Threat Challenges on RFID Based NFC Applications: History
View Latest Version
Please note this is an old version of this entry, which may differ significantly from the current revision.
Contributor:
Ismail El Gaabouri
,
Mohamed Senhadji
,
Mostafa Belkasmi
,
Brahim El Bhiri

The IoT involves Radio Frequency Identification (RFID) as a part of the infrastructure that helps with the data gathering from different types of sensors. In general, security worries have increased significantly as these types of technologies have become more common.

  • RFID
  • cryptography
  • IoT
  • smart cards
  • security

1. Introduction

Radio Frequency Identification (RFID) is a method of remotely gathering and storing data that employs two types of RFID devices [1][2]. The first type is the RFID tags (transponders), which require each object to be marked in order to be identified in the system (a unique identifier). There are three types of tags [3]. The first are active ones, which transmit their ID signal on a continuous schedule due to the on-board battery. Next are passive tags, which depend entirely on the radio energy transmitted from the reader, because there is no battery supply. The third type comprises semi-active tags, for which the tag is supplied with a battery to manage its demands for regular measurements (such as temperature). Contrary to the transponders, RFID readers are a collection of devices that acquire data from RFID tags to track objects. Readers have better resources and frequently connect to back-end databases (where each tag is indexed) and can perform complex computations, such as implementing cryptographic solutions [4]. These tags all acknowledge periodicity. A tag can be assigned to one of four frequency ranges [5]: Low Frequency (LF), High Frequency (HF), Ultra-High Frequency (UHF), and Super-High Frequency (SHF). Since tags can only store a limited amount of information due to resource constraints, back-end databases are essential to the completion of the RFID system.

2. Radio Frequency Identification Security and Threats

Currently, RFID tags and readers play a key role in helping to save users’ time, and researchers can mention transport cards, companies’ access control cards, and medical records [6]. For this reason, security is necessary to promote this type of technology, as a data violation can have some serious detriments. Hence, before going through the analysis of the studies, obtaining sufficient knowledge about the security challenges, issues, and threats of RFID was necessary with the purpose of emphasizing the topic problem. Due to RFID devices’ small capacities, many challenges are faced in expanding their utilization, and the principal ones will be discussed to offer an overview of these constraints.

2.1. Radio Frequency Identification Challenges

As mentioned, each RFID system is composed of three main components; therefore, the challenges for each part of the system will be highlighted. In general, RFID suffers from inflexibility issues, as usually, the readers ought to be fixed in place. Moreover, and more precisely, commercial devices are expensive to re-design or reproduce since they come as a black box with limited information [7]; at this point, manufacturers restrict users’ ability to make profound changes. Furthermore, message collisions can be spotlighted as another challenge that can reduce the system’s efficiency, since the same communication channel is used by the diverse tags utilized. Frequency interferences, the read speed ratio, and energy wastage are some of the problems that can also be encountered. In addition, the read range and energy-gathering limitation comprise another set of challenges because the communication range relies on the device’s available power [8].
The previously mentioned challenges could lead to security issues that reflect the normal system workflow and may lead to information loss, which is pivotal in some cases, for instance, healthcare or industry. To overcome this issue, several suggestions have been presented to secure RFID communications and protect the confidentiality, integrity, and privacy of users.
The limitation of RFID is highly recommended to be taken into consideration while applying any sort of implementation to find a suitable solution. Consequently, cryptography-based schemes are deployed to reinforce RFID communications’ security. The primary concern of cryptography is to safeguard data from being eavesdropped on or sniffed, but it needs some computational and storage abilities to be undertaken.
Resource limitations comprise the main challenge confronted by any RFID application, where heavy computational cryptosystems cannot be supported [8]. For example, passive tags’ lifespan is a necessity. The latter only supports simple operations such as rotate and XOR. At this stage, conventional crypto primitives utilization might lead to an increase in heat, fast energy wastage (tag lifespan decreasing), and tag damage. As a result, ultra-lightweight schemes can be implemented to fit this type of tag. For semi-passive or semi-active tags, researchers can have some moderate resources that can support some advanced operations such as checksums, random number generation, hash functions, and mutual authentication. However, active tags consist of small batteries and have a good storage ability, so they are efficient enough to perform heavy computational operations without restrictions. In this regard, classical crypto-primitives can be used to offer strong security to the system, and researchers can mention Public Key Cryptography (PKC) schemes such as Elliptic Curve Cryptography (ECC) and Rivest, Shamir, and Adelman (RSA). In addition to symmetric key encryption, researchers can highlight the Advanced Encryption Standard (AES) and other computationally heavy algorithms. Besides this, communication protocol issues should be accommodated; therefore, anti-collision protocols are used to avoid tag message collisions. For instance, multi-access methods are implemented to identify exactly the tags where the signals came from and to decrease the collision number, which reflects positively on the throughput and number of transmitted bits. These methods are classified into four main categories as follows [9]:
  • Code division multi-access: This is built by multiplying the tag ID by a pseudo-random sequence before the data transmission. This method offers security to the communication between the reader and the tag; however, it has some high demands such as computation, along with enhancing the complexity.
  • Frequency division multi-access: This refers to the utilization of frequency ranges for the sake of recognizing tags. At such a level, each tag must belong to a specific frequency. FDMA seems expensive to implement and it is not designed for general employment.
  • Space division multi-access: Its main concern is to split the channel into distinct areas to enhance the channel’s connection capability. Unfortunately, SDMA is extremely costly and requires some complex designs for the antennas.
  • Time division multi-access: This approach is widely used and covers many anti-collision algorithms. TDMA divides the transmission channel between tags to ensure the reader’s identification ability at separate times to overcome interference. This method is not costly and reduces the number of tag interrogations after each successful response (broadcast message response).

