Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Published byPolly Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas"— Presentation transcript:

1 Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas http://rfidsecurity.uark.edu 1 This material is based upon work supported by the National Science Foundation under Grant No. DUE-0736741. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF). Copyright © 2008, 2009 by Dale R. Thompson {d.r.thompson@ieee.org}

2 Tag cloning Tag cloning – Duplicating tag data to another equivalent tag. http://rfidsecurity.uark.edu 2

3 Reader cloning Reader cloning – Duplicating an authorized reader. http://rfidsecurity.uark.edu 3

4 Replay attack Replay attack – Recording signals and replaying them later to attack the system. http://rfidsecurity.uark.edu 4

5 Tag spoofing Duplicating tag signals with unauthorized tag or system made to look like one or more tags and transmitting them to a reader and/or back-end system to mimic an authorized tag. A spoofed tag could act like thousands of tags performing a denial of service attack. http://rfidsecurity.uark.edu 5

6 Reader spoofing Duplicating reader signals with unauthorized reader or system made to look like a reader and transmitting them to a tag and/or back- end system to mimic an authorized reader. http://rfidsecurity.uark.edu 6

7 Modifying tag data Modifying tag data – Modifying, adding, or reordering data on tags. http://rfidsecurity.uark.edu 7

8 Deleting tag data Deleting tag data – Erasing data or locking memory to render the tag useless. http://rfidsecurity.uark.edu 8

9 Skimming Skimming (also called scanning) – Unauthorized primary access or reading of tag data using an interrogator. Signal which addresses the tag to get information from the tags. http://rfidsecurity.uark.edu 9 Read credit card Number and expiration date

10 Eavesdropping Eavesdropping (passive) – Unauthorized listening / intercepting through the use of radio receiving equipment. http://rfidsecurity.uark.edu 10

11 Relay attack or Man-in-the-middle attack Relay attack or Man-in-the-middle attack (Parasitic Eavesdropping) (active) – Unauthorized listening through the use of a separate reader system at distance, while tag is powered by a nearby reader. http://rfidsecurity.uark.edu 11

12 Jamming Jamming – Using of an electronic device to disrupt all tag/reader communication within its range. http://rfidsecurity.uark.edu 12

13 Shielding Shielding – Placing an object between the reader and tag to prevent reading of a tag. The object could absorb the signal like water or reflect the signal like a Faraday cage made of aluminum foil. http://rfidsecurity.uark.edu 13

14 Coupling Coupling – Placing an object near the tag or reader that detunes the circuit enough to disrupt communication. Ferrous material can be placed near a tag such that the frequency of the circuit changes. http://rfidsecurity.uark.edu 14

15 Blocker tag Blocker tag – Carrying a blocker tag that disrupts reader communication. The blocker tag is used against the anti-collision protocols. An attacker can simulate many RFID tags simultaneously causing the anti-collision to perform singulation on a large number of tags making the system unavailable to authorized use. http://rfidsecurity.uark.edu 15

16 Privacy Threats by RFID Tracking – Determine where individuals are located Tracing – Determine where individuals have been Hotlisting – Single out certain individuals because of the items they possess Profiling – Identifying the items an individual has in their possession Identification by constellations – Identifying an individual by the group of tag identifiers that they carry. This threat requires profiling the individual first. http://rfidsecurity.uark.edu/

17 Contact Information Dale R. Thompson, Ph.D., P.E. Associate Professor Computer Science and Computer Engineering Dept. JBHT – CSCE 504 1 University of Arkansas Fayetteville, Arkansas 72701-1201 Phone: +1 (479) 575-5090 FAX: +1 (479) 575-5339 E-mail: d.r.thompson@ieee.org WWW: http://comp.uark.edu/~drt/ http://rfidsecurity.uark.edu 17

18 Copyright Notice, Acknowledgment, and Liability Release Copyright Notice – This material is Copyright © 2008, 2009 by Dale R. Thompson. It may be freely redistributed in its entirety provided that this copyright notice is not removed. It may not be sold for profit or incorporated in commercial documents without the written permission of the copyright holder. Acknowledgment – These materials were developed through a grant from the National Science Foundation at the University of Arkansas. Any opinions, findings, and recommendations or conclusions expressed in these materials are those of the author(s) and do not necessarily reflect those of the National Science Foundation or the University of Arkansas. Liability Release – The curriculum activities and lessons have been designed to be safe and engaging learning experiences and have been field-tested with university students. However, due to the numerous variables that exist, the author(s) does not assume any liability for the use of this product. These curriculum activities and lessons are provided as is without any express or implied warranty. The user is responsible and liable for following all stated and generally accepted safety guidelines and practices. http://rfidsecurity.uark.edu 18

Download ppt "Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas"

Similar presentations

Lesson Title: RFID Modulation, Encoding, and Data Rates Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: RFID Modulation, Encoding, and Data Rates Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints.

Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints.
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
ITEC 810 Overview of Micropayment Technology

ITEC 810 Overview of Micropayment Technology
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Risk of Using RFID chips in Passports Oscar Mendez.

Risk of Using RFID chips in Passports Oscar Mendez.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
RFID Security CMPE 296T -Sankate Sharma -Sangbeom Ryu.

RFID Security CMPE 296T -Sankate Sharma -Sangbeom Ryu.
Lesson Title: Electromagnetics and Antenna Overview Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Electromagnetics and Antenna Overview Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Lesson Title: Singulation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This material.

Lesson Title: Singulation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This material.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
EPC for Security Applications By Jacob Ammons & Joe D’Amato.

EPC for Security Applications By Jacob Ammons & Joe D’Amato.

Similar presentations

Ads by Google