Abstract
RFID technology is an area currently undergoing active development. An issue, which has received a lot of attention, is the security risks that arise due to the inherent vulnerabilities of RFID technology. Most of this attention, however, has focused on related privacy issues. The goal of this chapter is to present a more global overview of RFID threats. This can not only help experts perform risk analyses of RFID systems but also increase awareness and understanding of RFID security issues for non-experts. We use clearly defined and widely accepted concepts from both the RFID area and classical risk analysis to structure this overview.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agrawal D, Archambeault B, Rao JR et al (2003) The EM Side-Channel(s). In: CHES ’02: Revised Papers from the 4th international workshop on cryptographic hardware and embedded systems, London, UK. Springer, Heidelberg, pp 29–45
Auto-ID Center (2003) Draft protocol specification for a 900 MHz Class 0 Radio Frequency (RF) Identification Tag. http://www.epcglobalinc.org/standards/specs/900_MHz_Class_0_RFIDTag_Specification.pdf. Accessed 15 Feb 2010
Avoine G (2005) Cryprography in radio frequency identification and fair exchange protocols. PhD thesis, No. 3407, Ecole Polytechnique Fédérale de Lausanne, Switzerland, December 2005
Avoine G, Lauradoux C, Martin T (2009) When compromised readers meet RFID – extended version. In: Workshop on RFID security – RFIDSec’09, Leuven, Belgium
Avoine G. Oechslin P (2005) RFID traceability: a multilayer problem. In: Patrick A, Yung M (eds) Financial cryptography and data security, 9th International conference, FS 2005, LNCS 3570.. Springer, Heidelberg, pp 125–140
Ayoade J (2007) Privacy and RFID systems, roadmap for solving security and privacy concerns in RFID systems. Comput Law Secur Rep 23:555–561
Berkes J (2006) Hardware attacks on cryptographic devices. Technical Report ECE 628, University of Waterloo
Burmester M, van Le T, de Madeiros B (2006) Provably secure ubiquitous systems: universally composable RFID authentication protocols. In: 2nd IEEE/CreateNet international conference on security & privacy in communication networks (SECURECOMM 2006), Baltimore, MD, USA, IEEE Computer Society, pp 1–9
Clulow J, Hancke GP, Kuhn MG et al (2006) So near and yet so far: distance-bounding attacks in wireless networks. In: Proceedings of the European workshop on security and privacy in Ad Hoc and sensor networks (ESAS’06), Hamburg, Germany, pp 83–97
Collins J (2006) RFID-Zapper shoots to kill. RFID Journal. http://www.rfidjournal.com/article/print/2098. Accessed 15 Feb 2010
de Koning Gans G, Hoepman JH, Garcia FD (2008) A practical attack on the MIFARE classic. In: Grimaud G, Standaert FX (eds) Smart card research and advanced applications, 8th IFIP WG 8.8/11.2 International conference, CARDIS 2008, London, UK, September 8–11, 2008, Proceedings, Series LNCS, Subseries Security and Cryptology, vol. 5189, Springer, Heidelberg
Desmedt Y(1988) Major security problems with the “unforgeable” (Feige-)Fiat- Shamir proofs for identity and how to overcome them. In 6th worldwide congress on computer and communications security and protection (Securicomm’88), Paris, 15–17 March, pp 147–159
European Commission (1995) Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free Movement of such data. Official Journal of European Communities L.281:31
Garfinkel S, Juels A, Pappu R (2005) RFID privacy: an overview of problems and proposed solutions. IEEE Secur Priv 3(3):34–43
Garcia FD, de Koning Gans G, Muijers R et al (2008) Dismantling MIFARE Classic. In: Jajodia S, Lopez J (eds) ESORICS 2008, LNCS 5283. Springer, Heidelberg, pp 97–114
Han DG, Tagaki T, Kim HW et al (2006) New security problem in RFID systems “tag killing”. In: Computational science and its application – ICCSA 2006, workshop on applied cryptography and information security (ACIS 2006), LNCS 3982. Springer, Heidelberg, pp 375–384
Hancke GP (2005) A practical relay attack on ISO 14443 proximity cards. Technical Report, University of Cambridge, Computer Laboratory
Hancke GP, Kuhn MG (2008) Attacks on time-of-flight distance bounding attacks. In: 1st ACM conference on wireless network security, ACM, New York, NY, pp 375–384
