RFID Security

General challenges

Privacy
- RFID systems are seen intrusive by consumers
- Can be used to follow and monitor people
Too many standards
- Interoperability issues
- Security not included in standards
Legistlation
- Who will be held accountable on security incidents
  - Tag manufactrurer, System builder, System owner ?
- Who can monitor and what?
  - Is it legal to read unprotected tags if they are not yours?

Reader
- Communicates with backend system and tag
- Several different types
- Authentication is important
  - prevent unauthorized read and write
  - prevent fake data transmission to backend system
Backend system
- For the backend system, traditional communications and database system security solutions are feasible.

Unauthorised read of tag
- Monitoring movements of people
- Monitoring actions (Read through bag what books a person has borrowed from library)
- Unauthorised read can be conducted from longer distances than what the nominal communication range is
  - 5 cm nominal reading distance tags can be read from 10 meters with proper equipment
  - Attacks get always better so reading distances will grow
Unauthorised write of tag
- Content of tag is changed
  - Only on tags which content can be changed

Blocking the reading of tag
- e.g. passport covers that prevent reading of your passport unless you open it
Destruction of tag
- Circuitry can be demolished with sharp objects, and connection to antennas can be severed
- Tag can be killed with electromagnetic pulse
Moving tag from one object to another
- TV for the price of jeans

Copied tags
Fake tags
Blocking tag reading
- Preventing the reader to read tags with e.g. radio interference
Blocking connection to backend
- Reading results are not
Fake backend
- A malicious party tries to get tag information via reader by masquerading itself to legitimate backend application
temporary storage
- Reader will store the read data to memory, logs or temporary files before sending it.
- Reading results may be accessed from unprotected temporary storage

Unauthorised read fo database
- Tag reading database maybe much more attractive target than reading single tag
Unauthorised write
- Fake reader may try to
RFID virus
- executable code/script is inserted to backend application via fake reader or tag
Obsolete/outdated data / metadata
- Ownership change of tag has not been updated to database → tag events are linked to old owner, not new one.
- Tag has been moved to new item but the database has not been updated.
Denial of Service
- Various attacks to severe the availability of backend system
Unsecure ownership transfer
- Previous owner may read tag after ownership transfer
- New owner may get access to old owners data after ownership transfer

Understand the potential problems
Evaluate which are real problems for your solution
Select tags and standards that fit best for you
- unless you want to make your own tags and readers
Acknowledge the remaining threats and mitigate them at application level
If there is no solution from tag and you can't protect your system think if the benefits from your solution are worth the risk.

Unauthorised read of tag
- Encrypted content
- Obscure content → content doesn't mean anything unless you can map it to information in database
  - Does not prevent monitoring
Fake tags /readers
- Authentication for tags(S. Piramuthu, ”Protocols for RFID tag/reader authentication”, Decision Support Systems, Volume 2007, Issue 43, pp. 897 - 914, Elsevier, 2007.)
- Authentication of reader can be conducted using normal device authentication solutions

False data
- encryption and integrity check
  - If tag can do it
Viruses
- Sanitize your reads
- Tags and the tag reads should be treated same way like forms submitted via web.
  - Avoid this: http://xkcd.com/327/
Broken tags
- Prevent physical access to tag
- If tag breaking is issue try to use tags as additional feature giving something extra.

There is no absolute security. You have to decide what kind of solution is best for your application and what kind of risks are acceptable