Abstract
More than half a century after its inception, radiofrequency identification (RFID) technologies are finally living up to their long promised capabilities. They are being rewarded with pervasive deployments in closed loop applications and the initial deployments in the even more pervasive open loop supply chain management applications. By providing accurate, real-time, human out-of-the loop asset and product monitoring throughout the world’s supply chains, RFID technologies are beginning to improve the efficiency and security of these chains. The use of RFID technologies in these open loop supply chains is still in its infancy with all of the learning and growing pains that the introduction of a new technology entails. Security is of paramount importance in the deployment of RFID systems, particularly when they are being deployed, in part, to enhance the security of the supply chains. It is therefore appropriate that we examine now the potential security vulnerabilities inherent in the RFID systems currently being deployed in the supply chains of the world. Instead of covering the expansive RFID security landscape in this paper, we focus on the security vulnerabilities in the use of the data retrieved from an RFID tag. We conclude that the data stored on an RFID tag provides no more a security vulnerability to a system than any other manner of importing data into that system. Furthermore, the limited and highly structured nature of the data stored on the license plate RFID tags being used for supply chain management eliminates the potential for any security vulnerability due to the use of the tag data in a competent system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Melanie R. Rieback Bruno Crispo Andrew S. Tanenbaum, “Is Your Cat Infected with a Computer Virus?”, Vrije Universiteit Amsterdam, Computer Systems Group, IEEE PerCom 2006
Chris Anley, “Advanced SQL Injection In SQL Server Applications”, 2002 Next Generation Security Software Ltd, http://www.nextgenss.com/papers/advanced sql injection.pdf
Chris Anley, “(more) Advanced SQL Injection”, 2002 Next Generation Security Software Ltd, http://www.nextgenss.com/papers/more advanced sql injection.pdf
SQL Server Security Checklist, http://www.sqlsecurity.com/checklist.asp
“Stop SQL Injection Attacks Before They Stop You”, http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/default.aspx
C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole “Buffer overflows: Attacks and defenses for the vulnerability of the decade.” In Proceedings of the DARPA Information Survivability Conference and Expo, 1999
Centre of Internet security expertise, http://www.cert.org
Pierre-Alain FAYOLLE, Vincent GLAUME, “A Buffer Overflow Study, Attacks & Defenses”, ENSEIRB Networks and Distributed Systems 2002
Cert coordination center, vulnerability note vu#363715. http://www.kb.cert.org/vuls/ id/363715.
David A. Wheeler, “Secure Programming for Linux and Unix HOWTO”, http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.pdf
“ALR-9800 ENTERPRISE RFID READER” http://alientechnology.com/docs/ AT DS 9800 v3 WEB.pdf
“Mercury 4 EPCglobal Gen2 certified in all modes, including Dense Reader Mode Intelligent, Network Ready, Reads Any Tag” http://www.thingmagic.com/html/pdf/ m4brochure.pdf
“XR400 RFID Reader” http://www.thingmagic.com/html/pdf/m4brochure.pdf
Eric Haugh, Matt Bishop “Testing C Programs for Buffer Overflow Vulnerabilities”, University of California at Davis http://www.isoc.org/isoc/conferences/ndss/03/ proceedings/papers/8.pdf
“Windows Server 2003 in a Managed Environment”,http://www.microsoft.com/ technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/13 s3iis.mspx
David Litchfield, “Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server.”http://www.ngssoftware.com/papers/ defeating-w2k3-stack-protection.pdf
“Host Port Interface Reference Guide”, http://focus.ti.com/lit/ug/spru588b/ spru588b.pdf
“EPCglobal Class 1 Gen 2 RFID Specification”,http://www.alientechnology.com/ docs/AT wp EPCGlobal WEB.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Jamali, B., Cole, P., Engels, D. (2008). RFID Tag Vulnerabilities in RFID Systems. In: Cole, P., Ranasinghe, D. (eds) Networked RFID Systems and Lightweight Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71641-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-71641-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71640-2
Online ISBN: 978-3-540-71641-9
eBook Packages: Computer ScienceComputer Science (R0)