ArticlePDF Available

"RFID Security Issues"

Authors:

Abstract and Figures

The deployment and use of Radio Frequency Identification (RFID) technology is growing rapidly across many different industries. Developers apply the technology not only in traditional applications such as asset or inventory tracking, but also in security services such as electronic passports and RFID-embedded credit cards. Within less than a decade, a large number of research papers dealing with security issues of RFID technology have appeared. In this paper we want to provide some thoughts on security issues concerning RFID systems and to highlight some of the areas that have to be considered regarding this topic. To deal with security and RFID means to deal not only with security aspects of RFID systems but also with security aspects of anything or anyone affected by RFID systems. The widespread dissemination of identification technology and storage devices certainly has side effects and can lead to new threats in other areas and applications. I. INTRODUCTION The significance of radio frequency identification (RFID) security is increasing explosively, leading to a research trend. The current most severe RFID security issues are privacy and authentication security. The renewable identity (ID) approach with a central database is the current dominating approach to achieve user privacy and authentication security. RFID (Radio-Frequency IDentification) is a technology for automated IDentification of objects and people. Human beings are skillful at identifying objects under a variety of challenge circumstances.
Content may be subject to copyright.
“RFID Security Issues”
Sangita Mohite
1
, Gurudatt Kulkarni
2
, Ramesh Sutar
3
1Lecturer in D.Y. Patil Polytechnic, Kolhapur,
2,3Lecturer in Marathwada Mitra Mandal’s Polytechnic, Pune
Abstract:-The deployment and use of Radio Frequency
Identification (RFID) technology is growing rapidly across
many different industries. Developers apply the technology
not only in traditional applications such as asset or
inventory tracking, but also in security services such as
electronic passports and RFID-embedded credit cards.
Within less than a decade, a large number of research
papers dealing with security issues of RFID technology
have appeared. In this paper we want to provide some
thoughts on security issues concerning RFID systems and
to highlight some of the areas that have to be considered
regarding this topic. To deal with security and RFID
means to deal not only with security aspects of RFID
systems but also with security aspects of anything or
anyone affected by RFID systems. The widespread
dissemination of identification technology and storage
devices certainly has side effects and can lead to new
threats in other areas and applications.
Keywords:-RFID; Security; Privacy; Eavesdropping
I. INTRODUCTION
The significance of radio frequency identification
(RFID) security is increasing explosively, leading to a
research trend. The current most
severe RFID security issues are privacy and
authentication security. The renewable identity (ID) approach
with a central database is the current dominating approach to
achieve user privacy and authentication security. RFID
(Radio-Frequency IDentification) is a technology for
automated IDentification of objects and people. Human beings
are skillful at identifying objects under a variety of challenge
circumstances.
Figure 1.0 RFID Basic System
A bleary-eyed person can easily pick out a cup of coffee on a
cluttered breakfast table in the morning, for example.
Computer vision, though, performs such tasks poorly. RFID
may be viewed as a means of explicitly labeling objects to
facilitate their “perception” by computing devices.RFID is
expected to completely replace the bar code systems in near
future. For commercial markets, RFID systems should
overcome not only the restriction of cheap RFID tags but also
operational and security problems such as scalability, the
tracking problem and the cloning problem. In many cases, the
security part is simplified in order to minimize a tags price.
The technology has much potential to make life more
comfortable and to provide huge savings due to increased
productivity. But on the other hand, there are various
requirements regarding security and privacy protection that
need to be addressed properly. With the use of Internet many
vulnerabilities and threats to the system security and the
privacy of the users are inherited. This can be a malicious
agent faking an innocent PML request over an ONS service or
a disgruntled employee adding incorrect product information
in the database, causing confusion and damaging the systems
integrity. RFID tags may pose security and privacy risks to
both organizations and individuals.
