Documente Academic
Documente Profesional
Documente Cultură
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 172
Abstract RFID technology is widely used worldwide in a broad range of applications. Such technology however raises security
concerns about the protection of the information stored in the RFID tags and exchanged during the wireless communication with
the readers. Buffer overflow vulnerabilities dominate the area of remote network penetration vulnerabilities, where an anonymous
Internet user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very
large portion of the most serious security threats would also be eliminated.This paper describes the use of train algorithm to tackle
the buffer over flow attacks in mobile RFID environment.
—————————— ——————————
1 INTRODUCTION
RFID identifies object in the open system environment by devices such as scanners tethered to mobile computers,
using the radio frequency technology which is a kind of integrated handheld readers, and vehicle mounted
non-contact automatic identification technique, and can readers from companies such as Intermec, LXE, and
automatically read the information from a great deal of Motorola, allow the reader to be brought to the asset
tags instantly[1]. This technology has shown its powerful instead of the asset having to pass by the reader. These
practical value and potential in the field of retailing, devices and custom applications running on them can
manufacturing and logistics. leverage existing wireless networks to communicate
As can be seen in figure 1, an RFID system consists of continuously with the rest of the system, and can often be
three components: used offline to collect data for transmission to the rest of
Tags, that consists of an integrated circuit with a the system at later time.
small antenna. Tags use to be placed in each Today’s deployments that use mobile RFID
object that should be identified. Each tag will technology—from workers carrying integrated handheld
send its identifier (ID) when interrogated. readers to the mounting of specialized readers on fork
Reader(s), that communicates with a database lifts—benefit from more flexible interaction with tagged
and with the tags. They are responsible of assets and broader location coverage. The additional read
performing the queries to the tags. opportunities enable greater asset visibility and allow for
Database with information of the tags and their the recording of asset entry, movement, and placement
items (e.g. medicine name, chemical around a facility. New applications are being built every
components...).RFID readers will check the day to leverage these unique capabilities.
database for identifying an object and for In order to truly capitalize on the benefits of mobile
obtaining its associated information. RFID, application developers must understand the
unique requirements and challenges of mobile
application development, deployment, and usage. A flex-
ible architecture provides a rich foundation for mobile
application development to extend the software across
platforms and readers.
Fig.1: RFID System
The rest of this paper is structured as follows: Section 2
gives a brief introduction about Buffer Overflows and
Mobile RFID enables unique RFID use-cases not their defenses. Section 3 reviews the related work. Section
possible with fixed readers. Mobile data collection 4 presents a description of the Train algorithm.The
————————————————
implementation of Train algorithm in mobile RFID is
M.SANDHYA is with the B.S.Abdur Rahman University, Chennai,
described in section 5. The experimental results are
India.She is working as a Assistant Professor (Senior Grade) in the shown in section 6.Finally the work is concluded in
Department of Computer Science& Engineering. section 7.
4 TRAIN ALGORITHM
Many programming languages provide automatic
garbage collection to reduce the need for memory
management related programming. However, traditional
garbage collection techniques lead to long and
unpredictable delays and are therefore unsatisfactory in a
number of settings, such as interactive systems, where
non-disruptive behavior is of paramount importance.
Generation-based collection techniques alleviate the
problem somewhat by concentrating collection efforts on
small but hopefully gainful areas of memory, the so called
young generations. This reduces the need for collecting
the remaining large memory area, the old, or mature,
generation, but in no way obviates it. Traditionally, Fig.2: Mature Object space with train cars
conventional techniques have been employed for old
4.1 Car Collection Strategy
generation collection, leading to pauses which, although
less frequent, are still highly disruptive. Each invocation of the Train Algorithm processes the
Train algorithm that has been gaining popularity is the lowest numbered car of the lowest numbered train in the
mature object space algorithm, originally proposed by system. Its space is reclaimed as follows. First, a check is
Hudson and Moss [16] and first implemented and made to see whether there are any references into the
analyzed by Seligmann and Grarup [17]. In this train to which the car being collected belongs. If this is not
algorithm, the heap is split into small regions (train cars), the case, then the entire train contains only garbage and
each of which can be collected independently.Train all its cars are reclaimed immediately. (This is the part of
algorithm is currently used by Sun's Hotspot virtual the algorithm which enable s large cyclic garbage
machine, specifies an organization for the mature object structures to be recognized and reclaimed, even if they
space of a generational collector. The purpose of the train are too big to fit into a single car.
