Skip to main content
SpringerLink
Log in

RFID Security and Privacy

  • Chapter
RFID Security

Abstract

Radio Frequency IDentification (RFID) is a method of remotely storing and retrieving data using small and inexpensive devices called RFID tags. Products labeled with such tags can be scanned efficiently using readers that do not require line-of-sight. This form of identification, often seen as a replacement of barcode technology, can lead to improved logistics, efficient inventory management, and ultimately better customer service.

However, the widespread use of radio frequency identification also introduces serious security and privacy risks since information stored in tags can easily be retrieved by hidden readers, eventually leading to violation of user privacy and tracking of individuals by the tags they carry.

In this chapter, we will start by building some background on the types, characteristics, and applications of RFID systems. Then we will describe some of the potential uses and abuses of this technology, discuss in more detail the attacks that can be applied to RFID systems and, finally, review some of the countermeasures that have been proposed to date.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. WalMart (2003) Wal-Mart Details RFID Requirement. Article appears in http://www. rfidjournal.com/article/articleview/642/1/1/

  2. DoD(2003) U.S. Military to Issue RFID Mandate. Article appears in http://www.rfidjournal.com/article/articleview/576/1/1/

  3. S.E. Sarma, S.A. Weis, and D.W. Engels (2002) RFID systems, security and privacy implications. Technical Report MIT-AUTOID-WH-014, AutoID Center, MIT

    Google Scholar 

  4. About the EPCglobal network. http://www.epcglobalinc.org/about/

  5. B. Fabian, O. G ünther, and S. Spiekermann (2005) Security Analysis of the Object Name Service for RFID. In: Security, Privacy and Trust in Pervasive and Ubiquitous Computing

    Google Scholar 

  6. K.R. Foster and J. Jaeger (2007) RFID inside: The murky ethics of implanted chips. IEEE Spectrum, March 20–25. Available at http://www.spectrum.ieee.org/mar07/4939

  7. Euro Bank Notes to Embed RFID Chips by 2005. Article appears in http://www.eetimes. com/story/OEG20011219S0016

  8. ICAO (2004). Document 9303, Machine readable travel documents

    Google Scholar 

  9. A. Juels, D. Molnar, and D. Wagner (2005) Security and privacy issues in e-passports. In: D. Gollman, G. Li, and G. Tsudik, editors. IEEE/CreateNet SecureComm

    Google Scholar 

  10. Wired (2006) Hackers Clone E-Passports. Available at http://www.wired.com/science/discoveries/news/2006/08/71521

  11. “Securing communications between mobile phones or other similar devices”, SHA-1 fingerprint: 0x17503346d69b83f1cc9c2c4a43ee748e250b29c4, MD5 fingerprint: 0xae8e0db-474913e9162e058521cae30a4, Version 2, Manuscript 2007

    Google Scholar 

  12. M. Usami (2004) An ultra small RFID chip:µ -chip. In: IEEE Asia-Pacific Conference on Advanced System Integrated Circuits AP-ASIC 2004, Fukuoka, Japan, pp. 25

    Google Scholar 

  13. R. Stapleton-Gray (2005) Would Macys scan Gimbels? Competitive intelligence and RFID. In: S. Garfinkel and B. Rosenberg, editors, RFID: Applications, Security, and Privacy, Addison-Wesley, Reading, MA, pp. 283–290

    Google Scholar 

  14. S. Garfinkel, A. Juels, and R. Pappu (2005) RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy, 3(3): 34–43

    Article  Google Scholar 

  15. S. Garfinkel and B. Rosenberg, editors, Reading, MA, (2005) RFID: Applications, Security, and Privacy. Addison-Wesley

    Google Scholar 

  16. K. Albrecht and L. McIntyre (2005) Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID. Nelson Current

    Google Scholar 

  17. Sanjay E. Sarma, Towards the five-cent tag, Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center, 2001. Available from http://www.autoidcenter.org

  18. S.C. Bono, M. Green, A. Stubblefield, A. Juels, A. D. Rubin, and M. Szydlo (2005) Security Analysis of a Cryptographically-Enabled RFID Device. In: Fourteenth USENIX Security Symposium

    Google Scholar 

  19. J. Westhues (2005) Hacking the Prox Card. In: S. Garfinkel and B. Rosenberg, editors, RFID: Applications, Security, and Privacy, Addison-Wesley, Reading, MA, pp. 291–300

    Google Scholar 

  20. Z. Kfir and A. Wool (2005) Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems. In: First IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm)

    Google Scholar 

  21. G. Hancke and M. Kuhn (2005) An RFID distance bounding protocol. In: First IEEE/ CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm)

    Google Scholar 

  22. R. Want (2004) RFID: A key to automating everything. Scientific American, 290(1): 56–65

    Article  Google Scholar 

  23. A. Juels, R. Rivest, and M. Szydlo (2003) The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Vijay Atluri, editor, ACM Conference on Computer and Communications Security CCS03, Washington, DC, USA, pp. 103–111

    Chapter  Google Scholar 

  24. RFID Journal (2003) NCR prototype kiosk kills RFID tags. Available online at http://www.rfidjournal.com/article/articleview/585/1/1/

  25. Consumers Against Supermarket Privacy Invasion and numbering-CASPIAN (2003) RFID Position paper. Available at http://www.privacyrights.org/ar/RFIDposition.htm

  26. S. Garfinkel (2002) An RFID bill of rights. In: Technology Review, Available at http://www. technologyreview.com/articles/02/10/garfinkel1002.asp

  27. G. Avoine Security and Privacy in RFID Systems. Online at http://lasecwww.epfl.ch/gavoine/rfid/

  28. A. Juels (2008) RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communication, Volume 24, Issue 2, Feb. 2006, Pages 381–394.

