Design and implementation of blockchain-based RFID data collection and traceability system
With the development of blockchain technology and its integration with finance, Internet of Things, and artificial intelligence [1], related security incidents frequently occur, and the security and reliability of data sources in blockchain information systems Traceability is becoming more and more important [2]. The radio frequency identification (RFID) [3] automated data collection equipment applied to the Internet of Things urgently needs to solve security trust issues such as anti-spoofing, non-repudiation, decentralization, and data integrity. Therefore, the blockchain Combined with RFID technology, it has natural technical complementarity and wide application scenario requirements in the fields of data collection and traceability, key equipment life cycle supervision and other fields. This paper aims at the security traceability of key infrastructure, special equipment and other key equipment, aiming at overcoming the congenital deficiency of only applying RFID technology for data collection and traceability, and designing and implementing a RFID data collection and traceability system based on blockchain. Key technologies such as hardware unique identification, zero storage, and smart contracts are applied to fixed readers[4], card issuers, handhelds, and access gateways to realize the integration and sharing of electronic tag data on the chain, which can effectively avoid automatic collection equipment. The possible security risks can meet the security and traceability requirements of key business traceability and important data protection.
Abstract: The data collection and traceability of critical infrastructure, special equipment and other key equipment needs to run through the whole life cycle process of scientific research and production, registration, distribution, allocation, maintenance and destruction. At present, most of the key equipment data are generally stored in the systems of government agencies, users, warehouses, scientific research and production units, etc., which easily leads to information redundancy and ambiguity of key equipment data among various departments. Aiming at the security traceability of critical infrastructure, special equipment and other key equipment, a data collection and traceability system based on the combination of block chain and RFID is proposed. The non-tamperable key equipment data record chain realizes real-time sharing, traceability and audit supervision of key equipment data, so that the production department, user department and supervision department can monitor the life cycle status of key equipment in real time, and finally achieve traceability of key operations, Important data has protection security and traceability requirements. In addition, the design and implementation of the system adopts RFID equipment transformed from domestic chips and self-developed adaptation audit software, which greatly improves the degree of independent controllability of the software and hardware of the data collection and traceability system. Keywords blockchain;
RFID Data collection; data traceability; independent and controllable
1 Existing Security Problems and Solutions of RFID System
1.1
Analysis of Existing Security Problems in RFID System At present, there are three types of security problems in RFID system [5]:
1) Illegal duplication. Traditional barcodes or two-dimensional codes are easily copied illegally, and the RFDI system also has security risks of illegal copying, while ordinary RFID systems do not yet have the ability to resist illegal copying.
2) Illegal tracking. Illegal readers may attempt to obtain the identity of a legitimate RFID tag by accessing a legitimate RFID tag, so as to determine whether the tag is consistent with the RFID identity read elsewhere, and then launch a real-time tracking attack on some tags.
3) limited distance attack. The attacker uses a pair of illegal RFID tags and readers to attack at the same time, and the purpose is to illegally enter the Internet of Things system through RFID tags [6].
Aiming at the security problem of RFID technology, some security technologies have been adopted in the existing RFID system , including information encryption technology, identity privacy protection technology and anti-limited distance attack technology [7]. For example, existing RFID devices rely on encryption modules to meet security requirements such as data anti-cracking, anti-attack, anti-replacement, and anti-spoofing, while encryption modules are often expensive and need to be built into terminal devices. Therefore, the existing security protection technology cannot fundamentally solve the inherent security loopholes of RFID equipment.
1.2 Blockchain-based RFID data acquisition and traceability system scheme With the continuous maturity and development of blockchain technology [8] in recent years, IoT data acquisition technologies such as RFlD combined with blockchain can not only meet data security requirements, but also It can effectively reduce the management and hardware cost of the physical encryption module, meet the data security requirements of key infrastructure, special equipment and other key equipment, and enable key data to achieve a higher level of security and traceability. The hierarchical architecture diagram of the blockchain-based RFID data collection and traceability system is shown in Figure 1.
