RFID installations in the age of increased security requirements
For many years, the automation of production and business processes has been constantly subject to new requirements. In recent years, the focus has primarily been on increasing efficiency as well as seamless digital integration with backend and management systems.
In times of massively increased security requirements, however, RFID systems today must feature completely new architectures, especially if they are to be used in so-called critical infrastructure. This is because critical infrastructures are of crucial importance for the smooth functioning of states and organizations and have been subject to greatly increased attention from governments and their authorities as well as from public and private organizations and companies for several years.
Kathrein Solutions has always invested heavily in research and development to meet these demands and to ensure that its proprietary technology portfolio is always a step ahead of current market requirements.
Basically, the requirements for a modern and secure RFID system can be divided into several areas:
- Protection and monitoring of the function of the installation
- Protection and safeguarding of the system or personal data collected by the system
- Elimination of backdoor / trapdoor access possibilities
Kathrein's own Industrial Operating System, which was already implemented in the second RFID reader generation in 2014, enabled specific adaptation to the IT security requirements of the respective end users, at that time with a focus on the automotive industry. By adding proprietary IT operating systems to the RFID read/write devices, it was possible to integrate the installations into the core networks of large companies at no additional cost and to manage and operate them with the existing IT tools. The protection of the data transmitted between the transponders and RFID read/write devices was not yet a priority here, since it was mostly only a matter of production-specific IDs of components and load carriers.
IT security in industry and logistics:
The ongoing digitization and networking of individual systems is now also leading to an increased need for "secure Auto ID" solutions in industrial automation. Sensitive information such as the VIN (Vehicle Identification Number) or FID (Vehicle Identification Number) is now stored on RFID transponders, which remain permanently on the vehicle and must be protected against unauthorized reading by third parties. Standard RFID systems offer only basic protection in the form of a 32-bit password that is transmitted unencrypted.
Special focus on traffic routes as critical infrastructure
Systems designed to detect motor and rail vehicles now also require a significantly higher level of safety and interference immunity. Here, the requirements can also be divided into several areas:
- Ensuring trouble-free operation, even in the event of power failures.
- Secure IT integration into existing back-end systems
- Protection against malicious damage and manipulation in the semi-public area
- Protection of vehicle or personal data
Since railroad networks and highways have always been the most important supply routes and infrastructures of states, special attention is paid to the protection of these important lifelines. In both segments, Kathrein Solutions is one of the leading suppliers of identification solutions that ensure secure operation over a long period of time - even in harsh outdoor environments and unstable power supply networks. The respective security concept behind each of these applications has also been specifically designed in cooperation with the respective integration partner to meet the requirements of the end users.
In the railroad environment, train information must be stored on the respective transponders in encrypted form, and the connection to the railroad operator-specific backend system must be implemented in a secure and cost-effective manner.
Self-sufficient power supplies and reading stations connected via 4G mobile radio make it possible to implement fast roll outs with Kathrein hardware and software without lengthy civil engineering work.
The sometimes very high speeds of the objects to be detected of up to 350 km/h require a very high reading performance of the RFID infrastructure, since up to ten times more data must be transmitted in the same time due to the high data security.
Intelligent Transportation Systems
At Kathrein, the ITS (Intelligent Transportation Systems) market segment includes the areas of toll systems and vehicle registration solutions. In many countries of the world, there has been a massively increased security risk for many years. In particular, the data of the respective vehicle owner stored on the transponders must be stored securely and protected against unauthorized reading in order to prevent attacks by means of so-called body traps. However, this presents the system architect with a major challenge, since there is now a unique key for each individual transponder, which must be secure and, in most applications, also available in real time.
New technology to help improve security in the Auto ID world:
New security transponders based on ISO 18000-63C provide comprehensive protection and enable security using a 128-bit AES key stored in the transponder IC hardware that performs cryptographic authentication checks. These transponders were developed in compliance with global interoperability standards, namely GS1™ UHF RFID Gen2 v2.0 (Annex N, Tag Alteration (Authenticator)) and ISO/IEC 29167-10 for proof of origin based on AES (advanced encryption standard). Since 2016, Kathrein Solutions has been the first manufacturer worldwide to offer the full integration of so-called security transponders in its entire RFID portfolio. In order to realize a secure RFID reading station, it is not only necessary to realize the connection in the direction of the backend system encrypted, it is also mandatory to secure the communication between reader and tag on the air interface. With the RRU 45xx generations, a so-called integrated HSM (High Secure Memory) module has been available since 2017. This allows tag-specific keys, which are necessary for reading the encrypted content on the transponders, to be stored securely and also with high quality (AES 128 bit) decentrally on the reader.
New High Performance Solution with the RRU 7700 Reader
With the new RFID Reader RRU 7700 a new generation of High Security Readers is now available, which allows highest security standards in terms of integration into backend systems. It also enables unprecedented speed in the processing of encrypted transponder data both on the network side and on the air interface.
An additional increase in security is achieved by the key diversification process. Each transponder is assigned a unique key. The key is calculated directly in the HSM. On the one hand, this enables faster and more secure access, since no keys have to be transmitted. Another new feature is the HSM's self-protection function. If unauthorized access is detected, the HSM module deletes all stored data and keys!
With these measures, the currently most secure and fastest RFID capture systems can be built. For example, the processing time for the decryption of transponder data in the reader could be increased by a factor of 20, which is reflected in a maximum speed for the complete decryption of transponder data with moving objects of < 300 Km/h.
Successful rollouts in the toll and rail environment
The first successful installations are already in use in the toll environment and with leading European rail operators. The use of the high-performance decentralized RFID reader RRU 7700, which enables the entire key handling on site as well as the secure connection to the backend system via 4G network, was extended by a self-sufficient, solar-powered energy supply. This approach is exemplary for a completely new type of RFID reading stations, which combine highest performance with efficient and contemporary costs in acquisition and operation.