Abstract

Radio Frequency Identification (RFID) has been emerged as one of the most promising technologies used as an automatic data collection and information storage technology in vast number of applications. One of the biggest hindrances in the wide adoption of this technology is the challenge in security. There have been extensive studies on RFID security, in particular authentication and privacy issues. In most protocols, the discussions focus on scenarios that RFID tags are used mainly for tracing or identification, and the access to data stored on RFID is enforced through authentication. Recently, there is a rise in interests of using RFID tags as distributed storage, e.g., storing floor plans which can be used by fire fighters during emergencies. In this new type of applications, quite often, XML (eXtensible Markup Language) is employed since it has been considered as a de-facto standard to store and exchange information on the Internet and through other means. This research proposes to securely and efficiently store data on RFID tags in XML format. We introduce a framework using cryptography that ensures data confidentiality and integrity; we employ multi-level encryption together with role-based access control on the data stored on an RFID tag. In the given framework, a user is assigned with a certain role and can only access the part of data that she is authorized according to her role and the Access Control Policy (ACP). In addition, a more profound and accurate definition of simple and complex XACL (XML Access Control Policies) is given and a workable cryptographic solution is provided to handle complex policies. Furthermore, two different encryption methods are introduced to minimize the size of a file encrypted using XML encryption specifications. The research also extends the current technique of populating RFID tag memory with BIM (Building Information Model) database information in Facilities Management System (FMS) applications, by adding roles and different security levels. To explore the technical feasibility of the proposed approach, a case study in facilities management with different roles and security permissions has been implemented and tested at Concordia University. In this case study, we apply the proposed framework and encryption scheme to provide fine-grained access to data stored on RFID tags. To the best of our knowledge, it is the first work that addresses security issues in this new type of RFID-based distributed storage applications