Calderoni et al. J Surveill Secur Saf 2020;1:106-18          Journal of Surveillance,
               DOI: 10.20517/jsss.2019.01                                        Security and Safety




               Original Article                                                              Open Access


               Forge-resistant radio-frequency identification tags
               for secure internet of things applications



               Luca Calderoni , Dario Maio , Luciano Margara , Luca Spadazzi 2
                            1
                                       1
                                                       1
               1 Department of Computer Science and Engineering, University of Bologna, Cesena 47522, Italy.
               2 Lab51 srl, Cesena 47522, Italy.
               Correspondence to:  Prof.  Luca  Calderoni,  Department  of  Computer  Science  and  Engineering,  University  of Bologna, via
               dell’Università, 50, Cesena 47522, Italy. E-mail: luca.calderoni@unibo.it
               How to cite this article:  Calderoni L, Maio D, Margara L, Spadazzi L. Forge-resistant radio-frequency identification tags for
               secure internet of things applications. J Surveill Secur Saf 2020;1:106-18. http://dx.doi.org/10.20517/jsss.2019.01
               Received: 13 Dec 2019    First Decision: 1 Feb 2020    Revised: 10 Feb 2020    Accepted: 31 Mar 2020    Available online: 29 Oct 2020

               Academic Editor: Michael G. Pecht    Copy Editor: Jing-Wen Zhang    Production Editor: Jing Yu


               Abstract
               Aim: Internet of Things (IoT) represents a key aspect within several application domains, and it enables growing
               opportunities for both organizations and end-users. Radio-frequency identification tags are probably the most
               relevant enabling solution for ubiquitous IoT systems and are often seen as a prerequisite for IoT itself. In this
               study, we analyzed one of the most promising radio-frequency identification tags to determine whether or not it
               represents a viable solution for secure IoT applications.

               Methods: The study was conducted relying on an Android OS application developed within our laboratories, which
               helped us to inspect the chip and describe its logical data structure. We studied the capabilities of the tag in
               relation to the application protocol data unit it supports, and we described the cryptographic protocols with which
               it is equipped.

               Results: This tag is resistant to forging activities, and it also preserves confidentiality and authenticity on
               exchanged data. We discussed several known privacy and security patterns that may be addressed relying on the
               tag we focused on and we underlined some deficiencies concerning chip cloning attack. Again, secure dynamic
               messaging and mirroring allow the surpassing of several privacy limitations.

               Conclusion: In this paper we investigated the capabilities of the NT4H2421Gx tag. The deep Android inspection
               performed on the tag showed that it represents an option to rely on when we need to design secure IoT
               applications.


                           © The Author(s) 2020. Open Access This article is licensed under a Creative Commons Attribution 4.0
                           International License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use,
                sharing, adaptation, distribution and reproduction in any medium or format, for any purpose, even commercially, as long
                as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license,
                and indicate if changes were made.


                                                                                                                                                  www.jsssjournal.com