I. SECURITY AND PRIVACY ISSUES
RFID systems, similar to other wireless technology, display a
number of security and privacy risks to users; both the
consumers and the manufactures. The following sections take
a closer look at the security and privacy threats reacted by the
use of RFID systems. It is important to note that privacy is a
multi dimensional issue involving many areas such as policies,
security and law enforcement agencies. Perfect Secrecy is only
a mathematical concept; in reality, there will always be a
human element that is difficult to quantify into any
mathematical formulation. Thus, it is practically impossible to
have a perfectly secure system. Once this is understood then it
is possible to move onto addressing security and privacy
issues shadowing RFID. It is important to understand the
factors contributing to low RFID costs and the limitations
placed on these low cost labels before considering the subject
of security and privacy. Public acceptance of a RFID-based
‘Internet of Things’ depends on strong technical and
operational, security and privacy solutions being in place. The
security issues surrounding RFID and the challenges of
providing security services, to meet the cost and
746
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
www.ijert.orgIJERTV2IS90403
Vol. 2 Issue 9, September - 2013
interoperability requirements of the business process, with a
resource limited device have been written about extensively in
academic, government and industry publications. In this
section we discuss only briefly the high-level system security
aspects, which include some of the main challenges for the
deployment of user-oriented RFID applications
Figure 2.0 Attacks at Various Layers
A. Jamming
Jamming means a deliberate attempt to disturb the air interface
between reader and tag and thereby attacking the integrity or
the availability of the communication. This could be achieved
by powerful transmitters at a large distance, but also through
more passive means such as shielding. As the air interface is
not very robust, even simple passive measures can be very
effective. jamming, which paralyses the communication of an
RFID system by generating a radio noise at the same
frequency as that used by the system.
B. Eavesdropping
Since an RFID tag is a wireless device that emits data, usually
a unique identifier, when interrogated by an RFID reader,
there exists a risk that the communication between tag and
reader can be eavesdropped. Eavesdropping occurs when an
attacker intercepts data with a compliant reader—one for the
correct tag family and frequency—while a tag is being read by
an authorized RFID reader. Since most RFID systems use
clear text communication, due to tag memory capacity or cost,
eavesdropping is a simple but efficient means for the attacker
to obtain information on the collected tag data. The
information picked up during the attack can have serious
implications—it can be used in subsequent attacks against the
RFID system. The communication between reader and
transponder via the air interface is monitored by intercepting
and decoding the radio signals. This is one of the most specific
threats to RFID systems. The eavesdropped information could
for example be used to collect privacy sensitive information
about a person. It could also be used to perform a replay
attack, i.e. the attacker records all communicated messages
and later on can either simulate this tag towards the reader, or
simulate this reader towards the tag.
C. Replay attack
In the case of replay attack, the attacker abuses another
person's identity by repeating the same authentication
sequence as the one provided by an authorized person. A
replay attack may be led by a clone of the legitimate tag or by
re-sending the eavesdropped signal from a PC equipped with
an appropriate card and antenna. In order to perform a replay
attack, an attacker has to obtain some information which is
sent by the tag during normal communication. The first line of
defense is therefore to counter eavesdropping and
unauthorized tag reading. A specific countermeasure against
replay attack is authentication of the tag e.g. with a challenge-
response protocol. If the protocol is well designed, the key
necessary for calculation
D. Deactivation
This type of attack renders the transponder useless through the
unauthorized application of delete commands or kill
commands, or through physical destruction. Depending on the
type of deactivation, the reader can either no longer detect the
identity of the tag, or it cannot even detect the presence of the
tag in the reading range.
Figure 3.0 Overview of Major attacks
E. Detaching the tag
A transponder is separated physically from the tagged item
and may subsequently be associated with a different item, in
the same way that price tags are "switched". Since RFID
systems are completely dependent on the unambiguous
identification of the tagged items by the transponders, this
type of attack poses a fundamental security problem, even
though it may appear trivial at first sight.
F. Spoofing
If the security protocol used in the RFID channel is revealed,
attackers can write blank RFID tags with the same formatted
data that has been collected. For instance, dishonest persons
could replace the RFID tag on an item to get a cheaper price
when checking out from a supermarket. Spoofing is defined as
duplicating tag data and transmitting it to a reader. Data
acquired from a tag, by whatever means, is transmitted to a
reader to mimic a legitimate source. For example, for an
electronic seal, a threat that defines spoofing is where the e-
seal information is transmitted to the reader from some
alternative source that is not the original e-seal.
