CMPE – 209
Prof. Richard Sinn
Topic: RFID Security
(March 11, 2008)
By : Zion
An Analysis of RFID Security
“Radio Frequency Identification is a wireless technology that incorporates the use of the
electromagnetic coupling in the Radio Frequency (RF) portion of the electromagnetic spectrum
to uniquely identify the object, animal or a person”. Summing up the above mentioned
definition, a radio transmission containing some kind of identification information into its
transmission that can be utilized for a purpose is called Radio Frequency Identification (RFID).
Radio Frequency Identification is a widely used technology nowadays because of its cost
RFID as explained above is about a technology and device that utilizes the radio signals as a
mean of information exchange. In RFID technology a tag or label is used to identify the entity or
an animal or any inventory. The system that is being designed to receive and interpret this radio
signals when receives any signal that is being sent by the tag or label on a particular entity or any
inventory interprets the signal and the information bounded with it for the identification. For e.g.:
The system asks a question to the tag or the label that represents the entity that “What are you?”
the tag on the entity then responds the system in a radio signal sending the information of itself
“I am an inventory having item number 12345”. Technically it is the action of the
cryptographically encodes challenges and the responses, which are then interpreted by the
database connected to the backend system having the relevant database for decoding the
information and understand it.
In past couple of years the use of RFID technology has rapidly increased especially in inventory
systems to keep track on the product inventory. Because of its high flexibility of performing
complete inventory tracking for manufacturer to warehouse, warehouse to retailers, it has made a
high influence on the retail chain business.
RFID is currently deployed into many different sectors with given no or less consideration to the
security issues related to it.
Architecture of RFID system:
The basic architecture of the RFID system consists of the following.
• RFID Tag/Label
• RFID Active Tag
• RFID Passive Tag
• RFID Reader
The basic functionality of RFID system is that the RFID Reader requests the information from
the RFID Tag and performs the relevant action upon receiving the response (Information) for the
RFID Tag/ Label:
RFID tags are device or hardware that transmits stored information to the RFID reader
representing the identity of the entity or a person or any inventory which is understood by the
RFID system and the relevant action is taken in to action.
The RFID tag contains the following hardware configuration:
• Encoding/Decoding Security
• Communications control
• Power supply
There are basically two kinds of tags that are generally used while deploying a RFID system.
Active Tags Passive Tags
Typically utilize the onboard power source No external power source on board
Because of power source can transmit signal Can only transmit up to smaller range
up to long range
Range up to hundred feet Ranges up to few feet
Larger in size compared to passive tags Smaller in size
Have larger memory up to 128 KB Have small memory up to few KB only
The other component of the RFID system is the RFID reader. The RFID queries the RFID tags to
retrieve the information stored in the memory of the RFID tags. A RFID Reader is basically
transceiver i.e. combination a transmitter and a receiver, because the functionality itself suggest
the Reader queries the RFID tag and receives the response so there has to be the mechanism of
both ways, receive and send.
The other hardware’s in a RFID reader are:
• RS 232 port or an Ethernet jack
• Cryptographic encryption and decryption circuit
• Power supply
• Communication Control circuit
Applications of RFID:
RFIS is being applied into different fields for different purposes. RFID is mostly used in the
commercial environment because it provides the ease to the commercial industry.
Some the applications of the RFID system are:
Supply chains for wholesale and retail product inventory
• Assets tracking
• Access control (in universities and organizations)
• Health Care services
• Live stock and wild life tagging of identification
• Library systems
• Many other identity, inventory or object identification system.
Most applications use RFID as a monitoring device. RFID can be used to identify the location of
an item, it can be used to track sales, it can be used for inventory, and it can be used for
identification of an object or a person. Since the applications of RDIF are vast, many try to find
ways to defeat the RDIF system. The underlying motive of some one attacking the RFID system
would be to steal the object that is being monitored or traced, or place some redundant data in the
tag such that it would affect the system. There are many types of attacked aimed at RFID
1. Radio Frequency Manipulation
5. Denial of service
6. Manipulation of Data
Radio Frequency Manipulation:
The RFID signals are very weak and most of the time remains impenetrable through metals. So
the easiest way of hiding the RFID tags are by means of covering them with metal foils.
Wrapping aluminum foils around the RDIF tags or using metallic coated mylar bag prevents
RFID detection. This is the simplest way of attacking RFID.
Spoofing is trying to read sensitive data from the RFID tag. A hacker trying to read a RFID tag
might attack the system by providing false IP address or Domain name. He might broad cast the
sensitive information on the RFID or can use the information for some other illegal purposes.
As RFID has limited amount of memory, it is always assumed that the data occupies the entire
data area of the Tag. As very little amount of validation happens when it is written and read from
the RFID, the memory of a RFID tag remains an easy target for attackers. There are a few
software that are available that allows the hackers to rewrite the memory locations of the RDIF
chip. The hacker may include a malicious SQL statement at the end of the RFID tag values. This
information cannot be distinguished by the reader and the reader will read the whole information
from the Tag. This may directly affect the database.
A hacker may hack the reader and receive and record the signal coming from the RFID tag. In
such cases, the recorded information can be replayed back so that the original reader will be
receiving the same RF signals. This type of fooling the reader is popular attack technique.
Denial of Service:
DOS is flooding the reader with unwanted signals. The reader will keep on reading the unwanted
signals while it has to process the original signal. Another type of DOS is jamming the FR
signals with noise. The reader has no specific voice reduction mechanism built, so it cannot read
the RF signal correctly from the RDIF tag.
Manipulation of Data:
This is one of the most malicious attacks on RFID. Through software available in the market, a
thief can modify the contents of an RFID tag. For example, if a thief goes to a super market
where every item is protected by a RFID tag, he use a PDA loaded with this software to read the
RFID tag and change the contents of the tag and reload the contents again in the tag. This way
the thief will be able to get huge discounts on the items of get even another item for free. This
method is undetectable unless a full scale inventory is done.
The above figure describes best the RFID middleware architecture. The middleware consists of a
reader interface and an application interface. The data that is written into the RFID is written
through the Application interface. The reader accesses the RFID tags by means of the Reader
interface. The intermittent middleware contains processing modules to process the information
based on the arriving RF signal. It is mandatory for the middleware layer to have 2 processing
modules. The number of processing modules may change based on the complexity of the RFID
RFID tags are very commonly used in most logistics, control plants, inventory and identification
systems. The number of application of RFID increases day by day so as the ways of attacking the
RFID system. Suitable encryption methods should be used to prevent hackers from attacking the
system. More over the control relation between the RFID tag and the reader has to improved by
means of key sharing there by ensuring authentic data transfer between the reader and the tag.
”RFID: A guide to Radio Frequency Identification “by: V. Daniel Hunt, Albert Puglia, Mike Puglia
 “RFID security” by: John Kleinschmidt, Anita Campbell, Haresh Bharbava, Anand Das,Frank Thornton,
Brad Haines(Syngress Publications)