And other security devices, security, RFID devices are not perfect. Although RFID equipment has been widely used, but the security threats we need to resolve before the device deployment. This article will focus on several RFID-related security issues.
Ten Problems with RFID security threat
According to the calculation capability, RFID can be divided into three categories:
1. Ordinary label (tag)
2. Use the symmetric key labels
3. Use of an asymmetric key tag
Among them, the general label without any cryptographic operations, it is easy to forge. But the ordinary label was widely used in logistics management and tourism, an attacker can easily write information to a blank RFID tag or modify an existing label, for the use of RFID tags corresponding access authentication system . For ordinary labels attacker can do the following three things:
1. Modify data in an existing tag, so an invalid tag becomes effective or, conversely, the valid tag becomes invalid. For example, you can modify the label goods, and then at a lower price to buy an expensive commodity.
2. Equally or modify the label, but the label is a modification of the contents of another tag.
3. Get other people to tag content to make an own label.
So, when you want to use RFID tags in some processing systems that contain sensitive information, such as identification of, be sure to use encryption technology. But if you have to use common label, you must be sure that you have the appropriate safety regulations, monitoring and auditing procedures to detect RFID system in any unusual behavior.
RFID RFID system is sniffing a major problem. RFID tag reader always sends a request to the authentication information when the reader receives the authentication information transmitted by the tag, it will use the back-end database to verify the legitimacy of the authentication information label. Unfortunately, most of the RFID tag is not certified RFID reader legitimacy. Then the attacker can use to your readers taking content label.
By reading the contents of the label, the attacker can track an object or person’s trajectory. When a tag enters the range of the reader can be read, the reader can identify the tag and record labels current location. Whether or not the communication between the tag and reader is encrypted, it can not escape the fact that the label be tracked. An attacker can use a mobile robot to track the position of the label.
4. Denial of Service
When the reader receives the authentication information from the tag, it then redirects authentication information and information in the back-end database for comparison. Readers and back-end databases are vulnerable to denial of service attacks. When there is a denial of service attack, the reader will not be able to complete the certification label, and cause an interrupt other appropriate services. Therefore, we must ensure that there are appropriate mechanisms to prevent denial of service attacks between the reader and the backend database.
In a spoofing attack, an attacker will often forged himself as a legitimate user. Sometimes, the attacker will create their own pseudo-administrator back-end database, if forged successful, the attacker can do anything arbitrary, for example: The corresponding invalid request to change the RFID tags, or simply refused to normal service directly system malicious code.
The so-called denial when a user is performing a certain operation refused to admit he had done when denying sending, there is no way the system can verify that the user is there to carry out this operation. The use of RFID, there are two possible denial: one is the sender or recipient may deny conducted an operation, such as issuing a RFID request, this time we did not have any evidence to prove whether the sender or recipient issued a RFID request; the other is the owner of the database may deny that they had given an item or person any labels.
7. Insert attack
In this attack, the attacker tries to send commands to the system for some RFID system instead of the original normal data content. One of the most simple example is that the attacker will attack command into the normal data stored in the tag.
8. replay attack
The attacker intercepts communication between the tag and reader, recording reply message tab for reader authentication request and, after this information is retransmitted to the reader. One example is the replay attack, an attacker would record information for authentication between the tag and the reader.
9. Physical Attack
Physical attack attacker can send in physical contact with the label and tamper information labels. Physical attacks in various ways, for example: using a microprobe to read the label to modify content, using X-rays or other radiation to destroy the label, the use of electromagnetic disrupt communication between the tag and the reader.
In addition, anyone can easily use a knife or other tool to destroy the label artificial, so the reader can not recognize the tag.
Like with other information systems, RFID systems are vulnerable to virus attacks. In most cases, to the virus it is a back-end database. RFID tag virus that can destroy or divulge the contents stored in the database back-end, reject or interfere with communication between the reader and the back-end database. In order to protect the back-end database, the database must be timely repair vulnerabilities and other risks.
Although RFID systems often become the target of attack, but due to the low cost RFID system, so that it is still in many areas has been widely used. So when preparing to deploy an RFID system, we must pay more attention to security issues, especially the first four attacks described in this article: forgery, sniffing, tracking, and denial of service attacks.