Database Reference
In-Depth Information
“denial of service” attack, which prevents readers from performing their
normal function by jamming them.
5.4 Other Privacy- and Security-Protection
Methods
A number of privacy-protection mechanisms rely on the fact that the
eavesdroppers are more likely to be at some distance from the tag. In
this context, it was inferred by [75] that the greater threat to privacy
arises from the eavesdropping of signals sent from the reader (which can
be detected much further away), rather than reading the tag itself (which
can be done only at a much closer distance). In fact, the IDs being read
by the tree-walking protocol can be inferred merely by listening to the
signals being broadcast by the reader. Therefore, it has been proposed
in [75] to encrypt the signals being sent by the reader in order to prevent
privacy attacks by eavesdropping of
reader
signals.
A recent approach proposed in [21] makes the observation that the
legitimate readers are likely to be much closer to RFID tags, as compared
to unauthorized readers which attempt to surreptitiously scan items. It
is possible for a tag to detect the strength of the scanning signal, and
change its behavior depending upon the distance. For closer readers, the
full signal is transmitted, whereas for readers which are further away,
only the information about the type of product is transmitted.
A variety of other methods are available to make RFID tags smarter
for the purposes of privacy protection. For example, it is possible to
modify RFID tags to cycle through a set of
pseudonyms
rather than
emit a unique serial number [40]. Thus, the tag cycles through a set of
k
pseudonyms and emits them sequentially. This makes it more dicult
for an attacker to identify the tags, because they may only be able to
scan different pseudonyms of the tags at different times. Of course, if
the attacker is aware of the method being used in order to mask the tag,
they may try to scan the tag over a longer period of time, in order to
learn all the pseudonyms associated with the tag. This process can be
made more dicult for an attacker by increasing the time it takes for
the tag to switch from one pseudonym to another.
Of course, the ability to modify the data in the RFID tags is also
a security threat, when it is done by an adversary. Therefore, a natu-
ral solution is to password-protect the memory in the RFID tag. This
is a challenge from an energy consumption perspective, since all cryp-
tographic algorithms require a large amount of energy, and it would
require an onboard battery (active tag) for enablement. In this context,
