Messaging Protocols: Difference between revisions
Jump to navigation
Jump to search
Line 32: | Line 32: | ||
=====Protocols and Session Flow===== | =====Protocols and Session Flow===== | ||
*[[Example Message Flow]] | *[[Example Message Flow]] | ||
=====Protocol examples and white papers===== | |||
[http://www.autoidlabs.org/uploads/media/AUTOIDLABS-WP-HARDWARE-048.pdf A Mutual Authentication Protocol for RFID Using IDEA] |
Revision as of 14:12, 12 May 2012
Candidate Protocols for Messaging and Encapsulation
Low-level Signaling
The purpose of the low-level protocol is to provide primatives such as:
- Message Encapsulation appropriate for different mediums
- RS-232
- RS-485
- Ethernet
- SMS/Cellular
- Polling, and unique identification protocol
- Uniquely identify all devices on the network
- Handle collisions
Protocol Candidates
End to end session protocol
The session protocol is responsible for ensuring message fidelity, security and standardizing the protocol for 2-way transactions.
Considerations
- Ideally, session is encrypted and authenticated at all levels
- User should know they are interacting with a legitimate terminal
- Token should know that it is talking to a legitimate reader
- Reader should not leak any secrets during transaction
- Secrets should not be subject to interception between reader and server/panel
- Physically secure wiring/network
- Secure/encrypted protocols
- Messages should be not be able to vulnerable to session replay
- Time stamping/serializing of messages
- Messages should not be subject to intentional or accidental alteration in transit
- Message CRC and cryptographic signing/MAC protocol