Different Kind of Security Attacks on RFID Systems
RFID systems are vulnerable to attack and can be compromised at various stages. Generally the attacks against a RFID system can be categorized into four major groups: attacks on authenticity, attacks on integrity, attacks on confidentiality, and attacks on availability. Besides being vulnerable to common attacks such as eavesdropping, man-in-the-middle and denial of service, RFID technology is, in particular, susceptible to spoof and power attacks.
Meaning of RFID: “Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. The tags contain electronically stored information. Passive tags collect energy from a nearby RFID reader’s interrogating radio waves. Active tags have a local power source such as a battery and may operate at hundreds of meters from the RFID reader. Unlike a barcode, the tag need not be within the line of sight of the reader, so it may be embedded in the tracked object. RFID is one method for Automatic Identification and Data Capture (AIDC).”
This section illustrates the different kinds of attacks on RFID systems.
Eavesdropping: Since an RFID tag is a wireless device that emits a unique identifier upon interrogation by a RFID reader, there exists a risk that the communication between tag and reader can be eavesdropped. Eavesdropping occurs when an attacker intercepts data with any compliant reader for the correct tag family and frequency while a tag is being read by an authorized RFID reader. Since most RFID systems use clear text communication due to tag memory capacity or cost, eavesdropping is a simple but efficient means for the attacker to obtain information on the collected tag data. The information picked up during the attack can have serious implications – used later in other attacks against the RFID system.
Man-in-the-Middle Attack: Depending on the system configuration, a man-in-the-middle attack is possible while the data is in transit from one component to another. An attacker can interrupt the communication path and manipulate the information back and forth between RFID components. This is a real-time threat. The attack will reveal the information before the intended device receives it and can change the information en route. Even if it received some invalid data, the system being attacked might assume the problem was caused by network errors, but would not recognize that an attack occurred. An RFID system is particularly vulnerable to Man-in-the Middle attacks because the tags are small in size and low in price.
Denial of Service: Denial of Service (DOS) attacks can take different forms to attack the RFID tag, the network, or the back-end to defeat the system. The purpose is not to steal or modify information, but to disable the RFID system so that it cannot be used. When talking about DOS attacks on wireless networks, the first concern is on physical layer attacks, such as jamming and interference. Jamming with noise signals can reduce the throughput of the network and ruin network connectivity to result in overall supply chain failure. A device that actively broadcasts radio signals can block and disrupt the operation of any nearby RFID readers. Interference with other radio transmitters is another possibility to prevent a reader from discovering and polling tags.
Spoofing: In the context of RFID technology, spoofing is an activity whereby a forged tag masquerades as a valid tag and thereby gains an illegitimate advantage. Tag cloning is a kind of spoofing attack that captures the data from a valid tag, and then creates a copy of the captured sample with a blank tag.
Replay Attack: In replay attack, an attacker intercepts communication between a RFID reader and a tag to capture a valid RFID signal. At a later time, this recorded signal is re-entered into the system when the attacker receives a query from the reader. Since the data appears valid, it will be accepted by the system.
Virus: If a RFID tag is infected with a computer virus, this particular RFID virus could use SQL injection to attack the backend servers and eventually bring an entire RFID system down.
Power Analysis: Power analysis is a form of side-channel attack, which intends to crack passwords through analyzing the changes of power consumption of a device. It has been proven that the power consumption patterns are different when the tag received correct and incorrect password bits.
Impersonation: An adversary can query to a tag and a reader in RFID systems. By this property, one can impersonate the target tag or the legitimate reader. When a target tag communicates with a legitimate reader, an adversary can collect the messages being sent to the reader from the tag. With the message, the adversary makes a clone tag in which information of a target tag is stored. When the legitimate reader sends a query, the clone tag can reply the message in response, using the information of a target tag. Then the legitimate reader may consider the clone tag as a legitimate one.
Information Leakage: If RFID systems are used widely, users will have various tagged objects. Some of objects such as expensive products and medicine store quite personal and sensitive information that the user does not want anyone to know. When tagged objects received a query from readers, the tags only emit its Electronic Product Code (EPC) to readers without checking legitimacy of readers. Therefore, if RFID systems are designed to protect the information of tags, user’s information cannot be leaked to malicious readers without an acknowledgment of the user.
Traceability: When a user has special tagged objects, an adversary can trace user’s movement using messages transmitted by the tags. In the concrete, when a target tag transmits a response to a reader, an adversary can record the transmitted message and is able to establish a link between the response and the target tag. As the link is established, the adversary is able to know the user’s movement and obtain location history of the user.
Tampering: The greatest threat for RFID system is represented by data tampering. The most well-known data tampering attacks control data, and the main defense against it is the control flow monitoring for reaching tamper-evidence. However, tampering with other kinds of data such as user identity data, configuration data, user input data, and decision-making data, is also dangerous. Some solutions were proposed, such as a tamper-evident compiler and micro-architecture collaboration framework to detect memory tampering. A further threat is the tampering with application data, involving mistakes in the production flow, denial of service, incoherence in the information system, and exposure to opponent attacks. This kind of attack is especially dangerous for RFID systems, since one of the main RFID applications is the automatic identification for database real-time updating.