Professional Documents
Culture Documents
RFID Security Theory
RFID Security Theory
«RFID Security»
Done by:
Kolesnyk Volodymyr
BSD-31
elitabsd11@gmail.com
KYIV — 2020
2
Plan:
1. Introduction
2. Main Part
3. Conclusion
4. Literature
5. Extended annotation (ukr)
6. Term glossary
3
1. Introduction
Well, what is the RFID? Radio-frequency identification (RFID) – is a wide
device class that uses electromagnetic fields to automatically identify and track tags
attached to objects. An RFID tag consists of a tiny radio transponder, a radio receiver
and a transmitter. When triggered by an electromagnetic field or pulse, the tag
transmits digital data back to the reader. This thing is realized in many different
forms: from custom chips to even communicational systems (credit cards, passports,
products we buy, pets have RFID chips implanted, used for shop checkouts, access
control systems, track&trace systems for logistics and so on) [3].
There are two types of RFID tags: Passive tags are powered by energy from the
RFID reader's interrogating radio waves. Active tags are powered by a battery and
thus can be read at a greater range from the RFID reader; up to hundreds of meters.
RFID development has raised serious privacy concerns, which resulted in
standard specifications development addressing privacy and security issues. ISO/IEC
18000, 29167 (on-chip cryptography), 20248 (digital signature data structure).
RFID tags can replace bar codes and QR codes. A bar code can only be read if
the reader can visually see the bar code. RFID tags can be read if the reader is nearby.
Here is a RFID frequency bands table:
Band Regulations Range Data speed Remarks
LF: 120–150 kHz Unregulated 10 cm Low Animal identification, factory data collection
2. Main Part
The problem is security. Like most technologies and networks, RFID systems
are also vulnerable to physical and electronic attacks, namely reverse engineering,
power analysis, eavesdropping, sniffing, denial of service, cloning, spoofing, and
viruses. As this technology matures and finds numerous applications, additionally
with IoT integrations, hackers will continue to seek novel methods in order to access
private information and do hacker stuff. [4-9]
RFID tags can receive and respond to a variety of signals, increasing the risk of
unauthorized access and modification of the data on the tag. In other words, any
unlawful individual who has an RFID card reader can interrogate tags and access its
contents.
Here are some common attack examples:
- Tag isolation. It is technically the simplest attack and probably the most
common. It consists in blocking the tag communications to avoid sending data to the
reader. It is usually carried out by means of a Faraday cage or by jamming RF
signals.
- Tag cloning. The unique identifier (UID) and/or the content of the RFID is
extracted and inserted into another tag. Used for accessing restricted areas.
- Denial of Service (DoS) attacks. The reader is flooded with such a large
amount of information that it cannot deal with the signals sent by real tags. Other
techniques are based on emitting radio noise at the operating frequency of the RFID
system.
- Command injection. Some readers are vulnerable to remote code execution
just by reading the content of a tag.
- Signal replaying. It consists in recording the RFID signal in certain time
instants with the objective of replaying it later.
- Remote tag destruction. There exist RFID zappers that are able to send
energy remotely that once rectified, is so high that certain components of the tag
might be burned. Researchers have also found that it is possible to misuse the kill
5
password in some tags (Electronic Product Code (EPC) Class-1 Gen-2) with a
passive eavesdropper and then disable the tags.
- SQL injection. Like in the case of command injection, it has been found that
some reader middleware is susceptible to the injection of random SQL commands
[8].
- Virus/Malware injection. Although difficult to perform in the vast majority of
RFID tags due to their low storage capacity, it is possible in certain tags to insert
malicious code that is able to be transmitted to other tags.
- Man-in-the-Middle (MitM) attacks. They consist in placing an active device
between a tag and the reader in order to intercept and alter the communications
between both elements.
- RelAmp, Relay/Amplification attacks. They consist in amplifying the RFID
signal using a relay; thus, the range of the RFID tag is extended beyond its intended
use.
- RFID skimming. They consist in the use of portable point of sales terminals to
make unauthorized and fraudulent charges on payment cards.
There is no absolute best way to even evaluate the RFID security, for we still got
the main vulnerability – human. Actually, it is only about the technology to deal with
all these and one of the most efficient methods is auditing, which is commonly done
at hardware level. In recent years, a number of projects have been developed with the
aim of facilitating researchers’ low-level access to RFID communications [1, 10, 11].
