Rand A. Mahmood
ABSTRACT
Radio Frequency Identification (RFID) has been used in a variety of applications, such as inventory management, anti-theft monitoring of consumer merchandise, and the tagging of livestock. With previous applications, it is difficult to link information stored on an RFID transponder to a specific individual. New applications for RFID technology include embedding transponders in everyday things used by individuals, such as library books, payment cards, and personal identification cards and documents. While RFID technology has existed for decades these new applications carry with them substantial new privacy and security risks for individuals. In this paper I study the risks and security issues of RFID, such as the targeting or tracking of individuals, or the potential disclosure of personal practices or preferences to unauthorized third parties, and how it could be attacked at any part of the RFID system (between RFID tag and reader attacks, middleware attacks and Backend station attacks). Despite the increasing popularity of RFID technology, the electronic information it deals with may not be as secure as was once thought.
- "Radio Frequency Identification", 2010. SearchNetworking.com RFID, can be retrieved from http://searchnetworking.techtarget.com/sDefinition.290660.sid7_gci80598700.html - BingGoogle Scholar
- The ABI research technology market intelligence, 2010 can be retrieved from http://www.abiresearch.comGoogle Scholar
- The IDC Analyze the future, 2010.can be retrieved from http://www.idc.com/Google Scholar
- Texas Instruments, 2011.can be retrieved from http://en.wikipedia.org/wiki/Texas_InstrumentsGoogle Scholar
- Problems with RFID, 2011. can be retrieved from http://www.slais.ubc.ca/courses/libr500/04-05-wt2/www/T_Gnissios/problems.htmGoogle Scholar
- E. Schuman, "2006Major RFID Hurdles Ahead", can be retrieved from http://www.eweek.com/article2/0,1895,1990814,00.aspGoogle Scholar
- RFID & Individual Privacy, 2010.can be retrieved from http://www.netcaucus.org/events/2005/rfid/one-pagers/cpsr-rfid2005.pdfGoogle Scholar
- S. Rogerson, 2004. "Police intelligence?" can be retrieved from http://www.ccsr.cse.dmu.ac.uk/resources/general/ethicol/Ecv14no4.pdfGoogle Scholar
- E. Schuman, 2006." Item-Level RFID Tags Cost More than Expected", can be retrieved from http://www.eweek.com/article2/0,1895,1990814,00.aspGoogle Scholar
- S. E. Sarma, S. A. Weis and D. W. Engels. 2010. "RFID Systems and Security and Privacy Implications" can be retrieved from http://www.springerlink.com/content/7mdkkqvgwva88qxq/ Google ScholarDigital Library
- M. T. Islam, 2010. "A Brief Survey on RFID Security and Privacy Issues", can be retrieved from http://www.scribd.com/doc/44643060/A-Brief-Survey-on-RFID-Security-and-Privacy-IssuesGoogle Scholar
- C. Swedberg, 2010. U. S. Tests E-Passports, can be retrieved from http://www.rfidjournal.com/article/view/1218Google Scholar
- A. Ramos, et al., 2009." Do RFID passports make us vulnerable to identity theft?", can be retrieved from http://cnfolio.com/public/rfid_analysis_of_passports.pdfGoogle Scholar
- M. Meingast, J. King, D. K. Mulligan, 2007. "Security and Privacy Risks of Embedded RFID in Everyday Things: the e-Passport and Beyond", can be retrieved from http://www.academypublisher.com/jcm/vol02/no07/jcm02073648.pdfGoogle Scholar
- The speedpass. 2011. can be retrieved from https://www.speedpass.com/forms/frinHowItWorks.aspx?pPg/howTech.htm&pgHeader/howGoogle Scholar
- K. Traub, et al. 2005. "The EPCglobal Architecture Framework", can be retrieved from Available:http://www.gsl.org/gsmp/kc/epcglobal/architecture/architecture_1_0-framework-20050701.pdfGoogle Scholar
- A. Mitrokotsa, M. R. Rieback and A. S. Tanenbaum, 2010." Classifying RFID attacks and defenses", Classifying RFID attacks and defenses, can be retrieved from http://www.springerlink.com/content/w3j4846448670723/ Google ScholarDigital Library
- M. R. Rieback, B. Crispo, A. S. Tanenbaum, 2006. "Is Your Cat Infected with a Computer Virus?", can be retrieved from http://www.rfidvirus.org/papers/percom.06.pdf Google ScholarDigital Library
- rfidvirus.org. 2011. "SQL Virus Using Self-Referential Queries", can be retrieved from http://www.rfidvirus.org/exploits/sql_self/index.htmlGoogle Scholar
- Wikipedia.org, 2010. "Man-in-the-middleattack", can be retrieved from http://en.wikipedia.org/wiki/Man-in-the-middle_attackGoogle Scholar
- B. Schneier, 2006. "RFID Cards and Man-in-the-Middle Attacks", can be retrieved from http://www.schneier.com/blog/archives/2006/04/rfid_cards_and.htmlGoogle Scholar
- A. Ali, 2003. "Re-Use of Integrated Dictionary Components for C4ISR Architectures" can be retrieved from http://www.dodccrp.org/events/8th_ICCRTS/Pres/track_4/1_1430ali.pdfGoogle Scholar
- Speedpass, 2010. can be retrieved from https://www.speedpass.com/forms/frmFaqs.aspx?pPg=faqStartedGoogle Scholar
- Amit Rawal, 2009. "RFID: The Next Generation Auto-ID Technology" Microwave Journal Vol. 52 No.2 Page 58Google Scholar
- O. Bang, J. Choi, D. Lee and H. Lee, 2009. "Efficient Novel Anti-collision Protocols for Passive RFID Tags" Auto-ID Labs White PaperGoogle Scholar
- F. Armenio et al. 2007 "The EPCglobal Architecture Framework" Final Version 1.2(pp.27)Google Scholar
Index Terms
- Is RFID technology secure and private?
Recommendations
Security analysis of an RFID tag search protocol
Over the past decade, tag search protocols have been suggested to efficiently acquire a specific RFID tag among a large group of tags by an RFID reader. For instance, in a warehouse, where there are thousands of packages each having an RFID tag attached,...
A survey on RFID security and provably secure grouping-proof protocols
RFID security is a relatively new research area. Within less than a decade, a large number of research papers dealing with security issues of RFID technology have appeared. In the first part of this paper, we attempt to summarise current research in the ...
A hidden mutual authentication protocol for low-cost RFID tags
Radio-frequency identification (RFID) technology enables the identification and tracking of objects by means of the wireless signals emitted by a tag attached to the objects of interest. Without adequate protection, however, malicious attackers can ...
Comments