Is RFID Technology Secure and Private?
Rand A. Mahmood
School of Electrical & Computer Engineering
New York Institution of Technology, Amman, Jordan
Wasim A Al-Hamdani, Ph.D.
Kentucky State University
400 East Main, KY 40601 USA
Radio Frequency Identification (RFID) has been used in a variety of
applications, such as inventory management, anti-theft monitoring of
consumer merchandise, and the tagging of livestock. With previous
applications, it is difficult to link information stored on an RFID
transponder to a specific individual. New applications for RFID
technology include embedding transponders in everyday things used
by individuals, such as library books, payment cards, and personal
identification cards and documents. While RFID technology has
existed for decades these new applications carry with them
substantial new privacy and security risks for individuals. In this
paper I study the risks and security issues of RFID, such as the
targeting or tracking of individuals, or the potential disclosure of
personal practices or preferences to unauthorized third parties, and
how it could be attacked at any part of the RFID system ( between
RFID tag and reader attacks, middleware attacks and Backend station
attacks). Despite the increasing popularity of RFID technology, the
electronic information it deals with may not be as secure as was once
Categories and Subject Descriptors
C.2.0 [Computer Communications Networks]: General – Security
D.4.6 [Security and Protection]: Cryptographic controls, Access
D.4.6 [Operating Systems]: Security and Protection - Access
controls – Authentication, Cryptographic controls, Information flow
controls, Invasive software.
Keywords: RFID security, nSpeedPass, Middleware attacks,
Radio frequency identification (RFID) chips are used everywhere. A
number of examples can be quoted where RFID technology has been
implemented companies and laboratories use them as access keys, to
start their cars, and as inventory tracking devices . Drug
manufacturers rely on chips to track pharmaceuticals. ABI Research
recently reported that the global market for RFID readers and reader
modules grew to more than 35,500 unit shipments in 2005 .
Reader unit volumes grew by nearly 14% in the first quarter of 2006
as compared with the first quarter of 2005. The IDC market research
firm supports these findings, having found similar evidence of a
booming RFID market in Malaysia. According to IDC, RFID
spending in Malaysia is estimated to grow at a compound annual
growth rate of 45.84% from $2.45 million in 2005 to almost $20.94
million in 2010 .New applications such as RFID-enabled self-
checkouts, contactless payment systems using credit and debit cards
with embedded RFID tags, and payment systems based on finger
scans or other biometrics, are also sure to boost the appeal of RFID
in upcoming applications assuming, of course, that the price of RFID
tags goes down and that concerns regarding basic privacy and
security can be adequately addressed. Some of RFID’s inherent
weaknesses, such as inadequate security precautions, may be found
before widespread deployment when they are sure to be easier and
less costly to fix. Some vendors are working on combining RFID
tags with sensors of different kinds. This would allow the tag to
report not simply the same information over and over, but identifying
information along with current data picked up by the sensor. For
example, an RFID tag attached to the leg of a lamb could report on
the temperature readings of the past 24 h to ensure that the meat was
properly kept cool. This can be taken as the positive side of RFID
usage. Over time, the proportion of ‘‘scan-it-yourself’’ aisles in retail
stores will increase. Eventually, we may wind up with stores that
have mostly scan-it-yourself aisles and only a few checkout stations
for people who are disabled or unwilling. This will result in added
advantage to the users. In the near future, RFID tags are also about to
get a lot more personal. Next generation U.S. passports and credit
cards will contain RFIDs, and the medical industry is exploring the
use of implantable chips to manage patients in an effective manner.
Similar to the growth of the Internet, anywhere a security hole exists;
some hacker will find and exploit it for fun, profit, or both. The
security problems summarized earlier are real and require real,
practical solutions. The RFID industry is working on technical
solutions to all of the security problems noted earlier and additional
progress in security standards in 2007, coupled with increased RFID
industry outreach to the general public the form of press releases and
advertising about security features.
Commercialized chips became widely manufactured and available in
the 1980s, and RFID tags were used to track difficult-to-manage
property like farm animals and railroad cars, and so on. But over the
last few years, the market for RFIDs has exploded, driven by
advances in computer databases and supported by declining chip
prices. Now a number of companies, from Motorola to Philips to
Texas Instruments, manufacture the chips . The tags work by
broadcasting a few bits of information to specialized electronic
readers, as shown in Figure 1. Most commercial RFID tags are
passive emitters and have no onboard battery; these tags get activated
by the reader power. Once activated, these chips broadcast their signal
indiscriminately within a certain range, usually a few inches to a few feet.
However, active RFID tags with internal power can send signals to
hundreds of feet; these are deployed in the automatic toll-paying
Permission to make digital or hard copies of all or part of this work
for personal or classroom use is granted without fee provided that
copies are not made or distributed for profit or commercial
advantage and that copies bear this notice and the full citation on the
first page. To copy otherwise, or republish, to post on servers or to
redistribute to lists, requires prior specific permission and/or a fee.
Information Security Curriculum Development Conference 2011
October 7-9, 2011, Kennesaw, GA, USA.
Copyright 2011 ACM 978-1-4503-0812-0/10/11…$10.00.
devices that sit on car dashboards, pinging tollgates as autos whiz
Figure 1. RFID system 
For protection of information, RFID signals can be encrypted using
suitable algorithms. The chips that are used for applications like
passports, for example, will likely be coded/ encrypted to make it
difficult for unauthorized readers to retrieve their onboard
information (which will include a person’s name, age, nationality,
and photo and other sensitive information). But then, most of the
commercial RFID tags do not include security as it is very expensive.
This leaves most RFIDs vulnerable to cloning and data tampering, if
the RFID chip has a writable memory area. RFID chips that are used
to track product shipments or expensive equipment, for example,
often contain pricing and item information. These writable areas can
be locked, but often they are ignored, either because the companies
using RFIDs do not know the working of the chips, or the data fields
need to be updated frequently. Either way, these chips are open to
hacking or tampering of data.
The world of RFID is like the Internet in its early stages. No one had
thought about building security features into the Internet in its early
stages, and now we are paying for it in viruses and other attacks by
adversaries. The same thing is also true of RFIDs. Hacking of RFID
chips is very easy. One can steal the smart card, lift someone’s
passport, jack someone’s car, and even clone the chip embedded in
an arm. There are so many accounts of how RFID has been hacked.
2. PROBLEMS WITH RFID
The problems with RFID can be divided into the following three
2.1 Technology-Related Problems
(1) Problems with RFID Standards
RFID has been implemented in different ways by different
manufacturers; global standards are still being developed and
interoperability is a serious issue. It should be noted that some RFID
devices are never meant to leave their network as the RFID tags are
used for inventory control within a company. This can cause
problems for companies .There are well-developed standards for
low- and high-frequency RFID systems, but most companies want to
use UHF in the supply chain because it offers longer read range up to
20 ft under good conditions. UHF technology is relatively new, and
standards were not established until recently and are still evolving.
Another issue is cost. RFID readers typically cost $1000 or more.
Companies would need thousands of readers to cover all their
factories, warehouses, and stores. RFID tags are also fairly expensive
20 cents or more—which makes their use for identifying millions of
items that cost only a few dollars impractical.
(2) RFID Systems Can Be Easily Disrupted
Since RFID systems make use of the electromagnetic spectrum
(WiFi networks or cell phones), they are relatively easy to jam by
employing energy at the right frequency, Although this would only
be an inconvenience for consumers in stores (longer waits at the
checkout), it could be disastrous in other environments (e.g.,
hospitals, battlefields) where RFID is increasingly used.
In addition, active RFID tags (those that use a battery to increase
the range of the system) can be repeatedly interrogated to wear the
battery down, thus disrupting the system.
(3) RFID Reader Collision Interference
Reader collision occurs when the signals from two or more readers
overlap as shown in Figure 2. The tag is unable to respond to
simultaneous queries. Systems must be carefully set up to avoid this
problem; many systems use an anti-collision protocol (also called a
singulation protocol). Anti-collision protocols enable the tags to take
turns in transmitting to a reader .
Figure 2: Reader-to-reader interference 
(4) RFID Tag Collision
Tag collision occurs when many tags are present in a small area; as
shown in Figure 3. But since the read time is very short, it is easy for
vendors to develop systems that ensure that tags respond one at a
time by employing suitable algorithms.
Figure 3. Tag-to-tag interference 
(5) Reader to Tag collision
Reader to tag collision occurs when one tag is positioned in more
than one area of the reader, as shown in Figure 4. Each reader tries to
communicate with this tag at the same time, as every reader thinks it
is connected with this tag alone.
Figure 4.Reader-to-tag interference 
2.2 Privacy and Ethics Problems with RFID.
The following problems with RFID tags and readers have been
reported , .
RFID Tags Can Be Read without Your Knowledge
Since the tags can be read without being swiped or obviously
scanned (as is the case with magnetic strips or bar codes),
anyone with an RFID reader can read the tags embedded in your
clothes and other consumer products without your knowledge.
For example, you could be scanned before you enter the store,
just to see whether you are carrying an RFID chip, and so on.
You might then be approached by a clerk who knows what you
have in your backpack or purse, and can suggest accessories or
other items matching the amount you have. This can pose a
serious threat to one’s privacy and security.
RFID Tags Can Be Read at Greater Distances with a High-Gain
For various reasons, RFID reader/tag systems are designed so
that the distance between the tag and the reader is kept to a
minimum (see the material on tag collision earlier). However, a
high-gain antenna can be used to read the tags from much
further away, leading to serious privacy problems.