Haselsteiner E, Breitfuß K (2006) Security in near field communication (NFC) – strengths and weaknesses. In: Workshop on RFID security, Graz, Austria, 12–14 July 2006, pp 1–9
Heydt-Benjami TS, Bailey DV, Fu K et al. (2008) Vulnerabilities in first generation RFID-enabled credit cards. Financial cryptography and data security, 11th international conference, FC 2007, and 1st international workshop on usable security, USEC 2007, Scarborough, Trinidad and Tobago, February 12–16, 2007, LNCS 4886. Springer, Heidelberg, pp 2–14
Hutter M, Mangard S, Felhofer M (2007) Power and EM attacks on passive 13.56 MHz RFID devices. In: Paillier P, Verbauwhede (eds) CHES 2007, LNCS 4727. Springer, Heidelberg, pp 320–333
Hutter M, Medwed M, Hein D et al (2009) Attacking ECDSA-enabled RFID devices. In: Abdalla M et al (eds) ACNS 2009, LNCS 5536. Springer, Heidelberg, pp 519–534
ISO (International Organization for Standardization) (2005) ISO/IEC 27001: 2005 information technology – security techniques – Specification for an information security management system. http://www.iso.org/iso/catalogue_detail?csnumber=42103. Accessed 15 Feb 2010
Juels A (2005) Strengthening EPC tags against cloning. In: Jacobson M, Poovendran R (eds) ACM workshop on wireless security (WiSe’05), LNCS 3982. Springer, Heidelberg, pp 67–76
Juels A (2006) RFID security and privacy: a research survey. In: IEEE J Sel Areas Commun 24(2):381–394
Juels A, Rivest R, Szydlo M (2003) The Blocker Tag: selective blocking of RFID tags for consumer privacy. In: Proceedings of the 10th ACM conference on computer and communication security. ACM New York, NY, USA, pp 103–111
Juels A, Weis S (2007) Defining strong privacy for RFID. In: Proceedings of the 5th annual IEEE international conference on pervasive computing and communications Workshop (PercomW’07), March 19–23, White Plains, NY, pp 342–347
Karygiannis T, Phillips T, Tsibertzopoulos A (2006) RFID Security: a taxonomy of risk. In: Proceedings of the 1st international conference on communications and networking in China (China’Com 2006), October 2006. IEEE Press, pp 1–8
Karygiannis T, Eydt B, Barber G et al (2007) Guidelines for securing Radio Frequency Identification (RFID) systems. Special Publication 800–98, National Institute of Standards and Technology, Technology Administration U.S. Department of Commerce, csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf. Accessed 15 Feb 2010
Kaufman C, Perlaman R, Speciner M (2002) Network security: private communication in a public world, 2nd Edn. Prentice Hall, Upper Saddle River, NJ
Kfir Z, Wool A (2005) Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the 1st international conference on security and privacy (SECURECOMM’05) . IEEE Computer Society Press, September 5–9, Athens, Greece, pp 47–48
Kim CH, Avoine G, Koeunem F et al. (2008) The Swiss-Knife RFID distance bounding protocol. In: Lee PJ, Cheon JH (eds) International conference on information security and cryptology – ICISC, LNCS 5461. Springer, Heidelberg, pp 98–115
Kocher PC, Jaffe J, Jun B (1999) Differential power analysis. In: Wiener M (ed) Advances in Cryptology – CRYPTO ’99, vol. 1666. Springer,, Heidelberg, pp 388–397
Lowry J (2004) Adversary modeling to develop forensic observables. In: 4th annual digital forensics research workshop 2004, Baltimore, MD, pp 204–213
Mirowski L, Hartnett J, Williams R (2009) An RFID attacker behavior taxonomy. IEEE Pervasive Computing, doi:doi.ieeecomputersociety.org/10.1109/MPRV.2009.68
Mitrokotsa A, Rieback MR, Tanenbaum AS (2009) Classifying RFID attacks and defenses. Special issue on advances in RFID technology, Inf Syst Front, Springer. doi: 10.1007/s10796-009-9210-z, July 2009
O’Brien DF (2008) RFID: an introduction to security issues and concerns. In: Wiles J, Rogers R (eds) Techno security’s guide to managing risks for IT managers, auditors, and investigators, Syngress Press, Burlington, MA
Oertel B, Wölk M, Hilty L et al (2004) Security aspects and prospective applications of RFID systems. Federal Office for Information Security. http://www.rfidconsultation.eu/docs/ficheiros/RIKCHA_englisch_Layout.pdf. Accessed 15 Feb 2010
