RFID Systems: A Survey on Security Threats and Proposed Solutions

  • Pedro Peris-Lopez
  • Julio Cesar Hernandez-Castro
  • Juan M. Estevez-Tapiador
  • Arturo Ribagorda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4217)

Abstract

Low-cost Radio Frequency Identification (RFID) tags affixed to consumer items as smart labels are emerging as one of the most pervasive computing technology in history. This can have huge security implications. The present article surveys the most important technical security challenges of RFID systems. We first provide a brief summary of the most relevant standards related to this technology. Next, we present an overview about the state of the art on RFID security, addressing both the functional aspects and the security risks and threats associated to its use. Finally, we analyze the main security solutions proposed until date.

Keywords

RFID Security Pervasive Computing Ubiquitous Computing Security and Privacy 

References

  1. 1.
    Avoine, G., Oechslin, P.: A scalable and provably secure hash-based RFID protocol. In: PERSEC 2005, pp. 110–114. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  2. 2.
    Balanis, C.A.: Antenna theory: analysis and design. John Wiley, Chichester (1997)Google Scholar
  3. 3.
    Biryukov, A., Lano, J., Preneel, B.: Recent attacks on alleged securid and their practical implications. Computers and Security 24(5), 364–370 (2005)CrossRefGoogle Scholar
  4. 4.
    CASPIAN (2005), http://www.nocards.org/
  5. 5.
    Auto-ID Center. 900 MHz class 0 radio frequency (RF) identification tag specification. Draft (March 2003)Google Scholar
  6. 6.
    Choi, E.Y., Lee, S.M., Lee, D.H.: Efficient RFID authentication protocol for ubiquitous computing environment. In: RSCTC 2000. LNCS, Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proc. of SECURECOMM (2005)Google Scholar
  8. 8.
    GS1 - EAN International (June 2005), http://www.ean-int.org/
  9. 9.
    EPCglobal (June 2005), http://www.epcglobalinc.org/
  10. 10.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Garfinkel, S.: Bill of Rights (October 2002), http://www.technologyreview.com
  12. 12.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.F.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Gunther, O., Spiekermann, S.: RFID and the perception of control: the consumer’s view. Commun. ACM 48(9), 73–76 (2005)CrossRefGoogle Scholar
  14. 14.
    Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: PERSEC 2004, pp. 149–153. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  15. 15.
    ITU page on definitions of ISM bands (September 2005), http://www.itu.int/ITU-R/terrestrial/faq/index.html
  16. 16.
    Juels, A.: Minimalist cryptography for low-cost RFID tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Juels, A., Brainard, J.: Soft blocking: Flexible blocker tags on the cheap. In: WPES 2004, pp. 1–7. ACM Press, New York (2004)CrossRefGoogle Scholar
  18. 18.
    Juels, A., Pappu, R.: Squealing euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Juels, A., Rivest, R., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: ACM CCS 2003, pp. 103–111. ACM Press, New York (2003)CrossRefGoogle Scholar
  20. 20.
    Juels, A., Weis, S.A.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3126, pp. 293–308. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Jung, M., Fiedler, H., Lerch, R.: 8-bit microcontroller system with area efficient AES coprocessor for transponder applications. In: Ecrypt Workshop on RFID and Lightweight Crypto (2005)Google Scholar
  22. 22.
    Kinoshita, S., Hoshino, F., Komuro, T., Fujimura, A., Ohkubo, M.: Low-cost RFID privacy protection scheme. IPS Journal 45(8), 2007–2021 (2003)Google Scholar
  23. 23.
    Lee, S.M., Hwang, Y.J., Lee, D.-H., Lim, J.-I.: Efficient Authentication for Low-Cost RFID Systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3480, pp. 619–627. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    mCloak for RFID tags (September 2005), http://www.mobilecloak.com/rfidtag/rfid.tag.html
  25. 25.
    Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable, pseudonym protocol enabling ownership transfer of RFID tags. In: Ecrypt Workshop on RFID and Lightweight Crypto (July 2005)Google Scholar
  26. 26.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: ACM CCS 2004, pp. 210–219. ACM Press, New York (2004)CrossRefGoogle Scholar
  27. 27.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop (2003)Google Scholar
  28. 28.
    Saito, J., Ryou, J.-C., Sakurai, K.: Enhancing privacy of universal re-encryption scheme for RFID tags. In: Yang, L.T., Guo, M., Gao, G.R., Jha, N.K. (eds.) EUC 2004. LNCS, vol. 3207, pp. 879–890. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Sean, W., Thomas, L.: Automatic identification and data collection technologies in the transportation industry: BarCode and RFID. Technical report (2001)Google Scholar
  30. 30.
    Vajda, I., Buttyán, L.: Lightweight authentication protocols for low-cost RFID tags. In: UBICOMP 2003 (2003)Google Scholar
  31. 31.
    Weis, S.: Security parallels between people and pervasive devices. In: PERSEC 2005, pp. 105–109. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  32. 32.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  33. 33.
    Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)CrossRefGoogle Scholar
  34. 34.
    Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual authentication protocol for low-cost RFID. In: Ecrypt Workshop on RFID and Lightweight Crypto (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Pedro Peris-Lopez
    • 1
  • Julio Cesar Hernandez-Castro
    • 1
  • Juan M. Estevez-Tapiador
    • 1
  • Arturo Ribagorda
    • 1
  1. 1.Computer Science DepartmentCarlos III University of Madrid 

Personalised recommendations