Security Applications Challenges of RFID

Technology and possible countermeasures

Sghaier Guizani
College of Engineering - Alfaisal University, Riyadh, KSA
[email protected]

level of standardization, reliability and information

ABSTRACT security.

Radio Frequency IDentification (RFID) is a technique for 2. RFID PRINCIPLE

speedy and proficient identification system, it has been
around for more than 50 years and was initially developed RFID technology hangs on the idea of assigning a unique
for improving warfare machinery. RFID technology bridges number to each individual item (object, animal, human
two technologies in the area of Information and being). To setup an RFID system, three main components
Communication Technologies (ICT), namely Product Code are required as shown in the Figure 1:
(PC) technology and Wireless technology. This broad-
based rapidly expanding technology impacts business,
environment and society. The operating principle of an
RFID system is as follows. The reader starts a
communication process by radiating an electromagnetic
wave. This wave will be intercepted by the antenna of the
RFID tag, placed on the item to be identified. An induced
current will be created at the tag and will activate the
integrated circuit, enabling it to send back a wave to the
reader. The reader redirects information to the host where it
will be processed. RFID is used for wide range of
applications in almost every field (Health, education,
industry, security, management …). In this review paper,
we will focus on agricultural and environmental
applications.

Index Terms: RFID, Product Code, Management,

Intelligent systems. Figure.1: RFID Architecture

1. INTRODUCTION  The tag: also called transponder, is an integrated

circuit, commonly referred to as microchip, attached to
Based on electromagnetic and magnetic effects, RFID a minuscule (metallic) antenna. Every tag has its own
technology is a broad-based rapid expanding technology identifier code that will be used to uniquely identify the
impacting business, environment and society. It empowers item associated to it.
people to make better decisions, better data accuracy, better  The reader: is used to create an interrogation zone in
inventory management, better production and better which the RFID tag will be read. It collects information
protection of environment. from the tags, filter them and transfer them to the
processing unit. In the case of a passive tag, the reader
Because of the large variety of its applications, RFID
also serves to power the tag up. Moreover, the reader
technology is booming. Another catalyst accelerator of this
manages the different antennas it is connected to in
booming is the fact that the performance of labels, referred
order to achieve a maximum read rate.
to as RFID tags, has improved, especially with the
 The server / host: is the processing part of the RFID
emergence of the protocol of Ultra High Frequency
system. The host is a computer that runs, in addition to
Generation 2 (UHF Gen 2) launched by EPC global
the enterprise application, an application called
(Electronic Product Code) [1]. This protocol enjoys a high

978-1-4799-2903-0/14/$31.00 ©2014 IEEE 291

 middleware that is an interface between the reader and Applications of RFID technology are closely related to the
the application layer. The middleware, the brain behind choice of the carrier as shown in Figure 2.
the smart system, manages the different readers and
instructs each one on how to interact with the RFID
transponders. It is also the component that is
responsible for communicating filtered events back to Type LF HF UHF
the application. The host may be one processing unit or Range :
Few centimetres 50 cm 6m
(passive)
an entire enterprise system composed of servers (web,
- non affected by - non affected by
databases...). The host may be one processing unit or water water - long range
an entire enterprise system composed of servers (web, - non affected by - non affected by - standard
databases...) Advantages
metals metals - high rate
- frequency use - multiple tag - easy to product
The operating principle of an RFID system is the following. without read with low cost (5
restriction - non affected by cents)
The reader starts a communication process by emitting electrical noise
electromagnetic wave. This wave will be intercepted by the - Absorbed by
antenna of the RFID tag, generally a passive tag. An water
induced current will activate the integrated circuit, enabling - expansive - range < 1m - Reflected by
it to communicate. To transmit data stored in its memory Drawbacks
- noise - less efficient metals
(chip), the tag modulates the digital signal using phase or - low rate (70 ms than LF (water - limited memory
to read one tag) and metals) - interference
amplitude modulation on a predefined frequency carrier. with many
The reader receives information and redirects it to the host applications
where it will be processed. Figure 1 explains the principle. - Credit card ,
- animal tracking Access control - Industry
Applications
- Identification card - Retail Chain
- Passports

Table 1: comparison LF, HF and UHF

We also note that the HF domain remains the most used

with 1605 (=1320+285) case studies in 2007 out of 2066
projects (Fig 3). That is almost 78% of market size as
presented by the following pie chart. By the end of June
2010, the case study numbers has reached 4050 with 4100
company covered in 111 countries [2].

