Skip to main content
SpringerLink
Log in

Security and Privacy Concerns About the RFID Layer of EPC Gen2 Networks

  • Chapter
  • First Online:
Advanced Research in Data Privacy

Part of the book series: Studies in Computational Intelligence ((SCI,volume 567))

Abstract

RFID systems are composed by tags (also known as electronic labels) storing an identification sequence which can be wirelessly retrieved by an interrogator, and transmitted to the network through middleware and database information systems. In the case of the EPC Gen2 technology, RFID tags are not provided with on-board batteries. They are passively powered through the radio frequency waves of the interrogators. Tags are also assumed to be of low-cost nature, meaning that they shall be available at a very reduced price (predicted for under 10 US dollar cents in the literature). The passive and low-cost nature of EPC Gen2 tags imposes several challenges in terms of power consumption and integration of defense countermeasures. Like many other pervasive technologies, EPC Gen2 might yield to security and privacy violations if not handled properly. In this chapter, we provide an in-depth presentation of the RFID layer of the EPC Gen2 standard. We also provide security and privacy threats that can affect such a layer, and survey some representative countermeasures that could be used to handle the reported threats. Some of the reported efforts were conducted within the scope of the ARES project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Buttyan, L., Hubaux, J.: Security and Cooperation in Wireless Networks. Cambridge University Press (2007). http://secowinet.epfl.ch/

  2. Ranasinghe, D.C., Cole, P.H.: Networked RFID systems and lightweight cryptography, chapter 3. In: Networked RFID Systems, pp. 45–58. Springer, Berlin (2008)

    Google Scholar 

  3. Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24(2), 381–394 (2006)

    Google Scholar 

  4. Garfinkel, S., Juels, A., Pappu, R.: RFID privacy: an overview of problems and proposed solutions. IEEE Secur. Priv. 3(3), 34–43 (2005)

    Google Scholar 

  5. EPC Radio-Frequency Identity Protocols Generation-2 UHF RFID, Specification for RFID Air Interface, Protocol for Communications at 860 MHz–960 MHz, Version 2.0.0 Ratified, EPCglobal (2013)

    Google Scholar 

  6. EPCglobal: The EPCglobal Website (On-line). http://www.epcglobalinc.org/. Last Access 2014

  7. Motorola: RFID technology and EPC in retail, Whithe Papers (On-line). http://www.motorola.com/rfid/. Last Access 2014 (Online)

  8. Potdar, M., Chang, E., Potdar, V.: Applications of RFID in pharmaceutical industry. In: IEEE International Conference on Industrial Technology (ICIT), pp. 2860–2865, Dec 2006

    Google Scholar 

  9. RFID Journal: Wal-Mart Opts for EPC Class 1 V2. Tech. Rep. (On-line). http://www.rfidjournal.com/article/articleprint/641/1/1/. Last Access 2014

  10. Sarma, S.: Toward the 5 cents tag. Auto-ID Lab, Tech. Rep., Withe Paper Nov 2001

    Google Scholar 

  11. Ranasinghe, D.C., Cole, P.H.: Networked RFID systems and lightweight cryptography, chapter 3. In: Networked RFID Systems, pp. 157–167. Springer, Berlin (2008)

    Google Scholar 

  12. Melià-Seguí, J.: Lightweight PRNG for low-cost passive RFID security improvement. Ph.D. dissertation, Universitat Oberta de Catalunya (2011)

    Google Scholar 

  13. Pozar, D.: Microwave Engineering, 2nd edn. Wiley, New York (1998)

    Google Scholar 

  14. Avoine, G.: Adversarial model for radio frequency identification. Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Tech. Rep. (2005)

    Google Scholar 

  15. Committee on National Security Systems (CNSS): National information assurance glossary. NSTISSI, Tech. Rep. 4009, May 2003

    Google Scholar 

  16. Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Security of self-organizing networks: MANET, WSN, WMN, VANET. In: Chapter 3, Handling Security Threats to the RFID System of EPC Networks, pp. 45–64. Auerbach Publications, Taylor & Francis Group (2010)

    Google Scholar 

  17. Ranasinghe, D.C.: Networked RFID systems and lightweight cryptography, chapter 18. In: Lightweight Cryptography for Low Cost RFID, pp. 311–344. Springer, Berlin (2007)

    Google Scholar 

  18. Garcia-Alfaro, J., Herrera-Joancomarti, J., Melia-Segui, J.: Practical Eavesdropping of Control Data From EPC Gen2 Queries With a Programmable RFID Toolkit. Hakin9, vol. 6, no. 9, pp. 14–19, Sept 2011

    Google Scholar 

  19. Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: On the similarity of commercial EPC Gen2 pseudorandom number generators. Trans. Emerg. Telecommun. Technol. 25(2), 151–154 (2014)

    Google Scholar 

  20. Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Analysis of threats to the security of EPC networks. In: Sixth Annual Communication Networks and Services Research (CNSR) Conference, Hlifax, Nova Scotia, Canada, May 2008