The RFID data collection and traceability system adapted to the blockchain needs to transform two
parts: the IoT gateway and the RFID data collection equipment: 1) The blockchain IoT gateway needs to ensure that the operation of the RFID collection equipment automatically executes the agreed smart contract, and can Conduct data fusion and operation audit; 2) RFID data acquisition equipment needs to have the programmable function of executing smart contracts after transformation, with the unique identification of non-reconfigurable hardware and the non-local storage function of key control, configuration and collected data, so as to effectively prevent information leakage. The blockchain storage process of RFID data is shown in Figure 2. First of all, when the reader is installed and connected to people, it needs to be bound to the gateway through the unique identification code of the reader, and conducts two-way authentication with the gateway every time it is turned on. The reader will bind, authenticate and read and write operations. The data is transmitted to the consensus node (that is, the gateway), and the consensus node organizes and reports it to the sorting node (that is, the server); secondly, the sorting node sorts the operation and data and generates block data, which is distributed to the consensus node; thirdly, the consensus node is confirmed by consensus Finally, the confirmation result is returned to the ordering node; finally, the ordering node adds the confirmed new block to the existing blockchain, and broadcasts the updated chain data to each consensus node for storage.
In summary, the design and implementation of the blockchain-based RFID data collection and traceability system mainly includes
two development tasks: the adaptive transformation of the blockchain and RFID automatic data collection equipment and the development of audit software for the data collection and traceability system.
2 Functions, performance indicators and independent controllable requirements
2.1 Functional indicators
1) RFID automatic data acquisition equipment realizes unique hardware identification to strengthen the security of equipment access to the system; 2
) RFID automatic data acquisition equipment business information and electronic label data Realize zero storage to reduce the risk of leakage of terminal equipment;
3) Realize cross-checking of business blockchain data and RFID automatic data collection equipment operation data, real-time monitoring of equipment operation and operation status, and timely alarm display of abnormal status.
2.2 Performance indicators
The software and hardware performance indicators of this data acquisition traceability system are as follows:
1) The length of the unique identification of the hardware at the acquisition end reaches 64 b;
2) The number of temporary storage instructions for the data acquisition equipment is not less than 15
;
4) The radio frequency identification equipment meets the requirements of the GB/T 29768-2013 and GJB
7377.1A 2018 standards;
5) The wireless sensing indicators meet the requirements of the GJB 7377.2 2011 standard, using 2. 4 GHz encrypted sensing information for wireless transmission.
2.3 Requirements for independent controllability
The degree of independent controllability of the software and hardware localization of the data collection and traceability system needs to be adapted to the Phytium FT 2000+ processor and the Galaxy Kirin
Server 4.0.2 SP3 operating system.
3 Design and implementation of data acquisition and traceability system
3.1 Overall design
The hardware part of the blockchain-based RFID data acquisition and traceability system includes blockchain RFID gateways and RFID automatic data
acquisition equipment, including fixed readers, card issuers, handheld Type reader and its access base, etc.; the software part includes the task management list of the handheld reader running on the access base, the reader management middleware and business management software running on the gateway. The workflow of the data collection and traceability system is shown in Figure 3.
The system consists of the reader and label layer responsible for data collection, the gateway layer responsible for data access and transmission, the server layer responsible for data storage and application support, and the application layer responsible for user interface and comprehensive display. 1) The application layer initiates the business process, and the supporting software of the business platform issues the corresponding instructions; 2) The business software in the gateway splits the instructions and issues the reader instructions to the reader in accordance with the 7383 protocol; 3) The reader executes the instructions through The air interface protocol communicates with the tag and returns the corresponding result; 4) The gateway is responsible for sorting out and fusing relevant data, uploading it to the blockchain server for on-chain storage, and at the same time feeding back the relevant
execution Business, verify the authenticity and accuracy of the data on the chain, and the inspection results are fed back to the application in real time.
3.2 System Architecture
The blockchain-based RFID data collection and traceability system architecture is shown in Figure 4.
Among them, the three main key technologies involved include: hardware unique identification, zero storage and business automatic audit smart contract.
