Reverse engineering and security evaluation of commercial tags for RFID-based IoT applications

Sensors (Switzerland)

Volumn 17, Issue 1, 2017, Pages

  Fernández Caramés, Tiago M ^a   Fraga Lamas, Paula ^a   Suárez Albela, Manuel ^a   Castedo, Luis ^a  

^a UNIVERSITY OF A CORUÑA   (Spain)

Author keywords

IoT; ISO IEC 11784; ISO IEC 11785; ISO IEC 14443; MIFARE; Pentesting; RFID; Security

Indexed keywords

ACCESS CONTROL; ELECTRONIC COMMERCE; RADIO FREQUENCY IDENTIFICATION (RFID); REVERSE ENGINEERING;

ISO/IEC; ISO/IEC-14443; MIFARE; PENTESTING; SECURITY;

INTERNET OF THINGS;

EID: 85007446174     PISSN: 14248220     EISSN: None     Source Type: Journal    
DOI: 10.3390/s17010028     Document Type: Article

References (91)

1. Floyd, R.E. RFID in animal-tracking applications. IEEE Potentials 2015, 34, 32-33.
2. Madanian, S. The use of e-health technology in healthcare environment: The role of RFID technology. In Proceedings of the 10th International Conference on e-Commerce in Developing Countries: With Focus on e-Touris, Isfahan, Iran, 15-16 April 2016; pp. 1-5.
3. Ezovski, G.M.; Watkins, S.E. The electronic passport and the future of government-issued RFID-based identification. In Proceedings of the IEEE International Conference on RFI, Grapevine, TX, USA, 26-28 March 2007; pp. 15-22.
4. Floyd, R.E. RFID in transportation. IEEE Potentials 2015, 34, 19-21.
5. Feng, T. An agri-food supply chain traceability system for China based on RFID and blockchain technology. In Proceedings of the 13th International Conference on Service Systems and Service Managemen, Kumming, China, 24-26 June 2016; pp. 1-6.
6. Shen, J.; Tan, X.;Wu, F.; Yan, P. RFID cardinality estimation method for intelligent warehouse. In Proceedings of the 35th Chinese Control Conferenc, Chengdu, China, 27-29 July 2016; pp. 8468-8473.
7. Barro-Torres, S.J.; Fernández-Caramés, T.M.; Gonález-López, M.; Escudero-Cascón, C.J. Maritime Freight Container Management System Using RFID. In Proceedings of the 3rd International EURASIP Workshop on RFID Technology, La Manga del Mar Menor, Spain, 6-7 September 2010.
8. Barro-Torres, S.J.; Fernández-Caramés, T.M.; Pérez-Iglesias, H.J.; Escudero, C.J. Real-time personal protective equipment monitoring system. Comput. Commun 2012, 36, 42-50.
9. Blythe, P. RFID for road tolling, road-use pricing and vehicle access control. In Proceedings of the IEE Colloquium on RFID Technology (Ref. No. 1999/123), London, UK, 25 October 1999.
10. Xu, G. The Research and Application of RFID Technologies in Highway’s Electronic Toll Collection System. In Proceedings of the 4th International Conference onWireless Communication, Networking and Mobile Computing, Dalian, China, 12-17 October 2008; pp. 1-4.
11. Sun, C. Application of RFID Technology for Logistics on Internet of Things. In Proceedings of the AASRI Conference on Computational Intelligence and Bioinformatic, Changsha, China, 1-2 July 2012; pp. 106-111.
12. Leal, A.G.; Santiago, A.; Miyake, M.Y.; Noda, M.K.; Pereira, M.J.; Avanço, L. Integrated environment for testing IoT and RFID technologies applied on intelligent transportation system in Brazilian scenarios. In Proceedings of the IEEE Brasil RFID, Sao Paulo, Brazil, 25 September 2014; pp. 22-24.
13. Amendola, S.; Lodato, R.; Manzari, S.; Occhiuzzi, C.; Marrocco, G. RFID Technology for IoT-Based Personal Healthcare in Smart Spaces. IEEE Internet Things J 2014, 1, 144-152.