    Article  Google Scholar 

  29. G. Avoine (2005) Cryptography in Radio Frequency Identification and Fair Exchange Protocols. PhD Thesis, EPFL

    Google Scholar 

  30. G. Avoine and P. Oechslin (2005) RFID traceability: A multilayer problem. In: Andrew Patrick and Moti Yung, editors, Financial Cryptography FC05, Volume 3570 of Lecture Notes in Computer Science, Springer, Berlin, pp. 125–140

    Google Scholar 

  31. S. Weis, S. Sarma, R. Rivest, and D. Engels (2003) Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: First International Conference on Security in Pervasive Computing (SPC)

    Google Scholar 

  32. M. Ohkubo, K. Suzuki, and S. Kinoshita (2003) Cryptographic Approach to Privacy-friendly Tags. In: RFID Privacy Workshop, MIT, MA, USA

    Google Scholar 

  33. G. Avoine and P. Oechslin (2005) A Scalable and Provably Secure Hash Based RFID Protocol. In: The Second IEEE International Workshop on Pervasive Computing and Communication Security (PerSec), IEEE Computer Society Press, Washington, DC, pp. 110–114

    Chapter  Google Scholar 

  34. T. Dimitriou (2005) A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: First IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm)

    Google Scholar 

  35. D. Molnar, A. Soppera, and D. Wagner, A Scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags, Selected Areas in Cryptography, 2005

    Google Scholar 

  36. T. Dimitriou, A Secure and Efficient RFID Protocol That Could Make Big Brother (partially) Obsolete, in Fourth IEEE International Conference on Pervasive Computer and Communications (PerCom), 2006

    Google Scholar 

  37. K. Nohl and D. Evans (2006) Quantifying Information Leakage in Tree-Based Hash Protocols. In: Eighth International Conference on Information and Communications Security (ICICS), USA

    Google Scholar 

  38. L. Lu, Y. Liu, L. Hu, J. Han, and L. Ni (2007) A Dynamic Key-Updating Private Authentication Protocol for RFID Systems. In: Fifth IEEE Conference on Pervasive Computing and Communications (PerCom)

    Google Scholar 

  39. M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, Strong authentication for RFID systems using the AES algorithm, Workshop on Cryptographic Hardware and Embedded Systems, 2004

    Google Scholar 

  40. M. Jung, H. Fiedler, and R. Lerch (2005) 8-bit microcontroller system with area efficient AES coprocessor for transponder applications. In: Ecrypt Workshop on RFID and Lightweight Crypto

    Google Scholar 

  41. I. Vajda and L. Butty án (2003) Lightweight Authentication Protocols for Low-Cost RFID Tags In: Second Workshop on Security in Ubiquitous Computing

    Google Scholar 

  42. A. Juels (2004) Minimalist Cryptography for RFID Tags. In: C. Blundo, editor, Security of Communication Networks (SCN)

    Google Scholar 

  43. B. Defend, K. Fu, and A. Juels (2007) Cryptanalysis of Two Lightweight RFID Authentication Schemes. In: Fourth IEEE International Workshop on Pervasive Computing and Communication Security (PerSec)

    Google Scholar 

  44. Nokia unveils RFID phone reader. RFID Journal, 17 March 2004. Available at http://www.rfidjournal.com/article/view/834

  45. M. Rieback, B. Crispo, and A. Tanenbaum (2005) RFID Guardian: A Battery-powered Mobile Device for RFID Privacy Management. In: Australasian Conference on Information Security and Privacy, vol. 3574 of LNCS, pp. 184–194

    Google Scholar 

  46. A. Juels, P. Syverson, and D. Bailey (2005) High-power proxies for enhancing RFID privacy and utility. In: Center for High Assurance Computer Systems - CHACS

    Google Scholar 

  47. T. Dimitriou (2008) Proxy Framework for Enhanced RFID Security and Privacy. 5th IEEE Consumer Communications and Networking Conference (CCNC 2008), Las Vegas, USA

    Google Scholar 

  48. M. Weiser (1991) The computer for the 21st century. Scientific American 265(3): 94–104

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Athens Information Technology, 19.5km Markopoulo Ave., 19002, Athens, Greece

    Tassos Dimitriou

Authors
  1. Tassos Dimitriou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Science & Technology Computer Science, Hellenic Open University, Tsamadou 13-15, 262 22, Patras, Greece

    Paris Kitsos

  2. Simula Research Laboratory, Martin Linges v 17, Fornebu, P.O. Box 134, 1325, Lysaker, Norway

    Yan Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Dimitriou, T. (2008). RFID Security and Privacy. In: Kitsos, P., Zhang, Y. (eds) RFID Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-76481-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-76481-8_3

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-76480-1

  • Online ISBN: 978-0-387-76481-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation