This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location Sensing
March-April 2013 (vol. 10 no. 2)
pp. 57-69
Di Ma, Coll. of Eng. & Comput. Sci, Univ. of Michigan-Dearborn, Dearborn, MI, USA
N. Saxena, Comput. & Inf. Sci. Dept., Univ. of Alabama at Birmingham, Birmingham, AL, USA
Tuo Xiang, Coll. of Eng. & Comput. Sci, Univ. of Michigan-Dearborn, Dearborn, MI, USA
Yan Zhu, Coll. of Eng. & Comput. Sci, Univ. of Michigan-Dearborn, Dearborn, MI, USA
In this paper, we report on a new approach for enhancing security and privacy in certain RFID applications whereby location or location-related information (such as speed) can serve as a legitimate access context. Examples of these applications include access cards, toll cards, credit cards, and other payment tokens. We show that location awareness can be used by both tags and back-end servers for defending against unauthorized reading and relay attacks on RFID systems. On the tag side, we design a location-aware selective unlocking mechanism using which tags can selectively respond to reader interrogations rather than doing so promiscuously. On the server side, we design a location-aware secure transaction verification scheme that allows a bank server to decide whether to approve or deny a payment transaction and detect a specific type of relay attack involving malicious readers. The premise of our work is a current technological advancement that can enable RFID tags with low-cost location (GPS) sensing capabilities. Unlike prior research on this subject, our defenses do not rely on auxiliary devices or require any explicit user involvement.
Index Terms:
Security,Relays,Protocols,Privacy,RFID tags,location sensing,RFID,mobile payment system,relay attacks,context recognition
Citation:
Di Ma, N. Saxena, Tuo Xiang, Yan Zhu, "Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location Sensing," IEEE Transactions on Dependable and Secure Computing, vol. 10, no. 2, pp. 57-69, March-April 2013, doi:10.1109/TDSC.2012.89
Usage of this product signifies your acceptance of the Terms of Use.