In an entry system, radio-frequency identification (RFID) is vulnerable to security problems such as wiretapping, forgery, and denial of service (DoS).
In a generalized RFID entry system, readers and tags are provided based on encryption security standards such as electronic product code (EPC)-global standards only for a limited scope of memory access or special instructions, and do not perform any particular identification process for general tag identification. When a reader and a tag exchange identification information based on wireless communication, if an entry procedure is performed without an identification process, an illegal reader may easily obtain the identification information of the tag and thus personal information may leak.
For example, information of a non-secure RFID tag attached to an ID card can be obtained by any user having a reader capable of reading the same frequency. In addition, a malicious attacker may illegally obtain product information and personal information by analyzing traffic of a reader and a tag. If the attacker uses a forged reader, the memory of the tag may be easily corrupted, or erased in the worst case. The reader and the tag basically operate based on a question and answer mechanism and thus may be vulnerable to DoS attacks.
An RFID network has a much greater number of tags and nodes to be managed, compared to a conventional network, has an autonomously distributed structure, rather than a centralized structure, and thus is more vulnerable to security problems compared to the conventional network.
Furthermore, in an environment where multiple densely-arranged readers and tags need to be simultaneously used in a narrow place, e.g., a speed gate, frequency jamming may occur due to inappropriate frequency distribution.
Although technologies related to a mutual identification process between a reader and a tag have been disclosed, an encryption/decryption process thereof uses a slow and complicated symmetric cryptosystem or a heavy algorithm such as a hash function, and requires a large memory capacity. This encryption scheme may not be easily applied to large-volume and low-price RFID systems, and thus a security method appropriate for subminiature readers and tags is necessary.
KR 10-2011-0074441 discloses a technology for encrypting data using a cyclic redundancy check (CRC) computing function, but lacks solutions to reverse frequency detection.