Abstract
RFID systems are composed by tags (also known as electronic labels) storing an identification sequence which can be wirelessly retrieved by an interrogator, and transmitted to the network through middleware and database information systems. In the case of the EPC Gen2 technology, RFID tags are not provided with on-board batteries. They are passively powered through the radio frequency waves of the interrogators. Tags are also assumed to be of low-cost nature, meaning that they shall be available at a very reduced price (predicted for under 10 US dollar cents in the literature). The passive and low-cost nature of EPC Gen2 tags imposes several challenges in terms of power consumption and integration of defense countermeasures. Like many other pervasive technologies, EPC Gen2 might yield to security and privacy violations if not handled properly. In this chapter, we provide an in-depth presentation of the RFID layer of the EPC Gen2 standard. We also provide security and privacy threats that can affect such a layer, and survey some representative countermeasures that could be used to handle the reported threats. Some of the reported efforts were conducted within the scope of the ARES project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Buttyan, L., Hubaux, J.: Security and Cooperation in Wireless Networks. Cambridge University Press (2007). http://secowinet.epfl.ch/
Ranasinghe, D.C., Cole, P.H.: Networked RFID systems and lightweight cryptography, chapter 3. In: Networked RFID Systems, pp. 45–58. Springer, Berlin (2008)
Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24(2), 381–394 (2006)
Garfinkel, S., Juels, A., Pappu, R.: RFID privacy: an overview of problems and proposed solutions. IEEE Secur. Priv. 3(3), 34–43 (2005)
EPC Radio-Frequency Identity Protocols Generation-2 UHF RFID, Specification for RFID Air Interface, Protocol for Communications at 860 MHz–960 MHz, Version 2.0.0 Ratified, EPCglobal (2013)
EPCglobal: The EPCglobal Website (On-line). http://www.epcglobalinc.org/. Last Access 2014
Motorola: RFID technology and EPC in retail, Whithe Papers (On-line). http://www.motorola.com/rfid/. Last Access 2014 (Online)
Potdar, M., Chang, E., Potdar, V.: Applications of RFID in pharmaceutical industry. In: IEEE International Conference on Industrial Technology (ICIT), pp. 2860–2865, Dec 2006
RFID Journal: Wal-Mart Opts for EPC Class 1 V2. Tech. Rep. (On-line). http://www.rfidjournal.com/article/articleprint/641/1/1/. Last Access 2014
Sarma, S.: Toward the 5 cents tag. Auto-ID Lab, Tech. Rep., Withe Paper Nov 2001
Ranasinghe, D.C., Cole, P.H.: Networked RFID systems and lightweight cryptography, chapter 3. In: Networked RFID Systems, pp. 157–167. Springer, Berlin (2008)
Melià-Seguí, J.: Lightweight PRNG for low-cost passive RFID security improvement. Ph.D. dissertation, Universitat Oberta de Catalunya (2011)
Pozar, D.: Microwave Engineering, 2nd edn. Wiley, New York (1998)
Avoine, G.: Adversarial model for radio frequency identification. Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Tech. Rep. (2005)
Committee on National Security Systems (CNSS): National information assurance glossary. NSTISSI, Tech. Rep. 4009, May 2003
Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Security of self-organizing networks: MANET, WSN, WMN, VANET. In: Chapter 3, Handling Security Threats to the RFID System of EPC Networks, pp. 45–64. Auerbach Publications, Taylor & Francis Group (2010)
Ranasinghe, D.C.: Networked RFID systems and lightweight cryptography, chapter 18. In: Lightweight Cryptography for Low Cost RFID, pp. 311–344. Springer, Berlin (2007)
Garcia-Alfaro, J., Herrera-Joancomarti, J., Melia-Segui, J.: Practical Eavesdropping of Control Data From EPC Gen2 Queries With a Programmable RFID Toolkit. Hakin9, vol. 6, no. 9, pp. 14–19, Sept 2011
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: On the similarity of commercial EPC Gen2 pseudorandom number generators. Trans. Emerg. Telecommun. Technol. 25(2), 151–154 (2014)
Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Analysis of threats to the security of EPC networks. In: Sixth Annual Communication Networks and Services Research (CNSR) Conference, Hlifax, Nova Scotia, Canada, May 2008
EPCglobal: The EPCglobal architecture framework. Tech. Rep. (2007). http://www.epcglobalinc.org/standards/ (Online)
Oren, Y.: Remote power analysis of RFID tags. Cryptology ePrint Archive, Report 2007/330, IACR (2007)
Hancke, G.P.: Practical eavesdropping and skimming attacks on high-frequency rfid tokens. J. Comput. Secur. 19(2), 259–288 (2011)
Han, D., Takagi, T., Kim, H., Chung, K.: New security problem in RFID systems tag killing. In: Computational Science and its Applications (ICCSA, 2006). Lecture Notes in Computer Science, vol. 3982, pp. 375–384. Springer, Berlin (2006)
Collins, J.: RFID-Zapper shoots to kill. RFID J. (2006). http://www.rfidjournal.com/articles/view?2098. Last Access 2014 (On-line)
Keller, R.M.: Formal verification of parallel programs. Commun. ACM 19(7), 371–384 (1976)
Langheinrich, M., Marti, R.: Practical minimalist cryptography for RFID privacy. IEEE Syst. J. 1(2), 115–128 (2007)
Langheinrich, M., Marti, R.: RFID privacy using spatially distributed shared secrets. In: Ubiquitous Computing Systems, pp. 1–16. Springer, Berlin (2007)
Juels, A., Pappu, R., Parno, B.: Unidirectional key distribution across time and space with applications to rfid security. In: SS’08: Proceedings of the 17th Conference on Security Symposium, pp. 75–90. USENIX Association, Berkeley, CA, USA (2008)
Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Proactive threshold cryptosystem for EPC tags. Ad Hoc Sens. Wireless Netw. 12(3–4), 187–208 (2011)
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Analysis and improvement of a pseudorandom number generator for EPC Gen2 tags. In: Sion, R. et al. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science, vol. 6054, pp. 34–46. Springer, Berlin (2010)
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomartí, J.: A practical implementation attack on wak pseudorandom number generator designs for EPC Gen2 tags. Wireless Pers. Commun. 59, 27–42 (2011). doi:10.1007/s11277-010-0187-1
Che, W., Deng, H., Tan, X., Wang, J.: Networked RFID systems and lightweight cryptography, chapter 16. In: A Random Number Generator for Application in RFID Tags, pp. 279–287. Springer, Berlin (2008)
Chen, W., Che, W., Yan, N., Tan, X., Min, H.: Ultra-low power truly random number generator for RFID tag. Wireless Pers. Commun. 59(1), 85–94 (2011). doi:10.1007/s11277-010-0191-5
Melià-Seguí, J., Garcia-Alfaro, J., Herrera-Joancomartí, J.: Multiple-polynomial LFSR based pseudorandom number generator for EPC Gen2 RFID tags. In: IECON—37th Annual Conference on IEEE Industrial Electronics Society, pp. 3820–3825, Nov 2011
Melià-Seguí, J., Garcia-Alfaro, J., Herrera-Joancomartí, J.: J3Gen: a PRNG for low-cost passive RFID. Sensors 13(3), 3816–383 (2013). doi:10.3390/s130303816
Tounsi, W., Cuppens-Boulahia, N., Garcia-Alfaro, J., Chevalier, Y., Cuppens, F.: KEDGEN2: a key establishment and derivation protocol for EPC Gen2 RFID systems. J. Netw. Comput. Appl. 39(1), 152–166 (2014)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P., Heám, P., Kouchnarenko, O., Mantovani, J., Mödersheim, S., Oheimb, O.V., Rusinowitch, M., Santiago, J., Turuani, M., Vigano, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: 17th International Conference on Computer Aided Verification (CAV’05), pp. 135–165, Springer (2005)
Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuellar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S., Oheimb, D., Pellegrino, G., Ponta, S., Rocchetto, M., Rusinowitch, M., Dashti, M.T., Turuani, M., Vigano, L.: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures. In: 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2012), pp. 267–282, Springer (2012)
Delaune, S.: Intruder deduction problem in presence of guessing attacks. In: Proceedings of the Workshop on Security Protocols Verification (SPV’03), Marseille, France, 2003, pp. 26–30
