Abstract
RFID systems, and indeed other forms of wireless technologies, are now a pervasive form of computing. In the context of security and privacy, the most threatening (to privacy) and vulnerable (to insecurity) are the ‘low cost RFID systems’. The problems are further aggravated by the fact that it is this form of RFID that is set to proliferate through various consumer goods supply chains throughout the world. This is occurring through the actions of multinational companies like Wal-Mart, Tesco, Metro UPS and of powerful government organizations such as the United States DOD (Department Of Defence) and FDA (Food and Drug Administration). This paper examines the vulnerabilities of current low cost RFID systems and explores the security and privacy threats posed as a result of those vulnerabilities. The paper will also formulate a framework for defining the problem space constructed around low cost RFID systems, and consider the challenges faced in engineering solutions to overcome the defencelessness of low cost RFID systems. Security issues beyond and including interrogators will not be considered as such concerns may be easily resolved using existing technology and knowledge, and because interrogators are powerful devices where complex encryption and decryption operations may be performed using either the embedded systems, DSPs, or using hardware implementation of encryption engines on a FPGA device onboard a reader.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Verichip corporation home page. Available from:http://www.4verichip.com/ (06.2006)
Sarma, S.: Towards The 5c Tag. In: Technical Report MIT-AUTOID-WH-006 (2001). Available from: http://www.autoidcenter.org/research/ MIT-AUTOID-WH-006.pdf
EM Micro Readies New RFID Chip. In: RFID Journal news article, March (2003). Available from: http://www.rfidjournal.com/article/articleview/350/1/1 (06.2006)
Takaragi, T., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An Ultra small individual recognition security chip. In: IEEE Micro, November-December (2001)
EPCglobal Inc.: Specification for RFID air interface (2007). Available from: http://www.epcglobalinc.org/standards_technology/EPCglobal2UHFRFIDProtocolV 109122005.pdf.
ITU, International Telecommunication Union. Available from: http://www.itu.int/ home/index.html (06/2006)
FCC Regulations, Title 47, Telecommunications, Paper 1, Part 15, Radio frequency devices, http://www.fcc.gov (2005)
ETSI, European Telecommunications Standards Institute, ETSI EN 302 208–1 V1.1.1 (2004–09), http://www.etsi.org/ (2006)
Cole, P.H., Ranasinghe, D. C., Jamali, B.: Coupling relations in RFID systems. In: Auto-ID Center white paper, June (2003)
Cole, P.H.: A study of factors affecting the design of EPC antennas and readers for supermarket shelves. In: Auto-ID Center workshop, October (2003)
Finkenzeller, K.: RFID Handbook: Radio Frequency Identification Fundamentals and Applications. John Wiley & Sons, New York (1999)
RFID Privacy and corporate data. In: RFID Journal, 2 June (2003). Available from: http://www.rfidjournal.com (08.2005)
Ranasinghe, D.C.: New directions in advanced RFID systems. In: PhD Thesis submitted to the University of Adelaide, School of Electrical and Electronic Engineering (2007)
A. Juels, “RFID Security and Privacy: A research Survey”, RSA Laboratories, September 2005
Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin A., Szydlo, M.: Security analysis of a cryptographically-enabled RFID Device. In: Proceedings of 14th USENIX Security Symposium (2005) 1–16
Westhues, J.: Hacking the prox card. In: RFID: Applications, Security and Privacy, Addison-Wesley (2005) 291–300
Albrecht, K.: Chipping workers poses huge security risks, February (2006). Available from: http://www.freemarketnews.com/Analysis/139/3812/ 2006–02–15.asp?wid = 139&nid = 3812 (06.2006)
Ker, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard systems. In: Proceedings IEEE/CreateNet SecureComm (2005) 47–58
Rieback, M. R., Crispo, R., Tanenbaum, A. S.: Is your cat infected with a computer virus? In: Fourth IEEE International Conference on Pervasive Computing and Communications (percom) (2006) 169–179
Oren, Z., Shamir, A.: Power analysis of RFID tags (2006). Available from: http://www.wisdom.weizmann.ac.il/~yossio/rfid/ (03.2006)
Avoine, G, Oeschlin, P.: RFID traceability: a multilayer problem. In: Financial Cryptography (2005)
Weigart, S.H.: Physical security devices for computer subsystems: a survey of attacks and defences. In: Workshop on Cryptographic Hardware and Embedded Systems, LNCS, Vol. 1965. Springer-Verlag, Berlin Heidelberg New York (2000) 302–317
Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: International Workshop on Security Protocols, LNCS. Springer-Verlag, Berlin Heidelberg New York (1997)
Bovenlander, E.: Invited talk on smartcard security. In: Eurocrypt 97 (1997)
Boycott Benetton web site. Available from: http:/www.boycottbenetton.com (12.2005)
