RFID Security
General challenges
Privacy
Too many standards
Legistlation
RFID system parts from Security perspective
Tag
Inexpensive device
Physical access
Threat against Reader
Threat against backend/application
Unauthorised read fo database
Unauthorised write
RFID virus
Obsolete/outdated data / metadata
Ownership change of tag has not been updated to database → tag events are linked to old owner, not new one.
Tag has been moved to new item but the database has not been updated.
Denial of Service
Unsecure ownership transfer
Securing your system
Understand the potential problems
Evaluate which are real problems for your solution
Select tags and standards that fit best for you
Acknowledge the remaining threats and mitigate them at application level
If there is no solution from tag and you can't protect your system think if the benefits from your solution are worth the risk.
What can be done?
Unauthorised read of tag
Fake tags /readers
Authentication for tags(S. Piramuthu, ”Protocols for RFID tag/reader authentication”, Decision Support Systems, Volume 2007, Issue 43, pp. 897 - 914, Elsevier, 2007.)
Authentication of reader can be conducted using normal device authentication solutions
False data
Viruses
Broken tags
Security
There is no absolute security. You have to decide what kind of solution is best for your application and what kind of risks are acceptable