    Google Scholar 

  21. EPCglobal: The EPCglobal architecture framework. Tech. Rep. (2007). http://www.epcglobalinc.org/standards/ (Online)

  22. Oren, Y.: Remote power analysis of RFID tags. Cryptology ePrint Archive, Report 2007/330, IACR (2007)

    Google Scholar 

  23. Hancke, G.P.: Practical eavesdropping and skimming attacks on high-frequency rfid tokens. J. Comput. Secur. 19(2), 259–288 (2011)

    Google Scholar 

  24. Han, D., Takagi, T., Kim, H., Chung, K.: New security problem in RFID systems tag killing. In: Computational Science and its Applications (ICCSA, 2006). Lecture Notes in Computer Science, vol. 3982, pp. 375–384. Springer, Berlin (2006)

    Google Scholar 

  25. Collins, J.: RFID-Zapper shoots to kill. RFID J. (2006). http://www.rfidjournal.com/articles/view?2098. Last Access 2014 (On-line)

  26. Keller, R.M.: Formal verification of parallel programs. Commun. ACM 19(7), 371–384 (1976)

    Article  MATH  Google Scholar 

  27. Langheinrich, M., Marti, R.: Practical minimalist cryptography for RFID privacy. IEEE Syst. J. 1(2), 115–128 (2007)

    Article  Google Scholar 

  28. Langheinrich, M., Marti, R.: RFID privacy using spatially distributed shared secrets. In: Ubiquitous Computing Systems, pp. 1–16. Springer, Berlin (2007)

    Google Scholar 

  29. Juels, A., Pappu, R., Parno, B.: Unidirectional key distribution across time and space with applications to rfid security. In: SS’08: Proceedings of the 17th Conference on Security Symposium, pp. 75–90. USENIX Association, Berkeley, CA, USA (2008)

    Google Scholar 

  30. Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Proactive threshold cryptosystem for EPC tags. Ad Hoc Sens. Wireless Netw. 12(3–4), 187–208 (2011)

    Google Scholar 

  31. Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Analysis and improvement of a pseudorandom number generator for EPC Gen2 tags. In: Sion, R. et al. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science, vol. 6054, pp. 34–46. Springer, Berlin (2010)

    Google Scholar 

  32. Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomartí, J.: A practical implementation attack on wak pseudorandom number generator designs for EPC Gen2 tags. Wireless Pers. Commun. 59, 27–42 (2011). doi:10.1007/s11277-010-0187-1

  33. Che, W., Deng, H., Tan, X., Wang, J.: Networked RFID systems and lightweight cryptography, chapter 16. In: A Random Number Generator for Application in RFID Tags, pp. 279–287. Springer, Berlin (2008)

    Google Scholar 

  34. Chen, W., Che, W., Yan, N., Tan, X., Min, H.: Ultra-low power truly random number generator for RFID tag. Wireless Pers. Commun. 59(1), 85–94 (2011). doi:10.1007/s11277-010-0191-5

    Article  Google Scholar 

  35. Melià-Seguí, J., Garcia-Alfaro, J., Herrera-Joancomartí, J.: Multiple-polynomial LFSR based pseudorandom number generator for EPC Gen2 RFID tags. In: IECON—37th Annual Conference on IEEE Industrial Electronics Society, pp. 3820–3825, Nov 2011

    Google Scholar 

  36. Melià-Seguí, J., Garcia-Alfaro, J., Herrera-Joancomartí, J.: J3Gen: a PRNG for low-cost passive RFID. Sensors 13(3), 3816–383 (2013). doi:10.3390/s130303816

  37. Tounsi, W., Cuppens-Boulahia, N., Garcia-Alfaro, J., Chevalier, Y., Cuppens, F.: KEDGEN2: a key establishment and derivation protocol for EPC Gen2 RFID systems. J. Netw. Comput. Appl. 39(1), 152–166 (2014)

    Article  Google Scholar 

  38. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Drielsma, P., Heám, P., Kouchnarenko, O., Mantovani, J., Mödersheim, S., Oheimb, O.V., Rusinowitch, M., Santiago, J., Turuani, M., Vigano, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: 17th International Conference on Computer Aided Verification (CAV’05), pp. 135–165, Springer (2005)

    Google Scholar 

  39. Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuellar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S., Oheimb, D., Pellegrino, G., Ponta, S., Rocchetto, M., Rusinowitch, M., Dashti, M.T., Turuani, M., Vigano, L.: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures. In: 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2012), pp. 267–282, Springer (2012)

    Google Scholar 

  40. Delaune, S.: Intruder deduction problem in presence of guessing attacks. In: Proceedings of the Workshop on Security Protocols Verification (SPV’03), Marseille, France, 2003, pp. 26–30

    Google Scholar 

  41. Groza, B., Minea, M.: A calculus to detect guessing attacks. In: Information Security, pp. 59–67. Springer, Berlin (2009)

    Google Scholar 

  42. Groza, B., Minea, M.: Formal modelling and automatic detection of resource exhaustion attacks. In: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011). ACM, 2011, pp. 326–333

    Google Scholar 

  43. Wong, H., Hui, C., Chan, C.: Cryptography and authentication on RFID passive tags for apparel products. Comput. Ind. 57(4), 342–349 (2006)