Benetton, M.: Benetton explains RFID privacy flap. In: RFID Journal, 23 June (2004). Available from: http://www.rfidjournal.com/article/articleview/471/1/1/ (06.2006)
Roberti, M.: Analysis: RFID and Wal-Mart. News article, September (2003). Available from: http://www.cioinsight.com/article2/0,1540,1455103,00.asp(06.2005)
Jha, A.: Tesco tests spy chip technology. In: The guardian, 19 July (2003). Available from: http://www.guardian.co.uk/uk_news/story/0,3604,1001211,00.html (06.2005)
Spychips web site. Available from: http://www.spychips.com (12.2005)
J Collins. Marks & Spencer expands RFID retail trial. In: RFID Journal, 10 February (2004)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practice, and architectures. In: Pfitzmann, B., McDaniel, P. (eds.): ACM Conference on Communications Security, ACM Press (2004) 210–219
RFID Upgrades Gets Goods to Iraq. In: RFID Journal, 23 July (2004)
Menezes, A., Van Oorchot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, New York (1996)
Stajano, F., Anderson, R.: The resurrecting duckling: security issues for ad-hoc wireless networks. In: International Workshop on Security Protocols, LNCS, Vol. 1796. Springer-Verlag, Berlin Heidelberg New York (1999) 172–194
Clarke, R.: Introduction to data surveillance and information privacy and definition of terms, August (1997). Available from: http://www.anu.edu.au/people/ Roger.Clarke/DV/ Intro.html#Id (01.2006)
Subirana, B., Bain, M.: Towards Legal Programming of Software Agents. Research Monograph, Kluwer (2004)
Commonwealth Freedom of information Act 1982, Australia (1982)
Commonwealth Privacy Act 1988, Australia (1998)
Electronic Privacy Information Centre, EPIC web site. Available from: http://www.epic.org (03.2004)
Beresford, A., Stajano, F.: Location privacy in pervasive computing. In: Pervasive computing, January-March (2003)
Schnier, B.: Applied Cryptography Protocols: Algorithms, and Source Code in C. John Wiley & Sons, Inc., New York (1994)
Stinson, D.R.: Cryptography Theory and Practice. CRC Press, New York (1995)
Juels, A., Pappu, R.: Squealing euros: privacy protection in RFID Enabled banknotes. Financial Cryptography (2002)
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Security in PervasiveComputing (2003)
Rabaey, J.M., Chandrakasan A., Nikolic, B.: Digital integrated circuits - A design perspective. 2nd edn., Prentice Hall, New Jersey (2003)
Rabaey, J., Pedram, M.: Low-Power Design Methodologies. Kulwer Academic Publishers, (1996)
Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: RSA Laboratories (2006)
Avoine, G.: Adversary model for radio frequency identification. In: Technical Report, Security and Cryptography Laboratory, Swiss Federal Institute of Technology; Lausanne; (2005)
Nohara, Y., Inoue, S., Baba, K., Yasuura, H.: Quantitative evaluation of unlinkable ID matching schemes. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society. ACM Press (2005) 55–60
Aigner, M.: Crypto implementations for RFID tags, presentation, Graz University of Technology (2006)
Wolfram, S.: A New Kind of Science. 2nd edn., Wolfram Media (2002)
Wolfram, S.: Cryptography with cellular automata. In: Advances in Cryptology: Crypto ”85 Proceedings, LNCS, Vol. 218. Springer-Verlag, Berlin Heidelberg New York (1986) 429–432
Daemen, J., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Advances in Cryptology, LNCS. Springer-Verlag, Berlin Heidelberg New York (1991)
Sen, A., Shaw, C., Chowdhuri, D.R., Ganguly, N., Chaudhuri, P.P.: Cellular automata based cryptosystem (CAC). LNCS, Vol. 2513. Springer-Verlag, Berlin Heidelberg New York (2003) 303–314
Blackburn, S.R., Murphy, S., Paterson, K.G.: Comments on “theory and applications of cellular automata in cryptography”. In: IEEE Transactions on Computers, Vol. 46 (5) (1997) 637–638
Bardell, P.H.: Analysis of cellular automata used as pseudorandom pattern generators. In: Proceedings of 1990 International Text Conference, (1990) 762–768
Meyer, C.H., Tuchman, W.L.: Pseudo-random codes can be cracked. In: Electronic Design, Vol. 23 (1972)
Meyer, C.H., Tuchman, W.L.: Design considerations of cryptography. In: Proceedings of the NCC, Vol. 42. Montvale, N.J. AFIPS Press (1972) 594–597
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Proceedings of ANTS III, Portland, June (1998)
Micciancio, D.: The hardness of the closest vector problem with pre-processing. In: IEEE Transactions on Information Theory, Vol. 47(3) March (2001) 1212–1215
Goldreich, O., Goldwasser, S., Halvei, S.: Public-key cryptosystems from lattice reductions problems. In: MIT LCS (1996)
McEliece, R.J.: A public key cryptosystem based on algebraic coding theory. In: JPL Pasadena, (1978)
NTRU web site. Available from: http:www.ntru.com/products/genuid.html (08.2003)
Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. Computer Laboratory, Cambridge University, England (1994). Available from: http://www.ftp.cl.cam.uk/ftp/papers/djw-rmn/djw-rmn-tea.html (07.1995)