G. Man-in-the-middle attack
747
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
www.ijert.orgIJERTV2IS90403
Vol. 2 Issue 9, September - 2013
Depending on the system configuration, a man-in-the-middle
(MITM) attack is possible while the data is in transit from one
component to another. An attacker can interrupt the
communication path and manipulate the information back and
forth between RFID components. This is a real-time threat.
The attack reveals the information before the intended device
receives it and can change the information en route (Welch &
Lathrop, 2003). Even if it received some invalid data, the
system being attacked might assume the problem was caused
by network errors and would not recognize that an attack
occurred. An RFID system is particularly vulnerable to MITM
attacks because the tags are small in size and low in price, all
of which means that there is generally a lack of sophisticated
protection circuitry.
H. Cloning
Tag cloning is a process that first captures the data from a
legitimate tag and then creates an unauthorized copy of the
captured sample on a new chip. Researchers from Johns
Hopkins University and RSA Labs published experimental
results of cloning a cryptographically protected Texas
Instruments digital signature transponder (DST) that was used
to buy gasoline and activate a car's ignition. Cloning is a threat
frequently categorized together with spoofing. However
spoofing and cloning are not the same. Although both threats
copy data from a legitimate tag, spoofing emulates the
transmission of tag data while cloning means that the copied
data is transferred onto a new tag owned by the attacker. Just
as spoofing, the communication between legit RFID tags and
readers will have to be read and stored, but a tag could also be
stolen and then physically read. The data for the cloned tags
are then altered to suit to the needs of the desired attack and
copied onto an empty tag. The cloned tag is then inserted into
a RFID system to perform the planned attack.
II. CONCLUSION
It is possible that RFID tags revolutionize society. While
bringing to fruition their convenience, we must understand
their risks also. Implementing ubiquitous network connectivity
in society will demand a close examination of personal
privacy from both the technical and social aspects. Safety is
one of the most important issues of communication systems,
especially for wireless communication systems which use
insecure wireless channel to communicate with each other.
InRFID systems, data transmission between tags and readers
or sometimes even data transmission between readers and
back-end database uses the wireless channel. It is clear that
RFID looks like a better candidate for various applications
like, smart appliances, shopping, medication compliance,
passports, libraries; toll- payment transponders etc. than the
well establish barcode system. But due to its cost and resource
constraint limitations, it does not have a sufficient security and
privacy support. Presently, many researcher and scientist work
to implement lightweight low cost security and privacy
protocol to increase the applicability.
III.
REFERENCES
1.
”Specification of RFID Air Interface”,
http://www.epcglobaline.org.
2.
Bereford and F. Stajano, (2003), “Location Privacy in Pervasive
Computing”, IEEE Pervasive Computing, Vol. 2, No. 1, pp 46-55.
3.
Q. Z. Sheng , X. Li and S. Zeadally "Enabling next-generation
RFID applications: Solutions and challenges", Computer, vol.
41, no. 9, pp.21 -28 2008
4.
Adriana Alxandru, Eleonora Tudora, Ovidiu Bica "Use of RFID
Technology for Identification, Traceability, Monitoring and
Checking of Product Authenticity" World Academy of Sciences,
Engineering and Technology, Issue 71, November 2010, pp. 765-
769.
5.
Tieyan Li "Employing Lightweight Primitives on Low-cost RFID
Tags for Authentication", IEEE VTC 2008 Fall.
6.
Mitrokotsa, M.R. Rieback and A.S. Tanenbaum. Classifying RFID
Attacks and Defences. Information Systems Frontiers, Springer,
July 2009.
7.
Juels. RFID Security and Privacy: A Research Survey. IEEE
Journal on Selected Areas in Communications, Vol. 24, Issue 2, pp
381-394, February 2006.
8.
