A Security Framework for Networked RFID

Introduction

Radio Frequency Identification (RFID) is an automatic identification technology that is based on a contact-less, proximity based communication method (radio waves). The potential applications of RFID systems are diverse and RFID networks already exist in a large range of environments and applications. The proliferation of RFID networks has been rapid in the last decade (Schuster, et al., 2007). One specific area in which the use of RFID technology has become increasingly popular is in massively networked logistics applications such as global supply-chain management systems. The use of RFID tags instead of barcodes allow for the automated identification and tracking of the tagged objects. In addition RFID systems can generate a vast amount of transactional data concerning the tagged objects that can then be shared in real time with the other partners of the system. But, as with all technologies there are a number of issues that prevent its widespread adoption. In RFID the main current barrier to adoption is the large number of security concerns about networked RFID systems and the additional performance overhead placed on the system when generating and sharing such a vast quantity of data.

Networked RFID systems are a relatively complex type of RFID system. This complexity arises from some of its features such as wireless communication, mobile data containers (RFID tags), highly distributed nature and the presence of multiple independent entities that are authorized to access the system. Due to its wireless communication method and distributed nature networked RFID systems are vulnerable to a great number of malicious attacks at the edge of the system (tags, readers and wireless communications). These attacks can range from simple ones such as passive jamming and eavesdropping to more sophisticated attacks such as physical cloning of tags, man in the middle attacks and even RFID malware (Karygicmnis, et al., 2006). In RFID systems these threats can be mounted either through physical or logical access to system components. In addition, networked RFID systems can be attacked by internal partners as well as external attackers. Therefore the security threats and attacks that are faced by RFID networks are both numerous and extremely diverse. To successfully manage and eliminate all these different types of threats a large number of security requirements must be implemented.

Due to the large number and different types of attacks and threats facing a RFID system, fully securing it is a very complex task. This task is made even more difficult by the number of different components that must be protected and the large number of security concepts that must be upheld. Currently one of the biggest barriers to the widespread adoption of networked RFID systems is the unresolved security issues inherent in them (Juels, 2006). Without a proper security framework to reference most companies have no method with which to reliably access the vulnerabilities of their system. Nor do they have a method with which to decide how best they can remove those vulnerabilities and fully secure their RFID systems. Due to this fear over RFID system security most companies are still reluctant to implement RFID based solutions even though the benefits they pose are great. Therefore the need for a RFID security framework that will allow developers to successfully identify, manage and secure against the threats and attacks faced by RFID systems is currently very acute. But if such a framework is to be successfully developed a few challenges must first be overcome. Networked RFID systems, while seemingly similar to normal networked systems, differ quite significantly from them. Therefore the most important challenge is analysing how the security requirements of networked RFID differ from the security requirements of typical networked systems.