipher text matrix with the corresponding standard key matrix.

Step 4: Shift Rows - The first row is left unchanged. Each byte of the second row is shifted one position to the right.

Similarly, the third and fourth rows are shifted by offsets of two and three respectively.

Step 5: Substitute Byte - Split the value of cipher text into two nibbles and map the first nibble to the corresponding row and second nibble to the corresponding column of inverse S-Box.

Step 6: The message is obtained back.

IV. RESULTSANDOBSERVATIONS

The data assigned to the RFID tags is successfully encrypted following the various stages of AES algorithm at the transmitter end and is successfully decrypted at the receiver. This can be observed at the hyper terminal if the RFID tag is authenticated. The access is denied if an RFID tag is not authenticated.

V.CONCLUSION

It is feasible to create a very compact, low-cost implementation of the AES. It also ensures good performance and occupies less area than previously reported designs. This implementation can encrypt and decrypt data streams up to 166 Mbps. The encryption speed, functionality, and cost make this solution perfectly practical in the world of embedded systems and wireless communication.

We can implement AES algorithm in FPGA(Field Programmable Gate Array) board in a cost effective way, simplified software design and data processing at high bit rates.

The key length and number of rounds can be enhanced in order to provide very high level of security.

REFERENCES

[1] Nicolas Courtois, Josef Pieprzyk, "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations". pp267–287, ASIACRYPT 2002.

[2] Joan Daemen, Vincent Rijmen, "The Design of Rijndael: AES - The Advanced Encryption Standard" Springer, 2002. ISBN 3-540-42580-2.

[3] FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S.

Department of Commerce, November 2001

[4] Christof Paar, Jan Pelzl, "The Advanced Encryption Standard", Chapter 4 of "Understanding Cryptography, A Textbook for Students and Practitioners". (Companion web site contains online lectures on AES), Springer, 2009.

[5] IEEE paper on “Strong Authentication for RFID Systems using the AES Algorithm”.(Martin Feldhofer, Sandra Dominikus, and Johannes Wolkerstorfer).

[6] Abdel-Karim R. Al Tamimi, “Security in Wireless Data Networks”.

[7] William Stallings, “Cryptography and Network Security:

Principles and Practices”, International Edition, Third Edition

2003.