The Community for Technology Leaders
RSS Icon
Issue No.04 - October-December (2009 vol.8)
pp: 79-84
Luke Mirowski , University of Tasmania
Jacqueline Hartnett , University of Tasmania
Raymond Williams , University of Tasmania
Radio frequency identification (RFID) uses electronic tags to produce information about entities in the real world. Security is important when the information is used to make decisions about high-value entities such as pharmaceuticals. The authors present a taxonomy of attacker behavior to show how attacks can be sequenced to invalidate the informational goals of RFID systems. The taxonomy can be used to understand the security requirements of RFID systems.
Network security, RFID, threat analysis
Luke Mirowski, Jacqueline Hartnett, Raymond Williams, "An RFID Attacker Behavior Taxonomy", IEEE Pervasive Computing, vol.8, no. 4, pp. 79-84, October-December 2009, doi:10.1109/MPRV.2009.68
1. T. Hassan and S. Chatterjee, "A Taxonomy for RFID," Proc. 39th Hawaii Int'l Conf. Systems Science, IEEE CS Press, 2006, pp. 1–10.
2. M.C. O'Connor, "GlaxoSmithKline Tests RFID on HIV Drug," RFID J., 2006;
3. A. Juels, "RFID Security and Privacy: A Research Survey," IEEE J. Selected Areas in Communications, vol. 24, no. 2, 2006, pp. 381–394.
4. S.E. Sarma, S.A. Weis, and D.W. Engels, "RFID Systems and Security and Privacy Implications," Proc. Workshop Cryptographic Hardware and Embedded Systems, LNCS, Springer, 2002, pp. 454–470.
5. B. Schneier, Secrets and Lies: Digital Security in a Networked World, Wiley, 2004, pp. 318–333.
6. A. Juels, "Strengthening EPC Tags Against Cloning," Proc. 4th ACM Workshop Wireless Security, ACM Press, 2005, pp. 67–76.
7. J. Halamka et al., "The Security Implications of VeriChip Cloning," J. Am. Medical Informatics Assoc., vol. 13, no. 5, 2006, pp. 601–607.
8. J. Westhues, "Hacking the Prox Card," RFID: Applications, Security, and Privacy, S. Garfinkel, and B. Rosenberg eds., Addison-Wesley, 2005, pp. 291–301.
9. G.P. Hancke, "Practical Attacks on Proximity Identification Systems (Short Paper)," , IEEE Symp. Security and Privacy, IEEE CS Press, 2006, pp. 328–333.
10. A. Juels, R.L. Rivest, and M. Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy," Proc. 10th ACM Conf. Computer and Communications Security, ACM Press, 2003, pp. 103–111.
11. Y. Oren and A. Shamir, "Remote Password Extraction from RFID Tags," IEEE Transactions on Computers, vol. 56, no. 9, 2007, pp. 1292–1296.
12. J. Collins, "RFID-Zapper Shoots to Kill," RFID J., 23 Jan. 2006;
13. M. Rieback, B. Crispo, and A. Tanenbaum, "Is Your Cat Infected with a Computer Virus?" Proc. 4th Ann. IEEE Conf. Pervasive Computing and Communications, IEEE CS Press, 2006, pp. 169–179.
14. K. Zetter, "Scan This Guy's E-Passport and Watch Your System Crash," Wired, 1 Aug. 2007;
15. L. Mirowski and J. Hartnett, "Deckard: A System to Detect Change of RFID Tag Ownership," Int'l J. Computer Science and Network Security, vol. 7, no. 7, 2007, pp. 89–98.
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool