A context-aware approach to defend against unauthorized reading and relay attacks in RFID systems
نویسندگان
چکیده
RFID systems are becoming increasingly ubiquitous in both public and private domains. However, due to the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise due to the tag’s promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading. Promiscuous tag response also incites different forms of relay attacks whereby a malicious colluding pair, relaying messages between a tag and a reader, can successfully impersonate the tag without actually possessing it. Due to the increasing ubiquity of RFID devices, there is a pressing need for the development of security primitives and protocols to defeat unauthorized reading and relay attacks. However, currently deployed or proposed solutions often fail to satisfy the constraints and requirements of the underlying RFID applications in terms of (one or more of) efficiency, security, and usability. This paper proposes a novel research direction, one that utilizes sensing technologies, to tackle the problems of unauthorized reading and relay attacks with a goal of reconciling the requirements of efficiency, security, and usability. The premise of the proposed work is based on a current technological advancement that enables many RFID tags with low-cost sensing capabilities. The on-board tag sensors will be used to acquire useful contextual information about the tag’s environment (or its owner, or the tag itself). To defend against unauthorized reading and relay attacks, such context information can be leveraged in two ways. First, contextual information can be used to design context-aware selective unlocking mechanisms so that tags can selectively respond to reader interrogations and thus minimize the likelihood of unauthorized reading and “ghost-and-leech” relay attacks. Second, contextual information can be used as a basis for context-aware secure transaction verification to defend against special types of relay attacks involving malicious readers. Copyright c © 2011 John Wiley & Sons, Ltd.
منابع مشابه
Location Aware Selective Unlocking for Enhancing RFID Security
In this paper, a new approach for providing security as well as privacy is proposed. The un-authorized reading and relay attacks on RFID system is avoid by using location sensing mechanism. For example, location sensing mechanism used for location specific application such as on the door of ATM cash transfer van for providing security because the location of the van is fixed. So after reaching ...
متن کاملSafer Cards Enhancing Rfid Security and Privacy via Location Sensing
ABSTRACT: In this paper, we report on a new approach for enhancing security and privacy in certain RFID applications whereby location or location-related information (such as speed) can serve as a legitimate access context. Examples of these applications include access cards, toll cards, credit cards, and other payment tokens. We show that location awareness can be used by both tags and back-en...
متن کاملProviding a Distance Bounding Protocol Named Pasargad in order to Defend against Relay Attacks on RFID-Based Electronic Voting System
The most important characteristic of RFID-based electronic voting system compared to traditional voting system is that votes in the electronic system are as contactless smart cards in place of paper ballots. For casting ballots, voters use a computer terminal to write their choices (their chosen candidates) into contactless smart cards and then put the smart card inside the box. The most import...
متن کاملHMAC-Based Authentication Protocol: Attacks and Improvements
As a response to a growing interest in RFID systems such as Internet of Things technology along with satisfying the security of these networks, proposing secure authentication protocols are indispensable part of the system design. Hence, authentication protocols to increase security and privacy in RFID applications have gained much attention in the literature. In this study, security and privac...
متن کاملPractical Attacks on Proximity Identification Systems (Short Paper)
The number of RFID devices used in everyday life has increased, along with concerns about their security and user privacy. This paper describes our initial findings on practical attacks that we implemented against ‘proximity’ (ISO 14443 A) type RFID tokens. Focusing mainly on the RF communication interface we discuss the results and implementation of eavesdropping, unauthorized scanning and rel...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Security and Communication Networks
دوره 7 شماره
صفحات -
تاریخ انتشار 2014