RFID Tags with Unique Serial Numbers Could Be Linked to an
Individual Credit Card Number.
At present, the Universal Product Code (UPC) implemented
with bar codes allows each product sold in a store to have a
unique number that identifies that product. Work is in progress
on a global system of product identification that would allow
each individual item to have its own number. When the item is
scanned for purchase and is paid for, the RFID tag number for a
particular item can be associated with a credit card number .
2.3 Security Concerns
The security problems surrounding RFID technology can be grouped
into several classes:
(1) Data ownership and data-mining techniques
All methods of data collection involve privacy data ownership, and
the ethical use of data-mining techniques to discover the
characteristics of an individual or an organization. For example,
customer-loyalty card data could be used to find out private medical
information about an individual. This problem predates the use of
RFID technology, but the sheer volume of data provided by RFID
tags adds a new urgency to these discussions.
(2) Data theft
For data theft, two things are required: access to a computer system
and considerable hacking skills to steal data.
RFID tags are made to broadcast information; the possibility of data
theft by easily concealable RFID scanners is very real and easy. Chip
manufacturers counter this by adding security features such as secure
encryption schemes to the chips and data.
(3) Data corruption
Most RFID tags are rewritable. This feature may be locked (turning
the tag into a write-once, read-many device) or left active, depending
on application and security sensitivity. For example, in libraries, the
RFID tags are frequently left unlocked for the convenience of
librarians in reusing the tags on different books or to track check-ins
and check-outs. But when tags that should be locked are not locked
(e.g., in the supply chain management), the potential does exist for
pranksters or malicious users to rewrite the tags with incorrect or
3. THREAT AND TARGET IDENTIFICATION
3.1 Attack Objectives
To determine the type of an attack, we must understand the possible
objectives of that attack, which will then help determine the possible
nature of the attack.
Someone attacking an RFID system may use it to help steal a single
object, while another attack might be used to prevent all sales at a
single store or at a chain of stores. An attacker might want
misinformation to be placed in a competitor’s backend database so
that it is rendered useless. Other people may want to outmanoeuvre
physical access control, while having no interest in the data.
Therefore, it is necessary for anyone looking at the security of an
RFID system to identify how their assets are being protected and
how they might be targets. Just as there are several basic components
to RFID systems, there are also several methods (or vectors) used for
attacking RFID systems. Each vector corresponds to a portion of the
system. The vectors are “on-the-air” attacks, manipulating data on
the tag, manipulating middleware data, and attacking the data at the
3.2 Radio Frequency Manipulation
One of the simplest ways to attack an RFID system is to prevent the
tag on an object from being detected and read by a reader. Since
many metals can block radio frequency (RF) signals, all that is
needed to defeat a given RFID system is to wrap the item in
aluminium foil or place it in a metallic-coated Mylar bag. This
technique works so well that New York now issues a metallic-coated
Mylar bag with each tag.
From the standpoint of over-the-air attacks, the tags and readers are
seen as one entity. Even though they perform opposite functions,
they are essentially different faces of the same RF portion of the
system. An attack-over-the air-interface on tags and readers typically
falls into one of four types of attacks: spoofing, insert, replay, and
Denial of Service (DOS) attacks.
3.3 Other attacks
Spoofing attacks supply false information that looks valid and that
the system accepts. Typically, spoofing attacks involve a fake
domain name, Internet Protocol (IP) address, or Media Access Code
(MAC). An example of spoofing in an RFID system is broadcasting
an incorrect Electronic Product Code (EPC) number over the air
when a valid number was expected. Insert attacks insert system
commands where data is normally expected. These attacks work
because it is assumed that the data is always entered in a particular
area, and little to no validation takes place. Insert attacks are
common on Web sites, where malicious code is injected into a Web-
based application. A typical use for this type of attack is to inject a
Structured Query Language (SQL) command into a database. This
same principle can be applied in an RFID situation, by having a tag
carry a system command rather than valid data in its data storage area
(e.g., the EPC number). Replay attack, a valid RFID signal is
intercepted and its data is recorded; this data is later transmitted to
a reader where it is “played back.” Because the data appears valid,
the system accepts it. DOS attacks, also known as flood attacks, take
place when a signal is flooded with more data than it can handle.
They are well known because several large DOS attacks have
impacted major corporations such as Microsoft and Yahoo. A
variation on this is RF jamming, which is well known in the radio
world, and occurs when the RF is filled with a noisy signal. In either
case, the result is the same: the system is denied the ability to
correctly deal with the incoming data. Either variation can be used to
defeat RFID systems .
3.4 Manipulating Tag Data
Blocking the RF might work for someone attempting to steal a single
item. However, for someone looking to steal multiple items, a more
efficient way is to change the data on the tags attached to the items.
