Bookmark and Share
Home > RFID technology

 

And other security devices, security RFID devices are not perfect. Although RFID equipment has been widely used, but its security threats we need to solve before the device deployment. This article will focus on several RFID-related security issues.
 And other security devices, security RFID devices are not perfect. Although RFID equipment has been widely used, but its security threats we need to solve before the device deployment. This article will focus on several RFID-related security issues.
1.RFID forgery
According to the computing power, RFID can be divided into three categories:
1. Ordinary label (tag)
2. Use the symmetric key tag
3. Use of an asymmetric key tag
Among them, the general label without any encryption operations, it is easy to forge. However, it is widely used in ordinary label logistics management and tourism, an attacker can easily write information to a blank RFID tag or modify an existing label, for the use of RFID tags corresponding access authentication system . For ordinary labels attacker can do the following three things:
1. Modify data in an existing tag, so an invalid label becomes effective or, conversely, the valid tag becomes invalid. For example, you can modify the label goods, and then at a lower price to buy an expensive piece of merchandise.
2. Equally or modify the label, but the label is a modification to the contents of another tag is 狸猫换太子.
3. Get to the others to make a label own label.
So, when you want to use RFID tags in some processing systems contain sensitive information such as the identity of this, be sure to use encryption technology. But if we had to use normal label, it must be sure that you have the appropriate safety regulations, monitoring and auditing procedures to detect any RFID system abnormal behavior.
2.RFID sniffing
RFID systems RFID sniffer is a major problem. RFID tag reader always sends a request to the authentication information, when the reader receives the tag authentication information is sent, it will use the back-end database to verify the legitimacy of the tag authentication information. Unfortunately, most of the RFID tag is not certified RFID readers legitimacy. Then the attacker can use your own reader to earn a content label.
3. Tracking
By reading the contents of the label, an attacker can track an object or person's trajectory. When a tag enters into the range of the reader can be read, the reader can identify the tag and record label current position. Whether or not the communication between the tag and reader is encrypted, it can not escape the fact that the label be tracked. An attacker can use to track the location of mobile robots tag.
4. Denial of Service
When the reader receives the authentication information from the tag, it redirects authentication information and information within the back-end database for comparison. Readers and back-end database are vulnerable to denial of service attacks. When there is a denial of service attack, the reader will not be able to complete the certification label, and causes an interrupt other appropriate services. Therefore, we must ensure that there are appropriate mechanisms to prevent denial of service attacks between the reader and the backend database.
5. deception
In a spoofing attack, the attacker will often fake their own become a legitimate user. Sometimes, the attacker would create their own pseudo-administrator backend database, if forged successful, the attacker can do anything arbitrary, for example: The corresponding invalid requests, change RFID identification, denial of service or simply normal in System malicious code.
6. denied
The so-called denial is when a user during a certain operating refused to admit he had done, when denied sending, there is no way the system can verify that the user is there to carry out this operation. In the use of RFID, there are two possible denial: one is the sender or recipient may deny conducted an operation, such as issuing a RFID request, this time we did not have any evidence to prove whether the sender or receiver issued a RFID request; the other is the owner of the database may deny they had given an item or person any label.
7. Insert attack
In this attack, the attacker tries to send some system commands to RFID system instead of the original normal data content. One of the most simple example is that the attacker will attack command into the normal data stored in the tag.
8. replay attack
The attacker intercepts communication between the tag and the reader, recording under the label reply message authentication request to the reader, and in the re-transmitted after the information reader. One example is the replay attack, the attacker recorded information for authentication between the tag and the reader.
9. physical attacks
Physical attack attacker can send in physically exposed to the label and tamper information labels. There are many ways a physical attack, for example: using a microprobe to read the contents modify the label, use X-rays or other radiation to destroy the label, using electromagnetic disrupt communications between tags and readers.
In addition, anyone can easily use a knife or other tool damage label artificial, so the reader will not recognize the tag.
10. virus
Like with other information systems, RFID systems are vulnerable to viruses. In most cases, the target virus is back-end database. RFID tag virus can destroy or divulge the contents stored in the back-end database, refuse or interfere with communication between the reader and the backend database. In order to protect the back-end database, the database must be timely patching vulnerabilities and other risks.
Although RFID systems often become the target of attack, but because of the low cost RFID system, so that in many areas it is still widely used. So when preparing to deploy RFID systems, we must pay more attention to its security problems, especially in the first four attacks described in this article: forgery, sniffing, tracking, and denial of service attacks.

