This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
An RFID Attacker Behavior Taxonomy
October-December 2009 (vol. 8 no. 4)
pp. 79-84
Luke Mirowski, University of Tasmania
Jacqueline Hartnett, University of Tasmania
Raymond Williams, University of Tasmania
Radio frequency identification (RFID) uses electronic tags to produce information about entities in the real world. Security is important when the information is used to make decisions about high-value entities such as pharmaceuticals. The authors present a taxonomy of attacker behavior to show how attacks can be sequenced to invalidate the informational goals of RFID systems. The taxonomy can be used to understand the security requirements of RFID systems.

1. T. Hassan and S. Chatterjee, "A Taxonomy for RFID," Proc. 39th Hawaii Int'l Conf. Systems Science, IEEE CS Press, 2006, pp. 1–10.
2. M.C. O'Connor, "GlaxoSmithKline Tests RFID on HIV Drug," RFID J., 2006; http://rfidjournal.com/article/articleview/2219/1/1.
3. A. Juels, "RFID Security and Privacy: A Research Survey," IEEE J. Selected Areas in Communications, vol. 24, no. 2, 2006, pp. 381–394.
4. S.E. Sarma, S.A. Weis, and D.W. Engels, "RFID Systems and Security and Privacy Implications," Proc. Workshop Cryptographic Hardware and Embedded Systems, LNCS, Springer, 2002, pp. 454–470.
5. B. Schneier, Secrets and Lies: Digital Security in a Networked World, Wiley, 2004, pp. 318–333.
6. A. Juels, "Strengthening EPC Tags Against Cloning," Proc. 4th ACM Workshop Wireless Security, ACM Press, 2005, pp. 67–76.
7. J. Halamka et al., "The Security Implications of VeriChip Cloning," J. Am. Medical Informatics Assoc., vol. 13, no. 5, 2006, pp. 601–607.
8. J. Westhues, "Hacking the Prox Card," RFID: Applications, Security, and Privacy, S. Garfinkel, and B. Rosenberg eds., Addison-Wesley, 2005, pp. 291–301.
9. G.P. Hancke, "Practical Attacks on Proximity Identification Systems (Short Paper)," , IEEE Symp. Security and Privacy, IEEE CS Press, 2006, pp. 328–333.
10. A. Juels, R.L. Rivest, and M. Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy," Proc. 10th ACM Conf. Computer and Communications Security, ACM Press, 2003, pp. 103–111.
11. Y. Oren and A. Shamir, "Remote Password Extraction from RFID Tags," IEEE Transactions on Computers, vol. 56, no. 9, 2007, pp. 1292–1296.
12. J. Collins, "RFID-Zapper Shoots to Kill," RFID J., 23 Jan. 2006; www.rfidjournal.com/article/view/2098/1/1.
13. M. Rieback, B. Crispo, and A. Tanenbaum, "Is Your Cat Infected with a Computer Virus?" Proc. 4th Ann. IEEE Conf. Pervasive Computing and Communications, IEEE CS Press, 2006, pp. 169–179.
14. K. Zetter, "Scan This Guy's E-Passport and Watch Your System Crash," Wired, 1 Aug. 2007; www.wired.com/politics/security/news/2007/08/epassport.
15. L. Mirowski and J. Hartnett, "Deckard: A System to Detect Change of RFID Tag Ownership," Int'l J. Computer Science and Network Security, vol. 7, no. 7, 2007, pp. 89–98.

Index Terms:
Network security, RFID, threat analysis
Citation:
Luke Mirowski, Jacqueline Hartnett, Raymond Williams, "An RFID Attacker Behavior Taxonomy," IEEE Pervasive Computing, vol. 8, no. 4, pp. 79-84, Oct.-Dec. 2009, doi:10.1109/MPRV.2009.68
Usage of this product signifies your acceptance of the Terms of Use.