Depending on the nature of the tag, the price, stock number, and any
other, Threat and Target Identification data can be changed. By
changing a price, a thief can obtain a dramatic discount, while still
appearing to buy the item. When items with modified tags are bought
using self-checkout cash register, no one can detect the changes.
Only a physical inventory would reveal that shortages in a given item
were not matching the sales logged by the system.
3.5 TAG APPLICATION ATTACKS
Tracking The US government plans to use RFID tags in new
passports for tracking purposes. Officially, the RFID tag is used for
updating security and counterfeit protection, and for conforming to
the International Civil Aviation Organization (IACO) machine-
readable travel documents. However, this addition to the US passport
has caused a huge debate among security and privacy experts, and
national security advocates. At the time of this writing, the US is still
in the beginning stages of deployment; therefore, there are no “real”
results showing that the system works. The e-Passport contains an
RF transponder, implemented as a contactless smart card, embedded
in the cover of each passport. This transponder contains the
information currently on the data page of the passport (name, birth
date, country of citizenship, passport number etc). With the image of
the passport holder stored as a JPEG file. The chosen technology is a
passive International Organization for Standardization (ISO) 14443
A & B compliant RF transponder with 64kB of on-board memory.
The chip is passive and contains no power source, as it receives
power from the RF fields produced by the reader. The standard does
not explicitly address the read range of the chip, but it is generally
accepted that the read range will be a maximum of 4 inches (10cm)
from reader to chip .
3.5.1 Security and privacy risks with the E-Passport:
After the concern over privacy and security of the e-Passport,
additional items were added to the design. Changes implemented
with the Final Rule for the e- Passport include adding a metallic
shield (a Faraday cage ( to the cover of the passport to prevent
skimming. Also, Basic Access Control is implemented in the e-
Passport to prevent unauthorized readers from accessing the chip.
With this addition, a forger would have to forge the physical passport
as well as all of the anti-counterfeit measures, and then integrate an
RFID chip containing that same forged data. It would make stolen or
lost passports much harder to alter, because the new name and
information would differ from the information on the RFID tag. It is
assumed that in the future, a chip will store a person’s biometric
information (e.g., fingerprints, iris scan, and so on), which would
increase the ability for border guards and issuing agencies to confirm
someone’s passport .The IACO is an organization that sets
international standards for civil air travel. They specify international
base standards for baggage and passengers, make sure that flights
from one country to another are compatible (radio frequencies,
standard terms and procedures, and so forth), and ensure that
everything is working safely and efficiently. They also specify
standards regarding travel documents, so that each country’s
documentation is compatible and interoperable with the other
countries’ documentation. They were originally specified to be
machine-readable using optical character recognition (OCR).
The new standards specify the co-existence of newer technologies
with the older OCR systems. These new standards specify
requirements such as how much storage, what should be in the
storage, and so forth, but they leave it to member states to select
specific technologies. Member states can also increase or implement
additional technologies if they wish; however, they still have to meet
the international baseline requirements. The US State Department
specified that the new US passports would increase the available
memory from 32 kilobytes to 64 kilobytes, presumably for future use
with biometrics information. They also chose to use a contactless
chip technology (RFID) rather than a contact-based technology such
as smart cards or a magnetic strip. Using RFID chips is recognized in
the ICAO specifications as valid technology; however, some people
think this is a bad choice for a security device, because the ICAO
specification does not require a digital signature or encryption of the
information on the tag. One major concern is “skimming,” which is
the ability to covertly read information on a passport. The fear is that
criminals would be able to pick Americans out of a crowd or have
their vital information broadcast to anyone in range. The problem is
that the specification covers the minimum range at which tags should
be able to be read (0 to 10 cm), but does not specify a maximum
range. However, with a high-powered reader and antenna it is
possible to read the tag from several feet away.
The fear is that American travellers abroad could be identified by the
presence of their passport and possibly targeted for kidnapping or
robbery. The unencrypted information also reveals more than most
travellers wish to share. The possibility also exists for foreign
persons, either governmental or private, to track American citizens.
Terrorists could have a bomb rigged with an RFID reader that will
explode when more than one US passport is in range. Or they can
scan down hotel hallways looking for Americans to kidnap or rob.
These are all within the realm of possibility with existing
technologies. Based on the public outcry, the State Department made
revisions to the proposed system, including encrypting the data on
the RFID tag and printing the key on the optically read section of the
reader for decoding on the PC. This way, any intercepted data is
garbled and unreadable without the key, which is accessible only
with physical access to the passport. It is hard to imagine a 128-
character key being printed on a passport, let alone strong publicly
vetted encryption being used on the tag. Presuming the encryption
method is known or learned, the key space for searching the
information is considerably small and within the realm of brute force
attacks. The State Department also mandated the inclusion of a
metallic layer in the front and back covers and along the spine of the
passport, to prevent the tag from being able to interact with a reader
unless it is open (i.e., a ‘‘tin foil hat’’ solution to allay the concerns
of the privacy advocates).The problem is that the foil cover may not
be able to stop transmissions at close range. Another issue is that the
foil may not always be in good enough condition to protect the tag.