    Google Scholar 

  44. Weis, S., Sarma, S., Engels, D.: RFID systems and security and privacy implications. In: Cryptographic Hardware and Embedded Systems—CHES. LNCS, vol. 2523, pp. 454–469. Springer, Berlin (2002)

    Google Scholar 

  45. Peris-Lopez, P., Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda, A.: RFID systems: a survey on security threats and proposed solutions. In: 11th IFIP International Conference on Personal Wireless Communications. LNCS, vol. 4217, pp. 159–170. Springer (2006)

    Google Scholar 

  46. Juels, A., Pappu, R.: Squealing euros: privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) Financial Cryptography—FC’03. Lecture Notes in Computer Science, vol. 2742, pp. 103–121. IFCA. Le Gosier, Guadeloupe, French West Indies. Springer, January 2003

    Google Scholar 

  47. Solanas, A., Domingo-Ferrer, J., Martínez-Ballesté, A., Daza, V.: A distributed architecture for scalable private RFID tag identification. Comput. Netw. 51(9), 2268–2279 (2007) (Elsevier)

    Google Scholar 

  48. Trujillo-Rasua, R., Solanas, A.: Efficient probabilistic communication protocol for the private identification of RFID tags by means of collaborative readers. Comput. Netw. 55(15), 3211–3223 (2011)

    Google Scholar 

  49. Trujillo-Rasua, R., Solanas, A., Pérez-Martínez, P.A., Domingo-Ferrer, J.: Predictive protocol for the scalable identification of RFID tags through collaborative readers. Comput. Ind. 63(6), 557–573 (2012). Special Issue on Secure Collaboration in Design and Supply Chain Management

    Google Scholar 

  50. Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Análisis de Seguridad y Privacidad para Sistemas EPC-RFID en el Sector Postal. In: XI Reunión Española sobre Criptología y Seguridad de la Información. Universidad de Salamanca, Salamanca—Spain, Sept 2008

    Google Scholar 

  51. Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Clasificación de las Amenazas a la Seguridad en Sistemas RFID-EPC Gen2. In: XII Reunión Española sobre Criptología y Seguridad de la Información, Tarragona—Spain. Universitat de Tarragona, Sept 2010

    Google Scholar 

  52. Melia-Segui, J., Herrera-Joancomarti, J., Garcia-Alfaro, J.: Security and privacy of postal RFID systems. In: RFIDSec Asia, Taipei, Taiwan (ROC), Jan 2009

    Google Scholar 

  53. Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: Clasificación de las Amenazas a la Seguridad en Sistemas RFID - EPC Gen2. In: XII Reunión Española sobre Criptología y Seguridad de la Información. Universitat Rovira i Virgili, Tarragona—Spain, Sept 2010

    Google Scholar 

  54. Melia-Segui, J., Garcia-Alfaro, J., Herrera-Joancomarti, J.: RFID EPC-Gen2 for postal applications: a security and privacy survey. In: IEEE International Conference on RFID-Technology and Applications (RFID-TA) Guangzhou—China, pp. 118–123. IEEE, June 2010. doi:10.1109/RFID-TA.2010.5529872

  55. Garcia-Alfaro, J., Herrera-Joancomarti, J., Melia-Segui, J.: A multiple-polynomial LFSR based pseudorandom number generator design for EPC Gen2 systems. In: MITACS Workshop on Network Security & Cryptography, Toronto (Canada), June 2010

    Google Scholar 

  56. Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Les composants RFID, sont-ils vulnerables? Techniques de l’ingenieur, no. 4–5 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Internet Interdisciplinary Institute, Universitat Oberta de Catalunya, Roc Boronat 117, 08018, Barcelona, Spain

    Joaquin Garcia-Alfaro, Jordi Herrera-Joancomartí & Joan Melià-Seguí

  2. Télécom SudParis, CNRS UMR 5157 (SAMOVAR), 91011, Evry, France

    Joaquin Garcia-Alfaro

  3. Universitat Autonoma de Barcelona, Edifici Q, 08193, Bellaterra, Spain

    Jordi Herrera-Joancomartí

  4. Universitat Pompeu Fabra, Tanger 122-140, 08018, Barcelona, Spain

    Joan Melià-Seguí

Authors
  1. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jordi Herrera-Joancomartí
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joan Melià-Seguí
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joaquin Garcia-Alfaro .

Editor information

Editors and Affiliations

  1. Department of Information and Communications Engineering, Universitat Autonoma de Barcelona, Catalonia, Spain

    Guillermo Navarro-Arribas

  2. Consejo Superior de Investigaciones Científicas Campus de la UAB, Institut d'Investigació en Intel·ligència Artificial, Catalonia, Spain

    Vicenç Torra

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Garcia-Alfaro, J., Herrera-Joancomartí, J., Melià-Seguí, J. (2015). Security and Privacy Concerns About the RFID Layer of EPC Gen2 Networks. In: Navarro-Arribas, G., Torra, V. (eds) Advanced Research in Data Privacy. Studies in Computational Intelligence, vol 567. Springer, Cham. https://doi.org/10.1007/978-3-319-09885-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09885-2_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09884-5

  • Online ISBN: 978-3-319-09885-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation