Sensing-enabled defenses to RFID unauthorized reading and relay attacks without changing the usage model

Many RFID tags store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking or impersonation. RFID tags are also susceptible to different forms of relay attacks. This paper presents novel sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without necessitating any changes to the traditional RFID usage model. More specifically, the paper proposes the use of on-board tag sensors to (automatically) acquire useful contextual information about the tag's environment (or its owner, or the tag itself). It suggests how this information can be used to achieve two security functionalities. First, such context recognition can be leveraged for the purpose of selective tag unlocking - the tag will respond selectively to reader interrogations, i.e., only when it is deemed safe to do so. Second, context recognition can be used as a basis for transaction verification in order to provide protection against a severe form of relay attacks involving malicious RFID readers. To demonstrate the feasibility of the overall idea, a novel selective unlocking mechanism based on owner's posture recognition is presented. The evaluation of the proposed mechanism shows its effectiveness in significantly raising the bar against many different RFID attacks.

[1]  Stéphane Bonnet,et al.  A Magnetometer-Based Approach for Studying Human Movements , 2007, IEEE Transactions on Biomedical Engineering.

[2]  Joshua R. Smith,et al.  Design of a Passively-Powered, Programmable Sensing Platform for UHF RFID Systems , 2007, 2007 IEEE International Conference on RFID.

[3]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[4]  Damith C. Ranasinghe,et al.  Sensor-enabled RFID tag handbook , 2008 .

[5]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Robert B. McGhee,et al.  A Simplified Quaternion-Based Algorithm for Orientation Estimation From Earth Gravity and Magnetic Field Measurements , 2008, IEEE Transactions on Instrumentation and Measurement.

[7]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[8]  Bernt Schiele,et al.  Towards human motion capturing using gyroscopeless orientation estimation , 2010, International Symposium on Wearable Computers (ISWC) 2010.

[9]  Ashutosh Sabharwal,et al.  Directional antenna diversity for mobile devices: characterizations and solutions , 2010, MobiCom.

[10]  Tadayoshi Kohno,et al.  EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond , 2009, CCS.

[11]  Aurelio Cappozzo,et al.  Is it feasible to reconstruct body segment 3-D position and orientation using accelerometric data? , 2003, IEEE Transactions on Biomedical Engineering.

[12]  Nitesh Saxena,et al.  Still and Silent: Motion Detection for Enhanced RFID Security and Privacy without Changing the Usage Model , 2010, RFIDSec.

[13]  N. Asokan,et al.  Vibrate-to-unlock: Mobile phone assisted user authentication to multiple personal RFID tags , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[14]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[15]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[16]  Tadayoshi Kohno,et al.  RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications , 2008, CCS.

[17]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[18]  N. Noury,et al.  A Fast Algorithm to Track Changes of Direction of a Person Using Magnetometers , 2007, 2007 29th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[19]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[20]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[21]  Enamul Hoque,et al.  Monitoring body positions and movements during sleep using WISPs , 2010, Wireless Health.

[22]  J. Holleman,et al.  NeuralWISP: An energy-harvesting wireless neural interface with 1-m range , 2008, 2008 IEEE Biomedical Circuits and Systems Conference.

[23]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[24]  David Wetherall,et al.  Recognizing daily activities with RFID-based sensors , 2009, UbiComp.

[25]  J. Vanfleteren,et al.  3D orientation tracking based on unscented Kalman filtering of accelerometer and magnetometer data , 2009, 2009 IEEE Sensors Applications Symposium.

[26]  Zhen Wang,et al.  uWave: Accelerometer-based Personalized Gesture Recognition and Its Applications , 2009, PerCom.

[27]  Kevin Fu,et al.  Vulnerabilities in First-Generation RFID-Enabled Credit Cards , 2007, Financial Cryptography.

[28]  Alanson P. Sample,et al.  A Wirelessly-Powered Platform for Sensing and Computation , 2006, UbiComp.

[29]  Alanson P. Sample,et al.  A capacitive touch interface for passive RFID tags , 2009, 2009 IEEE International Conference on RFID.

[30]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).