Using a printed key is also not a good choice. Passports are used all
over the world as non-governmental identification for things such as
hotel reservations and Internet cafes, all of which need you to open
your passport and expose the RFID tag and the printed key. In the
case of hotel reservations, the passport is required to be photocopied
and kept on file, including the key. Even if the information is
encrypted, a passport can still be identified as American. To prevent
problems where more than one tag is in range of a reader, every tag
has a collision-avoidance identifier, which is a unique identifier that
allows the reader to distinguish one tag from another. Having RFID
in passports also solves a standards compliance problem and a
political problem concerning the perceived need to increase passport
security. However, looking beneath the surface of the new
technology, you can see that there are some big problems that need to
be addressed, using a security device in something as important as a
passport should be evaluated extensively, because of the profound
implications if it is done wrong .
4. SPEEDPASS AND CONTACTLESS
Exxon-Mobil’s SpeedPass, MasterCard PayPass, Chase Bank’s Blink
MasterCard and American Express’s Express Pay are all types of
contactless payment systems.They are termed “contactless” because
electronic payment is made simply by waving a credit card or
payment key tag near a reader (usually within a few inches) at the
POS. No contact needs to be made. Credit cards do not have to be
swiped against a magnetic reader for a payment charge to be
The SpeedPass was introduced in 1997 and is the longest-standing
contactless payment system in the US; more than seven million
people use SpeedPass. All contactless payment systems contain
passive RFID tags. A variety of devices can be used to house the tag
(e.g., a credit card, key tag or fob, or a mobile phone).The SpeedPass
uses a small plastic key fob, shown in Figure 5.
Figure 5. SpeedPass Photograph 
Figure 6. SpeedPass at the Pump
Figure 6 shows the Consumers use the SpeedPass to pay for
purchases at Exxon-Mobil gas stations across the US. To pay, the
consumer waves the key tag in front of the designated area on the gas
pump where the reader is located. The key tag contains a
cryptographically enabled RFID chip and antenna and the pump
contains the RFID reader. The reader interrogates the tag and a
unique identifying code is transmitted via a Very Small Aperture
Terminal (VSAT) network to a system. Once credit is approved, the
pump turns on and the consumer pumps gas and completes the
transaction. The payment is charged against the consumer’s credit
card that is tied to the SpeedPass account. No credit card information
is stored or processed on the SpeedPass device itself. Figure 8
illustrates the Speedpass system concept.
Figure 7. SpeedPass operational concept 
Exxon-Mobil maintains that SpeedPass is safe and secure. However,
no electronic payment system is 100 percent immune from security
issues. In 2005, RSA Laboratories and a group of students simulated
a SpeedPass and purchased gas with it. Just like a credit card, the
SpeedPass system can be compromised and used to make additional
purchases. The SpeedPass Web site states that it will authorize a
credit to the consumer’s financial institution in the event of an
unauthorized transaction. Unlike a typical credit card, the SpeedPass
does not require a signature; and unlike a debit card, it does not
require a Personal Identification Number (PIN) number. While this
may seem risky, in practice it is hard to see the difference from a
standard credit card purchase at the gas pump, which is made without
a signature or a PIN. Given the large number of people using the
SpeedPass for gas station and convenience store purchases,
SpeedPass is another success story in deploying RFID in a consumer-
It is software manages the readers and the data coming from the tags,
and passes it to the backend database system. Middleware sits in the
middle of the data flow between the readers and the backend, and
manages the flow of information between the readers and the
backend. In addition to extracting data from the RFID tags and
managing data flow to the backend, middleware performs functions
such as basic filtering and reader integration and control.
As RFID matures, middleware will add features such as improved
and expanded management capabilities for both readers and devices,
and extended data management options.
5.1 MIDDLEWARE ATTACKS
Middleware attacks can happen at any point between the reader and
the backend. Some theoretical attack on the middleware of the Exxon
Mobil SpeedPass system:
The customer’s SpeedPass RFID tag is activated by the
reader over the air. The reader is connected to the pump
or a cash register. The reader handshakes with the tag
and reads the encrypted serial number.
The reader and pump are connected to the gas station’s
data network, which in turn is connected to a very small
aperture terminal (VSAT) satellite transceiver in the gas
The VSAT transceiver sends the serial number to an
orbiting satellite, which in turn, relays the serial number
to a satellite earth station.
From the satellite earth station, the serial number is sent
to Exxon Mobil’s data centre. The data centre verifies
the serial number and checks for authorization on the
credit card that is linked to the account.
The authorization is sent back to the pump following the
above route, but in reverse.
The cash register or pump receives authorization and
allows customers to make their purchases.
