RFID systems can be subject to various security attacks. Reverse engineering aims to understand how RFID tags work in order to steal data. Power analysis and eavesdropping/replay attacks aim to obtain sensitive information by analyzing power usage patterns or listening to communications. Man-in-the-middle attacks intercept and manipulate communications between tags and readers. Denial of service attacks like jamming aim to disrupt the RFID system. Countermeasures include encrypting communications, authentication protocols, tamper-resistant designs, and detecting anomalous behavior.
2. INTRODUCTION TO RFID
ï” RFID (radio frequency identification) is a form of wireless
communication that incorporates the use of electromagnetic or
electrostatic coupling in the radio frequency portion of the
electromagnetic spectrum to uniquely identify an object.
ï” Radio frequency identification (RFID) is a technology that uses
communication via radio waves to exchange data between a reader
and an electronic tag attached to an object, for the purpose of
identification and tracking.
WHAT IS RFID?
ï” A tag can be from up to several
feet away and does not need to
be within direct line-of-sight of
the reader to be tracked.
3. INTRODUCTION TO RFID
WHAT IS RFID?
RFID
READER
OBJECT
RFID Waves RFID Tags or
labels attached
to the objects to
be identified
Two-way radio
transmitter-receivers
called interrogators
/readers send a signal to
the tag and read its
response.
4. Category Low Frequency High Frequency Ultra High Frequency
General
Frequency
Range
30 - 300 kHz NA 300 - 3000 MHz
Primary
Frequency
Range
125 - 134 kHz 13.56 MHz 433 MHz, 860 - 960
MHz
Read Range 10 Centimetres 30 Centimetres Active 30 - 100+ M
Passive 25M
Average Cost
Per Tag
$0.75 - $5.00 $0.20 - $10.00 Active $25.00 - $50.00
Passive $0.09 - $20.00
Applications Animal Tracking,
Access Control, Car
Key-Fob,
Applications with
High Volumes of
Liquids and Metals
DVD Kiosks, Library
Books, Personal ID
Cards, Poker/Gaming
Chips, NFC
Applications
A: Vehicle Tracking,
Auto Manufacturing
P: Supply Chain
Tracking,
Manufacturing,
Pharmaceuticals,
Pros Works well near
Liquids & Metals
NFC Global Protocols,
Larger Memory Option
Large Memory Capacity
Cons Very Short Read
Range, Limited
Quantity of Memory,
Short Read Range,
Low Data Transmission
Rate
High Per Tag Cost
5. COMPONENTS OF RFID SYSTEM
RFID System
RFID Reader RFID Tags
Active Tag
Passive Tag
Fixed Reader
Mobile Reader
6. COMPONENTS OF RFID SYSTEM
COMPONENTS OF RFID READER
Microcontroller/
Computer
RF Signal
Generator
Receiver Signal
Detector
Antenna
From RFID Tag
7. COMPONENTS OF RFID SYSTEM
ï” Fixed readers stay in one location and are typically mounted on
walls, on desks, into portals, or other stationary locations.
ï” Fixed RFID Readers typically have external antenna ports that can
connect anywhere from one additional antenna to up to eight
different antennas. With the addition of a multiplexer, some
readers can connect to up to 32 RFID antennas.
ï” The number of antennas connected to one reader depends on the
area of coverage required for the RFID application. Some desktop
applications, like checking files in and out, only need a small area
of coverage, so one antenna works well. Other applications with a
larger area of coverage, such as a finish line in a race timing
application typically require multiple antennas to create the
necessary coverage zone.
FIXED RFID READER
8. COMPONENTS OF RFID SYSTEM
ï” Application: Typically used at a doorway/walkthrough like docks
warehouse
FIXED RFID READER
9. COMPONENTS OF RFID SYSTEM
ï” Mobile readers are handheld devices that allow for flexibility when
reading RFID tags while still being able to communicate with a host
computer or smart device.
ï” There are two primary categories of Mobile RFID readers â readers
with an on-board computer, called Mobile Computing Devices, and
readers that use a Bluetooth or Auxiliary connection to a smart
device or tablet, called Sleds.
ï” These can be used for low budget projects, flexible with low
infrastructure cost.
MOBILE RFID READER
10. COMPONENTS OF RFID SYSTEM
ï” Application: These can be used for projects related to warehouse
and storage areas, ticket scanning for a park or event.
MOBILE RFID READER
11. COMPONENTS OF RFID SYSTEM
RFID TAG
Controller Memory
Rectifier
Circuit
Transponder
Power Source
12. COMPONENTS OF RFID SYSTEM
ï” Active RFID tags possess their own power source â an internal
battery that enables them to have extremely long read ranges as
well as large memory banks.
