The RFC used in Asset Visibility and Control enables a user to remotely control assets of interest. For instant, radio-frequency identification (RFID), Real Time Locating System (RTLS), machine-to-machine (M2M), smart agent networks can be referred.
RFID is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID mobile devices or transponders. A RFID mobile device is an object that can be applied to or incorporated into a product, animal or person for the purpose of identification using radio waves. Some mobile devices can be read from several meters away and beyond the line of sight of the reader.
Most RFID mobile devices contain at least two parts. One is an integrated circuit for storing and processing information, modulating and demodulating a RF-signal, and other specialized functions. The second part is an antenna for receiving and transmitting the signal.
RTLS is used to track and identify the location of objects in real time using simple, inexpensive nodes (badges/mobile devices) attached to or embedded in objects and devices (readers) that receive the wireless signals from these mobile devices to determine their locations. RTLS typically refers to systems that provide passive (automatic) collection of location information.
M2M refers to data communications between machines. The key pieces of a typical M2M system include: (a) a device or group of devices capable of replying to requests for data contained within those devices or capable of transmitting data contained within those devices autonomously; (b) a communications link to connect the device or group of devices to a computer server or another device; (c) a software agent, process, or interface by which the data can be analyzed, reported, and/or acted upon; (d) software intelligence.
Most often, M2M systems are task-specific. It means that an M2M system is purpose-built for just one specific device, or a very restricted class of devices in an industry. This is one of the indicators of the M2M market still being in its infancy, as a unified intercommunication standard has yet to evolve.
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).
A breach of security in which information is stored without authorization and then retransmitted to trick the receiver into unauthorized operations such as false identification or authentication or a duplicate transaction. For example, messages from an authorized user who is logging onto a network may be captured by an attacker and resent (replayed) the next day. Even though the messages may be encrypted, and the attacker may not know what the actual keys and passwords are, the retransmission of valid logon messages is sufficient to gain access to the network.
An attacker can also generate (mimic) a data transition gaining a fraudulent access. A signal (or a sequence thereof) of predetermined carrier frequency, amplitude and frequency modulations can be mimicked.
Also known as a “man-in-the-middle attack,” a replay attack can be prevented using strong digital signatures that include time stamps and inclusion of unique information from the previous transaction such as the value of a constantly incremented sequence number.
A timestamp is a sequence of characters, denoting the date and/or time at which a certain event occurred. This data is usually presented in a consistent format, allowing for easy comparison of two different records and tracking progress over time; the practice of recording timestamps in a consistent manner along with the actual data is called timestamping.
Timestamps are typically used for logging events, in which case each event in a log is marked with a timestamp. In file-systems, timestamp may mean the stored date/time of creation or modification of a file.
US Application 2007030469 ('469) discloses a system and method for providing secure oneway transmissions in a vehicle wireless communications system. The system and method rely on a clock signal to assure that the vehicle and server receive proper messages. The vehicle and the server will periodically synchronize their internal clocks to a global clock signal. The server will add its local time to the body of a message including a vehicle identification number and a function code. According to '469, the server will then encrypt the message and transmit it to the vehicle. The vehicle will decrypt the message and compare the transmitted vehicle identification number with its identification number. If the identification numbers match, the vehicle will then see if the time in the message is within a predefined window of the vehicle time. If the transmitted time is within the predefined window of the vehicle time, the vehicle will accept the message and perform the function.
As said above, the unauthorized person is able to breach security and to gain an access to information by means of replaying or mimicking to trick the receiver into unauthorized operations such as false identification or authentication or a duplicate transaction. Providing measures preventing the unauthorized persons from breaching RFC security is hence an unmet long-felt need.