Figure 2: RFID frequency allocation.

Table 1 outlines a comparison between the LF, HF and 206 255 LF11784-5
UHF. UHF 18000-6

1320 HF-14443
3. RFID SYSTEM CLASSIFICATION 285
HF-15693 and 18000-3

The RFID systems can be classified based on two criteria

namely:

 the operating frequency of the system Figure 3: RFID Frequency use [3].
 the power source of the tags
An RF signal can be efficiently radiated if the size of the
3.1. Frequency allocation of the RFID antenna is comparable to the wavelength of the operating
frequency.
Frequency is a major factor in RFID. The characteristics of
the electromagnetic wave change from a band to another. However, for 13.56 MHz frequency the expected antenna
size is about 22.12 meters, which is not feasible. As

292
alternative, a small loop antenna circuit, resonating at the
operating frequency, is used. 15961,15962, 18000 Radio frequency identification (RFID) for
the object management.
Compared to HF (13.56MHz) and Microwave (2.45GHz),
the basic advantage of UHF passive RFID system is its long
10536, 14443,15693 Identification cards - cards Integrated circuit
range communication between the reader and tags. (s) integrated (s) without contact.

3.2. Tag power source classification

19762, 24730 Technology Automatic identification and
An RFID tag is composed of a simple silicon microchip data capture (AIDC).
combined with a metallic antenna in a compact package. It
can be as small as a grain of sand or as big as a book. There
are three main families used to classify tags according to 24729 Radio frequency identification for item
their energy source and functionalities: active tags, passive management.
tags, or semi-passive tags [4].
Table 2: Summary of ISO standards concerned by radio
identification
 Active tags have a battery included in the transponder
and actively transmit on longer distances reaching
ISO standards 18000-x for contactless identification items,
several kilometers. These tags are in general larger,
define the essential data of physical layer and
more expensive and more durable. They are mainly
communication protocol (including anti-collision devices)
used for tracking trailers in yards and containers on
to enable interaction between the tags and readers. The
loading docks.
division of these standards is frequency (see Table 3).
 Passive tags extract their power from the
electromagnetic waves emitted by the reader's antenna. References Frequencies Title Edition
Typically passive RFID tags are uses as ID badge at involved
work, automatic access card, speed pass to purchase
gasoline or as protection in cars having an antitheft Vocabulary, Part 1: Reference
immobilizer. 18000-1 definitions, architecture and 13/09/2004
 Semi-passive tags are similar to passive ones in the framing definition of
parameters to be
sense that they extract their power from the reader for standardized
communication purposes. However, they also have a
built-in battery that allows them to store data on the 18000-2 135 kHz 13/09/2004
Part 2:
microchip. The battery is not used for powering the tag. Communications
Generally, these tags include sensors, which need Settings for an air
batteries. interface below 135
kHz
3.3. ISO Standards
18000-3 13,56 MHz Part 3: 13/09/2004
Today, the products offered by two different
Communications
manufacturers may not be interoperable. It is the Settings for air
committee's purpose ISO/JTC1/SC31/WG4 to define a interface at 13.56
standard in this area. This committee is relayed to France MHz
by the Commission of Standardization 31 in AFNOR. Table
3 gives a summary of ISO standards. An exhaustive list is 18000-4 2,45 GHz Part 4: 31/08/2004
given in reference [5]. Some specific standards have existed Communications
for many years and others are planned. Settings for air
interface at 2.45 GHz

Main References Title 18000-5 * 5,8 GHz Abandonee

Part 5:
Communications
14223, 11784,11785, 24631 Identification of animals Settings for air
interface at 5.8 GHz

17363 to 17367 Applications of RFID supply chain.