2.2. Radio Frequency Identification Security Threats

Although RFID-based systems are tremendously used currently, several security threats are confronted in their implementation. These can be faced at the physical level or the communication level. This section presents the most common threats that can harm the RFID system and may lead to some serious breaches that reduce user information privacy. Data alteration, ID cloning, communication interruption, and tag tracking are some attacks that need in-depth consideration to address them:
  • Tracking: This is known as the act of reading RFID tags without the proper authorization by the use of a considerable number of RFID readers to gather their identifiers, and these identifiers can be personal credit card numbers [10].
  • Counterfeiting: This attack manipulates the tag, where a smaller amount of information is needed. Here, circumventing the security mechanisms utilized is the main objective of the counterfeiting threat [10].
  • Eavesdropping: This attack is based on saving the read intercepted communication with the intention to be re-used for analysis and as a baseline for another type of attack such as tag cloning attacks [7].
  • Tags cloning: Its major purpose is to duplicate a reliable tag as a copy to be used for unauthorized access to the reader’s information with the intention of extracting data to be stored in another tag. Tag cloning leads to several damages such as the manufacturer’s reputation and some serious financial losses [7].
  • Physical attacks: Its main concern is to tamper with the tag physically by damaging one of its components or disrupting its normal performance by glitching the tag’s clock or changing the transmitted radio frequencies, and researchers can mention side channel and timing attacks [10].
  • DoS attack: The is a denial of service, where the intruder tries to take the tag out of service. Consequently, no information will be leaked or occupied. However, it reduces the RFID system’s efficiency and faithfulness. The concept of realizing a DoS attack is to interfere with the signals of the channels used for the tags’ radio frequency communications [10].

This entry is adapted from the peer-reviewed paper 10.3390/fi15110354

References

  1. El Gaabouri, I.; Senhadji, M.; Belkasmi, M. A Survey on Lightweight Cryptography Approach for IoT Devices Security. In Proceedings of the 2022 5th International Conference on Networking, Information Systems and Security: Envisage Intelligent Systems in 5g//6G-based Interconnected Digital Worlds (NISS), Bandung, Indonesia, 30–31 March 2022; pp. 1–8.
  2. El Mouaatamid, O.; Lahmer, M.; Belkasmi, M. Internet of Things Security: Layered classification of attacks and possible Countermeasures. Electron. J. Inf. Technol. 2016, 9, 66–80.
  3. Baashirah, R.; Abuzneid, A. Survey on prominent RFID authentication protocols for passive tags. Sensors 2018, 18, 3584.
  4. Maarof, A.; Senhadji, M.; Labbi, Z.; Belkasmi, M. Security analysis of low cost RFID systems. In Proceedings of the 2014 5th Workshop on Codes, Cryptography and Communication Systems (WCCCS), El Jadida, Morocco, 27–28 November 2014; pp. 11–16.
  5. Costa, F.; Genovesi, S.; Borgese, M.; Michel, A.; Dicandia, F.A.; Manara, G. A review of RFID sensors, the new frontier of internet of things. Sensors 2021, 21, 3138.
  6. Gupta, B.B.; Quamara, M. An overview of Internet of Things (IoT): Architectural aspects, challenges, and protocols. Concurr. Comput. Pract. Exp. 2020, 32, e4946.
  7. Kumar, A.; Jain, A.K.; Dua, M. A comprehensive taxonomy of security and privacy issues in RFID. Complex Intell. Syst. 2021, 7, 1327–1347.
  8. Landaluce, H.; Arjona, L.; Perallos, A.; Falcone, F.; Angulo, I.; Muralter, F. A review of IoT sensing applications and challenges using RFID and wireless sensor networks. Sensors 2020, 20, 2495.
  9. Cmiljanic, N.; Landaluce, H.; Perallos, A. A comparison of RFID anti-collision protocols for tag identification. Appl. Sci. 2018, 8, 1282.
  10. Damghani, H.; Hosseinian, H.; Damghani, L. Investigating attacks to improve security and privacy in RFID systems using the security bit method. In Proceedings of the 2019 5th Conference on Knowledge Based Engineering and Innovation (KBEI), Tehran, Iran, 28 February–1 March 2019; pp. 833–838.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license; additional terms may apply. By using this site, you agree to the Terms and Conditions and Privacy Policy.
This entry is offline, you can click here to edit this entry!
Video Production Service
Feedback