Page 6 - Read Online
P. 6

Calderoni et al. J Surveill Secur Saf 2020;1:106-18  I  http://dx.doi.org/10.20517/jsss.2019.01                                            Page 107

               Keywords: Radio-frequency identification, NFC, internet of things, cryptographic protocols




               1 INTRODUCTION
               Internet of Things (IoT) has exploded in recent years, and the related security aspects are increasingly
                      [1,2]
               relevant . Radio-frequency identification (RFID) represents the most adopted solution within the IoT
                                                                                              [5]
                      [3,4]
               domain . The logistics industry is one of the earliest adopters of IoT and RFID solutions , while these
               technologies are now used in several application contexts, such as military and defense applications, supply
               chains, food industry and so forth. As an example, RFID tags may be applied to manage inventories, to
                                                                                               [6]
               reduce overstocks and to avoid understocks as well as to track the overall lifecycle of a product .
               More recently, RFID tags have also been used for different applications, such as localization and personal
                                                                                                        [7]
               identification. For example, electronic machine readable travel documents are equipped with RFID tags .
               As this feature enables several cryptographic protocols to be applied during the communication between
               the tag and the reader, it also makes it possible to deliver automated border controls in crucial areas such
               as international airports. At the same time, localization and identification procedures based on RFID also
               imply privacy and traceability issues for the tag bearer [8-10] .


               Thus, the combination of RFID and cryptography is widely studied [11-14] , and paving the way for a number
               of pervasive and secure applications. Among them, those aimed at preventing forgery and counterfeiting
               of trademark products represent a significant slice of the application sector. In recent years, the scientific
               community has therefore dedicated significant efforts to the design of techniques aimed to prevent
               malicious attacks against RFID technology [15-18] . Consequently, several efficient cryptographic protocols
               were proposed to deliver high-quality protection mechanisms for RFID-based applications.

               The RFID industry tries to adapt its products so they can fit this rapid evolution and continues to
               produce new tags with smarter capabilities. Each RFID tag has different features, including the supported
               cryptographic protocols, the amount of data that it is able to store, the set of commands it can deal with and
               so forth. The design of a secure IoT application relying on RFID technology should be thus preceded by an
                                                                                [19]
               in-depth study of tag capabilities. In this study, we focused on NT4H2421Gx , a recent RFID tag released
               by NXP Semiconductors, and we investigated its features extensively. The results showed that NT4H2421Gx
               represents a valid and promising solution for a wide number of secure IoT applications.

               2 METHODS
               In this section, we described the features of NT4H2421Gx. After a brief introduction to the general
               specifications of the tag, we investigated in depth its logical data structure, its application protocol data unit
               (APDU) and its core functionalities. Finally, we proposed a high-level comparison between this tag and
               other related ones.


               The NXP’s NT4H2421Gx tag is fully compliant with the NFC Forum Type 4 IC specification and relies on
                                                                                                       [20]
               the ISO/IEC 14443-4 contactless proximity protocol. The file system is compliant with ISO/IEC 7816-4 .
               The APDU is based on ISO/IEC 7816-4 as well, while it preserves only three of the native commands. Each
               command included in the command set is tag specific.

               2.1 Hardware layer
               Contactless smart cards with microprocessors incorporate their own operating system, which is usually
               burned into the ROM module at the production stage. The tasks of the operating system are data transfer
               from and to the smart card, command sequence control, APDU interpretation, file management and
   1   2   3   4   5   6   7   8   9   10   11