Security Vulnerabilities in RFID Networks

  • Chaudhry, Junaid Ahsenali (Department of Computer Science and Engineering, Qatar University) ;
  • Lee, Malrey (Center for Advanced Image and Information Technology School of Electronics & Information Engineering ChonBuk National University)
  • Received : 2013.08.31
  • Published : 2013.11.30


Nowaday's application, that is focused more on the security and Radio Frequency Identification (RFID) had become one of the major technologies that became important for security. RFID devices are going to be ubiquitous applications that are used in different areas especially in the business because it simplifies many business transactions. However, security and privacy issues and risks are introduced by pervasiveness of RFID systems. In RFID systems, communication between tag and reader usually takes place via wireless communication. As the nature of radio frequency signal, it can go everywhere and everyone can receive this signal, which is an insecure channel. The computational resources in RFID tag are constrained and it is a big limitation that forces researcher to apply different mitigations compared to common security solutions. At the first part of this research, RFID architecture is introduced briefly. In this paper, the researcher explains existing security challenges in RFID networks then the effects of these threats on security and privacy of RFID are discussed. After analyzing security challenges of RFID networks, different countermeasures that are proposed by other researchers are discussed. At the end of this paper, future security challenges are discussed.


  1. M. F. Mubarak, et al., "A critical review on RFID system towards security, trust, and privacy (STP)," in 2011 IEEE 7th International Colloquium on Signal Processing and Its Applications, CSPA 2011, March 4, 2011 - March 6, 2011, Penang, Malaysia, 2011, pp. 39-44.
  2. W. Shang-Ping, et al., "An Authentication Protocol for RFID Tag and its Simulation," Journal of Networks, vol. 6, pp. 446-453, 2011.
  3. A. Poschmann, et al., "Lightweight Cryptography and RFID: Tackling the Hidden Overheads Information, Security and Cryptology - ICISC 2009." vol. 5984, D. Lee and S. Hong, Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 129-145.
  4. F. Thornton, et al., RFID Security: Syngress, 2005.
  5. I. Erguler and E. Anarim, "Security flaws in a recent RFID delegation protocol," pp. 1-13, 2011.
  6. K. Finkenzeller, et al., RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication: John Wiley & Sons, 2010.
  7. P. H. Cole, Networked RFID systems and lightweight cryptography : raising barriers to product counterfeiting. Berlin [u.a.: Springer, 2008.
  8. P. Kitsos and Y. Zhang, RFID security: techniques, protocols and system-on-chip design: Springer, 2008.
  9. B. Glover and H. Bhatt, RFID essentials: O'Reilly, 2006.
  10. W.-J. Yoon, et al., "Implementation and performance evaluation of an active RFID system for fast tag collection," Computer Communications, vol. 31, pp. 4107-4116, 2008.
  11. S. Ahson and M. Ilyas, RFID handbook: applications, technology, security, and privacy: CRC Press, 2008.
  12. A. Mitrokotsa, et al., "Classifying RFID attacks and defenses," Information Systems Frontiers, vol. 12, pp. 491-505, 2010.
  13. G. Jiezhong, et al., "A secure authentication protocol for RFID based on Trivium," in Computer Science and Service System (CSSS), 2011 International Conference on, 2011, pp. 107-109.
  14. M. a. Naser, et al., "A framework for RFID systems' security for human identification based on three-tier categorization model," in 2009 International Conference on Signal Acquisition and Processing, ICSAP 2009, April 3, 2009 - April 5, 2009, Kuala Lumpur, Malaysia, 2009, pp. 103-107.
  15. R. K. Pateriya and S. Sharma, "The Evolution of RFID Security and Privacy: A Research Survey," in Communication Systems and Network Technologies (CSNT), 2011 International Conference on, 2011, pp. 115-119.
  16. G. Kapoor and S. Piramuthu, "Vulnerabilities in Chen and Deng's RFID mutual authentication and privacy protection protocol," Engineering Applications of Artificial Intelligence, vol. 24, pp. 1300-1302, 2011.
  17. C. Bae-Ling, et al., "Security on the Design of RFID Access Control Protocol Using the Strategy of Indefinite-Index and Challenge-Response," in Genetic and Evolutionary Computing (ICGEC), 2011 Fifth International Conference on, 2011, pp. 9-12.
  18. Z. Yanjun, "Survivable RFID Systems: Issues, Challenges, and Techniques," Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 40, pp. 406-418, 2010.
  19. F. Xiaoxing, et al., "An UHF RFID transponder with novel demodulator and security algorithm," in 2009 3rd International Conference on Anti-counterfeiting, Security, and Identification in Communication, ASID 2009, August 20, 2009 - August 22, 2009, Hong Kong, China, 2009, p. Guizhou Normal University; Xiamen University; City University of HK; CAS/COM Chapter IEEE HK.
  20. T. Good and M. Benaissa, "A low-frequency RFID to challenge security and privacy concerns," in Mobile Adhoc and Sensor Systems, 2009. MASS '09. IEEE 6th International Conference on, 2009, pp. 856-863.