algorithm is to provide time-bounded incremental Otherwise, all objects residing in the car being collected
collection of the mature object space. Incremental referenced from outside the train are evacuated as
coll ect i on reduce s ga rbage collection incre a se s follows. Objects referenced from other trains are moved
throughput by reducing the number of pauses, making it to those trains; objects referenced from outside mature
desirable for real time systems. Train Garbage Collection object space are moved to any train except the one being
divides the heap into old and young generations. Taking collected. If a receiving train runs full, a new car is simply
advantage of the empirical observation that most objects created and hooked onto its end [19]. Then, in typical
have very short lifetimes, a generational collector collects copy collector style, evacuated objects are scanned for
the sub-heaps of younger generations more often than pointers into the car being collected, moving the objects
those of older generations. thus found into the train from which they are now
To achieve this, the algorithm arranges the blocks into referenced and so on.
disjoint sets. With a striking metaphor, Hudson & Moss With the transitive closure of all externally referenced
refer to the blocks as cars, and to the set of blocks to which objects having been evacuated, the only live objects in the
a car belongs as its train. Mature object space can then be car being processed are those referenced (exclusively)
thought of as a giant railway station with trains lined up from cars further down the train being collected. Such
on its tracks [18] illustrated in figure2. objects are evacuated to the last car of the train, as are the
Just as in real life, cars belong to exactly one train and objects they reference, etc. At this point, none of the
are ordered within that train. The trains, in turn, are objects remaining in the car being collected are referenced
ordered by giving them sequence numbers as they are from the outside and are therefore garbage. Thus, the
created. This imposes a global lexicographical ordering space occupied by the car is reclaimed and the collection
on the blocks in mature object space: One block precedes is finished [20].
another if it resides in a lower numbered (i.e. older) train; 4.2 Tenuring Strategy
or if both blocks belong to the same train, then if that The tenuring strategy imposed by the Train Algorithm is
block has a lower car number (i.e. was added to the train simple: Objects promoted from younger generations may
earlier on) than the other. In the example structure shown be stored in any train except the one currently being
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 7, JULY 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 175
collected, or one or more new trains may be created to the server side. The reader has a fixed amount of
hold them. memory and within some seconds of time it has to flush
To facilitate collection of individual cars, each car has the data information collected from the tags to the
an associated remembered set containing information about middleware where all the readers are allotted some
all references residing outside the car pointing into it. Old specific memory.While flushing the data the reader
generation cars will only be processed when all younger should be very careful in not losing any single data
generations are collected, so the remembered sets need obtained from the tag.If the allotted memory space for a
only contain references from other old generation cars. particular reader in the middleware is not sufficient it can
Since cars are processed in lexicographical order, one can use the free memory spaces available for the other
further optimize the remembered set handling by only readers.
recording references from higher numbered to lower This will not create any problem for the other readers
numbered cars. By the time a car comes up for collection, also because the middleware will transfer the data to the
it will have the lowest number in the system, and thus its server immediately as soon as the memory space allotted
reme mbe re d set will be complete. This gives the for a particular reader is full. Subsequently the datas
advantage of not having to purge out stale remembered stored on the other memory spaces will also be
set entries in other parts of the system when a car is transferred to the database.In this way data loss can be
reclaimed. prevented and there is no possibility of buffer overflow
attacks.For allocating the free memory spaces of other
readers the concept of train algorithm is used.By using
5 IMPLEMENTATION
the train algorithm, the middleware can easily identify
In a mobile RFID environment the number of readers is the place where the datas are stored temporarily if
not limited and there is a possibility that there can be N the memory space allocated for a particular reader is full.