And other security devices, security RFID devices are not perfect. Although RFID equipment has been widely used, but its security threats we need to solve before the device deployment. This article will focus on several RFID-related security issues.

 And other security devices, security RFID devices are not perfect. Although RFID equipment has been widely used, but its security threats we need to solve before the device deployment. This article will focus on several RFID-related security issues.

1.RFID forgery

According to the computing power, RFID can be divided into three categories:

1. Ordinary label (tag)

2. Use the symmetric key tag

3. Use of an asymmetric key tag

Among them, the general label without any encryption operations, it is easy to forge. However, it is widely used in ordinary label logistics management and tourism, an attacker can easily write information to a blank RFID tag or modify an existing label, for the use of RFID tags corresponding access authentication system . For ordinary labels attacker can do the following three things:

1. Modify data in an existing tag, so an invalid label becomes effective or, conversely, the valid tag becomes invalid. For example, you can modify the label goods, and then at a lower price to buy an expensive piece of merchandise.

2. Equally or modify the label, but the label is a modification to the contents of another tag is bad.

3. Get to the others to make a label own label.

So, when you want to use RFID tags in some processing systems contain sensitive information such as the identity of this, be sure to use encryption technology. But if we had to use normal label, it must be sure that you have the appropriate safety regulations, monitoring and auditing procedures to detect any RFID system abnormal behavior.

2.RFID sniffing

RFID systems RFID smart cards sniffer is a major problem. RFID tag reader always sends a request to the authentication information, when the reader receives the tag authentication information is sent, it will use the back-end database to verify the legitimacy of the tag authentication information. Unfortunately, most of the RFID tag is not certified RFID readers legitimacy. Then the attacker can use your own reader to earn a content label.

3. Tracking

By reading the contents of the label, an attacker can track an object or person's trajectory. When a tag enters into the range of the reader can be read, the reader can identify the tag and record label current position. Whether or not the communication between the tag and reader is encrypted, it can not escape the fact that the label be tracked. An attacker can use to track the location of mobile robots tag.

4. Denial of Service

When the reader receives the authentication information from the tag, it redirects authentication information and information within the back-end database for comparison. Readers and back-end database are vulnerable to denial of service attacks. When there is a denial of service attack, the reader will not be able to complete the certification label, and causes an interrupt other appropriate services. Therefore, we must ensure that there are appropriate mechanisms to prevent denial of service attacks between the reader and the backend database.

5. deception

In a spoofing attack, the attacker will often fake their own become a legitimate user. Sometimes, the attacker would create their own pseudo-administrator backend database, if forged successful, the attacker can do anything arbitrary, for example: The corresponding invalid requests, change RFID identification, denial of service or simply normal in System malicious code.

6. denied

The so-called denial is when a user during a certain operating refused to admit he had done, when denied sending, there is no way the system can verify that the user is there to carry out this operation. In the use of RFID, there are two possible denial: one is the sender or recipient may deny conducted an operation, such as issuing a RFID request, this time we did not have any evidence to prove whether the sender or receiver issued a RFID request; the other is the owner of the database may deny they had given an item or person any label.

7. Insert attack

In this attack, the attacker tries to send some system commands to RFID system instead of the original normal data content. One of the most simple example is that the attacker will attack command into the normal data stored in the tag.

8. replay attack

The attacker intercepts communication between the tag and the reader, recording under the label reply message authentication request to the reader, and in the re-transmitted after the information reader. One example is the replay attack, the attacker recorded information for authentication between the tag and the reader.

9. physical attacks

Physical attack attacker can send in physically exposed to the label and tamper information labels. There are many ways a physical attack, for example: using a microprobe to read the contents modify the label, use X-rays or other radiation to destroy the label, using electromagnetic disrupt communications between tags and readers.

In addition, anyone can easily use a knife or other tool damage label artificial, so the reader will not recognize the tag.

10. virus

Like with other information systems, RFID systems are vulnerable to viruses. In most cases, the target virus is back-end database. RFID tag virus can destroy or divulge the contents stored in the back-end database, refuse or interfere with communication between the reader and the backend database. In order to protect the back-end database, the database must be timely patching vulnerabilities and other risks.

Although RFID systems often become the target of attack, but because of the low cost RFID system, so that in many areas it is still widely used. So when preparing to deploy RFID systems, we must pay more attention to its security problems, especially in the first four attacks described in this article: forgery, sniffing, tracking, and denial of service attacks.