Classification of RFID Attacks

Aikaterini Mitrokotsa, Melanie R. Rieback, Andrew S. Tanenbaum

2008

Abstract

RFID (Radio Frequency Identification) systems are emerging as one of the most pervasive computing technologies in history due to their low cost and their broad applicability. Although RFID networks have many advantages, they also present a number of inherent vulnerabilities with serious potential security implications. This paper develops a structural methodology for risks that RFID networks face by developing a classification of RFID attacks, presenting their important features, and discussing possible countermeasures. The goal of the paper is to categorize the existing weaknesses of RFID systems so that a better under- standing of RFID attacks can be achieved and subsequently more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.

References

  1. Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: Patrick, A., Yung, M. (eds.). In: Proc. of the Ninth Int'l Conf. on Financial Cryptography and Data Security (FC'05), Lecture Notes in Computer Science, Vol. 3570. (2005) 125-140
  2. Ayoade, J., Saxby, S.: Roadmap for Solving Security and Privacy Concerns in RFID Systems. In: Computer Law and Security Report (2007)
  3. Center, A.I.: 900 MHz Class 0 Radio Frequency (RF) Identification Tag Specification. In: Draft, www.epcglobalinc.org/standards/specs/900 MHz Class 0 RFIDTag Specification.pdf, (2003)
  4. DN-Systems: BBC Reports on Cloning of the new e-passport. In: http://www.dnsystems.de/press/document.2007-01-04.2112016470, (2007)
  5. Bolotnyy, L., Robins, G.: Physically Unclonable Function-Based Security and Privacy in RFID Systems. In: Proc. of PerCom'07. New York, USA (2007) 211-220
  6. CDT: CDT Working Group on RFID: Privacy Best Practices for Deployement of RFID Technology. In: Interim Draft, http://www.cdt.org/privacy/20060501rfid-best-practices.php, (2006)
  7. Dimitriou, T.: A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. In: Proc. of IEEE Conf. on Security and Privacy for Emerging Areas in Communication Networks, (2005)
  8. Emvelope: Products. In: http://www.emvelope.com/products. (2008)
  9. EPCGlobal: Guidelines on EPC for Consumer Products. In: http://www.epcglobalinc.org/public/ppsc guide/, (2005)
  10. EPCGlobal: Class-1 generation-2 UHF RFID Protocol for Communications at 860MHz-960 Mhz. In: EPC Radio-Frequency Identity Protocols, Vol. 1.1.0, (2005)
  11. Fedhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Proc. of Cryptographic Hardware and Embedded Systems (CHES'04), Vol. 3156. Lecture Notes in Computer Science. (2004) 357-370
  12. Fishkin, K., Roy, S., Jiang, B.: Some Methods for Privacy in RFID Communication. In: Proc. of the 1st European Workshop on Security (2004) 42-53
  13. Friedl, S.: SQL Injection attacks by example. In: http://www.unixwiz.net/techtips/sqlinjection.html, (2007)
  14. Garfinkel, S., Juels, A., Pappu, R.: RFID Privacy: An Overview of Problems and Proposed Solutions. In: IEEE Security & Privacy, Vol. 3. (2005) 34-43
  15. Hancke, G., Kuhn, M.: An RFID Distance Bounding Protocol. In: Proc. of the 1st Int'l Conf. on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005) (2005) 67-73
  16. ICAO. ICAO Document 9303. In: http://mrtd.icao.int/content/view/33/202, (2006)
  17. Inoue, S., Yasuura, H.: RFID Privacy Using User-Controllable Uniqueness. In: Proc. of RFID Privacy Workshop. MIT, Massachusetts, USA (2003)
  18. Juels, A.: Minimalist Cryptography for Low-cost RFID Tags. In: Proc. of the 4th Conf. on Security in Communication Networks (SCN'04), Vol. 3352.Lecture Notes in Computer Science. Springer-Verlag (2004) 149-164
