Realizing a Secure Internet of Things

The Internet of Things envisions a world in which every object is able to collect and to store data as well as to communicate with each other over the Internet. A key technology for realizing this vision is Radio Frequency Identification (RFID). This technology consists of small microprocessors connected to an antenna (called tags) which can be easily attached to objects in the field. These tags typically do not require a dedicated power supply since they can draw their power from the electromagnetic field of a reader. In this project, we want to go the last step towards realizing the Internet of Things: Integrating passive RFID devices into the Internet by defining and implementing a protocol that allows accessing specific tags from an arbitrary client. Already in the design phase, it is vital to consider security aspects of the solution. Sensitive data that is collected by these tags has to be protected against unauthorized access from users in the Internet. Since tags have to operate in resource-constrained environments, lightweight network and cryptography solutions are required to provide those Web-based services. Thus, our goal is to develop a lightweight solution to establish a secure Internet layer upon the RFID-communication layer, which allows a secure end-to-end connection between tags and clients. Next to RFID-based objects, special readers are required which act as routers between the Internet and the RFID-based network. As an outcome of this project, we target a proof of concept demonstrator that consists of tag emulators and readers that provide the capability of securely sharing information with other objects and/or clients over the Internet. We plan to disseminate the scientific results on international conferences to discuss design decisions and to contribute to the research community. The demonstrator will be used to present the feasibility of RFID-based objects to enhance the current Internet with all of its advantages such as autonomously gathering information and data out of the field. We are confident that once the potential of this new technology is shown, we can attract industry partners to cooperate on further research and exploitation.

The Internet of Things (IoT), i.e. the wireless communication of electronic devices and machines for the purpose of autonomous data transfer, is one of the fastest growing technologies of our time. The IoT combines many different communication technologies like WLAN, GSM and Bluetooth. It also contains several device classes with diverse abilities like mobile devices (including, for example, mobile phones and hand-held devices), home automation devices (electronic fridges, light sources, washing machines, et cetera), automotive products, and medical devices. With a predicted 21.9 billion Euro gross market share in 2020 (according to Statista4) and a price of just a few Cents, so-called passive (batteryless) radio-frequency identification (RFID) tags are by far the largest group of IoT participants. Despite the countless opportunities and possible applications offered by the IoT, there are also concerns about the safety and the privacy of people. Medical devices like pacemakers, for example, which have a wireless communication interface, or automotive technology which can be controlled remotely pose a direct threat to the safety of their users if no appropriate security mechanisms are in place. Especially RFID tags with a very limited power budget and highly constraint processing capabilities (in contrast to mobile devices, for example), are not able to handle very complex security aware communication protocols. In addition, these tags can hardly be updated once they are deployed in their respective fields. Therefore, this group of IoT devices requires special treatment to guarantee the security of IoT applications. With ReSIT, the secure integration of RFID technology into the Internet of Things has been researched. Despite energy efficient cryptographic primitives and implementations, many possible platforms for secure RFID tags have been evaluated. Furthermore, weaknesses in existing communication protocols have been revealed, and a privacy-aware communication protocol has been developed that allows the seamless integration of RFID tags into the existing Internet infrastructure. The outcome of our research efforts build the fundament of our sensor equipped prototype platform (PIONEER) for a secure RFID based IoT.