Some of them are just software tools that can be used with commercial RFID readers
(RFIDiot), while others involve specific hardware (Proxmark 3, Tastic, OpenPCD,
OpenPICC, Chameleon Mini), or certain firmware (Proxbrute for Proxmark 3).
Hardware developments are specially interesting: some devices can emulate readers
(Tastic, OpenPCD); others can emulate just tags (OpenPICC); and a few can emulate
both kinds of devices (Proxmark 3, Chameleon Mini).
Therefore, some good security measures exist. Many countermeasures and
capabilities are proposed in literature to ensure security of the RFID system such as
Pseudo-random based solution, Anonymous-ID scheme, symmetric and asymmetric
6
“guessing” PINs. Juels also proposes that deployed tags have periodic PIN changes,
much like standard system passwords are changed every ninety days per best
practices. This last proposition introduces administrative costs and considerations.
[16]
- RSA Countermeasures. RSA Laboratories has proposed two
techniques to address the tag eavesdropping problem. The first, developed by
researchers at the Massachusetts Institute of Technology (MIT), modifies the silent
tree walking singulation protocol to eliminate reader broadcast of tag data. A second
proposal involves tags in possession of multiple identities. The tag emits different
identifiers over time; only legitimate readers are able to distinguish valid identifiers
from pseudo-identifiers. As of this writing, these two RSA techniques have not been
deployed in RFID vendor production lines for tags or readers.
- Protocol integration. In case of IoT integration, Transport Layer
Security (TLS) or its predecessor, Secure Sockets Layer (SSL), are two protocols
which can provide authentication and encryption controls. Authentication would
address the risks of rogue readers and access points, while encryption would address
the eavesdropping risk.
- Physical and Environmental Controls. Readers and access points
are additionally threatened by natural and structural hazards, to include fire, flooding,
fault induction, and power interruption/loss. These physical threats should be
addressed very carefully, making certain to adhere to industry accepted physical
environment controls. All devices should have back-up/emergency power sources to
ensure that the availability of the system is not compromised. Contingency plans
should be developed such that the system remains functional in the event of internal
component failure. Relevant requirements in these control families are noted in the
Requirements Traceability Matrix (RTM) for United States Visitor and Immigrant
Technology (US-VISIT) Increment 2C, a document produced using NIST Special
Publication 800-53, Recommended Security Controls for Federal Information
Systems (DRAFT).
9
3. Conclusion
Radio frequency Identification (RFID) is currently considered as one of the most
used technologies for an automatic identification of objects or people. Based on a
combination of tags and readers, RFID technology has widely been applied in various
areas including supply chain, production and traffic control systems. However,
despite of its numerous advantages, the technology brings out many challenges and
concerns still not being attracting more and more researchers especially the security
and privacy issues. In this paper, I have presented the basics of RFID and its
problems, also mentioned some recent works aiming to ensure security and Privacy in
RFID systems. The use of RFID raises data privacy and location privacy issues.
There is no panacea to all its problems, but due to the point we live in modern
digitized world, the only true way to be up and ready – to keep an eye opened on all
new decisions and solutions.
4. Literature
1) Fernández-Caramés T. A Methodology for Evaluating Security in
Commercial RFID Systems [Електронний ресурс] / T. Fernández-Caramés, P.
Fraga-Lamas, M. Suárez-Albela // IntechOpen Limited. – 2017. – Режим доступу до
ресурсу: https://www.intechopen.com/books/radio-frequency-identification/a-
methodology-for-evaluating-security-in-commercial-rfid-systems , captured on
08.12.2020
2) Yi-Pin L. A secure ECC-based RFID authentication scheme integrated
with ID-verifier transfer protocol / L. Yi-Pin, H. Chih-Ming., 2013. – (Journal of Ad
Hoc Networks).
3) Want R. RFID: A key to automating everything / Want R.., 2004. – 290
с.
4) Khattab A. RFID Security - A Lightweight Paradigm / A. Khattab, Z.
Jeddi, E. Amini., 2010. – (1).
10
6. Term glossary
№ Term Translation
1 Radio-frequency identification визначення радіочастот
2 electromagnetic fields електро-магнитні поля
3 attached Додається
4 radio transponder пристрій для прийому радіосигналу та
автоматичної передачі іншого сигналу.
5 radio receiver приймач
6 transmitter Передавач
12