14. Bagula, A.; Castelli, L.; Zennaro, M. On the design of smart parking networks in the smart cities: An optimal sensor placement model. Sensors 2015, 15, 15443-15467.
15. Fraga-Lamas, P.; Fernández-Caramés, T.M.; Suárez-Albela, M.; Castedo, L.; González-López, M. A review on internet of things for defense and public safety. Sensors 2016, 16, 1644.
16. Trcek, D. Wireless sensors grouping proofs for medical care and ambient assisted-living deployment. Sensors 2016, 16, 33.
17. Fernández-Caramés, T.M. An intelligent power outlet system for the smart home of the internet of things. Int. J. Distrib. Sens. Netw. 2015, 2015, 1.
18. Prinsloo, J.; Malekian, R. Accurate vehicle location system using RFID, an internet of things approach. Sensors 2016, 16, 825.
19. Li, H.; Chen, Y.; He, Z. The survey of RFID attacks and defenses. In Proceedings of the 8th International Conference on Wireless Communication, Networking and Mobile Computing, Shanghai, China, 21-23 September 2012; pp. 1-4.
20. Pandian, M.T.; Sukumar, R. RFID: An appraisal of malevolent attacks on RFID security system and its resurgence. In Proceedings of the IEEE International Conference in MOOC Innovation and Technology in Education (MITE, Jaipur, India, 20-22 December 2013; pp. 17-20.
21. Oren, Y. Remote password extraction from RFID tags. IEEE Trans. Comput 2007, 56, 1292-1296.
22. Nohl, K.; Evans, D.; Plötz, S.; Plötz, H. Reverse-engineering a cryptographic RFID tag. In Proceedings of the 17th USENIX Security Symposium, San José, CA, USA, 28 July-1 August 2008; pp. 185-193.
23. Hutter, M.; Schmidt, J.M; Plos, T. Contact-based fault injections and power analysis on RFID tags. In Proceedings of the European Conference on Circuit Theory and Desig, Antalya, Turkey, 23-27 August 2009; pp. 409-412.
24. Vojtech, L.; Kahl, J. Power analysis of communication of RFID transponders with Password-Protected Memory. In Proceedings of the Eighth International Conference on Network, Gosier, France, 1-6 March 2009; pp. 116-120.
25. Mednis, A.; Zviedris, R. RFID communication: How well protected against reverse engineering? In Proceedings of the Second International Conference on Digital Information Processing and Communications, Klaipeda City, Latvia, 10-12 July 2012; pp. 59-61.
26. Yeh, K.-H.; Lo, N.-W.;Wu, T.-C.;Wang, C. Secure e-health system on passive RFID: Outpatient clinic and emergency care. Int. J. Distrib. Sens. Netw. 2013, 9, doi:10.1155/2013/752412.
27. Suh, W.S.; Yoon, E.J.; Piramuthu, S. RFID-based attack scenarios in retailing, healthcare and sports. J. Inf. Priv. Sec 2013, 9, 4-17.
28. Kim, J. T. Attacks and threats on the U-healthcare application withmobile agent. Int. J. Sec. Appl 2014, 8, 59-66.
29. Rosenbaum, B.P. Radio Frequency Identification (RFID) in health care: Privacy and security concerns limiting adoption. J. Med. Syst. 2014, 38, 19.
30. Xiao, Q.; Boulet, C.; Gibbons, T. RFID Security Issues inMilitary Supply Chains. In Proceedings of the International Conference on Availabilit, Reliability and Security, Vienna, Austria, 10-13 April 2007; pp. 599-605.
31. Xiao, Q.; Gibbons, T.; Lebrun, H. RFID Technology, Security Vulnerabilities, and Countermeasures. In Supply Chain the Way to Flat Organisation , 1st ed.; Huo, Y., Jia F., Eds.; INTECH: Rijeka, Croatia, 2009.
32. Sen, D.; Sen, P.; Das, A. RFID for Energy & Utility Industries , 1st ed.; Huo, Y., Jia, F., Eds.; PennWell: Tulsa, OK, USA, 2009.
