SQL infections through RFID

Journal in Computer Virology

Volumn 4, Issue 4, 2008, Pages 347-356

  Sulaiman, Anthonius ^a   Mukkamala, Srinivas ^a   Sung, Andrew ^a  

^a NEW MEXICO INSTITUTE OF MINING AND TECHNOLOGY   (United States)

Author keywords

RFID attacks; RFID virus; SQL infections; SQL injections

Indexed keywords

AUTOMATION; ELECTRONIC DATA INTERCHANGE; INJECTION (OIL WELLS); RADIO FREQUENCY IDENTIFICATION (RFID); RADIO NAVIGATION;

AUTOMATIC IDENTIFICATIONS; END SYSTEMS; GREAT-ER; INFRA-STRUCTURE; RADIO FREQUENCY IDENTIFICATION DEVICES; RFID ATTACKS; RFID SYSTEMS; RFID TAGS; RFID VIRUS; SQL INFECTIONS; SQL INJECTIONS; SQL SERVERS; WORKING WELLS;

WINDOWS OPERATING SYSTEM;

EID: 54849419284     PISSN: 17729890     EISSN: 17729904     Source Type: Journal    
DOI: 10.1007/s11416-007-0075-8     Document Type: Article

References (24)

1. Caton, M.: RFID Reshapes Supply Chain Management. http://www.eweek.com. April 19th, 2004
2. RFid Gazette: FDA Approves Sub-dermal RFID VeriChip. October 14, 2004
3. New Jersey Customer Service Center: E-Z Pass Automated Toll Collection
4. Singel, R.: American passports to get chipped. Wired Magazine, October 21, 2004
5. Garfinkel, S., et al.: RFID: Application, Security and Privacy. Addison-Wesley, Reading (2006)
6. Wikipedia: Radio Frequency Identification.
7. AutoID. Active and passive RFID: two distinct, but complementary, technologies for real-time supply chain visibility. May 24, 2002. Retrieved on 2 May, 2007
8. Thompson, D.R., et al.: Categorizing RFID privacy threats with STRIDE. In: Proceedings ACM's Symposium on Usable Privacy and Security held at CMU (2006)
9. Rieback, M.R., et al.: Is your cat infected with a computer virus? IEEE Percom (2006)
10. Albrecht, K., McIntyre, L.: SpyChips: how major corporations and government plan to track your every move with RFID. 4 October, 2005
11. Karygiannis, T., et al.: National Institute of Standards and Technology.Guidance for Securing RFID Systems (Draft). http://csrc.nist.gov/ publications/drafts/800-98/Draft-SP800-98.pdf. Retrieved on 30 July, 2007
12. Generation 2 Security, http://www.thingmagic.com/html/pdf/ Generation%202%20-%20Security.pdf. Retrieved on 26 July, 2007
13. Biometrics deployment of machine readable travel documents: http://www.icao.int/mrtd/download/documents/ Biometrics%20deployment%20o%f%20Machine%20Readable%20Travel%20Documents%202004. pdf May 2004. Retrieved on 26 July, 2007
14. Bono, S., Green, M., Stubble_eld, A., Juels, A., Rubin, A., Szydlo, M.: Security analysis of a cryptographically enabled RFID device. In: 14th USENIX Security Symposium, pp. 1-16. Baltimore, Maryland, USA, July-August 2005. USENIX
15. Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard systems. In: 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks. http://eprint.iacr.org/, September 2005. Retrieved on 26 July 2007
16. Wikipedia: SQL Injection
17. Web Application Security Consortium: Glossary. Retrieved on 21 March 2007
18. Anley, C.: Advanced SQL Injection in SQL Server Applications. Retrieved on 21 March 2007
19. McDonald, S.: SQL Injection: Modes of Attack, Defence, and Why It Matters. SANS Institute. Retrieved on 21 March, 2007
20. G.W. Bond 2005 Software as art Commun. ACM 48 8 118 124
21. CGI Security. What is SQL Injection? Retrieved on 10 December 2006
22. Ispirer: Setting Up ODBC Data Sources
23. Microsoft Technet: Using Server-Side Include Directives (IIS 6.0)
24. MSDN. Using #exec Directives