ï” RFID that use active tags are called Active RFID systems these tags
continuously broadcast their own signal.
ï” There are two main frequencies used by active systems â 433 MHz
and 915 MHz. Generally RFID systems that operate on the 433 MHz
is used, because it has a longer wavelength enabling it to work a
little better with non-RF friendly materials like metal and water.
ï” Pros
ï” Extremely Long Read Range
ï” Increased tag abilities with partnered technologies (GPS, sensors,etc.)
ï” Extremely Rugged tag options
ACTIVE TAG
13. COMPONENTS OF RFID SYSTEM
ï” In a system that uses an active transponder tag, the reader (like
passive systems) will send a signal first, and then the active
transponder will send a signal back with the relevant information.
ï” Transponder tags are very efficient because they conserve battery
life when the tag is out of range of the reader.
TYPES OF ACTIVE TAG: TRANSPONDER
ï” Application: Active
RFID transponders
are commonly used
in secure access
control and in toll
booth payment
systems.
14. COMPONENTS OF RFID SYSTEM
ï” In a system that uses an active beacon tag, the tag will not wait to
hear the readerâs signal. Instead, true to its name, the tag will
âbeaconâ, or send out its specific information every 3 - 5 seconds.
ï” Active tagâs beacons can be read hundreds of meters away, but, in
order to conserve battery life, they may be set to a lower transmit
power in order to reach around 100 meters read range.
TYPES OF ACTIVE TAG: BEACONS
ï” Application:
Beacon tags are
very common in
the oil and gas
industry, as well
as mining and
cargo tracking
applications.
15. COMPONENTS OF RFID SYSTEM
ï” Passive tags operate with no internal power source and instead are
powered by the electromagnetic energy transmitted from an RFID reader.
PASSIVE TAG
Reader Antenna
Energy
RF Wave
Read Zone
(Tag is read)
Internal
Antenna
Energy
from RF
Wave
Integrated
Circuit
Tag
RF Wave Signal
Information
Interpretation
16. COMPONENTS OF RFID SYSTEM
ï” Pros
ï” Cheaper , Smaller, thinner/more flexible tags
ï” Higher range of tag options
ï” Tags can last a lifetime without a battery
ï” Application
ï” Access control
ï” File tracking
ï” Race timing
ï” Supply chain management
ï” Smart labels, and more.
PASSIVE TAG
17. COMPONENTS OF RFID SYSTEM
ï” Passive RFID tags have no internal power
source, and a standard passive RFID tag
consists only of an IC and internal
antenna; this basic structure is referred
to as an RFID inlay.
TYPES OF PASSIVE TAG: INLAY TAGS
ï” Hard RFID tags are durable and made of plastic, metal, ceramic
and even rubber. They come in all shapes and sizes and are
typically designed for a unique function, material, or application.
TYPES OF PASSIVE TAG: HARD TAGS
19. COMPONENTS OF RFID SYSTEM
ï” RFID Antennas convert the RFID readerâs signal into RF waves that
can be picked up by RFID tags.
ï” RFID antennas receive their power directly from the reader. When
the readerâs energy is transmitted to the antenna, the antenna
generates an RF field and, subsequently, an RF signal is
transmitted to the tags in the vicinity.
ï” Antenna Gain: The antennaâs efficiency of generating waves in a
specific direction is known as the antennaâs gain. The higher the
gain, the more powerful, and further-reaching RF field an antenna
will have.
ï” Antenna Polarity: The RFID antenna gives off RFID waves along a
horizontal or vertical plane, which is described as the antennaâs
polarity.
RFID ANTENNA
20. COMPONENTS OF RFID SYSTEM
ï” If the RF field is a horizontal
plane, is it called horizontally
linear, and if in vertical plane it
is vertically linear.
ï” An antennaâs polarity impacts
upon a systemâs read range to
maximize read range antennaâs
polarity should align with the
polarity of the RFID tag.
TYPES OF RFID ANTENNA
ï” A circularly-polarized antenna transmits waves that continually
rotate between horizontal and vertical planes in order to give an
application enhanced flexibility by allowing for RFID tags to be read
in multiple orientations
ï” The energy is divided between two planes, a circularly-polarized
antennaâs read range is shorter versus a similar gain linear antenna.
21. APPLICATIONS OF RFID SYSTEM
ï” Asset Tracking: Companies can keep a record of their assets; also can
track their movement in and out of a gateway through RFID.