293
 RFID technology itself, but rather in the ability to integrate
860 - 960 Part 6: it effectively to improve the operation and management of
18000-6 Communications 31/08/2004
MHz systems [27].
Settings for air
interface of between
860 MHz and 960 The following diagram summarizes the case studies in the
MHz different RFID application fields undertaken by reference
[28].
18000-7 433 MHz Part 7: Parameters 15/01/2008
for active air
interface at 433 MHz
800
700
* The realization of the standard 18000-5 has been abandoned in 600
500
February 2003, lack of consensus. 400
300
200
Table 3: Standards ISO 18000-x for the standardization of 100
RFID interfaces in the field of products. 0

The basic standard describing communications systems

interconnected OSI (Open Systems Interconnection) is ISO
7498 1984.

As far as standards of performance are of concern, for

testing systems (compare what is comparable to similar
measures) standards ISO 18046-x are used, and for Fig.4. RFID projects by application [28]
compliance tests standards ISO 18047-x are used.
5. SECURITY ASPECTS AND ITS
3.4. Multi-Tags Reading COUNTERMEASURES
Security is a crucial issue that must be addressed
Multi-tags are highly effective in improving object accordingly and since the technology is progressing on a
detection probability, yielding double-digit improvements daily basis, hacking techniques also are progressing and
over traditional single-tagged object RFID systems using sometimes on a faster scale. For example, in 2008
either linear or circular antennas. Moreover, multi-tags researchers from Radboud University in Nijmegen have
offer significantly larger improvements in object detection developed a relatively easy method to hack and reproduce a
as compared to adding extra readers, even in the presence large numbers of smart cards [6] [7]. Fake Biometric
of objects containing metals and liquids, without passports are also doable [8] [9].
exacerbating the burden on anti-collision algorithms [11].
Thus, multi-tags can be an effective and economically
viable solution for RFID applications that require higher In an RFID system, reproduction of tags is quiet easy.
object detection probabilities. Culprits needs to read the tag and to write the identifier on a
different tag. Affixing a password could improves security
4. RFID APPLICATIONS but it does not makes the system fully secure since
techniques of researching passwords are very developed.
RFID technology has been applied in various sectors. To
name few, this technology has been applied to logistics As stated previously, and like any other information
[12], resource management [13], automation and systems, RFID are susceptible to outside attacks and can be
monitoring of the manufacturing [14], care management in altered at different stages during their employment. All
hospitals [15], management of recycling [16], control and attacks waged against any RFID system can be classified
management of food in the food sector [17], pharmaceutical generally into three main groups (Attacks on CIA):
industry [18], storage and the location of books in  Attacks on confidentiality,
bookstores [19], routing luggage at airports [20], the  Attacks on integrity,
location of valuables in the buildings [21], security and  Attacks on authenticity
access control [22], ticketing and transport [23], contact
less payment [24], Real Time Location System and sensor
As well being vulnerable to ordinary attacks such as denial
network [25], and military sector [26]. Through these
of service, eavesdropping and man-in-the-middle. Figure 5
contributions we see that real innovation is not only in the
shows that RFID technology is, in particular, susceptible to

294
spoofing and power attacks. Some kinds of different attacks device. It has been shown that the power emission patterns
are explained below and the necessary countermeasures is are different when the card received correct and incorrect
provided as a way of protection and safeguard. password bits or cryptographic keys. It is possible to breach
smart card security by monitoring power consumption
signals. It is also predicted that a power analysis attack on a
RFID tags could be carried out using a simple common
device such as a cell phone.

Countermeasures

The widespread methods used to overcome power analysis

attacks are filtering or adding an element of arbitrariness.
Filtering power signals or delaying the calculation
randomly can increase the difficulty for the attacker to
recognize the power consumption patterns.