33. Francillon, A.; Danev, B.; Capkun, S. Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2011), San Diego, CA, USA, 6-9 February 2011.
34. Checkoway, S.; McCoy, D.; Kantor, B.; Anderson, D.; Shacham, H.; Savage, S.; Koscher, K.; Czeskis, A.; Roesner, F.; Kohno, T. Comprehensive Experimental Analyses of Automotive Attack Surfaces. In Proceedings of the 20th USENIX conference on Security, San Francisco, CA, USA, 8-12 August 2011.
35. Amariucai, G.T.; Bergman, C.; Guan, Y. An Automatic, Time-based, Secure Pairing Protocol for Passive RFID. In Proceedings of the 7th International Conference on RFID Security and Privacy, Amherst, MA, USA, 26-28 June 2011.
36. Unluturk, M.S.; Kurtel, K. Integration of RFID and web service for assisted living. J. Med. Syst 2012, 36, 2371-2377.
37. Ijaz, S.; Shah, M.A.; Khan, A.; Ahmed, M. Smart cities: A survey on security concerns. Int. J. Adv. Comput. Sci. Appl 2016, 7, 612-625.
38. Hancke, G.P. Practical attacks on proximity identification systems. In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 21-24 May 2006.
39. Feldhofer, M.; Aigner, M.; Baier, T.; Hutter, M.; Plos, T.; Wenger, E. Semi-passive RFID development platform for implementing and attacking security tags. In Proceedings of the International Conference for Internet Technology and Secured Transaction, London, UK, 8-11 November 2010; pp. 1-6.
40. Chawla, K.; Robins, G. Addressing Covert Channel Attacks in RFID-Enabled Supply Chains. In Advanced Security and Privacy for RFID Technologies , 1st ed.; Miri, A., Ed.; IGI Global: Hershey, PA, USA, 2013.
41. Nayak, R.; Singh, A.; Padhye, R.; Wang, L. RFID in textile and clothing manufacturing: Technology and challenges. Fash. Text. 2015, 2, 9.
42. Koning Gans, G. Analysis of the MIFARE Classic Used in the OV-Chipkaart Project. Master’s Thesis, Radboud University Nijmegen, Nijmegen, The Netherlands, 2008.
43. Garcia, F.D.; van Rossum, P.; Verdult, R.; Schreur, R.W.Wirelessly pickpocketing a Mifare Classic card. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 17-20 May 2009; pp. 3-15.
44. Courtois, N. The dark side of security by obscurity and cloning Mifare Classic rail and building passes, anywhere, anytime. In Proceedings of the International Conference on Security and Cryptography, Milan, Italy, 7-10 July 2009.
45. Oswald, D.; Paar, C. Breaking Mifare DESFire MF3ICD40: Power analysis and templates in the real world. Lect. Notes Comput. Sci 2011, 6917, 207-222.
46. Garcia, F.D.; Gans, G.K.; Muijrers, R.; Rossum, P.; Verdult, R.; Schreur, R.W.; Jacobs, B. Dismantling MIFARE card. In Proceedings of the European Symposium on Research in Computer Securit, Torremolinos, Spain, 6-8 October 2008; pp. 97-114.
47. Wang, B.; Zhang, J.; Sun, X;Wang, N.; Zhao, Y.;Wang, F. Research on authentication technology of agriculture products traceability system based on RFID. Chem. Eng. Trans 2015, 46, 1357-1362.
48. Eisenbarth, T.; Kumar, S. A survey of lightweight-cryptography implementations. IEEE Des. Test Comput. 2007, 24, 522-533.
49. Ray, B.; Huda, S.; Chowdhury, M.U. Smart RFID reader protocol for malware detection. In Proceedings of the 12th ACIS International Conference on Software Engineerin, Artificial Intelligence, Networking and Parallel/Distributed Computing, Sydney, Australia, 6-8 July 2011; pp. 64-69.
50. Abawajy, J. Enhancing RFID tag resistance against cloning attack. In Proceedings of the 3rd International Conference on Network and System Securit, Gold Coast, Australia, 19-21 October 2009; pp. 18-23.