Ohkubo M, Suzuki K, Kinoshita K (2004) Hash-chain based forward-secure privacy protection scheme for low-cost RFID. In: Proceedings of the symposium on cryptography and information security (SCIS 2004), vol. 1, Sendai, Japan, January 2004, pp 719–724
Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to “privacy-friendly” tags. In: RFID privacy workshop, MIT, MA
Oren Y, Shamir A (2007) Remote password extraction from RFID tags. In: IEEE Transactions on Computers. 56(9): 1292–1296. doi:10.1109/TC.2007.1050
Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM et al. (2006) RFID systems: a survey on security threats and proposed solutions. In: Cuenca P, Orozco-Barbosa (eds) PWC 2006, LNCS 4217. Springer, Heidelberg, pp 159–170
Plos T (2008) Susceptibility of UHF RFID tags to electromagnetic analysis. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964. Springer, Heidelberg, pp 288–300
Radomirovic S, van Deursen T (2008) Vulnerabilities in RFID protocols due to algebraic properties. In: 3rd Benelux workshop on information and system security, Eindhoven, The Netherlands
Reid D (2006) ePassport “at risk” from cloning. http://news.bbc.co.uk/2/hi/programmes/click_online/6182207.stm. Accessed 15 Feb 2010
Reid JT, Tang T, Gonzalez Nieto JM (2007) Detecting relay attacks with timing-based protocols. In: 2nd ASIAN ACM symposium on information, computer and communications security, Singapore, 2007. ACM New York, NY, USA, pp 204–213
Rieback M, Crispo B, Tanenbaum A (2005) RFID Guardian: A battery-powered mobile device for RFID privacy management. In: Mu Y, Susilo W, Seberry J (eds) Information security privacy, 13th Australian conference, (ACISP 2008), Wollonong, Australia, July 7–9, 2008, Proceedings, LNCS 5107. Springer, Heidelberg, pp 184–194
Rieback M, Crispo B, Tanenbaum A (2006) Is your cat infected with a computer virus? In: Proceedings of the 4th IEEE international conference on pervasive computing and communications (PerComm 2006), IEEE Computer Society, Washington, DC,
Riscure (2006) Privacy issue in electronic passport. http://www.riscure.com/contact/privacy-issue-in-electronic-passport.html. Accessed 15 Fe 2010
SAG Security Assembly Group (2010) SAG RFID tamper proof label. http://www.sag.com.tw/index.php?_Page=product&mode=show&cid=7&pid=32&SetLang=en-us. Accessed 15 Feb 2010
Singlee D, Preneel B (2005) Location verification using secure distance bounding protocols. In: Proceedings of the IEEE international mobile ad hoc and sensor systems conference, Washington, DC, 7–7 November, pp. 840–847
Swedberg C (2006) Broadcom introduces secure RFID chip. RFID Journal, 29 June 2006. http://rfidjournal.com/article/view/2464/1/1. Accessed 15 Feb 2010
Sweeney PJ (2005) RFID for dummies. Wiley, Indianapolis, IN
Tanenbaum AS (2008) Dutch public transit card broken: RFID replay attack allows free travel in the Netherlands, http://www.cs.vu.nl/~ast/ov-chip-card/. Accessed 20 Nov 2009
Tu YJ, Piramuthu S (2007) RFID distance bounding protocols. In: 1st international EURASIP workshop in RFID technology, Vienna, Austria, 24–25 September
Vaudenay S (2007) On privacy models for RFID. In: Proceedings of ASIACRYPT’07, vol. 4833, LNCS. Springer, Heidelberg, pp 68–87
Acknowledgments
We would like to thank Christos Dimitrakakis for additional proofreading. This work was partially supported by the Netherlands Organization for Scientific Research (NWO) under the RUBICON “Intrusion Detection in Ubiquitous Computing Technologies” grant and the ICT talent grant supported by the Delft Institute for Research on ICT (DIRECT) under the grant “Intrusion Detection and Response in Wireless Communications” awarded to Aikaterini Mitrokotsa.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Mitrokotsa, A., Beye, M., Peris-Lopez, P. (2011). Threats to Networked RFID Systems. In: Ranasinghe, D., Sheng, Q., Zeadally, S. (eds) Unique Radio Innovation for the 21st Century. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03462-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-03462-6_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03461-9
Online ISBN: 978-3-642-03462-6
eBook Packages: Computer ScienceComputer Science (R0)