Page 6 - Read Online
P. 6
Calderoni et al. J Surveill Secur Saf 2020;1:106-18 I http://dx.doi.org/10.20517/jsss.2019.01 Page 107
Keywords: Radio-frequency identification, NFC, internet of things, cryptographic protocols
1 INTRODUCTION
Internet of Things (IoT) has exploded in recent years, and the related security aspects are increasingly
[1,2]
relevant . Radio-frequency identification (RFID) represents the most adopted solution within the IoT
[5]
[3,4]
domain . The logistics industry is one of the earliest adopters of IoT and RFID solutions , while these
technologies are now used in several application contexts, such as military and defense applications, supply
chains, food industry and so forth. As an example, RFID tags may be applied to manage inventories, to
[6]
reduce overstocks and to avoid understocks as well as to track the overall lifecycle of a product .
More recently, RFID tags have also been used for different applications, such as localization and personal
[7]
identification. For example, electronic machine readable travel documents are equipped with RFID tags .
As this feature enables several cryptographic protocols to be applied during the communication between
the tag and the reader, it also makes it possible to deliver automated border controls in crucial areas such
as international airports. At the same time, localization and identification procedures based on RFID also
imply privacy and traceability issues for the tag bearer [8-10] .
Thus, the combination of RFID and cryptography is widely studied [11-14] , and paving the way for a number
of pervasive and secure applications. Among them, those aimed at preventing forgery and counterfeiting
of trademark products represent a significant slice of the application sector. In recent years, the scientific
community has therefore dedicated significant efforts to the design of techniques aimed to prevent
malicious attacks against RFID technology [15-18] . Consequently, several efficient cryptographic protocols
were proposed to deliver high-quality protection mechanisms for RFID-based applications.
The RFID industry tries to adapt its products so they can fit this rapid evolution and continues to
produce new tags with smarter capabilities. Each RFID tag has different features, including the supported
cryptographic protocols, the amount of data that it is able to store, the set of commands it can deal with and
so forth. The design of a secure IoT application relying on RFID technology should be thus preceded by an
[19]
in-depth study of tag capabilities. In this study, we focused on NT4H2421Gx , a recent RFID tag released
by NXP Semiconductors, and we investigated its features extensively. The results showed that NT4H2421Gx
represents a valid and promising solution for a wide number of secure IoT applications.
2 METHODS
In this section, we described the features of NT4H2421Gx. After a brief introduction to the general
specifications of the tag, we investigated in depth its logical data structure, its application protocol data unit
(APDU) and its core functionalities. Finally, we proposed a high-level comparison between this tag and
other related ones.
The NXP’s NT4H2421Gx tag is fully compliant with the NFC Forum Type 4 IC specification and relies on
[20]
the ISO/IEC 14443-4 contactless proximity protocol. The file system is compliant with ISO/IEC 7816-4 .
The APDU is based on ISO/IEC 7816-4 as well, while it preserves only three of the native commands. Each
command included in the command set is tag specific.
2.1 Hardware layer
Contactless smart cards with microprocessors incorporate their own operating system, which is usually
burned into the ROM module at the production stage. The tasks of the operating system are data transfer
from and to the smart card, command sequence control, APDU interpretation, file management and
