The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - April-June (2008 vol.7)
pp: 70-77
Pawel Rotter , Joint Research Centre of the European Commission
ABSTRACT
Radio Frequency Identification is a technology that uses radio waves to automatically identify physical objects. Researchers have been rapidly developing RFID systems over the last few years, and such systems have proven benefits in many application domains. However, RFID systems also raise serious privacy and security concerns. This article offers a brief review of the main threats to RFID systems and proposes a methodology for qualitatively evaluating the risk level for various application domains. The evaluation is based on three criteria: the system's deployment range, the type of link between the RFID tag and identity-related data, and the domain's security demands. The author also presents a taxonomy of some existing RFID applications and discusses each in relation to the evaluation criteria.
INDEX TERMS
RFID, privacy, security
CITATION
Pawel Rotter, "A Framework for Assessing RFID System Security and Privacy Risks", IEEE Pervasive Computing, vol.7, no. 2, pp. 70-77, April-June 2008, doi:10.1109/MPRV.2008.22
REFERENCES
1. S. Garfinkel and B. Rosenberg, RFID: Applications, Security, and Privacy, Addison-Wesley, 2005.
2. I. Bose and R. Pal, "Auto-ID: Managing Anything, Anywhere, Anytime in the Supply Chain," Comm. ACM, vol. 48, no. 8, 2005, pp. 100–106.
3. I. Maghiros, P. Rotter, and M. Van Lieshout, eds., RFID Technologies: Emerging Issues, Challenges, and Policy Options, tech. report 22770 EN, European Commission Joint Research Centre's Inst. for Prospective Technological Studies, 2007.
4. B. Nath, F. Reynolds, and R. Want, "RFID Technology and Applications," IEEE Pervasive Computing, vol. 5, no. 1, 2006, pp. 22–24.
5. Z. Kfir and A. Wool, "Picking Virtual Pockets Using Relay Attacks On Contact-less Smartcard Systems," Proc. 1st Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (Securecomm 05), IEEE CS Press, 2005, pp. 47–58.
6. G. Hancke, A Practical Relay Attack On ISO 14443 Proximity Cards, Univ. Cambridge Computer Lab, 2005, www.cl.cam.ac.uk/~gh275relay.pdf.
7. G. Hancke and M. Kuhn, "An RFID Distance Bounding Protocol," Proc. 1st Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (Securecomm 05), IEEE CS Press, 2005, pp. 67–73.
8. I. Kirschenbaum and A. Wool, How to Build a Low-Cost, Extended-Range RFID Skimmer, Int'l Assoc. Cryptology Research, 2006, http://eprint.iacr.org/2006054.
9. G. Karjoth and P. Moskowitz, "Disabling RFID Tags with Visible Confirmation: Clipped Tags Are Silenced," Proc. Workshop on Privacy in the Electronic Society, ACM Press, 2005, pp. 27–30.
10. M. Rieback, B. Crispo, and A. Tanenbaum, "RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management," Proc. Australasian Conf. Information Security and Privacy (ACISP05), LNCS 3574, Springer, 2005, pp. 184–194.
11. S. Garfinkel, A. Juels, and R. Pappu, "RFID Privacy: An Overview of Problems and Proposed Solutions," IEEE Security and Privacy, vol. 3, no. 3, 2005, pp. 34–43.
12. M. Rieback, B. Crispo, and A. Tanenbaum, "Is Your Cat Infected With A Computer Virus?" Proc. Int'l Conf. Pervasive Computing and Comm. (Percom 06), IEEE CS Press, 2006, pp. 169–179.
13. J. Wortham, "How To: Disable Your Passport's RFID Chip," Wired, vol. 15, no. 1, 2007, www.wired.com/wired/archive/15.01start.html?pg=9 .
14. A. Juels, R. Rivest, and M. Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy," Proc. Int'l Conf. on Computer and Comm. Security, ACM Press, 2003, pp. 103–111.
15. S. Hansche, J. Berti, and C. Hare, Official (ISC)2 Guide to the CISSP Exam, Auerbach Publications, 2004.
16. B. Fabian, O. Günther, and S. Spiekermann, "Security Analysis of the Object Name Service," Proc. Workshop Security, Privacy, and Trust in Pervasive and Ubiquitous Comp., 2005, http://lasecwww.epfl.ch/~gavoine/download/ papersFabianGS-2005-sptpuc.pdf.
17. J. Halamka et al., "The Security Implications of VeriChip Cloning," J. American Medical Informatics Assoc., vol. 13, no. 6, 2006, pp. 601–607.
18. P. Rotter, B. Daskala, and R. Compañó, "RFID Implants: Opportunities and Challenges in the Identification and Authentication of People," forthcoming, IEEE Technology and Society, 2008.
19. A. Graasfata, RFID Toys, Wiley, 2006.
20. A. Juels, D. Molnar, and D. Wagner, "Security and Privacy Issues in E-Passports," Proc. 1st Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (Securecomm 05), IEEE CS Press, 2005, pp. 74–88.
21. J.H. Hoepman et al., "Crossing Borders: Security and Privacy Issues of the European E-Passport," Advances in Information and Computer Security, LNCS 4266, Springer, 2006, pp. 152–167.
22. M. Snijder, Security and Privacy in Large-Scale Biometric Systems, report, European Commission Joint Research Centre's Inst. for Prospective Technological Studies, 2007, http://is.jrc.es/documentsSecurityPrivacyFinalReport.pdf .
19 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool