1. CMPE 209 Prof. Richard SinnTopic: RFID Security (March 11, 2008)By : ZionVinit MahediaVishnusaran Ramaswamy Bhagyesh Lodha Mitesh Bhawsar

2. An Analysis of RFID Security Introduction: Radio Frequency Identification is a wireless technology that incorporates the use of the electromagnetic coupling in the Radio Frequency (RF) portion of the electromagnetic spectrum to uniquely identify the object, animal or a person[1]. Summing up the above mentioned definition, a radio transmission containing some kind of identification information into its transmission that can be utilized for a purpose is called Radio Frequency Identification (RFID). Radio Frequency Identification is a widely used technology nowadays because of its cost effectiveness. RFID as explained above is about a technology and device that utilizes the radio signals as a mean of information exchange. In RFID technology a tag or label is used to identify the entity or an animal or any inventory. The system that is being designed to receive and interpret this radio signals when receives any signal that is being sent by the tag or label on a particular entity or any inventory interprets the signal and the information bounded with it for the identification. For e.g.: The system asks a question to the tag or the label that represents the entity that What are you? the tag on the entity then responds the system in a radio signal sending the information of itself I am an inventory having item number 12345. Technically it is the action of the cryptographically encodes challenges and the responses, which are then interpreted by the database connected to the backend system having the relevant database for decoding the information and understand it. In past couple of years the use of RFID technology has rapidly increased especially in inventory systems to keep track on the product inventory. Because of its high flexibility of performing complete inventory tracking for manufacturer to warehouse, warehouse to retailers, it has made a high influence on the retail chain business. RFID is currently deployed into many different sectors with given no or less consideration to the security issues related to it.Architecture of RFID system: The basic architecture of the RFID system consists of the following. RFID Tag/Label RFID Active Tag RFID Passive Tag RFID Reader 3. The basic functionality of RFID system is that the RFID Reader requests the information from the RFID Tag and performs the relevant action upon receiving the response (Information) for the RFID tag. RFID Tag/ Label: RFID tags are device or hardware that transmits stored information to the RFID reader representing the identity of the entity or a person or any inventory which is understood by the RFID system and the relevant action is taken in to action. The RFID tag contains the following hardware configuration: Encoding/Decoding Security Memory Communications control Antenna Power supply There are basically two kinds of tags that are generally used while deploying a RFID system. Active TagsPassive TagsTypically utilize the onboard power sourceNo external power source on boardBecause of power source can transmit signal Can only transmit up to smaller range up to long rangeRange up to hundred feetRanges up to few feetCostlyCheaperLarger in size compared to passive tags Smaller in sizeHave larger memory up to 128 KB Have small memory up to few KB onlyRFID Reader: The other component of the RFID system is the RFID reader. The RFID queries the RFID tags to retrieve the information stored in the memory of the RFID tags. A RFID Reader is basically transceiver i.e. combination a transmitter and a receiver, because the functionality itself suggest the Reader queries the RFID tag and receives the response so there has to be the mechanism of both ways, receive and send. 4. The other hardwares in a RFID reader are: RS 232 port or an Ethernet jack Cryptographic encryption and decryption circuit Power supply Communication Control circuitApplications of RFID: RFIS is being applied into different fields for different purposes. RFID is mostly used in the commercial environment because it provides the ease to the commercial industry. Some the applications of the RFID system are: Supply chains for wholesale and retail product inventory Logistics Assets tracking Access control (in universities and organizations) Health Care services Live stock and wild life tagging of identification Library systems Many other identity, inventory or object identification system. Attacking RFID: Most applications use RFID as a monitoring device. RFID can be used to identify the location of an item, it can be used to track sales, it can be used for inventory, and it can be used for identification of an object or a person. Since the applications of RDIF are vast, many try to find ways to defeat the RDIF system. The underlying motive of some one attacking the RFID system would be to steal the object that is being monitored or traced, or place some redundant data in the tag such that it would affect the system. There are many types of attacked aimed at RFID including:1. Radio Frequency Manipulation2. spoofing 5. 3. Insert 4. Replay 5. Denial of service 6. Manipulation of Data Radio Frequency Manipulation: The RFID signals are very weak and most of the time remains impenetrable through metals. So the easiest way of hiding the RFID tags are by means of covering them with metal foils. Wrapping aluminum foils around the RDIF tags or using metallic coated mylar bag prevents RFID detection. This is the simplest way of attacking RFID. Spoofing: Spoofing is trying to read sensitive data from the RFID tag. A hacker trying to read a RFID tag might attack the system by providing false IP address or Domain name. He might broad cast the sensitive information on the RFID or can use the information for some other illegal purposes. Insert: As RFID has limited amount of memory, it is always assumed that the data occupies the entire data area of the Tag. As very little amount of validation happens when it is written and read from the RFID, the memory of a RFID tag remains an easy target for attackers. There are a few software that are available that allows the hackers to rewrite the memory locations of the RDIF chip. The hacker may include a malicious SQL statement at the end of the RFID tag values. This information cannot be distinguished by the reader and the reader will read the whole information from the Tag. This may directly affect the database. Replay: A hacker may hack the reader and receive and record the signal coming from the RFID tag. In such cases, the recorded information can be replayed back so that the original reader will be receiving the same RF signals. This type of fooling the reader is popular attack technique. Denial of Service: DOS is flooding the reader with unwanted signals. The reader will keep on reading the unwanted signals while it has to process the original signal. Another type of DOS is jamming the FR signals with noise. The reader has no specific voice reduction mechanism built, so it cannot read the RF signal correctly from the RDIF tag. Manipulation of Data: This is one of the most malicious attacks on RFID. Through software available in the market, a thief can modify the contents of an RFID tag. For example, if a thief goes to a super market where every item is protected by a RFID tag, he use a PDA loaded with this software to read the 6. RFID tag and change the contents of the tag and reload the contents again in the tag. This way the thief will be able to get huge discounts on the items of get even another item for free. This method is undetectable unless a full scale inventory is done.RFID Middleware: The above figure describes best the RFID middleware architecture. The middleware consists of a reader interface and an application interface. The data that is written into the RFID is written through the Application interface. The reader accesses the RFID tags by means of the Reader interface. The intermittent middleware contains processing modules to process the information based on the arriving RF signal. It is mandatory for the middleware layer to have 2 processing modules. The number of processing modules may change based on the complexity of the RFID chip.Conclusion: RFID tags are very commonly used in most logistics, control plants, inventory and identification systems. The number of application of RFID increases day by day so as the ways of attacking the RFID system. Suitable encryption methods should be used to prevent hackers from attacking the system. More over the control relation between the RFID tag and the reader has to improved by means of key sharing there by ensuring authentic data transfer between the reader and the tag. 7. Refrences:[1] http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci805987,00.html[2] http://www.ida.gov.sg/Infocomm%20Adoption/20061002182723.aspx[3]RFID: A guide to Radio Frequency Identification by: V. Daniel Hunt, Albert Puglia, Mike Puglia[4] RFID security by: John Kleinschmidt, Anita Campbell, Haresh Bharbava, Anand Das,Frank Thornton, Brad Haines(Syngress Publications)