At any point in the previous scenario, the system may be vulnerable
to an outside attack. While requiring sophisticated transmitters
systems, attacks against satellite systems have happened from as far
back as the 1980s.However, the weakest point in the previous
scenario is probably the local area network (LAN).This device could
be sniffing valid data to use in a replay attack, or it could be injecting
data into the LAN, causing a DOS attack against the payment system.
This device could also be allowed unauthorized
transmissions.Another possibility might be a technically
sophisticated person taking a job in order to gain access to the
middleware. Some “social engineering” attacks take place when
someone takes a low paying job that permits access to a target system.
Further along the data path, the connection between the satellite’s
earth station and the data centre where the SpeedPass numbers are
stored is another spot where middleware can be influenced. The
connections between the data centre and the credit card centres are
also points where middleware data may be vulnerable.
6. BACKEND SYSTEMS
A backend system defines the business logic for interpreting raw
RFID data and the actions associated with it. Every tag read can
result in single or multiple actions, which may integrate with
multiple applications, result in e-mails, or activate other devices.
Events or actions may be shared by trading partners. In order to
understand the basic elements of the backend, I use the example of a
store selling orange juice and milk. The backend must do the
Define the business context. Data received from the
middleware is in the raw form of a Tag ID or Reader ID,
which needs to define what tag and readers IDs mean
(e.g., Tag IDs from 1 to 100 mean orange Juice, and tag
IDs 400 through 500 means milk. Reader ID =1 means
entry door reader and Reader ID = 2 means exit door
Depending on the end-user requirement, business logic
can be written to solve the most complex issues and to
make the system reliable and robust. The backend
system also needs to determine which events to store
and which to purge in order to have a clean and
manageable data repository. Component-based
architecture can make the system scalable, expandable,
and repeatable at multiple locations.
As per the EPCglobal network layers, the backend system comprises
the EPCIS capturing application, the EPC Information Services
(EPCIS) accessing application, and the EPCglobal Core Services,
Figure 9 shows The EPCglobal Architecture Framework .As we
look at the backend, there are certain vulnerabilities in the system.
Data by itself poses a challenge. What if bad data is flooded to the
backend system? What if there are spurious reads? What if tags are
duplicated purposefully? In certain situations, it can confuse and jam
the backend. The communication between middleware and the
backend happen by using JMS, Simple Object Access Protocol
(SOAP), or Hypertext Transfer Protocol (HTTP). What if there is a
man-in-the-middle (MIM) attack? What should we do if there is a
Transfer Control Protocol (TCP) replay attack? RFID attacks can
also happen at the Domain Name System (DNS)/Object Name
Service (ONS) level .Because the backend database is often the
furthest point away from the RFID tag, both in a data sense and in
physical distance, it may seem far removed as a target for attacking
an RFID system. However, it bears pointing out that they will
continue to be targets of attacks because they are asking, “where the
money is.” Databases may have some intrinsic value if they contain
such things as customers’ credit card numbers. A database may hold
valuable information such as sales reports or trade secrets, which is
invaluable to a business competitor. Businesses that have suffered
damage to their databases are at risk for losing the confidence of
consumers and ultimately their market share, unless they can contain
the damage or quickly correct it.
Figure 8. The EPCglobal Architecture Framework
The business sections of newspapers and magazines have reported
many stories regarding companies suffering major setbacks because
consumer confidence dropped due to an IT related failure.
Manipulated databases can also have real-world consequences
beyond the loss of consumers’ buying power. It is conceivable that
changing data in a hospital’s inventory system could literally kill
people or changing patient data on the patient records database could
be deadly. A change of one letter involving a patient’s blood type
could put that person at risk if they received a transfusion.
Hospitals have double and triple checks in place to combat these
types of problems; however, checks will not stop bad things from
happening due to manipulated data; they can only mitigate the risk.
Some exams of these attacks and some of the solutions in order to
make the backend robust and reliable:
7.1 Data Attacks
The RFID middleware collects RFID events (the tag read by a RFID
sensor) and sends them to the backend systems. These events can be
collected from several locations within an enterprise or across
7.2 Data Flooding
The data sent to the backend system can pose several security threats,
including flooding and spurious data, and may contain a virus.
Problem 1:If a large number of tags are placed in front of a reader, a
lot of data will be sent to the backend (e.g., if the inventory of tag
rolls is accidentally placed in the vicinity of a reader, a huge amount
of data will be generated at a single point in time.
Solution 1: Place the inventory of tag rolls in a radio-shielded
environment to prevent the accidental flooding of the tag reads.
Determine the “tags of interest” at the edge of the enterprise (not in
the application) to prevent flooding (e.g., filtration needs to be done
at the edge).
Problem 2:Another situation could be if the middleware buffers too
many events and then suddenly sends all of them to the backend, it
may cause a problem.
The backend system must be robust in order to handle flooding.