Divyan M. Konidala, Daeyoung Kim, Chan Yeob Yeun,
Byoungcheon Lee "Security Framework for RFID-based
Applications in Smart Home Environment" Journal of Information
Processing Systems, Volume 7, March 2011, pp. 111-120
748
International Journal of Engineering Research & Technology (IJERT)
ISSN: 2278-0181
www.ijert.orgIJERTV2IS90403
Vol. 2 Issue 9, September - 2013
... A good example of such attacks is the broadcast of correct copies of radio signals transmitted by valid tags to readers that allow access via authentic tags. An RFID application is particularly susceptible to replay attacks due to the small and inexpensive tags, leading to a lack of in-depth security measures [115], [128]. ...
Article
Full-text available
The Internet of Things (IoT) comprises many technologies, among them is Radio Frequency Identification (RFID), which can be used to track single or multiple objects. This technology has been widely used in healthcare, supply chain, logistics, and asset tracking. However, such applications require a high level of security and privacy and are unfortunately vulnerable to various attacks and threats that need to be addressed in order for RFID-based IoT applications to reach their full potential. To this end, we propose a set of security and privacy guidelines for RFID, supported by modelling guidelines, mitigations, and the attack vectors cohesively. We compare to the state of the art and point out their shortcomings on known guidelines and reason to address these in our model. The overall methodology is as follows: (i) identify the security and privacy guideline features, (ii) highlight the security goals for RFID-based IoT applications, (iii) analyze the features in relation to RFID industrial standards, and relate them to security goals, (iv) summarize attacks and threats against RFID applications and correlate them with violated security goals, (v) derive a set of security and privacy guidelines for RFID applications in accordance with security and privacy by design frameworks. We also describe our derived guidelines in connection with the involved stakeholders, and (vi) outline the existing mitigation strategies to implement our proposed guidelines. Finally, we describe the main limitations of our work that should be investigated in the future and identify the multiple challenges that concern current security strategies.
... Developers have used the chip for security services such as epassports and built-in credit cards with RFID chips. Extensive research papers have been published for almost a decade discussing the security effects of RFID tags [48]. In relation to the RFID chip proposing some of the areas that need to be further studied, this study focuses on safety consequences. ...
Preprint
Full-text available
In this thesis, a multimodal biometric, secure encrypted data and encrypted biometric encoded into the QR code-based biometric-passport authentication method is proposed for national security applications. Firstly, using the Extended Profile - Local Binary Patterns (EP-LBP), a Canny edge detector, and the Scale Invariant Feature Transform (SIFT) algorithm with Image File Information (IMFINFO) process, the facial mark size recognition is initially achieved. Secondly, by using the Active Shape Model (ASM) into Active Appearance Model (AAM) to follow the hand and infusion the hand geometry characteristics for verification and identification, hand geometry recognition is achieved. Thirdly, the encrypted biometric passport information that is publicly accessible is encoded into the QR code and inserted into the electronic passport to improve protection. Further, Personal information and biometric data are encrypted by applying the Advanced Encryption Standard (AES) and the Secure Hash Algorithm (SHA) 256 algorithm. It will enhance the biometric passport security system.
Article
The integration of the Internet of Things (IoT) and artificial intelligence (AI) in urban infrastructure, powered by advanced information communication technologies (ICT), has paved the way for smart cities. While these technologies promise enhanced quality of life, economic growth, and improved public services, they also introduce significant cybersecurity challenges. This article comprehensively examines the complex factors in securing AI-driven IoT-enabled smart cities within the framework of future communication networks. Our research addresses critical questions about the evolving threat, multi-layered security approaches, the role of AI in enhancing cybersecurity, and necessary policy frameworks. We conduct an in-depth analysis of cybersecurity solutions across service, application, network, and physical layers, evaluating their effectiveness and integration potential with existing systems. The study offers a detailed examination of AI-driven security approaches, particularly ML and DL techniques, assessing their applicability and limitations in smart city environments. We incorporate real-world case studies to illustrate successful strategies and show areas requiring further research, especially considering emerging communication technologies. Our findings contribute to the field by providing a multi-layered classification of cybersecurity solutions, assessing AI-driven security approaches, and exploring future research directions. Additionally, we investigate the essential role played by policy and regulatory frameworks in safeguarding smart city security. Based on our analysis, we offer recommendations for technical implementations and policy development, aiming to create a holistic approach that balances technological advancements with robust security measures. This study also provides valuable insights for scholars, professionals, and policymakers, offering a comprehensive perspective on the cybersecurity challenges and solutions for AI-driven IoT-enabled smart cities in advanced communication networks.
