Issue No. 02 - March-April (2013 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.89
Di Ma , Coll. of Eng. & Comput. Sci, Univ. of Michigan-Dearborn, Dearborn, MI, USA
N. Saxena , Comput. & Inf. Sci. Dept., Univ. of Alabama at Birmingham, Birmingham, AL, USA
Tuo Xiang , Coll. of Eng. & Comput. Sci, Univ. of Michigan-Dearborn, Dearborn, MI, USA
Yan Zhu , Coll. of Eng. & Comput. Sci, Univ. of Michigan-Dearborn, Dearborn, MI, USA
In this paper, we report on a new approach for enhancing security and privacy in certain RFID applications whereby location or location-related information (such as speed) can serve as a legitimate access context. Examples of these applications include access cards, toll cards, credit cards, and other payment tokens. We show that location awareness can be used by both tags and back-end servers for defending against unauthorized reading and relay attacks on RFID systems. On the tag side, we design a location-aware selective unlocking mechanism using which tags can selectively respond to reader interrogations rather than doing so promiscuously. On the server side, we design a location-aware secure transaction verification scheme that allows a bank server to decide whether to approve or deny a payment transaction and detect a specific type of relay attack involving malicious readers. The premise of our work is a current technological advancement that can enable RFID tags with low-cost location (GPS) sensing capabilities. Unlike prior research on this subject, our defenses do not rely on auxiliary devices or require any explicit user involvement.
Security, Relays, Protocols, Privacy, RFID tags, location sensing, RFID, mobile payment system, relay attacks, context recognition
Yan Zhu, Tuo Xiang, N. Saxena and Di Ma, "Location-Aware and Safer Cards: Enhancing RFID Security and Privacy via Location Sensing," in IEEE Transactions on Dependable and Secure Computing, vol. 10, no. , pp. 57-69, 2013.