Threats to Networked RFID Systems

  • Aikaterini Mitrokotsa
  • Michael Beye
  • Pedro Peris-Lopez


RFID technology is an area currently undergoing active development. An issue, which has received a lot of attention, is the security risks that arise due to the inherent vulnerabilities of RFID technology. Most of this attention, however, has focused on related privacy issues. The goal of this chapter is to present a more global overview of RFID threats. This can not only help experts perform risk analyses of RFID systems but also increase awareness and understanding of RFID security issues for non-experts. We use clearly defined and widely accepted concepts from both the RFID area and classical risk analysis to structure this overview.


Replay Attack Differential Power Analysis Fault Attack Privacy Threat Simple Power Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We would like to thank Christos Dimitrakakis for additional proofreading. This work was partially supported by the Netherlands Organization for Scientific Research (NWO) under the RUBICON “Intrusion Detection in Ubiquitous Computing Technologies” grant and the ICT talent grant supported by the Delft Institute for Research on ICT (DIRECT) under the grant “Intrusion Detection and Response in Wireless Communications” awarded to Aikaterini Mitrokotsa.


  1. Agrawal D, Archambeault B, Rao JR et al (2003) The EM Side-Channel(s). In: CHES ’02: Revised Papers from the 4th international workshop on cryptographic hardware and embedded systems, London, UK. Springer, Heidelberg, pp 29–45Google Scholar
  2. Auto-ID Center (2003) Draft protocol specification for a 900 MHz Class 0 Radio Frequency (RF) Identification Tag. Accessed 15 Feb 2010
  3. Avoine G (2005) Cryprography in radio frequency identification and fair exchange protocols. PhD thesis, No. 3407, Ecole Polytechnique Fédérale de Lausanne, Switzerland, December 2005Google Scholar
  4. Avoine G, Lauradoux C, Martin T (2009) When compromised readers meet RFID – extended version. In: Workshop on RFID security – RFIDSec’09, Leuven, BelgiumGoogle Scholar
  5. Avoine G. Oechslin P (2005) RFID traceability: a multilayer problem. In: Patrick A, Yung M (eds) Financial cryptography and data security, 9th International conference, FS 2005, LNCS 3570.. Springer, Heidelberg, pp 125–140CrossRefGoogle Scholar
  6. Ayoade J (2007) Privacy and RFID systems, roadmap for solving security and privacy concerns in RFID systems. Comput Law Secur Rep 23:555–561CrossRefGoogle Scholar
  7. Berkes J (2006) Hardware attacks on cryptographic devices. Technical Report ECE 628, University of WaterlooGoogle Scholar
  8. Burmester M, van Le T, de Madeiros B (2006) Provably secure ubiquitous systems: universally composable RFID authentication protocols. In: 2nd IEEE/CreateNet international conference on security & privacy in communication networks (SECURECOMM 2006), Baltimore, MD, USA, IEEE Computer Society, pp 1–9Google Scholar
  9. Clulow J, Hancke GP, Kuhn MG et al (2006) So near and yet so far: distance-bounding attacks in wireless networks. In: Proceedings of the European workshop on security and privacy in Ad Hoc and sensor networks (ESAS’06), Hamburg, Germany, pp 83–97Google Scholar
  10. Collins J (2006) RFID-Zapper shoots to kill. RFID Journal. Accessed 15 Feb 2010
  11. de Koning Gans G, Hoepman JH, Garcia FD (2008) A practical attack on the MIFARE classic. In: Grimaud G, Standaert FX (eds) Smart card research and advanced applications, 8th IFIP WG 8.8/11.2 International conference, CARDIS 2008, London, UK, September 8–11, 2008, Proceedings, Series LNCS, Subseries Security and Cryptology, vol. 5189, Springer, HeidelbergGoogle Scholar
  12. Desmedt Y(1988) Major security problems with the “unforgeable” (Feige-)Fiat- Shamir proofs for identity and how to overcome them. In 6th worldwide congress on computer and communications security and protection (Securicomm’88), Paris, 15–17 March, pp 147–159Google Scholar
  13. European Commission (1995) Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free Movement of such data. Official Journal of European Communities L.281:31Google Scholar
  14. Garfinkel S, Juels A, Pappu R (2005) RFID privacy: an overview of problems and proposed solutions. IEEE Secur Priv 3(3):34–43CrossRefGoogle Scholar