number of readers.The possibility of buffer overflow The possibility of data loss and buffer overflow attack is
attacks is high in the case of mobile RFID environment prevented by using the train algorithm concept in mobile
because the reader is a hand-held device and only limited RFID environment.
amount of memory is available for it compared to fixed
readers which is directly connected to the system.Data
plays a vital role in the case of RFID because it cannot be 6 EXPERIMENTAL RESULTS
retrieved back under any circumstances.The figure 3 The use of train algorithm in mobile RFID environment is
shown below gives a diagrammatic representation about tested using an RFID emulator known as RIFIDI. RIFIDI
how the middleware is placed between the reader and the is a complete middleware platform for building all facets
server. of an RFID application .With the industry leading
prototyping tools and a cutting edge RFID middleware
server, RIFIDI can help to develop a product application
from an RFID idea. RIFIDI makes it possible to do rapid
RFID prototyping and production deployments on a high
performance, open source platform.
RIFIDI emulator was used to test under two test cases.In
the first test case the capacity of the reader was set up to
hold upto 20 tags. In the middleware also the same
memory capacity of 20 was set for the reader. It performs
Fig.3: Model for Mobile RFID Environment well without any buffer overflow upto that number of
tags. When the number of tags to be read by the reader
RFID middleware is system software that collects a was increased to more than 20 and in the middleware the
large volume of raw data from heterogeneous RFID memory capacity for that reader was not changed, buffer
environments, filters them, summarizes into overflow occurs and the result of it is shown in figure 4.
meaningful information and delivers the information to
application services and middleware platform software,
that standardizes common functions necessary for the
development of RFID applications. The major basic
functions of middleware are supporting the
independency of the protocol of heterogeneous readers,
managing data through realtime collection, filtering and
summarizing, and interoperating with legacy system.
Other functions include process modeling, real-time
execution and controlling, and middleware should have a
structure of high scalability and availability [21].
Fig.4: Error with no Buffer Prevention
The middleware has to reside in a place between the
mobile RFID reader and the server.The main database
which gives all the information about the tag will be in Figure 5 shows the result of the second test case using
JOURNAL OF COMPUTING, VOLUME 2, ISSUE 7, JULY 2010, ISSN 2151-9617
HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/
WWW.JOURNALOFCOMPUTING.ORG 176
the concept of train algorithm. In this case the reader was E n g i n e e r i n g O r e g o n G r a d u a t e I n s t i t u t e o f S c i e n c e a n d
first made to read upto 20 tags and in the middleware Technology, 2000.
also the same memory space was set for the reader.Then [7] Richard Jones and Paul Kelly. Bounds Checking for
the number of tags to be read was increased in the reader C.http://www‐ala.doc.ic.ac.uk/ phjk/BoundsChecking.html, July
but in the middleware the memory space was not 1995.
[8] Herman ten Brugge. Bounds Checking C Compiler.http://web.
increased for that reader.It works well in this scenario
.inter.NL.net/hcc/Haj.Ten.Brugge/, 1998.
also because it uses the free memory spaces available for
[9] Kurt Roeckx. Bounds Checking Overhead in SSH. Personal
the other readers using train algorithm.
Communications, October 1999.
[10] Reed Hastings and Bob Joyce. Purify: “Fast Detection of
Memory Leaks and Access Errors”. In Proceedings of the Winter USE‐
NIX Conference, 1992. Also available at http://www.rational.com
/support/techpapers/ fast_detection.
[11] Alexander Snarskii. FreeBSD Stack Integrity
Patch.ftp://ftp.lucky.net/pub/unix/local/libc‐letter, 1997.
[12] Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat
Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang.
“StackGuard: Automatic Adaptive Detection and Prevention of Buf‐
fer‐Overflow Attacks”. In 7th USENIX Security Conference, pages 63–
Fig.5: Successful Insertion with Buffer Prevention 77, San Antonio, TX, January 1998.
