RFID Security

RFID_TI3.gif

Description

The focus of our topic is going to be based around the security aspects of RFIDs. RFIDs are becoming more commonly used in products, animals, and even people to store information or even as a form of identification. Preventing this important information from being stolen is extremely important. This WIKI will combine our group's thoughts and opinions on RFID security and what precautions can be taken so that you don't become a victim. We will also focus on the current security that is being taken what possible security measures can be taken for the future.

Terminology

Radio frequency identification (RFID) is a method of remotely storing and retrieving data using devices called RFID tags. An RFID tag is a small object, such as an adhesive sticker, that can be attached to or incorporated into a product. RFID tags contain antennae to enable them to receive and respond to radio-frequency queries from an RFID transceiver.
An RFID system is composed of readers and tags. Readers generate signals that provide power for the tags and send a signal to them. A tag captures the energy it receives from a reader to supply its own power and does what the reader tells it to do. The tag then sends a signal back in the form of a unique ID which can be used by the reader to look up information about it.

Applications

rfid_readers_and_tags.gif
  • Animal Identification
  • Passports
  • Transport Payments
  • Product Tracking
  • Data Collection
  • Theft protection

Vulnerabilites

Low-cost RFID tags do not have batteries, and are powered by the reader that scans them. That usually sets an upper limit on the amount of encryption that the chip can hold.
RFID tags are now commonly used in credit cards though being extremely vulnerable toward attacks. Several students broke encryption in a popular RFID system embedded in more than 150 million wireless car keys and over 6 million key chains used to pay for gas, according to a study published last year.¹ The system cracked the code in 15 minutes.¹
RFID tags can be used to attack database and corrupt data.¹ All a hacker needs to do is enter a store replace a product's RFID tag with a tag containing a virus, let a scanner read the tag, and quickly infects their database.¹
RFID tags could become unsafe if the producer isn't a good person as well. Since someone has to produce and implement the tag, there could always be a backup tag with the same information. This becomes incredibly dangerous since all that is recognized is the tag, not the person or signature as in a credit card. This allows the RFID producer to have access to potentially too much information.

Protections

  • With shielding one can create a field effect known as Faraday Cage
  • One can simply damage the antenna. With larger RFID transponders one can recognize the spirals of the antenna clearly by use of a radiograph. If one splits the antenna circuit, the RFID transponder can no longer function.³
  • An intense electromagnetic impulse applied to the transponders and antenna can induce high currents, interrupting the circuit and rendering the tag useless.³
  • The system can be blocked by sending a spurious signal in conjunction with the inquiry signal, preferably on the RFID frequency. This blocks the relatively weak signals of the RFID transponder.³
    • Devices are being developed that block RFID tags from being scanned in the form of "blocker tags." The blocker tag prevents a RFID reader from scanning information sent by a tag. It does this by bombarding the reciever with more information than it can read.
  • If a simple memory chip is used to confirm the authenticity of the inquiry, then one can record the inquiry and at a later time reverse engineer the signal, allowing replication. For the reader it appears as if the correct RFID transponder were in the field. Modern RFID tags using UHF Class 1 gene 2 developed by the European Working Group of EPCglobal Inc., which protect against such replay attacks by using more complex encodings.³
  • Many RFID tags include a built in 'kill' function. When provided with the correct pass-code can be either reprogrammed or told to 'self destruct', rendering it useless.³

Human Implants

Some RFID chips are now being used in humans. Some European nightclubs use an implantable chip to allow their customers to pay for drinks. But security experts are wary of using RFID implants for authenticion purposes because of the potential for Identity Theft.



Web Resources

RSA Security - RFID Privacy and Security
RFID chips can carry viruses
A Hacker's Guide To RFID
RFID Gazette

References

¹ Kharif, Olga. "What's Lurking in That RFID Tag?". Business Week Online. Retrieved on 11/02/06.
² "Current RFID Privacy Concerns Protecting Your Smartcards". RFID Gazette. Retrieved on 11/02/06.
³ "Radio Frequency Identification". Wikipedia. Retrieved on 11/02/06.
"Wired News: Jamming Tags Block RFID Scanners". Wired News. Retrieved on 11/03/06.