Information Technology Reference
In-Depth Information
In the process for which product traceability is required, are several checkpoints to
be entrusted with guaranteeing the system under study.
At each checkpoint the reader takes the data from the tag. This one checks the ag-
gregate signature and, if it is correct, checkpoint generates a new signature that en-
compasses the data input at this point and passes the new data and signature to the
information system. This operation is executed by the “security module”, meaning
the part of the system responsible for generating and verifying the aggregate signa-
tures at each point. Thus, the system works as a data filter, preventing those items not
correctly signed can reach the information system. An extensive description of our
system is in [6] and [7].
Figure 1 (in next page) shows the architecture of the system, where each computer
connected to an RFID reader has a “Security Module”.
3 RFID Security Risks
RFID systems are susceptible to various types of attacks. This technology is not im-
mune to risks, and some authors have classified the most significant threats into sev-
eral categories. Many of these threats are related to privacy ([8], [9] and [10]). In our
system, privacy is not something that we need to safeguard, because traceability is, in
this case, the objective of the process as a whole. On the other hand, taxonomy pro-
posal in [11] adds three more risk groups to that of privacy is proposed: Business
Process Risks, related to the impact of RFID system failures on automatic systems
based on them, Business Intelligence Risks, and finally “external” risks. Although this
perspective is more extensive and closer to reality than previous ones, we are going to
use as a base the structure proposed in [1], where types of attacks and threats are clas-
sified and related to a model with four layers: physical, network and transport, appli-
cation, and strategy. The first three ones correspond quite closely to the layers given
in the OSI model, while the fourth one encompasses the risks associated with logistic
factors and also contemplates the possibility that attacks may be multilayer, in other
words they affect several of the basic layers.
As developed in [1] and [12], the main risks for each layer are as follows:
Physical layer: permanent or temporary tag disablement, relay attacks and
removal or destruction of RFID readers.
Network and transport layer: identity, cloning and spoofing (affecting tags),
impersonation and eavesdropping (both mainly affecting readers), and net-
work protocol attacks.
Application layer: unauthorized tag reading, modification of tag details, at-
tacks in the middleware (such as buffer overflows and malicious code injec-
tion).
Strategic layer: industrial espionage, social engineering, privacy threats, tar-
geting objects (for example targeting people with valuable items with inten-
tion to rob).
Furthermore, there are multilayer attacks which may include denial of service attacks,
reading / writing of information in the free space of the tag without the user's knowl-
edge, traffic analysis, attacks on the cryptographic information algorithms, attacks
Search WWH ::
Custom Search