50 Ways to Break RFID Privacy

We present a taxonomy of attacks on user untraceability in RFID systems. In particular, we consider RFID systems in terms of a layered model comprising a physical layer, a communication layer, and an application layer. We classify the attacks on untraceability according to their layer and discuss their applicability.

[1]  Ivan Damgård,et al.  RFID Security: Tradeoffs between Security and Efficiency , 2008, CT-RSA.

[2]  Tom Chothia,et al.  A Traceability Attack against e-Passports , 2010, Financial Cryptography.

[3]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[4]  Flavio D. Garcia,et al.  Modeling Privacy for Off-Line RFID Systems , 2010, CARDIS.

[5]  Flavio D. Garcia,et al.  Wirelessly Pickpocketing a Mifare Classic Card , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[6]  Dong Hoon Lee,et al.  Secure Mobile RFID system against privacy and security problems , 2007, Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2007).

[7]  Sasa Radomirovic,et al.  Algebraic Attacks on RFID Protocols , 2009, WISTP.

[8]  Srdjan Capkun,et al.  Physical-layer Identification of RFID Devices , 2009, USENIX Security Symposium.

[9]  Sujeet Shenoi,et al.  Imaging and Analysis of GSM SIM Cards , 2005, IFIP Int. Conf. Digital Forensics.

[10]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[11]  Gerhard P. Hancke,et al.  Eavesdropping Attacks on High-Frequency RFID Tokens , 2008 .

[12]  Marc Langheinrich,et al.  A survey of RFID privacy approaches , 2009, Personal and Ubiquitous Computing.

[13]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[14]  Bart Jacobs,et al.  Crossing Borders: Security and Privacy Issues of the European e-Passport , 2006, IWSEC.

[15]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[16]  Ors Yalcin,et al.  Radio Frequency Identification: Security and Privacy Issues - 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010, Revised Selected Papers , 2010, RFIDSec.

[17]  Sasa Radomirovic,et al.  EC-RAC: Enriching a Capacious RFID Attack Collection , 2010, RFIDSec.

[18]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[19]  Gildas Avoine Radio Frequency Identification: Adversary Model and Attacks on Existing Protocols , 2005 .

[20]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[21]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[22]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.

[23]  Pete Forster,et al.  Time and date issues in forensic computing - a case study , 2004, Digit. Investig..

[24]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[25]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[26]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[27]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[28]  Masakatsu Nishigaki,et al.  Advances in Information and Computer Security - 6th International Workshop, IWSEC 2011, Tokyo, Japan, November 8-10, 2011. Proceedings , 2011, IWSEC.

[29]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[30]  Nasir D. Memon,et al.  Digital Forensics , 2009, IEEE Secur. Priv..