The system architecture in Figure 4 includes 7 modules, including 5 layers of basic technology architecture and 2 shared technology architectures running through the basic technology architecture. Perception layer: Provide basic RFID device access functions, including three types of readers and corresponding tags: fixed reader, handheld reader and card issuer. The basic reading and writing operations of tags in the perception layer are the main components of the blockchain data in this system. Transport layer: provide highly reliable and secure transmission of perception data, and the perception layer data is connected to the gateway through the wired network. Data layer: The data layer provides the most basic data processing functions, such as data encryption, hash function operation, digital signature and other mechanisms, and is the most basic data processing support of blockchain technology [10I. Service layer: From bottom to top, the service layer is the basic layer that provides computing, storage and other services; virtual machines, advanced language editors, etc. for smart contract implementation; node management and account book application services of blockchain technology; database, Middleware, etc., as well as web or CS form access platform. Application layer: Provide RFID application interfaces such as storage, inventory, etc., as well as blockchain-related blockchain browsing, contract chain browsing, etc. Security architecture: including authentication and identity management, authorization and security policy management, and privacy protection related to system security. Supervision and review: including
functions such as supervision support and review implementation responsible for the normal and accurate operation of the system.
3.3 Hardware design and implementation
3.3.1
The unique identification of device selection Make each reader device have a unique and non-repetitive device ID, which is stored in the electronic tag. When the device is registered, the unique identification information and the reader Relevant information is recorded in the blockchain through the registration business to ensure the uniqueness and availability of the unique identifier. The installation of the unique identification label is shown in Figure 5. The label is a buried label, which is installed on the main board of the reader when the reader is assembled. The label has a dual-interface operation mode. When the reader is not powered on, it can be Configure through the 12C interface, issue the unique ID of the device, and read the tag through the air interface.
After the tag is installed and issued, the reader closes the shell to prevent the tag from being damaged.
In order to meet the above requirements, this system selects the domestic independent RFID chip FMl3US08JDI national military standard
12C dual-interface UHF RFID tag chip produced by Fudan Microelectronics. Its main features are:
1) Non-contact interface.
The air interface communication protocol follows the GJB7377.1-2011 standard; the working frequency band is 840-845 MHz, 920-960 MHz; it supports the security authentication and security communication stipulated by GJB; The farthest reading and writing distance of the reader is 7 m; the downlink data rate (from the reader to the tag) is 32-160 Kbps; the uplink data rate (from the tag to the reader) is 10-640 Kbps.
2) Contact interface.
The interface type supports 12C interface; VCC operating voltage range is 1.6 ~ 3.6 V; 12C communication rate supports Standard Mode 100 kHz; supports Fast Mode 400 kHz with zero static power consumption.
3) Dual interface.
Both non-contact and contact ports can access the built-in EEPROM; with flexible interrupt signals, real-time fast data transmission between the external reader and MCU can be completed; open-drain interrupt output is supported as a wake-up signal for the external MCU.
4) Non-volatile memory.
Built-in 8 Kb EEPROM memory, divided into four partitions: label information area, security area, coding area and user area, including label information area 128 b, coding area 1 024 b, safety area 384 b, and user area 6 016 b; The minimum erasing and writing times of EEPROM is not less than 200,000 times; the storage time of EEPROM data is not less than 50 years; the erasing and writing speed of EEPROM is configurable and supports fast writing.
5) Safety features.
Each chip has an independent TID, and the TID cannot be rewritten; the contact end supports write password protection and write lock; the built-in password algorithm supports security authentication and secure communication at the non-contact end; the non-contact end supports read-write password protection and locking functions; The interface supports anti-tracking function.
6) Chip pin definition.
The pin definition of the chip is shown in Figure 6 and Table 1:
3.3.2 Circuit design
The unique identification chip is connected to the MCU of the reader through the 12C interface, and the circuit design is shown in Figure 7 and Figure 8.
The main control MCU communicates with the unique identification chip through the 12C interface, and the main control MCU can use the dedicated 12C interface or GPIO analog mode to realize 12C communication. The main control MCU, as the Master, initiates read and write operations on the uniquely identified chip. The operations that the 12C interface can carry out under the dual-interface configuration include: read and write registers, read and write FIFO, and read and write EEPROM.
3.3.3 PCB Design
The PCB design is shown in Figure 9, and the definitions of each layer are shown in Table 2.
1) Process requirements
The stacked structure is 8-layer board; the size of the through hole is 20/. tm; blind hole size 15 ffm; buried hole size 15/, m; board thickness 1.6 ram; mounting hole
2.7 mm, 8 pieces; all devices are packaged in the standard package library of the product line, and the printed board is made of FR4 board; the electrical assembly process is mainly SMT, and a small number of connectors are manually spot-welded.