5.3 Eavesdropping
Fig. 5: Possible RFID attacks Eavesdropping is the act of secretly listening to the private
conversation of others without their consent. Given that an
5.1 Reverse engineering RFID tag is a wireless device that emits and transmits data,
there always exists a risk that the communication between
Reverse engineering is the process of discovering the tag and reader can be eavesdropped when interrogated by
technological principles of a device, object, or a system an RFID reader. Eavesdropping will happen when an
through the analysis of its structure, functions and attacker captures data with an analogous reader (one with
operation. Taking into consideration the privacy issues most likely with same tag type and frequency), while a tag
related to the biometric e-passport, it could be feasible for is being read by an authorized RFID reader. As most RFID
an attacker to obtain access of the chip and examine its systems use clear text way of communication, due to tag
memory contents optically to recover the PIN, biometric low memory capacity and or cost, eavesdropping is an
data or any personal information, etc. The technical effortless action but it is an efficient way for the attacker to
capability and equipment required to reverse engineer such obtain and gather useful information on the collected tag
an integrated circuit can be rated at different stages from a data. The information obtained during the attack can have
knowledgeable individual who will be using low cost and serious implications and severe consequences, it could be
easily available tools to a highly skilled team, using used in future attacks against the same RFID system.
equipment not commonly available in the commercial
market (Actel, 2002). Countermeasures
Countermeasures The best action against eavesdropping does include
establishing a secure channel and/or encrypting the
As proposed by the Federal Information Processing communication between the tag and the reader.
Standard (FIPS), coatings a chip as an anti-reverse
engineering method to prevent attacks is taken into 5.4 Man-in-the-middle attack (MiM)
consideration. Different tamper proof procedures have been
developed to protect against reverse engineering attacks. The man-in-the-middle attack (MiM) is a form of active
For example, by adding a tamper-release layer to RFID eavesdropping in which the attacker makes independent
tags, user can be alerted if a tag has been tinkered with or connections with the victims and relays messages between
not. them, making them believe that they are talking directly to
each other over a private connection, when in fact the entire
5.2 Power analysis of RFID tags conversation is controlled by the attacker. The attacker can
interrupt the communication pathway and manipulate the
This type of attack is unique in that it requires no physical information back and forth between the RFID components
contact with the device under attack. Power analysis is a as illustrated in the figure below (Fig. 6). The attacker
type of side-channel attack that is meant to salvage data and
information by analyzing changes in the power use of such

295
exposes the data prior to the anticipated device obtain it and from a valid tag and creates a copy of the captured sample
can modify the information en route. on a blank tag.

Countermeasures

An ordinary technique to overcome a spoofing attack is to

employ an RFID authentication protocol and data
encryption technique, which will enhance the rate and
technology needed for a victorious attack.

CONCLUSION
Figure 6: MiM attacker RFID technology is a powerful tool that is used namely in
assigning a unique identifier for each individual item, RFID
Countermeasures technology is used in wide range of applications. It does
offers an elegant way to identify objects and people. It does
There exist some techniques that can be applied to diminish not only identify each category of items but identifies each
MiM threats, such as encrypting data communications, individual item and assigns to it a unique number.
transfer information through a protected channel, and afford
an authentication protocol. RFID security challenges and countermeasures was studied
and presented. This paper has focused on many previous
5.5 Denial of Service (DoS) researchers state-of-the-art and latest research in this area
and presented different techniques to countermeasure
A denial-of-service (DoS) attack is an attempt to make a possible ways to prevent attackers to gain access to the
machine or network resource unavailable to its intended proposed system.
users. Although the means to carry out, motives for, and
targets of a DoS attack may vary, it generally consists of REFERENCES
efforts to temporarily or indefinitely interrupt or suspend
services of a host connected to the Internet. DoS attacks
can take many forms to attack an RFID tag. The main [1]. EPC global, link: http://www.gs1.org/epcglobal
reason is not to take or modify any data or information, but
to immobilize the RFID system so that it will be disabled. [2].IDTechEx RFID Knowledgebase via website
http://www.idtechex.com/knowledgebase/en/browse.asp
Countermeasures
[3]. P. Harrop “RFID Forecasts, Players, Opportunities”
Detecting DoS attacks is easier than preventing them from IDTechEx 2007.
happening in general. Nevertheless, once the attack is
detected, it normally can be stopped before it can do too [4]. F. Chetouane and H. Hamam, "RFID lab for the Canadian
much damage by implementing filters to block unwanted University of Dubai: Overview & Technical Specifications",
traffic. Internal report, Nov 2007.