There could be a staging area where the events would be temporarily
received from the middleware. The backend process of analysing the
event and sending it to the right business process can be done using
the events from the staging area.
7.3 Virus Attacks
A virus performs two basic functions: it replicates itself and,
optionally, it executes a payload. To replicate itself, the RFID virus
uses the database. The details of replication depend on the database
that is used, but broadly two classes of viruses can be distinguished:
the one uses self-referential queries, the other uses quins. The
payload the virus can execute depends both on the self-replication
mechanism and the database that is targeted. A tag typically contains
a unique ID and may also contain some user-defined data. The data
size can range from a few bytes to several kilobytes. RFID sensors
can write and read the data, which is then received by the backend
system and used for further processing. A poorly designed backend
system and skewed tag data could lead to harmful actions .
Problem 1 (Database Components):Airline baggage contains a tag
with the airport destination in its data field. Upon receiving
the tag data, the backend system fires the query: select * from
location_table where airport = <tag data>.” Typically, the tag
data contains the destination airport. A smart intruder could change
this tag data from “LAX” to “LAX; shutdown.” Upon receiving this
data, the backend system may fire a query such as “select * from
location_table where airport = LAX; shutdown.” This may
lead to a database shutdown and hence a baggage system shutdown.
Problem 2 (Web-based Components): Many backend systems use
Web-based components to provide a user interface or to query
databases. These Web-based components are also vulnerable to
attacks .If a Web browser is used to display tags (either directly or
indirectly through the database) it can abuse the dynamic features
offered by modern browsers by including Java script code on the tag.
An example Java script command is:
This example redirects the browser to a WMF (Windows Metafile
format) file that may contain an exploit of the recently discovered
WMF bug .
Problem 3 (Web-Based Components):Another way that Web-based
components can be exploited is through server-side includes (SSI).
SSI is a technology that allows for dynamic Web page generation by
executing commands on the Web server when a Web page is
requested. Using SSI’s exec command on a tag makes it possible to
trick the Web server into executing malicious code. A skewed tag
data could be <!-- #exec cmd=”rm -R /”--> which could result in
deleting the files.
The backend system must first validate the tag data or have a
mechanism of checksum so that data cannot be skewed.
Problem 4 (Buffer Overflow): A middleware system is designed to
accept tag data of a certain size. A backend system is written in
C/C++ code, which reads tag data into a predefined memory size. If
an intruder brings a tag with more capacity, it may force the backend
system to have a buffer overflow, thus leading to a system crash.
Solution 4 The backend system should have sufficient guards and
checks in place in order to read certain sizes and to validate the data
using some checksum techniques.
7.4 BLENDED ATTACKS
Attacks can be used in combinations. The various attacks seen in
opposition to RFID systems have also been made against individual
However, the increased cleverness of those who attack RFID systems
will probably lead to blended attacks. An attacker might attack the
RF interface of a retailer with a custom virus tag, which might then
tunnel through the middleware, ultimately triggering the backend to
dump credit card numbers to an unknown Internet site via an
7.5 A Man in the Middle
A Man in the Middle (MIM) attack is an attack angle that takes
advantage of the mutual trust of a third party, or the simultaneous
impersonation of both sides of a two-way trust. MIM attacks are
unknown parties in a communication, who relay information back
and forth, giving the simultaneous appearance of being the other
party. RFID is particularly susceptible to MIM attacks because of its
small size and low price. Most RFID technologies talk to any reader
close enough to read the signal. There is no user interaction in
reading the tag, and no authentication of the reader takes place.
Consequently, you can walk up to someone with an RFID tag and a
reader tuned to the frequency of their tag, and read or interact with
their tag without he or she knowing, while replaying or emulating the
tag to the reader at the same time . The most secure solution is a
smart card that only works in contact with a reader; RFID is much
more risky. But if we're stuck with RFID, the combination of
shielding for the chip, basic access control security measures, and
some positive action by the user to get the chip to operate is a good
one. The devil is in the details, of course, but those are good starting
points. And when you start proposing chips with a 25-foot read range,
you need to worry about man-in-the-middle attacks. An attacker
could potentially impersonate the card of a nearby person to an
official reader, just by relaying messages to and from that nearby
person's card. Here's how the attack would work. In this scenario,
customs Agent Alice has the official card reader. Bob is the innocent
traveller, in line at some border crossing. Mallory is the malicious
attacker, ahead of Bob in line at the same border crossing, who is
going to impersonate Bob to Alice. Mallory's equipment includes an
RFID reader and transmitter. Assume that the card has to be activated
in some way. Maybe the cover has to be opened or the card taken out
of a sleeve. Maybe the card has a button to push in order to activate it.
Also assume the card has become challenge-reply security protocol
and an encrypted key exchange protocol of some sort.
Alice's reader sends a message to Mallory's RFID chip.
Mallory's reader/transmitter receives the message, and
rebroadcasts it to Bob's chip.