INDUSTRY & LOGISTICS
ï” The RFID systems can be used at Baggage Handling at airports and
Container Tracking at shipment docks.
ï” Beer Keg Tracking : RFID is used to track draught beer to reach retail
outlets , the kegs are tracked from the breweries through the
distributors and wholesalers all the way to where it is consumed.
22. APPLICATIONS OF RFID SYSTEM
ï” Electronic Toll Collection: These system
allows electronically charging a toll to an
established customer account. ETC allows
vehicles to pass through a toll without
stopping or requiring any action by the
driver. The automatic toll collection
requires an account with the concerned
government authority. RFID Tag with a
chip in it is fixed on the windshield of the
vehicle and enables a customer to make
the toll payment directly from the
account linked to the tag.
INDUSTRY & LOGISTICS
ï” Gas Cylinder Identification : RFID tags
can be used effectively to monitor, track
and bill for gas cylinders quickly and
accurately.
23. APPLICATIONS OF RFID SYSTEM
ï” Inventory Management: RFID technology helps in the identification
and recording of individual products and components, and to track
them throughout the verticals from production to point-of-sale. This
process does not require direct line-of-sight and it creates visibility
of stock in hand, thus helps proper utilization to it. Every movement
of the inventory/stock can be automatically stored on the system
with the help of this technology.
INDUSTRY & LOGISTICS
ï” Pallet Tracking: Pallet movement
contributes significantly towards the
handling, transport and storage costs. As
goods move on pallets through a
warehouse or a supply chain, it becomes
imperative to track their movement and
collect information regarding their
location, usage, process flow, and
available inventory.
24. APPLICATIONS OF RFID SYSTEM
ï” Jewellery Management : RFID Tagging of
jewellery articles can assist in the quick,
accurate and efficient management of these
goods. RFID tagged jewellery items can be
read in bulk which makes stock-taking and
bookkeeping very quick and reduces the scope
of manual error.
INDUSTRY & LOGISTICS
ï” Manufacturing & Automation: The tags are deployed to help in
management of all assets on the assembly line from manufacturing
machinery, equipment and tools to WIP and final goods produced.
They help in data collection, maintaining accurate reports and
records, finding inconsistencies in process or quality, tracking rework
and rejected material and even proper and accurate dispatches.
25. APPLICATIONS OF RFID SYSTEM
ï” Access Control: The access control system is one of the most
commonly used systems in electronic door control using a card or a
magnetic stripe that can be accessed by swiping through a reader on
the door. These access control systems are used for security
purposes. It is widely used in Offices, Server rooms, Homes, Airports,
Defence, Data centers, etc.
ï” Library Applications: RFID based system supports the library in
tracking and recording the transactions, it helps in monitoring and
improving the handling process. RFID tags are attached to books &
material in the library with their stored information on the chip.
ï” Other Applications of RFID:
ï” Mobile Payments
ï” Parking Management
ï” Personal Identification
ï” Public Transport
ACCESS & SECURITY
26. APPLICATIONS OF RFID SYSTEM
ï” Animal Identification & Tracking: RFID based Animal Tracking and
identification are used the world over to track history and movement
of farm animals, zoo animals, and pet animals. It is necessary to
maintain records regarding animal origin, health, nutrition, the
threat of disease and so on.
ANIMAL
ï” Hospital Equipment Tracking: RFID tags can be used to track
inventory, locate assets, follow maintenance cycles, and optimize
equipment usage across the hospital for different procedures.
ï” Patient Tracking: Patients are made to wear RFID Wristband tags
which are stored with information regarding their diagnosis, medical
history, and treatment process.
PHARMA & HEALTHCARE
27. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
ï” RFID tags and readers can be reverse engineered i.e. Hackers can
take apart the chip in order to find out how it works in order to
receive the data from the IC.
ï” Purpose: Steal Information and/or Gain Access
REVERSE ENGINEERING
ï” A Federal Information Processing standard refers to chip coatings as
an anti-reverse engineering method to prevent attacks.
ï” Various tamper proof techniques have been developed to defend
against reverse engineering attacks. For instance, by adding a
tamper-release layer to RFID tags, operations personnel can be
alerted if a tag has been tampered with.
COUNTERMEASURES
28. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
ï” Power analysis is a form of side-channel attack that is intended to
retrieve information by analyzing changes in the power consumption
of a device. The power emission patterns are different when the
card received correct and incorrect password bits or cryptographic
keys. It is possible to breach smart card security by monitoring
power consumption signals.