Stnadaert, F., Piret, G., Gershenfeld, N., Quisquater, J.: SEA: A scalable encryption algorithm for small embedded applications. In: CARDIS 2006. LNCS, Vol. 3928, Springer-Verlag, Berlin Heidelberg New York (2006) 222–236
Aigner, M., Feldhofer, M.: Secure symmetric authentication for RFID tags. In: Telecommunications and Mobile Computing TCMC2005, March 8th-9th (2005)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems. LNCS, Vol. 3156. Springer- Verlag, Berlin Heidelberg New York (2004) 357–370
Wolkerstorfer, J.: Is elliptic-curve cryptography suitable to secure RFID tags? In: Workshop on RFID and Light-Weight Cryptography, Graz, Austria (2005)
Martin, F., Manfred, A., Sandra, D.: An application of RFID tags using secure symmetric authentication. In: Proceedings of 1st International Workshop on Privacy and Trust in Pervasive and Ubiquitous Computing, Santorini Island, Greece, July 14 (2005) 43–49
Tillich, S., Großschädl, J.: Accelerating AES using instruction set extensions for elliptic curve cryptography. In: Proceedings of Computational Science and Its Applications. LNCS, Vol. 3481. Springer-Verlag, Berlin Heidelberg New York (2005) 665–675
Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An Elliptic Curve Processor Suitable For RFID-Tags. In: Cryptology ePrint Archive, Report 2006/227, (2006). Available from: http://eprint.iacr.org/ (09.2006)
Hopper, N.J., Blum, M.: Secure human identification protocols. In: LNCS, Vol 2248. Springer-Verlag, Berlin Heidelberg New York (2001) 52
Juels, A., Weis., S.: Authenticating pervasive devices with human protocols. In: Advances in Cryptology, Crypto 2005. LNCS, Vol. 3621. Springer-Verlag, Berlin Heidelberg New York (2005) 293–308
Katz, J., Shin, J.S.: Parallel and Concurrent Security of the HB and HB + Protocols. In: Eurocrypt 2006 (2006)
Dimitriou, T.: A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. In: Proceedings of IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks – SECURECOMM (2005)
Pramuthu, S.: HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In: CollECTeR Europe Conference, Basel, Switzerland
Bringer, J., Chabanne, H., Dottax, E.: HB + + : A lightweight authentication protocol secure against some attacks. In: Security, Privacy and Trust in Pervasive and Ubiquitous Computing, June (2006)
Gilbert, H. Rodshaw, M., Sibert, H.: An active attack against HB + - a provabaly secure lightweight authentication protocol. In: IEE Electronic Letters, Vol 41 (21) (2005) 1169–1170
Ranasinghe, D.C., Engels, D.W., Cole, P.H.: Security and privacy solutions for low cost RFID systems. In: Proc. of the 2004 Intelligent Sensors, Sensor Networks & Information Processing Conference, Melbourne, Australia (2004) 337–342
Juels, A.: Minimalist cryptography for low cost RFID tags. LNCS, Vol. 3352. Springer-Verlag, Berlin Heidelberg New York (2001) 149–164
Szewczykowski: United States Patent, Patent number 5818021,Date of patent Oct. 6 (1998)
Cole, P. H.: Secure Data Tagging Systems. In: International Patent Application, Applicant TagSys Australia Pty. Ltd, Patent number PCT/AU02/01671, 10 Feb. (2003)
Chabanne, H., Avoine, G.: Noisy cryptographic protocols for low RFID tags. In: Workshop on RFID lightweight Crypto (2005)
Castelluccia, C., Avoine, G.: Noisy tags: a pretty good key exchange protocol for RFID tags. In: International Conference on Smart Card Research and Advanced Applications (CARDIS”06), Spain, April (2006)
Juels, A., Rivest, R.L., Mszydlo: The blocker tag: selective blocking of RFID tags for consumer privacy. In: Atluri, V. (ed.): 8th ACM conference on Computer and Communications Security. ACM Press (2003) 103–111
Jules, R., Daniels, T., Mina, M., Russell, S.: A small fingerprinting paradigm for physical layer security in conventional and sensor networks. In: IEEE/CreateNet Secure Comm, (2005)
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: IEEE SecureComm, Athens (2005)
Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications – PerCom, Pisa, Italy, March (2006)
Herzberg, A., Krawczyk, H., Tsudik, G.: On traveling incognito. In: IEEE Workshop on Mobile Systems and Applications, December (1994)
Chatmon, C., Le, T.V., Burmester, M.: Secure anonymous RFID authentication protocols. Technical Report TR-060112, Florida State University, Department of Computer Science, Tallahassee, Florida, USA (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ranasinghe, D., Cole, P. (2008). Addressing Insecurities and Violations of Privacy. In: Cole, P., Ranasinghe, D. (eds) Networked RFID Systems and Lightweight Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71641-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-71641-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71640-2
Online ISBN: 978-3-540-71641-9
eBook Packages: Computer ScienceComputer Science (R0)