[13] Calton Pu, Tito Autrey, Andrew Black, Charles Consel, Crispin
The above figure shows that the buffer overflow is Cowan, Jon Inouye, Lakshmi Kethana, Jonathan Walpole, and Ke
Zhang. “Optimistic Incremental Specialization: Streamlining a
prevented and because of it there is no possibility of data
Commercial Operating System”. In Symposium on Operating Systems
loss.
Principles (SOSP), Copper Mountain, Colorado, December 1995.
[14] Synthetix: Tools for Adapting Systems Software.World‐wide
7 CONCLUSION web page available at http://www.cse.ogi.edu/ DISC/projects/
synthetix.
Buffer overflows are worthy of this degree of analysis
[15] Crispin Cowan, Andrew Black, Charles Krasic, Calton Pu, and
because they constitute a majority of security Jonathan Walpole. “Automated Guarding Tools for Adaptive
vulnerability issues and a substantial majority of remote Operating Systems”, Work in progress, December 1996.
penetration security vulnerability issues. The results of [16] R. L. Hudson and J. E. B. Moss. “Incremental Garbage Collection
this analysis show that the Train algorithm can be of Mature Objects.” In International Workshop on Memory
effectively used to avoid buffer overflow. It can be used Management, number 637 in Lecture Notes in Computer Science,
in combination with other garbage collection algorithms pages 1‐42, St. Malo, France, September 1992. Springer‐Verlag.
also. Whenever a system needs to react very fast it is [17] J. Seligmann and S. Grarup. “Incremental Mature Garbage Col‐
indispensable to use an incremental strategy. The Train lection using the Train Algorithm”. In European Conference on Object‐
Algorithm gives such an incremental garbage collection Oriented Programming. Springer‐Verlag, August 1995.
strategy that can also be used in distributed systems. [18] Shubhnandan S. Jamwal1 and Devanand “Quantifying
Incremental Low Pause and TrainGarbage Collectors”.In
International Journal of Engineering Studies ISSN 0975‐ 6469
REFERENCES Volume 2, Number 2 (2010), pp. 207–214 © Research India
[1] Klaus Finkerzeller, RFID Handbush. Hanser Fachbuch, 1999.Also Publications http://www.ripublication.com/ijes.htm
[19] M. C. Lowry, A New Approach to The Train Algorithm For
available in English as RFID Handbook: Radio-Frequency
Distributed Garbage Collection. School of Comp. Science, University
Fundamentals and Applications, John Wiley & Sons, 2000.
of Adelaide, 2004.
[2] Rieback, M.R.; Crispo, B.; Tanenbaum, A.S.; “Is your cat infected
[20] R. Schatz, Incremental Garbage Collection II. Seminar aus
with a computer virus?” Pervasive Computing and Communications,
Softwareentwicklung: Garbage Collection, 2006.
2006. PerCom 2006. Fourth Annual IEEE International Conference on [21] Gi oug, Oh, and Doo yeon, Kim and Sang il, Kim and Sung yul,
13-17 March 2006 Page(s):10 pp. Rhew, “A Quality Evaluation Technique of RFID Middleware in
[3] Wikipedia ‐ buffer over_ow. http://en.wikipedia.org/wiki/Buffer_ Ubiquitous Computting”. In Proceedings of IEEE International Confe‐
overflow. rence on Hybrid Information Technology (ICHITʹ06), 2006.
[4] M. R. Rieback, B. Crispo, and A. S. Tanenbaum. “RFID Guardian:
A battery‐powered mobile device for RFID privacy management”. In
Proc. 10th Australasian Conf. on Information Security and Privacy
(ACISP 2005), volume 3574 of LNCS, pages 184.194, July 2005.
[5] Melanie R. Rieback, Patrick N.D. Simpson, Bruno Crispo,b,
Andrew S. Tanenbaum.”RFID malware: Design principles and
examples”. In Elsevier magazine on Pervasive and Mobile Computing,
October 2006.
[6] Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and
Jonathan Walpole. “Buffer Overflows: Attacks and Defenses for the
Vulnerability of the Decade”, Department of Computer Science and