Information Technology Reference
In-Depth Information
Denial of service attacks could affect the production chain. However, for their
execution physical access to the premises is necessary so that the physical measures
proposed in Subsection 4.1 should be sufficient. It should not be forgotten that there
are communication networks in the system which could be vulnerable to external
DoS attacks, so that the usual security measures should be taken to prevent these
from occurring.
Unauthorised reading, as already mentioned, is not a problem given that there is
no secret data involved. Unauthorised writing has been dealt with in Subsections 4.2
and 4.3.
As regards relay attacks, these have also been dealt with, specifically in
Subsection 4.1.
5 Conclusions
As explained in the previous sections, the security of an RFID system depends on the
security of all layers integrated into the system, none of which should be ignored.
Given that in the present case the system will always be located in private installa-
tions without public access, many of the potential problems will not affect us. Fur-
thermore, as privacy is not a requirement, attacks directed at finding secret data will
not be of concern.
The use of aggregate signatures in the system, in addition to the initial step of en-
suring the veracity of the data, the time of its introduction and the fact that only
authorised entities may carry out the writing also provides protection against other
types of threat as has been pointed out in the previous paragraphs: relay attacks, clon-
ing, unauthorised writing, modification of tag data, SQL injection, insertion of codes,
buffer overflow, RFID worms, RFID viruses, and social engineering.
The worst threat hanging over RFID security is the idea that the system is secure
merely because of the use of RFID technology. A knowledge of the risks and the
implementation of all possible safeguards is fundamentally important, both in respect
of the RFID and of the other systems used in the process.
Since this scenario of aggregate signatures can be implemented in an information
system, independently from used technology, it allows its use in any process in which
there is a chain of steps, and to be able to know who takes responsibility of the data
introduced in each point (either a human agent or an autonomous system) and to pro-
tect the system, if a signature verification is performed before entering data into it.
Acknowledgments
This work has been partially financed by CPUFLIPI Project (MICINN TIN2010-
17298) of Spanish Government.
References
1.
Mitrokotsa, A., Rieback, M.R., Tanenbaum, A.S.: Classifying RFID Attacks and Defenses.
Inf. Syst. Front. 12, 491-505 (2010)
2.
Landt, J.: The History of RFID. IEEE Potentials 24, 8-11 (2005)
Search WWH ::
Custom Search