An Enumeration of RFID Related Threats

In this paper we present a holistic view on RFID security using logical entities that most RFID applications will use. Starting from an abstract model of anRFID-system we propose a generalized threat model for RFID-systems based on the classical terms of information security: confidentiality, availability and integrity. We use the method of attack trees for a listing of threats that apply to RFID-systems. The key benefitis that this threat model enables a systematic analysis of a specific RFID-system's security and it allows to compare the security of RFID-systems. By analyzing this threat listing we show that all parts of an RFID Systemare vulnerable to attacks and a single weakpoint in the system can breach information security.

[1]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[2]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[3]  Matthias Schumann,et al.  Data-on-Network vs. Data-on-Tag: Managing Data in Complex RFID Environments , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[4]  Hartmut Pohl,et al.  RFID security , 2004, Inf. Secur. Tech. Rep..

[5]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[6]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[7]  Juan E. Tapiador,et al.  RFID Systems: A Survey on Security Threats and Proposed Solutions , 2006, PWC.

[8]  Andrew S. Tanenbaum,et al.  The evolution of RFID security , 2006, IEEE Pervasive Computing.

[9]  C. Thompson,et al.  RFID SECURITY THREAT MODEL , 2006 .

[10]  Ernst Haselsteiner Security in Near Field Communication ( NFC ) Strengths and Weaknesses , 2006 .

[11]  Andrew S. Tanenbaum,et al.  Is your cat infected with a computer virus? , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[12]  M. Sparkes Is RFID automating crime , 2006 .

[13]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.