A Comprehensive Review of RFID and Bluetooth Security: Practical Analysis

The Internet of Things (IoT) provides the ability to digitize physical objects into virtual data, thanks to the integration of hardware (e.g., sensors, actuators) and network communications for collecting and exchanging data. In this digitization process, however, security challenges need to be taken into account in order to prevent information availability, integrity, and confidentiality from being compromised. In this paper, security challenges of two broadly used technologies, RFID (Radio Frequency Identification) and Bluetooth, are analyzed. First, a review of the main vulnerabilities, security risk, and threats affecting both technologies are carried out. Then, open hardware and open source tools like: Proxmark3 and Ubertooth as well as BtleJuice and Bleah are used as part of the practical analysis. Lastly, risk mitigation and counter measures are proposed.

[1]  Wanlei Zhou,et al.  Secure Tag Search in RFID Systems Using Mobile Readers , 2015, IEEE Transactions on Dependable and Secure Computing.

[2]  K. Saravanan,et al.  A Novel Bluetooth Man-In-The-Middle Attack Based On SSP using OOB Association model , 2012, ArXiv.

[3]  Thaier Hayajneh,et al.  An investigation of Bluetooth security vulnerabilities , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[4]  Wei-Shinn Ku,et al.  A Novel Coding Scheme for Secure Communications in Distributed RFID Systems , 2016, IEEE Transactions on Computers.

[5]  Samuel C. Yang,et al.  Leveraging RFID in hospitals: Patient life cycle and mobility perspectives , 2007, IEEE Communications Magazine.

[6]  Thaier Hayajneh,et al.  Security Vulnerabilities in Bluetooth Technology as Used in IoT , 2018, J. Sens. Actuator Networks.

[7]  Manuel Díaz,et al.  On blockchain and its integration with IoT. Challenges and opportunities , 2018, Future Gener. Comput. Syst..

[8]  Faouzi Kamoun,et al.  RFID system management: state-of-the art and open research issues , 2009, IEEE Transactions on Network and Service Management.

[9]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.