Bob's chip responds normally to a valid message from
Alice's reader. He has no way of knowing that Mallory
relayed the message.
Mallory's reader transmitter receives Bob's message and
rebroadcasts it to Alice. Alice has no way of knowing that
the message was relayed.
Mallory continues to relay messages back and forth
between Alice and Bob.
Defending against this attack is hard. Time stamps don't help.
Encryption doesn't help. It works because Mallory is simply acting as
an amplifier. Mallory might not be able to read the messages. He
might not even know who Bob is. But he doesn't care. All he knows
is that Alice thinks he's Bob. Precise timing can catch this attack,
because of the extra delay that Mallory's relay introduces. But I don't
think this is part of the spec.
The attack can be easily countered if Alice looks at Mallory's card
and compares the information printed on it with what she's receiving
over the RFID link. But near as I can tell, the point of the 25-foot
read distance is so cards can be authenticated in bulk, from a distance
. Some defenses against MITM attacks use authentication
techniques that are based on:
Public key infrastructures.
Stronger mutual authentication, such as:
Secret keys (which are usually high information
entropy secrets, and thus more secure), or
Passwords (which are usually low information
entropy secrets, and thus less secure).
Latency examination, such as with long Cryptographic
hash function calculations that lead into 10s of seconds; if
both parties take 20 seconds normally, and the calculation
takes 60 seconds to reach each party, this can indicate a
third party Second (secure) channel verification.
Despite any security concern it does not appear that RFID will be
running out of stream in the future. In fact, it is just the opposite and
its popularity is increasing. RFID is a promising technology
applicable in many areas, but many of its security and privacy issues
have not yet been addressed. In this paper, I illustrate the risks and
security issues of RFID. I demonstrate that some of the possible
attacks that could be made against RFID systems, including RFID
tag and reader attacks, middleware attacks and Backend station
attacks, I also looked at some of the possible attack vectors and how
they would be accomplished. And lastly, we cannot ignore the
security risks of RFID tags and their impact on the security and
privacy of an individual.
 "Radio Frequency Identification", 2010.
SearchNetworking.com RFID, can be retrieved from
_gci80598700.html - Bing
 The ABI research technology market intelligence,2010 can be
retrieved from http://www.abiresearch.com
 The IDC Analyze the future , 2010.can be retrieved from
 Texas Instruments, 2011.can be retrieved from
 Problems with RFID, 2011. can be retrieved from
 E. Schuman, "2006Major RFID Hurdles Ahead", can be
retrieved from http://
 RFID & Individual Privacy, 2010.can be retrieved from
 S. Rogerson, 2004. "Police intelligence?" can be retrieved from
 E. Schuman, 2006." Item-Level RFID Tags Cost More than
Expected", can be retrieved from
 S. E. Sarma, S. A. Weis and D. W. Engels .2010."RFID
Systems and Security and Privacy Implications" can be
 M. T. Islam, 2010. "A Brief Survey on RFID Security and
Privacy Issues", can be retrieved from
 C. Swedberg, 2010. U.S. Tests E-Passports, can be retrieved
 A. Ramos, et al., 2009." Do RFID passports make us
vulnerable to identity theft?", can be retrieved from
 M. Meingast, J. King, D. K. Mulligan, 2007. "Security and
Privacy Risks of Embedded RFID in Everyday Things: the e-
Passport and Beyond", can be retrieved from
 The speedpass. 2011.can be retrieved from
 K. Traub, et al. 2005. " The EPCglobal Architecture
Framework",can be retrieved from
 A. Mitrokotsa, M. R. Rieback and A. S. Tanenbaum, 2010."
Classifying RFID attacks and defenses", Classifying RFID
attacks and defenses, can be retrieved from
 M. R. Rieback, B. Crispo, A. S. Tanenbaum,2006. " Is Your
Cat Infected with a Computer Virus?", can be retrieved from
 rfidvirus.org. 2011. "SQL Virus Using Self-Referential
Queries", can be retrieved from
 Wikipedia.org, 2010."Man-in-the-middleattack", can be
retrieved from http://en.wikipedia.org/wiki/Man-in-the-
 B. Schneier, 2006."RFID Cards and Man-in-the-Middle
Attacks", can be retrieved from
 A. Ali ,2003."Re-Use of Integrated Dictionary Components for
C4ISR Architectures" can be retrieved from
 Speedpass,2010. can be retrieved from
 Amit Rawal, 2009. "RFID: The Next Generation Auto-ID
Technology" Microwave Journal Vol. 52 No.2 Page 58
 O.Bang,J. Choi,D.Lee and H. Lee , 2009. "Efficient Novel
Anti-collision Protocols for Passive RFID Tags"Auto-ID Labs
 F. Armenio et al.2007 "The EPCglobal Architecture
Framework" Final Version 1.2(pp.27)