  15. Garcia FD, de Koning Gans G, Muijers R et al (2008) Dismantling MIFARE Classic. In: Jajodia S, Lopez J (eds) ESORICS 2008, LNCS 5283. Springer, Heidelberg, pp 97–114Google Scholar
  16. Han DG, Tagaki T, Kim HW et al (2006) New security problem in RFID systems “tag killing”. In: Computational science and its application – ICCSA 2006, workshop on applied cryptography and information security (ACIS 2006), LNCS 3982. Springer, Heidelberg, pp 375–384Google Scholar
  17. Hancke GP (2005) A practical relay attack on ISO 14443 proximity cards. Technical Report, University of Cambridge, Computer LaboratoryGoogle Scholar
  18. Hancke GP, Kuhn MG (2008) Attacks on time-of-flight distance bounding attacks. In: 1st ACM conference on wireless network security, ACM, New York, NY, pp 375–384Google Scholar
  19. Haselsteiner E, Breitfuß K (2006) Security in near field communication (NFC) – strengths and weaknesses. In: Workshop on RFID security, Graz, Austria, 12–14 July 2006, pp 1–9Google Scholar
  20. Heydt-Benjami TS, Bailey DV, Fu K et al. (2008) Vulnerabilities in first generation RFID-enabled credit cards. Financial cryptography and data security, 11th international conference, FC 2007, and 1st international workshop on usable security, USEC 2007, Scarborough, Trinidad and Tobago, February 12–16, 2007, LNCS 4886. Springer, Heidelberg, pp 2–14Google Scholar
  21. Hutter M, Mangard S, Felhofer M (2007) Power and EM attacks on passive 13.56 MHz RFID devices. In: Paillier P, Verbauwhede (eds) CHES 2007, LNCS 4727. Springer, Heidelberg, pp 320–333Google Scholar
  22. Hutter M, Medwed M, Hein D et al (2009) Attacking ECDSA-enabled RFID devices. In: Abdalla M et al (eds) ACNS 2009, LNCS 5536. Springer, Heidelberg, pp 519–534Google Scholar
  23. ISO (International Organization for Standardization) (2005) ISO/IEC 27001: 2005 information technology – security techniques – Specification for an information security management system. Accessed 15 Feb 2010
  24. Juels A (2005) Strengthening EPC tags against cloning. In: Jacobson M, Poovendran R (eds) ACM workshop on wireless security (WiSe’05), LNCS 3982. Springer, Heidelberg, pp 67–76Google Scholar
  25. Juels A (2006) RFID security and privacy: a research survey. In: IEEE J Sel Areas Commun 24(2):381–394MathSciNetCrossRefGoogle Scholar
  26. Juels A, Rivest R, Szydlo M (2003) The Blocker Tag: selective blocking of RFID tags for consumer privacy. In: Proceedings of the 10th ACM conference on computer and communication security. ACM New York, NY, USA, pp 103–111Google Scholar
  27. Juels A, Weis S (2007) Defining strong privacy for RFID. In: Proceedings of the 5th annual IEEE international conference on pervasive computing and communications Workshop (PercomW’07), March 19–23, White Plains, NY, pp 342–347Google Scholar
  28. Karygiannis T, Phillips T, Tsibertzopoulos A (2006) RFID Security: a taxonomy of risk. In: Proceedings of the 1st international conference on communications and networking in China (China’Com 2006), October 2006. IEEE Press, pp 1–8Google Scholar
  29. Karygiannis T, Eydt B, Barber G et al (2007) Guidelines for securing Radio Frequency Identification (RFID) systems. Special Publication 800–98, National Institute of Standards and Technology, Technology Administration U.S. Department of Commerce, Accessed 15 Feb 2010Google Scholar
  30. Kaufman C, Perlaman R, Speciner M (2002) Network security: private communication in a public world, 2nd Edn. Prentice Hall, Upper Saddle River, NJGoogle Scholar
  31. Kfir Z, Wool A (2005) Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the 1st international conference on security and privacy (SECURECOMM’05) . IEEE Computer Society Press, September 5–9, Athens, Greece, pp 47–48Google Scholar
  32. Kim CH, Avoine G, Koeunem F et al. (2008) The Swiss-Knife RFID distance bounding protocol. In: Lee PJ, Cheon JH (eds) International conference on information security and cryptology – ICISC, LNCS 5461. Springer, Heidelberg, pp 98–115Google Scholar
  33. Kocher PC, Jaffe J, Jun B (1999) Differential power analysis. In: Wiener M (ed) Advances in Cryptology – CRYPTO ’99, vol. 1666. Springer,, Heidelberg, pp 388–397CrossRefGoogle Scholar
  34. Lowry J (2004) Adversary modeling to develop forensic observables. In: 4th annual digital forensics research workshop 2004, Baltimore, MD, pp 204–213Google Scholar
