Classification of RFID Threats based on Security Principles

RFID technology is an area currently undergoing active development. An issue, which has received a lot of attention, is the security risks that arise due to the inherent vulnerabilities of RFID technology. Most of this attention, however, has focused on related privacy issues. The goal of this chapter is to present a more global overview of RFID threats. This can not only help experts perform risk analyses of RFID systems but also increase awareness and understanding of RFID security issues for non-experts. We use clearly defined and widely accepted concepts from both the RFID area and classical risk analysis to structure this overview.

[1]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[2]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[3]  Gildas Avoine Cryptography in radio frequency identification and fair exchange protocols , 2005 .

[4]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[5]  Stefan Mangard,et al.  Power and EM Attacks on Passive 13.56 MHz RFID Devices , 2007, CHES.

[6]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[7]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[8]  Simson L. Garfinkel,et al.  RFID privacy: an overview of problems and proposed solutions , 2005, IEEE Security & Privacy Magazine.

[9]  Radha Poovendran,et al.  Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks , 2007, Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks.

[10]  Bart Preneel,et al.  Location verification using secure distance bounding protocols , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[11]  Aikaterini Mitrokotsa,et al.  Classifying RFID attacks and defenses , 2010, Inf. Syst. Frontiers.

[12]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[13]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[14]  A. Karygicmnis,et al.  RFID Security: A Taxonomy of Risk , 2006, 2006 First International Conference on Communications and Networking in China.

[15]  Thomas Plos,et al.  Susceptibility of UHF RFID Tags to Electromagnetic Analysis , 2008, CT-RSA.

[16]  Patrick J. Sweeney RFID For Dummies , 2005 .

[17]  Rico Valdez,et al.  Adversary Modeling to Develop Forensic Observables , 2004 .

[18]  Bernard Eydt,et al.  Guidelines for Securing Radio Frequency Identification (RFID) Systems | NIST , 2007 .

[19]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[20]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[21]  Johannes Wolkerstorfer,et al.  Attacking ECDSA-Enabled RFID Devices , 2009, ACNS.

[22]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[23]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[25]  Juan E. Tapiador,et al.  RFID Systems: A Survey on Security Threats and Proposed Solutions , 2006, PWC.

[26]  Yuanfei Tu RFID Distance Bounding Protocols , 2007 .

[27]  John Ayoade,et al.  Roadmap to solving security and privacy concerns in RFID systems , 2007, Comput. Law Secur. Rev..

[29]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[30]  Jacky Hartnett,et al.  An RFID Attacker Behavior Taxonomy , 2009, IEEE Pervasive Computing.

[31]  Tsuyoshi Takagi,et al.  New Security Problem in RFID Systems "Tag Killing" , 2006, ICCSA.

[32]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[33]  Markus G. Kuhn,et al.  Attacks on time-of-flight distance bounding channels , 2008, WiSec '08.

[34]  Ernst Haselsteiner Security in Near Field Communication ( NFC ) Strengths and Weaknesses , 2006 .

[35]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[36]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[37]  Kevin Fu,et al.  Vulnerabilities in First-Generation RFID-Enabled Credit Cards , 2007, Financial Cryptography.

[38]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[39]  Dennis F. O'Brien RFID: An Introduction to Security Issues and Concerns , 2007 .

[40]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[41]  Flavio D. Garcia,et al.  A Practical Attack on the MIFARE Classic , 2008, CARDIS.

[42]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[43]  Adi Shamir,et al.  Remote Password Extraction from RFID Tags , 2007, IEEE Transactions on Computers.

[44]  Andrew S. Tanenbaum,et al.  Is your cat infected with a computer virus? , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[45]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[46]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.