RFID Security: Attacks, Countermeasures and Challenges

Low-cost RFID tags are already being used for supply chain management and are a promising new technology that can be used to support the security of wireless ubiquitous applications. However current RFID technology is designed to optimize performance, with less attention paid to resilience and security. In this paper we analyze some of the most common types of attack on RFID tags: unauthorized disabling, unauthorized cloning, unauthorized tracking, and response replay. We introduce security mechanisms appropriate to defeat these attacks, and show how a recently proposed RFID authentication protocol uses them to achieve security. Two implementations are considered, one using a shrinking generator, the other the AES block cipher. Both have small footprint and power-consumption characteristics, well within EPC constraints for tags with read-write capability (class 2). We conclude by discussing the need for a modular security approach with RFID technology that will support off-the-shelf applications, and the need for making RFID technology resistant to side-channel attacks.