Security Aspects in Radio Frequency Identification Networks

Security Aspects in Radio Frequency Identification Networks

Győző Gódor (Budapest University of Technology and Economics, Hungary) and Sándor Imre (Budapest University of Technology and Economics, Hungary)
Copyright: © 2015 |Pages: 12
DOI: 10.4018/978-1-4666-5888-2.ch433
OnDemand PDF Download:
List Price: $37.50

Chapter Preview



During the last decade RFID (Radio Frequency Identification) technology became ubiquitous; it can be used in almost every fields of our life. RFID solutions are dated back to World War II. Axis fighter pilots made special movements to modify the radar signals reflected from the surface of their planes, thus differentiated the Axis and Allied planes on the radar screen. On the other hand Allied planes were equipped with a so-called Friend or Foe identification system, which worked on the basis of a rudimentary challenge-response identification protocol over radio transmission.

Nowadays, a general RFID system consists of three main parts (Figure 1); a reader, which transmits RF signals; tags that are small integrated circuits with antennae, which use the energy gathered from the RF field to backscatter the data stored on them; and the back-end server, which verifies the tags and executes certain functions. This technology can be used in various applications, e.g., personal identification, payment system, access control, animal tracking, supply-chain management, and many more.

Figure 1.

Common RFID system architecture

Many kinds of RFID tags are available on the market, which vary in storage and computational capacity. From the cheapest one having very limited computational capacity and low memory, to the more expensive ones, which has its own battery, and has high computational capacity, the most suitable RFID tags for a given application might be found. However, all the tags have low computational capacity; hence the security mechanisms which are in use in computer networks are not suitable in this environment. For expensive tags with relatively large computational capacity many secure communication protocols were developed, for cheap low-end tags, only a few lightweight protocols exist.

Upon implementation of an RFID based management system many questions emerge concerning the security of sensitive business information as well as customer privacy. Let us consider a scenario in a typical commercial setup. A customer enters a shopping center to buy some clothes, books, etc. Since each product has a unique RFID tag, which is situated inside them, a malicious attacker with a portable RFID reader could check the customer’s bag in order to decide there is some valuable product inside or not.

This is just a simple scenario, where some pieces of information about a person or product can be obtained easily; unfortunately more serious problems have to be faced. Since more and more credit cards are supplied with RFID tags, in addition passports and ID cards contain RFID tags, rather sensitive information related to our bank account, or medical record can be accessed. Hence, the security issues of RFID systems are very important; authentication protocols, encryption methods are needed in order to guarantee the secure communication, moreover our privacy.



Similar to other wireless networks, in RFID systems the communication between a reader and tags uses the air interface, which is an insecure media and could be eavesdropped easily. Unprotected communication between readers and tags via the radio channel may unfold sensitive information about a tag, e.g., its location, and indirectly the location of the user who possesses the tag. First, we introduce the attacker model in this section, and in possession of it the relevant security and privacy threats in RFID environment are discussed.

Key Terms in this Chapter

Radio Frequency Identification (RFID): A transponder technology for the contactless recognition of objects.

Replay Attack: In this threat a malicious attacker intercepts actual messages and later these will be sent for a legitimate entity in order to impersonate a given party.

Authentication: Proof of identity.

Desynchronization Attack: A typical RFID related threat in which a tag’s key stored in the back-end database and the tag’s memory would not be the same, because of an attacker blocks the communication between the parties.

Digital Signature Algorithm (DSA): An electronic signature based upon cryptographic methods of origin authentication. Usually it is appended to a message to assure the recipient of the authenticity and integrity of the message.

Elliptic Curve Digital Signature Algorithm (ECDSA): This is a variant of DSA, which is based on elliptic curve cryptography.

Lightweight Protocol: This kind of protocols only uses simple arithmetic operations and hash functions, however do not apply high complexity cryptographic operations.

Elliptic Curve Cryptography: This is an approach to public-key cryptography in which the algebraic structure of elliptic curve over finite fields is used.

Traceability: This is a typical attack in RFID environment. If static ID is used by tags malicious readers could interrogate them, and their movements could be monitored without any knowledge of the owner of the tag.

Denial of Service: This kind of attack makes a machine (e.g., RFID tags or reader) or network resource unavailable for legitimate devices.

Complete Chapter List

Search this Book: