RFID Security

RFID Security is focused on the technical security aspects of using RFID—specifically the security of the physical and data layers (i.e., Layer 1 andLayer 2).The multitude of questions regarding RFID applications are influenced by the policy decisions of implementing certain applications, and by
the philosophical and religious outlook of the parties involved. Generally,those matters are not discussed, except where a security decision directly influences a privacy policy. (See “United States Passports” in Chapter xx.)

We often embrace new technology without understanding the security issues.We tend to cast a cynical eye at marketers’ hyperbole concerning performance.Even so, sometimes we fail to be cynical regarding security claims(or lack thereof ) surrounding new technology. Security is often considered secondary to other issues of certain technologies. RFID is being used in multiple areas where little or no consideration was given to security issues.

Although RFID is a young technology, the security of some RFID systems has already been compromised. In January 2005, the encryption of ExxonMobil’s SpeedPass and the RFID POS system was broken by a team of students (as an academic exercise at Johns Hopkins University), because
common rules concerning strong encryption were not followed.

In February 2006, Adi Shamir, professor of Computer Science at the Weizmann Institute, reported that he could monitor power levels in RFID tags using a directional antenna and an oscilloscope. He said that patterns in the power levels can be used to determine when password bits are correctly
and incorrectly received by an RFID device. Using that information, an attacker can compromise the Secure Hashing Algorithm 1 (SHA-1), which is used to cryptographically secure some RFID tags.
According to Shamir, a common cell phone can conduct an attack on RFID devices in a given area. (Shamir coauthored the Rivest, Shamir, & Adleman (RSA) public-key encryption in 1977.) As this book was nearing completion, a group at Amsterdam’s Free University in the Netherlands created RFID viruses and worms as a “proof of concept.”This group fit a malicious program (malware) onto the memory area of a programmable RFID chip (i.e., a tag). When the chip was queried by the reader, the malware passed from the chip to the backend database, from where the malware could be passed to other tags or used to carry out malevolent actions.The exploits employed, including Structured Query Language (SQL) and buffer overflow attacks, are generally used against servers. By not understanding the mistakes of the past, people commit the same mistakes again.This book helps people think about preventing those mistakes and executing security measures.

Because RFID is based on radio waves, there is always the potential for unintended listeners. Even with the lowest powered radios, the distance that a signal travels can be many times more than considered the maximum (e.g., at the DefCon 13 security convention in Las Vegas, Nevada, in July 2005, some consultants received a response from an RFID device from 69 feet away,
which is a considerable distance for a device designed to talk to its reader at less than 10 feet.
Additionally, radio waves can move in unexpected ways; they can be reflected off of some objects and absorbed by others.This unpredictability can cause information from an RFID tag to be read longer than intended, or it can prevent the information from being received.

The ability to receive RFID data further away than expected opens RFID to sniffing and spoofing attacks. Being able to trigger a response from a tag beyond the expected distance makes RFID systems susceptible to denial-of-service (DOS) attacks, where radio signals are jammed with excessive amounts of data that overload the RFID reader.