Conference Paper
This paper presents the study of the monitoring of student attendance in a Smart Campus using the IoT Motion Detection Sensors, and the implementation of IoT technology in educational institutions. The proposed solution is far more secure than the existing RFID monitoring system. The IoT devices are embedded into the existing campus environment for data to be collected, transmitted through Wi-Fi using MQTT protocol and store data in local server. The collected data is then accessible to the management with real time insights and attendance pattern. The proposed solution was tested in a one UG course in real time over a period of 8 hours (9:00 – 13:00 and 14:00 -18:00).
Chapter
IoT is making our day-to-day life easy by connecting us to the web which in fact enhance the standard of living. IOT plays a crucial part in our daily life ranging from small devices to massive devices. However, IoT is also quite susceptible to several threats. Due to the increased likelihood and ease with which malicious individuals can target IoT devices in order to satisfy their evil ambitions, IoT safety and confidentiality protection are of the prime importance. User’s security gets compromised once an IoT layer is breached. Hackers might simply gain access through a compromised node. Moreover, viruses, hackers and malicious software may compromise information and data integrity, which will expose the entire IoT environment to information anxiety. Like the OSI layers, IoT layers are the best approach for understanding. This chapter describes different kinds of security issues pertaining each layer in IoT and discusses the means and methods to deal with these security threats.
Article
Full-text available
The growth of the Internet of Things (IoT) offers numerous opportunities for developing industrial applications such as smart grids, smart cities, smart manufacturers, etc. By utilising these opportunities, businesses engage in creating the Industrial Internet of Things (IIoT). IoT is vulnerable to hacks and, therefore, requires various techniques to achieve the level of security required. Furthermore, the wider implementation of IIoT causes an even greater security risk than its benefits. To provide a roadmap for researchers, this survey discusses the integrity of industrial IoT systems and highlights the existing security approaches for the most significant industrial applications. This paper mainly classifies the attacks and possible security solutions regarding IoT layers architecture. Consequently, each attack is connected to one or more layers of the architecture accompanied by a literature analysis on the various IoT security countermeasures. It further provides a critical analysis of the existing IoT/IIoT solutions based on different security mechanisms, including communications protocols, networking, cryptography and intrusion detection systems. Additionally, there is a discussion of the emerging tools and simulations used for testing and evaluating security mechanisms in IoT applications. Last, this survey outlines several other relevant research issues and challenges for IoT/IIoT security.
Article
A biometric passport includes demographic information and biometric details. It contains some applications that are currently and probable concerning national security such as frontier protection, illegal immigration, criminals, terrorists, and fake passport. Over the fifteen years, most of the countries have adopted biometric-passports based on International Civil Aviation Organization (ICAO) and Machine Readable Travel Documents (MRTD) standardization. However, the Radio Frequency Identification (RFID) system contains a threat scenario that exists in privacy violation issues such as identity theft, data leakage threats, host listing, and tracking. To overcome these issues, this paper proposed a face recognition based on facial blemishes detection and encrypted into the High Capacity Color 2-Dimensional (HCC2D) code for biometric passport security. This includes facial blemishes features detection to generate the template and encrypted by applying the Secure Force (SF) algorithm to secure biometric information. Facial blemishes are detected by applying the Active Appearance Model (AAM) using Principle Component Analysis (PCA) and Canny edge detector with Speed Up Robust Feature Detection (SURF) algorithm. The proposed technique attained a 93.06% accuracy level for the dataset Indian Institute of Technology Kanpur (IITK). This technique will enhance biometric passport security to protect the biometric information from an intruder.