Groza, B., Minea, M.: A calculus to detect guessing attacks. In: Information Security, pp. 59–67. Springer, Berlin (2009)
Groza, B., Minea, M.: Formal modelling and automatic detection of resource exhaustion attacks. In: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011). ACM, 2011, pp. 326–333
Wong, H., Hui, C., Chan, C.: Cryptography and authentication on RFID passive tags for apparel products. Comput. Ind. 57(4), 342–349 (2006)
Weis, S., Sarma, S., Engels, D.: RFID systems and security and privacy implications. In: Cryptographic Hardware and Embedded Systems—CHES. LNCS, vol. 2523, pp. 454–469. Springer, Berlin (2002)
Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda, A.: RFID systems: a survey on security threats and proposed solutions. In: 11th IFIP International Conference on Personal Wireless Communications. LNCS, vol. 4217, pp. 159–170. Springer (2006)
Juels, A., Pappu, R.: Squealing euros: privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) Financial Cryptography—FC’03. Lecture Notes in Computer Science, vol. 2742, pp. 103–121. IFCA. Le Gosier, Guadeloupe, French West Indies. Springer, January 2003
Solanas, A., Domingo-Ferrer, J., Martínez-Ballesté, A., Daza, V.: A distributed architecture for scalable private RFID tag identification. Comput. Netw. 51(9), 2268–2279 (2007) (Elsevier)
Trujillo-Rasua, R., Solanas, A.: Efficient probabilistic communication protocol for the private identification of RFID tags by means of collaborative readers. Comput. Netw. 55(15), 3211–3223 (2011)
Trujillo-Rasua, R., Solanas, A., Pérez-Martínez, P.A., Domingo-Ferrer, J.: Predictive protocol for the scalable identification of RFID tags through collaborative readers. Comput. Ind. 63(6), 557–573 (2012). Special Issue on Secure Collaboration in Design and Supply Chain Management
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Análisis de Seguridad y Privacidad para Sistemas EPC-RFID en el Sector Postal. In: XI Reunión Española sobre Criptología y Seguridad de la Información. Universidad de Salamanca, Salamanca—Spain, Sept 2008
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Clasificación de las Amenazas a la Seguridad en Sistemas RFID-EPC Gen2. In: XII Reunión Española sobre Criptología y Seguridad de la Información, Tarragona—Spain. Universitat de Tarragona, Sept 2010
Melia-Segui, J., Herrera-Joancomarti, J., Garcia-Alfaro, J.: Security and privacy of postal RFID systems. In: RFIDSec Asia, Taipei, Taiwan (ROC), Jan 2009
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Clasificación de las Amenazas a la Seguridad en Sistemas RFID - EPC Gen2. In: XII Reunión Española sobre Criptología y Seguridad de la Información. Universitat Rovira i Virgili, Tarragona—Spain, Sept 2010
Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: RFID EPC-Gen2 for postal applications: a security and privacy survey. In: IEEE International Conference on RFID-Technology and Applications (RFID-TA) Guangzhou—China, pp. 118–123. IEEE, June 2010. doi:10.1109/RFID-TA.2010.5529872
Garcia-Alfaro, J., Herrera-Joancomarti, J., Melia-Segui, J.: A multiple-polynomial LFSR based pseudorandom number generator design for EPC Gen2 systems. In: MITACS Workshop on Network Security & Cryptography, Toronto (Canada), June 2010
Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Les composants RFID, sont-ils vulnerables? Techniques de l’ingenieur, no. 4–5 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Garcia-Alfaro, J., Herrera-Joancomartí, J., Melià-Seguí, J. (2015). Security and Privacy Concerns About the RFID Layer of EPC Gen2 Networks. In: Navarro-Arribas, G., Torra, V. (eds) Advanced Research in Data Privacy. Studies in Computational Intelligence, vol 567. Springer, Cham. https://doi.org/10.1007/978-3-319-09885-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-09885-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09884-5
Online ISBN: 978-3-319-09885-2
eBook Packages: EngineeringEngineering (R0)