Abstract
We present a taxonomy of attacks on user untraceability in RFID systems. In particular, we consider RFID systems in terms of a layered model comprising a physical layer, a communication layer, and an application layer. We classify the attacks on untraceability according to their layer and discuss their applicability.
Our classification includes two new attacks. We first present an attack on the RFID protocol by Kim et al. targeting the communication-layer. We then show how an attacker could perform an application-layer attack on the public transportation system in Luxembourg.
Finally, we show that even if all of his tags are untraceable a person may not be untraceable. We do this by exhibiting a realistic scenario in which the attacker uses the RFID profile of a person to trace him.
Chapter PDF
Similar content being viewed by others
References
Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: Security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, v0.34 (2010)
Damgård, I., Pedersen, M.Ø.: RFID security: Tradeoffs between security and efficiency. In: CT-RSA, pp. 318–332 (2008)
Juels, A.: RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)
Langheinrich, M.: A Survey of RFID Privacy Approaches. Personal and Ubiquitous Computing 13(6), 413–421 (2009)
Kim, I.J., Choi, E.Y., Lee, D.H.: Secure mobile RFID system against privacy and security problems. In: SecPerU 2007 (2007)
Zimmermann, H.: OSI reference model — The ISO model of architecture for open systems interconnection. IEEE Transactions on Communications 28(4), 425–432 (1980)
Avoine, G., Oechslin, P.: RFID traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Hancke, G.P.: Eavesdropping Attacks on High-Frequency RFID Tokens. In: Workshop on RFID Security – RFIDSec 2008 (2008)
Hancke, G.P.: Practical attacks on proximity identification systems (short paper). In: IEEE Symposium on Security and Privacy, pp. 328–333 (2006)
ISO/IEC 14443: Identification cards – Contactless integrated circuit(s) cards – proximity cards (2001)
Danev, B., Heydt-Benjamin, T.S., Čapkun, S.: Physical-layer identification of RFID devices. In: USENIX, pp. 125–136 (2009)
van Deursen, T., Radomirović, S.: Algebraic attacks on RFID protocols. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 38–51. Springer, Heidelberg (2009)
Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: PerCom Workshops, pp. 149–153 (2004)
Avoine, G.: Adversary model for radio frequency identification. Technical Report LASEC-REPORT-2005-001, EPFL (2005)
Chothia, T., Smirnov, V.: A Traceability Attack against e-Passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010)
Garcia, F.D., van Rossum, P.: Modeling privacy for off-line RFID systems. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 194–208. Springer, Heidelberg (2010)
Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)
Garcia, F.D., van Rossum, P., Verdult, R., Schreur, R.W.: Wirelessly pickpocketing a MIFARE classic card. In: IEEE Security and Privacy, pp. 3–15 (2009)
Teepe, W.: In sneltreinvaart je privacy kwijt (in Dutch). Privacy & Informatie (October 2008)
Swenson, C., Manes, G., Shenoi, S.: Imaging and analysis of GSM SIM cards. In: IFIP Int. Conf. Digital Forensics, pp. 205–216 (2005)
Boyd, C., Forster, P.: Time and date issues in forensic computing - A case study. Digital Investigation 1(1), 18–23 (2004)
Gilbert, H., Robshaw, M., Sibert, H.: An active attack against HB + - A provably secure lightweight authentication protocol. Cryptology ePrint Archive, Report 2005/237 (2005)
van Deursen, T., Radomirović, S.: EC-RAC: Enriching a capacious RFID attack collection. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 75–90. Springer, Heidelberg (2010)
Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010)
Department of Transport Statistics: Table nts0201: Full car driving licence holders by age and gender: Great Britain, 1975/76 to 2009 (2009), http://www.dft.gov.uk/pgr/statistics/datatablespublications/nts/
Office of Fair Trading: Personal current accounts in the UK (2008), http://www.oft.gov.uk/OFTwork/markets-work/completed/personal/
Bosworth, M.H.: Loyalty cards: Reward or threat? (2005), http://consumeraffairs.com/news04/2005/loyalty_cards.html
TNS Worldpanel: Tesco share turnaround (plus an update on grocery price inflation) (2009), http://www.tnsglobal.com/news/news-56F59E8A99C8428989E9BE66187D5792.aspx
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
van Deursen, T. (2011). 50 Ways to Break RFID Privacy. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)