Information Technology Reference
In-Depth Information
may harm a person in many ways (Lieshout
et al., 2007, p.125).
out only by using a device which is capable
enough of emulating any kind of tag or by
producing a clone of the old tag, thereby
resulting in several tags having the same
identity in circulation (Lieshout et al.,
2007, p.133).
•
Using data to monitor specific behav-
iors:
Monitoring people can be carried out
in real time, but it can also be done based
on aggregated data which when analyzed
can help in deducting specific patterns of
behavior of persons. For example, shop
owners use RFID technology in the form
of loyalty cards to monitor customers, col-
lect information on their shopping behav-
ior and use the information to base deci-
sions. Even if the identity is not known,
information of a person can be collected
easily through an identifier such as a tag
related to a personal belonging of customer
(Lieshout et al., 2007, p.125).
•
Deactivation:
Such type of attacks render
tags useless through the unauthorized use
of delete or kill commands. Depending on
the type of deactivation, the reader can ei-
ther no longer detect the tag's identity or in
some cases the reader cannot even detect
the presence of the tag even though they
are well inside the reading range (Lieshout
et al., 2007, p.133).
•
Physical destruction:
Since RFID tags
can be removed and replaced on anything
without much hassle, they can be easily de-
stroyed either physically, chemically or by
mechanical means, or by using strong elec-
tromagnetic fields. Active tags can even
be shut down by removing or discharging
their battery (Lieshout et al., 2007, p.133).
Security Aspects of RFID
Since a vast amount of information is involved in
RFID systems, security of the potentially sensi-
tive information is critical. The security threats
are classified as: threats for tags, for air interface
or for readers.
•
Detaching the tag:
RFID tags can be re-
moved from items and can subsequently be
associated with different items. The prob-
lem might seem trivial, but since RFID
systems are completely dependent on the
identification of tagged items, this type of
attack poses a great fundamental security
threat (Lieshout et al., 2007, p.133).
Security Threats for Tags
•
Falsification of contents:
Information can
be falsified by unauthorized write to tag.
Such an attack is possible only if the ID or
any other security information that might
exist remains unchanged, when the attack
is carried out and the reader continues to
recognize the tag as before. This kind of
security threat can be seen in RFID sys-
tems which store additional information
on the tag apart from the ID and security
information (Lieshout et al., 2007, p.133).
Security Threats for Air Interface
•
Eavesdropping:
As the communication
between readers and tags via the interface
is monitored by intercepting and decoding
the radio signals, it poses a great threat to
the RFID systems because private/sensi-
tive information about a person could be
eavesdropped. The eavesdropped informa-
tion could also be used to perform a reply
attack, i.e., the attackers could record all
the communicated messages and can later
•
Falsification of tag ID:
If attackers get
hold of ID and security information of a
tag, they can use them to deceive the reader
into accepting the identity of that particu-
lar tag. This form of attack can be carried
Search WWH ::
Custom Search