RFID Security : Attacks , Countermeasures and Challenges

Low-cost RFID tags are already being used for supply chain management and are a promising new technology that can be used to support the security of wireless ubiquitous applications. However current RFID technology is designed to optimize performance, with less attention paid to resilience and security. In this paper we analyze some of the most common types of attack on RFID tags: unauthorized disabling, unauthorized cloning, unauthorized tracking, and response replay. We introduce security mechanisms appropriate to defeat these attacks, and show how a recently proposed RFID authentication protocol uses them to achieve security. Two implementations are considered, one using a shrinking generator, the other the AES block cipher. Both have small footprint and power-consumption characteristics, well within EPC constraints for tags with read-write capability (class 2). We conclude by discussing the need for a modular security approach with RFID technology that will support off-the-shelf applications, and the need for making RFID technology resistant to side-channel attacks.

[1]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[2]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[3]  Hangrok Lee,et al.  The Tag Authentication Scheme using Self-Shrinking Generator on RFID System , 2008 .

[4]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[5]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[6]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[7]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[8]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[9]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[10]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[11]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[12]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[13]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[14]  Marc Langheinrich,et al.  Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols , 2004, UCS.

[15]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[16]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[17]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.