  35. Mirowski L, Hartnett J, Williams R (2009) An RFID attacker behavior taxonomy. IEEE Pervasive Computing, Scholar
  36. Mitrokotsa A, Rieback MR, Tanenbaum AS (2009) Classifying RFID attacks and defenses. Special issue on advances in RFID technology, Inf Syst Front, Springer. doi: 10.1007/s10796-009-9210-z, July 2009Google Scholar
  37. O’Brien DF (2008) RFID: an introduction to security issues and concerns. In: Wiles J, Rogers R (eds) Techno security’s guide to managing risks for IT managers, auditors, and investigators, Syngress Press, Burlington, MAGoogle Scholar
  38. Oertel B, Wölk M, Hilty L et al (2004) Security aspects and prospective applications of RFID systems. Federal Office for Information Security. Accessed 15 Feb 2010
  39. Ohkubo M, Suzuki K, Kinoshita K (2004) Hash-chain based forward-secure privacy protection scheme for low-cost RFID. In: Proceedings of the symposium on cryptography and information security (SCIS 2004), vol. 1, Sendai, Japan, January 2004, pp 719–724Google Scholar
  40. Ohkubo M, Suzuki K, Kinoshita S (2003) Cryptographic approach to “privacy-friendly” tags. In: RFID privacy workshop, MIT, MAGoogle Scholar
  41. Oren Y, Shamir A (2007) Remote password extraction from RFID tags. In: IEEE Transactions on Computers. 56(9): 1292–1296. doi:10.1109/TC.2007.1050MathSciNetCrossRefGoogle Scholar
  42. Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM et al. (2006) RFID systems: a survey on security threats and proposed solutions. In: Cuenca P, Orozco-Barbosa (eds) PWC 2006, LNCS 4217. Springer, Heidelberg, pp 159–170Google Scholar
  43. Plos T (2008) Susceptibility of UHF RFID tags to electromagnetic analysis. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964. Springer, Heidelberg, pp 288–300Google Scholar
  44. Radomirovic S, van Deursen T (2008) Vulnerabilities in RFID protocols due to algebraic properties. In: 3rd Benelux workshop on information and system security, Eindhoven, The NetherlandsGoogle Scholar
  45. Reid D (2006) ePassport “at risk” from cloning. Accessed 15 Feb 2010
  46. Reid JT, Tang T, Gonzalez Nieto JM (2007) Detecting relay attacks with timing-based protocols. In: 2nd ASIAN ACM symposium on information, computer and communications security, Singapore, 2007. ACM New York, NY, USA, pp 204–213Google Scholar
  47. Rieback M, Crispo B, Tanenbaum A (2005) RFID Guardian: A battery-powered mobile device for RFID privacy management. In: Mu Y, Susilo W, Seberry J (eds) Information security privacy, 13th Australian conference, (ACISP 2008), Wollonong, Australia, July 7–9, 2008, Proceedings, LNCS 5107. Springer, Heidelberg, pp 184–194Google Scholar
  48. Rieback M, Crispo B, Tanenbaum A (2006) Is your cat infected with a computer virus? In: Proceedings of the 4th IEEE international conference on pervasive computing and communications (PerComm 2006), IEEE Computer Society, Washington, DC,Google Scholar
  49. Riscure (2006) Privacy issue in electronic passport. Accessed 15 Fe 2010
  50. SAG Security Assembly Group (2010) SAG RFID tamper proof label. Accessed 15 Feb 2010
  51. Singlee D, Preneel B (2005) Location verification using secure distance bounding protocols. In: Proceedings of the IEEE international mobile ad hoc and sensor systems conference, Washington, DC, 7–7 November, pp. 840–847Google Scholar
  52. Swedberg C (2006) Broadcom introduces secure RFID chip. RFID Journal, 29 June 2006. Accessed 15 Feb 2010
  53. Sweeney PJ (2005) RFID for dummies. Wiley, Indianapolis, INGoogle Scholar
  54. Tanenbaum AS (2008) Dutch public transit card broken: RFID replay attack allows free travel in the Netherlands, Accessed 20 Nov 2009
  55. Tu YJ, Piramuthu S (2007) RFID distance bounding protocols. In: 1st international EURASIP workshop in RFID technology, Vienna, Austria, 24–25 SeptemberGoogle Scholar
  56. Vaudenay S (2007) On privacy models for RFID. In: Proceedings of ASIACRYPT’07, vol. 4833, LNCS. Springer, Heidelberg, pp 68–87Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Aikaterini Mitrokotsa
    • 1
  • Michael Beye
    • 1
  • Pedro Peris-Lopez
    • 1
  1. 1.Security Lab, Faculty of Electrical Engineering, Mathematics and Computer ScienceDelft University of Technology (TU Delft)DelftThe Netherlands

Personalised recommendations