ï” Purpose: Steal Information and/or Gain Access
POWER ANALYSIS
ï” Filtering power signals or delaying the computation randomly can
increase the difficulty for the attacker to identify the power
consumption patterns.
COUNTERMEASURES
29. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
ï” Eavesdropping, is when an unauthorized RFID reader listens to
conversations between a tag and reader then obtains important
data.
ï” Replay attacks builds on eavesdropping and specifically occur when
one part of communication in an RFID system is recorded and then
âreplayedâ at a later time to the receiving device in order to steal
information or gain access.
ï” Purpose: Steal Information and/or Gain Access
EAVESDROPPING & REPLAY
ï” Countermeasures against eavesdropping include establishing a secure
channel and/or encrypting the communication between tag and
reader.
ï” Another approach is to only write the tag with enough information to
identify the object. The identity is used to look up relevant
information about the object in a back end database, thus requiring
the attacker to have access to both the tag and the database to
succeed in the attack.
COUNTERMEASURES
30. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
ï” A man-in-the-middle attack happens during the transmission of a
signal. Like eavesdropping, the hacker listens for communication
between a tag and reader and then intercepts and manipulates the
information. The hacker diverts the original signal and then sends
false data while pretending to be a normal component in the RFID
system.
ï” Purpose: Take Down System
SNIFFING (MAN-IN-THE-MIDDLE ATTACK)
ï” Several technologies can be implemented to reduce MITM threats,
such as encrypting communications, sending information through a
secure channel, and providing an authentication protocol.
COUNTERMEASURES
31. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
ï” A Denial of Service attack is the broad concept of an RFID system
failure that is associated with an attack. These attacks are usually
physical attacks like jamming the system with noise interference,
blocking radio signals, or even removing or disabling RFID tags.
ï” Purpose: Take Down System
DENIAL OF SERVICE
ï” It is easier to detect DoS attacks than prevent them from happening
but detected, the attacks can generally be stopped before they do
too much harm. For eg, countermeasures against jamming can use
passive listening to detect the tags whose transmission exceeds a
predefined volume, and then use block functions to thwart them.
ï” Cowuntermeasures against detaching the tags from the targeted
items could be either through enhancing the mechanical connection
between the tags and items, or adding an alarm function to active
tags.
COUNTERMEASURES
32. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
ï” Cloning and spoofing are usually done back to back. Cloning is
duplicating data from a pre-existing tag, and spoofing is then using
the cloned tag to gain access to a secured area or item. Because the
hacker has to know the data on the tag to clone it, this type of
attack is mainly seen in access or asset management operations.
ï” Purpose: Gain Access
CLONING & SPOOFING
ï” To defeat a spoofing attack is to implement an RFID authentication
protocol and data encryption, which increases the cost and
technology complexity needed for a successful attack.
COUNTERMEASURES
33. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
ï” RFID tags currently do not have enough memory capacity to store a
virus; but in the future, viruses could be a serious threat to an RFID
system. A virus programmed on an RFID tag by an unknown source
could cripple an RFID system when the tagged item is read at a
facility. When read, the virus would transfer from tag to reader and
then to a companyâs network and software â bringing down
connected computers, RFID components, and networks.
ï” Purpose: Take Down System
VIRUS
ï” The virus attacks which have been demonstrated on RFID-based
systems are the common attacks against information systems, such
as buffer overflow attacks, code or SQL injection attacks, etc. Well-
developed middleware can be used to avoid virus attacks by blocking
anomalous bits from the tag.
COUNTERMEASURES
34. SECURITY ATTACKS ON RFID SYSTEMS & COUNTER
MEASURES
Reverse
Engineering
âąOptical Tamper Sensor
âąChip Coating
Power Analysis
âąRandomization
Eavesdropping
âąEncryption
âąShift data to backend
Man-in-the-Middle
âąEncryption
âąAuthentication
Cloning
âąAuthentication
âąRecognizing
Duplicates
Unauthorized
Reading
âąAuthentication
âąInstall Field Detector
âąShift Data to backend
Unauthorized
writing/Modification
âąAuthentication
âąInstall Field Detector
âąUse read-only tags
Spoofing
âąInstall Field Detector
âąFrequency
Division/Hopping
Jamming
Transmitters
âąAuthentication
âąEncryption
Reply
âąChallenge and
Response
Virus
âąBounds Checking &
Parameter
Detaching Tag
from Tagged item
âąMechanical connection
âąAlarm Function for
Active Tags
Tracking
âąKill function
Misuse Kill
Command
âąAuthentication