2) Layout and wiring design
Modular design is adopted, and each functional module is laid out separately to prevent mutual interference. The core processing device ARM chip is placed in the middle, away from the channel interface to prevent interference. Design the shielding case and consider EMC in the design stage. The whole board adopts manual wiring. Prioritize the key signals of the module to ensure the shortest path and avoid surrounding sensitive devices. The whole board is designed with MARK points to facilitate the positioning of denso.
3.4 Software design and implementation
3.4.1 Unique identification implementation method
The development of acquisition terminal software involved in the unique identification function includes MCU software for fixed, handheld and card issuer equipment, specifically involving command analysis and 12C communication functions, command tables Including query unique instruction table and return table. Query the unique identification command as shown in Figure 10:
send command: 01 FE 00 16 12 13 00 00 00 01 03
E8 00 0A 00 00 00 01 00 82.
Query the unique identifier return command as shown in Figure 11:
the returned UID data is the 64b unique identifier.
Receive command: 01 FE 00 1E 12 13 03 FE 00 18 03
E8 OO 14 00 00 00 01 00 82 00 08 53 48 55 44 49
4E 47 31 SHUDINGl.
3.4.2 Implementation method of zero storage
The software development of the acquisition terminal involved in the zero storage function includes the MCU software of fixed, handheld and card issuer devices. The task list in is automatically cleared after it is executed and closed. Based on the zero storage requirements, it is necessary to design a task list that can be operated offline for the handheld. All business operations of the handheld are issued by the system. The handheld receives and generates a task list through the base. After the user finishes executing the task list, he returns to the operation through the base. As a result, the handheld automatically clears the task list after returning, thus ensuring the legality and safety of all operations on the handheld.
3.4.3 Smart contract implementation
The smart contract [11 12] system framework and application scenarios are realized as follows:
1) Smart contract system framework
The smart contract system framework is shown in Figure 12.
① Contract process.
The contract process realizes a series of fixed contract actions based on contract services , which are connected in series or in parallel according to established business rules, and realizes the execution of business in each process participant by completing each contract action. The contract process includes two types: one is the global contract process, that is, there is only one global contract process and process state, and all participants participate in it; the other is the instance contract process, based on a unified process template, multiple process instances can run simultaneously , do not interfere with each other. All process types are a state machine at runtime, and
the contract process shares the process state among the participants. The contract process can be triggered by time, chain events or application layer.
②Contract service. As the main body of the business contract, the contract service defines the most basic service content of the business contract. Each contract service is a minimal and complete business semantic definition. The contract service defines several operations required to complete the business, and each operation defines the input, output status and business logic commands to be executed.
③Contract code. The contract code implements the input and output states defined by the contract operation and a set of business logic commands to be executed. A command is the smallest execution unit. Any contract implementation that does not conform to the contract service semantics can be identified during testing. Even if there are inconsistencies in individual implementations when the contract is running, it will be excluded by the consensus algorithm and recognized by the blockchain platform.
④Unified account book. The execution of the contract process will generate a corresponding flow log, and the operation log formed by the execution of the contract service will be recorded in the blockchain, forming a data structure that cannot be tampered with and denied, and a unified account book will be formed among each participating node. The ledger needs to organize data in an efficient and standardized way, so as to facilitate the rapid update of the state database, and also facilitate the quick search and backtracking of historical operations.
⑤ time stamp. Blockchain technology realizes distributed timestamp service through the consensus algorithm among P2P network nodes. Time stamps are used to realize a chain that is ordered in time and consists of blocks one by one. Each new block will be stamped with a time stamp when it is generated, and will be connected into a blockchain according to the sequence of block generation, and each independent node will establish a connection through the P2P network to form a decentralized distribution for information data records Time stamp service system, and has the characteristics of no center, tamper-proof, traceable, and high transparency.