  19. Juels, A.: Stengthening EPC Tags Against Cloning. In: Proc. of ACM Workshop on Wireless Security (WiSe'05). ACM Press (2005) 67-76
  20. Juels, A., Rivest, R.,Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In: Proc. of the 10th ACM Conf. on Computer and Communication Security. (2003) 103-111
  21. Karjoth, G., Moskowitz, P.A.: Disabling RFID Tags with Visible Confirmation: Clipped Tags are Silenced. In: Atluri, V., di Vimercanti, S.D.C., Dingledine, R. (eds). In: Proc. of the 2005 ACM Workshop on Privacy in the Electronic Society (WPES 2005). (2005) 27-30
  22. Karygiannis, A., Phillips, T., Tsibertzopoulos, A.: RFID Security: A Taxonomy of Risk. In: Proc. of China'Com 7806. (2006) 1-8
  23. Karygiannis, T., Eydt, B., Barber, G., Bunn, L., Phillips, T.: Guidelines for Securing Radio Frequency Identification (RFID) Systems. In: NIST Special Publication 800-98, National Institute of Standards and Tecnology (2007)
  24. Kfir, Z., Wool, A.: Picking Virtual Pockets Using Relay attacks on Contactless Smartcard. In: Proc. of the 1st Int'l Conf. on Security and Privacy. (2005) 47-48
  25. Kinoshita, S., Hoshino, F., Komuro, T., Fujimura, A., Ohkubo, M.: Low-cost RFID Privacy Protection Scheme. In: IPS Journal, Vol. 45. (2003) 2007-2021
  26. Laurie, A.: Practical Attacks Against RFID. In: Network Security, Vol. 2007, No. 9. (2007) 4-7
  27. mCloak: mCloak for RFID tags. In: http://www.mobilecloak.com/rfidtag/rfid.tag.html (2005)
  28. Molnar, D. and Wagner, D.: Privacy and Security in Library RFID: Issues, Practices and Architectures. In: Proc. of Conf. on Computer and Communications Security. (2004) 210- 219
  29. Nijmegen, R.U.: Dismantling Contactless Smartcards. Technical Report 08-33A, Radboud Universiteit Nijmegen. www2.ru.nl/media/pressrelease.pdf, (2008)
  30. Rieback, M.R., Crispo, B., Tanenbaum, A.S.: RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management. In: Proc. of ACISP'05. (2005) 184-194
  31. Rieback, M.R., Bruno, B., Tanenbaum, A.S. Is Your Cat Infected with a Computer Virus? In: Proc. of the 4th IEEE Int'l Conf. on Pervasive Computing and Communications. (2006) 169-179
  32. Riscure.: Privacy Issues with New Digital Passport. In: http://www.riscure.com/2 news/passport.html, July (2005)
  33. Tanenbaum, A.: Dutch Public Transit Card Broken. In: http://www.cs.vu.nl/ ast/ov-chipcard/, (2007)
  34. Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-cost Radio Frequency Identification Systems. In: Proc. of 1st Int'l Conf. in Security in Pervasive Computing, Vol. 2802. (2003) 201-212
Download


Paper Citation


in Harvard Style

Mitrokotsa A., R. Rieback M. and S. Tanenbaum A. (2008). Classification of RFID Attacks . In Proceedings of the 2nd International Workshop on RFID Technology - Concepts, Applications, Challenges - Volume 1: IWRT, (ICEIS 2008) ISBN 978-989-8111-46-3, pages 73-86. DOI: 10.5220/0001738800730086


in Bibtex Style

@conference{iwrt08,
author={Aikaterini Mitrokotsa and Melanie R. Rieback and Andrew S. Tanenbaum},
title={Classification of RFID Attacks},
booktitle={Proceedings of the 2nd International Workshop on RFID Technology - Concepts, Applications, Challenges - Volume 1: IWRT, (ICEIS 2008)},
year={2008},
pages={73-86},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001738800730086},
isbn={978-989-8111-46-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on RFID Technology - Concepts, Applications, Challenges - Volume 1: IWRT, (ICEIS 2008)
TI - Classification of RFID Attacks
SN - 978-989-8111-46-3
AU - Mitrokotsa A.
AU - R. Rieback M.
AU - S. Tanenbaum A.
PY - 2008
SP - 73
EP - 86
DO - 10.5220/0001738800730086