Conference Paper
Full-text available
This paper is an overview of the structure of Radio Frequency Identification (RFID) systems and radio frequency bands used by RFID technology. It also presents a solution based on the application of RFID for brand authentication, traceability and tracking, by implementing a production management system and extending its use to traders.
Article
Full-text available
The concept of Smart-Homes is becoming more and more popular. It is anticipated that Radio Frequency IDentification (RFID) technology will play a major role in such environments. We can find many previously proposed schemes that focus solely on: authentication between the RFID tags and readers, and user privacy protection from malicious readers. There has also been much talk of a very popular RFID application: a refrigerator/bookshelf that can scan and list out the details of its items on its display screen. Realizing such an application is not as straight forward as it seems to be, especially in securely deploying such RFID-based applications in a smart home environment. Therefore this paper describes some of the RFID-based applications that are applicable to smart home environments. We then identify their related privacy and security threats and security requirements and also propose a secure approach, where RFID-tagged consumer items, RFID-reader enabled appliances (e.g., refrigerators), and RFID-based applications would securely interact among one another. At the moment our approach is just a conceptual idea, but it sheds light on very important security issues related to RFID-based applications that are beneficial for consumers.
Article
Full-text available
A technique called as the mix-zone, a new construction inspired by anonymous communication techniques, together with metrics for assessing user anonymity is discussed. Mix zones are based on location privacy, a particular type of information privacy. The applications of location privacy in pervasive computing are also discussed. When location systems track users automatically on an ongoing basis, they generate an enormous amount of potentially sensitive information. Privacy of location information controls access to this information.
Article
Full-text available
This paper surveys recent technical research on the problems of privacy and security for radio frequency identification (RFID). RFID tags are small, wireless devices that help identify objects and people. Thanks to dropping cost, they are likely to proliferate into the billions in the next several years-and eventually into the trillions. RFID tags track objects in supply chains, and are working their way into the pockets, belongings, and even the bodies of consumers. This survey examines approaches proposed by scientists for privacy protection and integrity assurance in RFID systems, and treats the social and technical context of their work. While geared toward the nonspecialist, the survey may also serve as a reference for specialist readers.
Article
Full-text available
RFID's ability to precisely identify objects at low cost and without line of sight is enabling new applications in supply-chain management, retail sales, anticounterfeiting, healthcare, and other fields. However, researchers must overcome some major hurdles before these benefits can be realized. One is managing RFID data, which is noisy, generated dynamically in very large streams, has a limited active lifespan, and possesses useful contextual characteristics such as temporality, spatiality, and implicit semantics. Deployment of large-scale RFID applications also introduces unique scalability and heterogeneity challenges. Security and privacy concerns also inhibit adoption of the technology.
Conference Paper
Radio frequency identification (RFID) systems have been aggressively deployed in a variety of applications. RFID security and privacy issues have been intensively studied in the research field, of which the authentication between RFID reader and tag is the fundamental theme. Most of the existing authentication protocols draw assumptions on classic cryptographic primitives. However, for extremely resource constraint RFID tags, only lightweight primitives can be incorporated. In this paper, we propose an RFID mutual authentication protocol employing ultra-lightweight mathematic primitives to achieve secure tag/reader authentication. The proposed scheme is secure in sense of tag anonymity, man-in-the-middle resistance, and forgery prevention that are shown in our analysis. The scheme is also efficient due to fast calculation on reduced hardware implementation.
Article
RFID (Radio Frequency Identication) systems are one of the most per- vasive computing technologies with technical potential and protable opportunities in a diverse area of applications. Among their advantages is included their low cost and their broad applicability. However, they also present a number of inherent vulnerabili- ties. This paper develops a structural methodology for risks that RFID networks face by developing a classication of RFID attacks, presenting their important features, and discussing possible countermeasures. The goal of the paper is to categorize the existing weaknesses of RFID communication so that a better understanding of RFID attacks can be achieved and subsequently more ecient and eective algorithms, techniques
Location Privacy in Pervasive Computing
  • F Bereford
  • Stajano
Bereford and F. Stajano, (2003), "Location Privacy in Pervasive Computing", IEEE Pervasive Computing, Vol. 2, No. 1, pp 46-55.