2) Realization of business application scenarios
This paper takes the storage processing process of one of the task list business application scenarios as an example to illustrate the implementation of smart contracts. As shown in Figure 13, the warehousing process is first initiated by the application, and the business list is generated in the contract process module, and the business list is backed up for the review mechanism to call. The contract service module calls related services based on the business list to form a task list and issue it. The card issuer After receiving the task list, the warehouse personnel check the items and quantity according to the storage list, and the card issuer will issue the card and verify the label. After the card is issued, the operation data will be uploaded to the contract service module for business data sorting and confirmation, and will be reported to the contract process module if it is correct. Issue block data
.
4 Application Verification of Data Acquisition and
Traceability System The above describes the design and implementation process of the blockchain-based RFID data acquisition and traceability system. Beneficial effects in terms of sex and traceability
.
4.1 Build the actual application scene
Build the actual application scene as shown in Figure 14. The equipment includes gateway, fixed type, card issuer, handheld and base. The card issuer is connected to the gateway through the serial port, the fixed type and the handheld base are connected to the gateway through the network port, and the handheld is placed on the base.
4.2 Typical business application verification
4.2.1 Unique identification, zero storage function verification
The operation steps of device registration and area inventory are as follows:
Step 1. Put the handset into the base and connect to the gateway, it shows Unknown
Device, click to query the unique identifier, and the query results are divided into the following three types:
1) "Registered device" means that the unique identifier has been registered;
2) "Unregistered device" means that the unique identifier has not been registered;
3) "Illegal device" means that the unique identifier cannot be queried.
Step 2. When registering the handset, select the device type as the handset, add a MAC address box on the page, fill in the name, location, etc. and bind it with the unique identifier, and the registered devices will be displayed in the registered list.
Step 3. After registration, click to connect to the handset, and after verifying the unique ID and MAC address, the connection is successfully established, and the status is that the handset is online. When you take the handset away, click Query, and it shows that the handset is offline.
Step 4. Issue the area inventory command, taking TAGI~5 in this area as an example, generate an inventory task list for TAGI~5.
Step 5. The task list is sent to the base of the handset through the network, and the base sends the task list to the handset.
Step 6. The interface of the handset shows that the tasks in the current task list need to carry out an inventory of the equipment of TAGI~5.
Step 7. The operator finds the corresponding device and starts inventory. After TAGI~5 is successfully inventoried, the interface displays the button Write Inventory Logo. Click the button to write the inventory logo. The inventory logo is the top 5 B in the user data area. B are 0x20, 0x20, OxlO, 0x12, OxOl respectively, among which the first 4 B represent the time, and the last 1 B represents the success of the inventory. After the execution is completed, the execution result is returned, and if it is unsuccessful, you can click repeatedly.
Step 8. After the operation is successful, put the handset back to the base, and the inventory result will be uploaded automatically. After the upload is successful, the data displayed on the handset will be cleared.
4.2.2 System software interface display
1) Add devices in the system interface, click OK to save, as
shown in Figure 15
2) Select the device to be connected to connect, the connection status column shows that the connection is successful, click Query, and the unique device ID is displayed, as shown in Figure 16: 3) Unknown devices need to be
registered and bound to the gateway, the system registers the unique device ID, and the device The state changes to the registered device, as shown in Figure 17:
4) Select the reader2 device and the shelf 1 operation area in the task management tab, and send the inventory task to the reader2 device, as shown in Figure 18: 5
) The reader2 device is a handheld device, handheld The mobile phone displays the received task list, execute task 1, count the tag group, execute task 2, write the inventory mark, and put the handset back to the base after the inventory operation is completed, the system will automatically clear the task list, as shown in Figure 19: 6
) After receiving the execution result returned by the handset, the system displays the execution status of Task 1 as "Completed", as shown in Figure 20: The
blockchain-based RFID data collection and traceability system designed and implemented in this paper can meet the requirements of key infrastructure and special equipment. The safety management and control requirements of key equipment can better solve the problems of key equipment data collection and tracking, reporting and aggregation, and equipment traceability. Important life cycle data such as production, registration, distribution, allocation, maintenance, and scrapping in the key equipment management chain are stored in each block to form a non-tamperable and traceable data record chain. The maintenance of the blockchain needs to accept full Network node supervision, the illegal operation of individual nodes will be rejected and resisted by most nodes, thus ensuring the safe and efficient operation of the system[1 3|. In the future, this system can also be promoted and applied to the fields of biopharmaceuticals and life health, such as cold chain food traceability and vaccine product life cycle management.