You are here: Resources > FIDIS Deliverables > HighTechID > D3.7: A Structured Collection on RFID Literature > 

D3.7 A Structured Collection on Information and Literature on Technological and Usability Aspects of Radio Frequency Identification (RFID)

threats  Untitled


threats for the whole system



When considering the broader RFID architecture of , new security risks and countermeasures come to mind: one could foresee an attack at the back office through information stored at the tag, which was recently shown in (DCSA 2006). Basically there are three types of RFID malware (Rieback 2006), which are mentioned in increasing complexity of implementation:

  1. RFID exploits:    
    Just like other software, RFID systems are vulnerable to buffer overflows, code insertion and SQL injection.

  2. RFID worms:    
    A worm is basically an RFID exploit that downloads and executes remote malware. A worm could propagate through the network or through tags.

  3. RFID viruses:    
    An RFID virus starts with malicious content of a tag. When the tag is read out, this initiates a malicious SQL query which would disturb a database in the back office. This type of attack already has been demonstrated (Juels 2006).


Measures for malware 

To avoid such attacks, the compliance of the content of tags with respect to the corresponding standards should be checked by the reader, and regular security measures such as checks and filtering against signature databases should be taken to protect the gateway. In addition patches for the database should be installed, if available. 


Threats to gateway interface 

In case of insufficient access control the user interface to the gateway could be misused by unauthorised people to attack the integrity of the filters and to misguide the product management system. 

Measures for threats to gateway interface 

To prevent such an attack the user interface should be provided with a sufficient authentication mechanism such that only authorised users are able to access the gateway. Another measure would be to place the gateway and the user interface in a physically protected room such that only authorised employees that have access to this room can access the user interface. 


Threats to drivers 

The drivers that are used by RFID readers to communicate with the middleware could be corrupted. This could be done by either modifying the driver of a legitimate reader, or by replacing the legitimate reader with a fake reader that has a corrupted driver. A corrupted driver could be used to attack and misguide the gateway. 

Measures to threats to driversA possible solution to this problem is to use only signed drivers, i.e. each legitimate driver should be digitally signed by manufacturers or trusted third parties such that the gateway can check that communicating readers contain a legitimate driver.


Threats to back office and measures 

Systems at the back office could be subject to attack. These kinds of attacks (and their countermeasures) are known as attacks (and countermeasures) for regular IT systems and therefore not specific RFID related attacks.  


Threats to communication reader gateway

The communication between reader and gateway could be eavesdropped or modified. 

Measures to threats to communication reader gateway

Since an RFID reader is a more sophisticated device than a tag, some kind of encryption mechanism should be available to encrypt the communication between reader and gateway. Note that transfer of data between reader and gateway is similar to transfer of any other kind of data through the network (the connection can be wireless of wired) so threats and countermeasures are from technical point of view similar to existing in other kinds of networks.  






threats  fidis-wp3-del3.7.Structured_Collection_RFID_02.sxw  Conclusions
Denis Royer 17 / 46