51. Avanco, L.; Guelfi, A.E.; Pontes, E.; Silva, A.A.A.; Kofuji, S.T.; Zhou, F. An effective intrusion detection approach for jamming attacks on RFID systems. In Proceedings of the International EURASIP Workshop on RFID Technology (EURFID, Rosenheim, Germany, 22-23 October 2015; pp. 73-80.
52. Bilal, Z.; Martin, K. Ultra-lightweight mutual authentication protocols: Weaknesses and Countermeasures. In Proceedings of the Eighth International Conference on Availabilit, Reliability and Security, Regensburg, Germany, 2-6 September 2013; pp. 304-309.
53. Fernández-Caramés, T.M.; Fraga-Lamas, P.; Suárez-Albela, M.; Castedo, L. A methodology for evaluating security in commercial RFID systems. In Radio Frequency Identification , 1st ed.; Crepaldi, P. C., Pimenta, T. C., Eds.; INTECH: Rijeka, Croatia, 2016.
54. Roberts, C.M. Radio frequency identification (RFID). Comput. Sec 2006, 25, 18-26.
55. Lim, T.L.; Li, T. Exposing an effective denial of information attack from the misuse of EPCglobal standards in an RFID authentication scheme. In Proceedings of the IEEE 19th International Symposium on Persona, Indoor and Mobile Radio Communications, Cannes, France, 15-18 September 2008; pp. 1-6.
56. Bu, K.; Liu, X.; Luo, J.; Xiao, B.; Wei, G. Unreconciled collisions uncover cloning attacks in anonymous RFID systems. IEEE Trans. Inf. Forensics Sec 2013, 8, 429-439.
57. Suliman, A.; Shankarapani, M.K.; Mukkamala, S.; Sung, A.H. RFID malware fragmentation attacks. In Proceedings of the International Symposium on Collaborative Technologies and System, Irvine, CA, USA, 19-23 May 2008; pp. 533-539.
58. Halevi, T.; Li, H.; Ma, D.; Saxena, N.; Voris, J.; Xiang, T. Context-aware defenses to RFID unauthorized reading and relay attacks. IEEE Trans. Emerg. Top. Comput 2013, 1, 307-318.
59. Ayoade, J. Security implications in RFID and authentication processing framework. Comput. Sec 2006, 25, 207-212.
60. Weiß, M. Performing Relay Attacks on ISO 14443 Contactless Smart Cards Using NFC Mobile Equipment. Master’s Thesis, Technische Universität München, Munich, Germany, 2010.
61. Guizani, S. Implementation of an RFID relay attack countermeasure. In Proceedings of the InternationalWireless Communications andMobile Computing Conferenc, Dubrovnik, Croatia, 24-28 August 2015; pp. 1318-1323.
62. Hancke, G.P.; Mayes, K.E.; Markantonakis, K. Confidence in smart token proximity: Relay attacks revisited. Comput. Sec 2009, 28, 615-627.
63. Gope, P.; Hwang, T. A realistic lightweight authentication protocol preserving strong anonymity for securing RFID system. Comput. Sec 2015, 55, 271-280.
64. RFIDiot OfficialWebpage. Available online: http://www.rfidiot.org (accessed on 1 November 2016).
65. Proxmark 3 CommunityWebpage. Available online: http://www.proxmark.org (accessed on 1 November 2016).
66. Tastic Official Webpage. Available online: http://www.bishopfox.com/resources/tools/rfid-hacking/ attack-tools (accessed on 1 November 2016).
67. OpenPCD Reader. Available online: http://www.openpcd.org (accessed on 1 November 2016).
68. OpenPICC Tag Emulator. Available online: http://www.openpicc.org (accessed on 1 November 2016).
69. Chameleon Project. Available online: https://github.com/skuep/ChameleonMini/wiki (accessed on 1 November 2016).
70. McAffe’s Proxbrute Webpage. Available online: http://www.mcafee.com/es/downloads/free-tools/ proxbrute.aspx (accessed on 1 November 2016).
71. NFC Tools Library. Available online: http://nfc-tools.org (accessed on 1 November 2016).
72. RIDAC RFID Reverse-Engineering Methodology. Available online: https://www.ee.oulu.fi/research/ ouspg/RFID%20Reverse%20Engineering (accessed on 1 November 2016).
73. Open-Source RFID Audit Framework RIDAC. Available online: https://www.ee.oulu.fi/research/ouspg/ RIDAC (accessed on 1 November 2016).
74. FCC ID Search Webpage. Available online: https://www.fcc.gov/general/fcc-id-search-page (accessed on 1 November 2016).
75. Using the Agilent N9322C Basic Spectrum Analyzer (BSA). Low Frequency RFID Tag Characterization ; Application Note; Agilent: Santa Clara, CA, USA, 2013.
76. USRPWebpage. Available online: https://www.ettus.com (accessed on 1 November 2016).
77. Kocatepe, Ü.; Için, O. Spectrum monitoring and demodulation using LabVIEW and USRP RIO software defined radio. In Proceedings of the 24th Signal Processing and Communication Application Conference (SIU, Zonguldak, Turkey, 16-19 May 2016; pp. 517-520.
78. Srivastava, S.; Hashmi, M.; Das, S.; Barua, D. Real-time blind spectrum sensing using USRP. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS, Lisbon, Portugal, 24-27 May 2015; pp. 986-989.
79. Nafkha, A.; Naoues, M.; Cichony, K.; Kliks, A.; Aziz, B. Hybrid spectrum sensing experimental analysis using GNU radio and USRP for cognitive radio. In Proceedings of the International Symposium on Wireless Communication Systems (ISWCS, Brussels, Belgium, 25-28 August 2015; pp. 506-510.
80. Dobre, O.A.; Abdi, A.; Bar-Ness, Y.; Su, W. Survey of automatic modulation classification techniques:Classical approaches and new trends. IET Commun 2007, 1, 137-156.
81. Bertoncini, C.; Rudd, K.; Nousain, B.; Hinders, M.Wavelet fingerprinting of radio-frequency identification (RFID) tags. IEEE Trans. Ind. Electron 2012, 59, 4843-4850.
82. Ma, L.; Yang, Y.;Wang, H. DBN based automatic modulation recognition for ultra-low SNR RFID signals. In Proceedings of the 35th Chinese Control Conference (CCC, Chengdu, China, 27-29 August 2016; pp. 7054-7057.
83. Myriad-RFWebpage. Available online: https://myriadrf.org (accessed on 1 November 2016).
84. HackRF One Webpage. Available online: https://greatscottgadgets.com/hackrf (accessed on 1 November 2016).
85. Han, J.; Qian, C.; Yang, P.; Ma, D.; Jiang, Z.; Xi,W.; Zhao, J. GenePrint: Generic and accurate physical-layer identification for UHF RFID tags. IEEE/ACM Trans. Netw 2016, 24, 846-858.
86. Zhu, F.; Xiao, B.; Liu, J.; Chen, L.J. Efficient physical-layer unknown tag identification in large-scale RFID systems. IEEE Trans. Commun. 2016 , PP, 1.
87. HIDWebpage. Available online: http://www.hidglobal.com (accessed on 1 November 2016).
88. International Organization for Standardization (ISO); International Electrotechnical Commission (IEC). Identification Cards-Contactless Integrated Circuit(s) Cards-Proximity Cards ; ISO/IEC 14443:2000; ISO: Geneva, Switzerland, 2008.
89. NXP’s Official Webpage. Available online: http://www.nxp.com (accessed on 1 November 2016).
90. International Organization for Standardization (ISO). Radio Frequency Identification of Animals-Code Structure ; ISO/IEC 11784:1996; ISO: Geneva, Switzerland, 1996.
91. International Organization for Standardization (ISO). Radio Frequency Identification of Animals-Technical Concept ; ISO/IEC 11785:1996; ISO: Geneva, Switzerland, 1996.