[5]. http://rfid.net/basics/186-iso-rfid-standards-a-complete-list-
5.6 Spoofing
[6]. Piratage de cartes à puce sans contact facile.
A spoofing attack is a situation in which one person or http://www.zataz.com/news/17472/
program successfully masquerades as another by falsifying
data and thereby gaining an illegitimate advantage. With [7]. La protection des puces RFID contournée,
respect to RFID system, spoofing take place when a http://datanews.levif.be/ict/actualite/la-protection-des-puces-rfid-
fictitious tag pretense as a legitimate tag and thereby gains contournee/article-1194718426411.htm
an illegitimate and illegal advantage. Tag duplication is a
spoofing attack where the attacker captures the information [8]. passeport biométrique se fait hacker en beauté,
http://www.silicon.fr/uk-le-passeport-biometrique-se-fait-hacker-
en-beaute-21265.html

296
[9]. Fake UK, USA, Australian Biometric Passports for sell. Conference on Information Systems 2010 (EMCIS2010). ISBN:
http://www.globalcitizencorps.org/groups/site-feedback/22840 978-1-902316-80-2.

[10]. Xeni Jardin (Mars 2008) BBtv - How to hack RFID-enabled [24]. I. Lacmanovi , B. Radulovi , D. Lacmanovi “Contactless
credit cards for $8 http://www.boingboing.net/2008/03/19/bbtv- payment systems based on RFID technology” MIPRO 2010, 1114
how-to-hack-an.html - 1119, ISBN: 978-1-4244-7763-0.

[11].http://www.cs.virginia.edu/~robins/papers/Practicality_Multi [25]. J. Brchan, L. Zhao, J. Wu, R. Williams, L. Perez A Real-

Tag_RFID.pdf time RFID Localization Experiment Using Propagation Models,
IEEE International Conference on RFID, ISBN:978-1-4673-0328-
[12]. H.K. Chow, K.L. Choy, and W.B. Lee (2007). A dynamic 6/12/, 141-148.
logistics process knowledge-based system: An RFID multi-agent
approach. Knowledge-Based Systems, 20, 357–372. [26]. P. Harrop “RFID Forecasts, Players, Opportunities”
IDTechEx 2007.
[13]. H.K. Chow, K.L. Choy, W.B. Lee and K.C. Lau (2006).
Design of a RFID case-based resource management system for [27]. A. Fennani, and H. Hamam (2008) “An Optimized RFID-
warehouse operations. Expert Systems with Applications, 30, Based Academic Library”, SensorComm 2008, The Second
561–576. International Conference on Sensor Technologies and
Applications, Vol 2008, 44-48.
[14]. G.Q. Huang, Y.F. Zhang and P.Y. Jiang (2008). RFID-based
wireless manufacturing for real-time management of job shop [28]. IDTechEx RFID Knowledgebase via website
WIP inventories. Int J Adv Manuf Technol, 36, 752-764, 20. http://www.idtechex.com/knowledgebase/en/browse.asp.

[15]. J.A. Fisher and T. Monahan (2008). Tracking the social

dimensions of RFID systems in hospitals. International journal of
medical informatics, 77, 176-183.

[16]. A.K. Parlikad and D. McFarlane (2007). RFID-based

product information in end of-life decision making. Control
Engineering Practice, 15, 1348–1363.

[17]. E.W.T. Ngai., F.F.C. Suk, and S.Y.Y. Lo (2007).

Development of an RFID-based sushi management system: The
case of a conveyor-belt sushi restaurant. Int. J. Production
Economics, 630-645.

[18]. G. Adams (2007). Pharmaceutical manufacturing: RFID –

reducing errors and effort. Filtration & Separation, 44(6), 17-19.

[19]. K. Coyle (2005). Management of RFID in Libraries. The

Journal of Academic Librarianship, 31(5), 486–489.

[20]. Y. Wong, P. Wu, D. Wong, D. Chan, L. Fung, and S. Leung

(2006). RFI assessment on human safety of RFID system at Hong
Kong International Airport. In Proceeding of the IEEE 17th
International Zurich Symp. on Electromag. Compatibility, Feb. 27
- March 3, Singapore, 108-111.

[21]. L.M. Ni, Y. Liu, Y.C. Lau, and A.P. Patil “LANDMARC:
Indoor Location Sensing Using Active RFID” Wireless Networks,
10, 701–710 (2004).

[22]. P. Kitsos and Y. Zhang, “RFID Security: Techniques,

Protocols and System-on-Chip”, Springer Verlag 2008.

[23]. H. Ben Ammar and H. Hamam (2010) “Bus Management

System Using RFID In WSN”, European and Mediterranean

297