  21. K. Hyun-Seok, et al., "The Vulnerabilities Analysis and Design of the Security Protocol for RFID System," in Computer and Information Technology, 2006. CIT '06. The Sixth IEEE International Conference on, 2006, pp. 152-152.
  22. D. Dang Nguyen, et al., "Open issues in RFID security," in Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for, 2009, pp. 1-5.
  23. K. Chong Hee and G. Avoine, "RFID Distance Bounding Protocols with Mixed Challenges," Wireless Communications, IEEE Transactions on, vol. 10, pp. 1618-1626, 2011.
  24. M. Soini, et al., "- The challenges on the development of mobile controlled rfid system," in Mechatronics for Safety, Security and Dependability in a New Era, A. Eiji and A. Tatsuo, Eds., ed Oxford: Elsevier, 2006, pp. 301-304.
  25. T. Hollstein, et al., "Security challenges for RFID key applications," RFID Systems and Technologies (RFID SysTech), 2007 3rd European Workshop on, pp. 1-12, 2007.
  26. C. Hung-Yu, "Secure Access Control Schemes for RFID Systems with Anonymity," in Mobile Data Management, 2006. MDM 2006. 7th International Conference on, 2006, pp. 96-96.
  27. G. Avoine and P. Oechslin, "A scalable and provably secure hash-based RFID protocol," in Pervasive Computing and Communications Workshops, 2005. PerCom 2005 Workshops. Third IEEE International Conference on, 2005, pp. 110-114.
  28. A. Juels and S. Weis, "Authenticating Pervasive Devices with Human Protocols," in Advances in Cryptology ??{CRYPTO} 2005, 2005, pp. 293-308.
  29. J. Katz and J. Shin, "Parallel and Concurrent Security of the HB and HB+ Protocols" Advances in Cryptology - EUROCRYPT 2006. vol. 4004, S. Vaudenay, Ed., ed: Springer Berlin / Heidelberg, 2006, pp. 73-87.
  30. J. Bringer, et al., "HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks," in Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. SecPerU 2006. Second International Workshop on, 2006, pp. 28-33.
  31. J. Munilla and A. Peinado, "HB-MP: A further step in the HB-family of lightweight authentication protocols," Computer Networks, vol. 51, pp. 2262-2267, 2007.
  32. D. Engels, et al., "Hummingbird: ultra-lightweight cryptography for resource-constrained devices," presented at the Proceedings of the 14th international conference on Financial cryptograpy and data security, Tenerife, Canary Islands, Spain, 2010.
  33. C. Paar, et al., "New Designs in Lightweight Symmetric Encryption RFID Security," P. Kitsos and Y. Zhang, Eds., ed: Springer US, 2009, pp. 349-371.
  34. C. H. Lim and T. Korkishko, "MCrypton - A lightweight block cipher for security of low-cost RFID tags and sensors," in 6th International Workshop on Information Security Applications, WISA 2005, August 22, 2005 - August 24, 2005, Jeju Island, Korea, Republic of, 2005, pp. 243-258.
  35. A. Bogdanov, et al., "PRESENT: An ultra-lightweight block cipher," in 9th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2007, September 10, 2007 - September 13, 2007, Vienna, Austria, 2007, pp. 450-466.
  36. D. Hong, et al., "HIGHT: A new block cipher suitable for low-resource device," in 8th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2006, October 10, 2006 - October 13, 2006, Yokohama, Japan, 2006, pp. 46-59.
  37. F. Mace, et al., "FPGA Implementation(s) of a Scalable Encryption Algorithm," Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol. 16, pp. 212-216, 2008.
  38. C. De Canniere, et al., "KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers Cryptographic Hardware and Embedded Systems - CHES 2009." vol. 5747, C. Clavier and K. Gaj, Eds., ed: Springer Berlin / Heidelberg, 2009, pp. 272-288.
  39. P. Israsena, "Securing ubiquitous and low-cost RFID using tiny encryption algorithm," in Wireless Pervasive Computing, 2006 1st International Symposium on, 2006, p. 4 pp.
  40. X. Meng-Qin, et al., "Low power implementation of hummingbird cryptographic algorithm for RFID tag," in Solid-State and Integrated Circuit Technology (ICSICT), 2010 10th IEEE International Conference on, 2010, pp. 581-583.
  41. M. Hell, et al., "A Stream Cipher Proposal: Grain-128," in Information Theory, 2006 IEEE International Symposium on, 2006, pp. 1614-1618.
  42. E. Vahedi, et al., "Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols Computational Intelligence in Security for Information Systems." vol. 6694, A. Herrero and E. Corchado, Eds., ed: Springer Berlin / Heidelberg, 2011, pp. 92-99.
  43. T. V. Le, et al., "Universally composable and forward-secure RFID authentication and authenticated key exchange," presented at the Proceedings of the 2nd ACM symposium on Information, computer and communications security, Singapore, 2007.
  44. M. Burmester, et al., "Universally Composable RFID Identification and Authentication Protocols," ACM Trans. Inf. Syst. Secur., vol. 12, pp. 1-33, 2009.
  45. K. Ouafi and R. Phan, "Traceable Privacy of Recent Provably-Secure RFID Protocols Applied Cryptography and Network Security." vol. 5037, S. Bellovin, et al., Eds., ed: Springer Berlin / Heidelberg, 2008, pp. 479-489.
  46. Y. Oren and A. Shamir, "Remote Password Extraction from RFID Tags," Computers, IEEE Transactions on, vol. 56, pp. 1292-1296, 2007.
  47. C. Clavier, et al., "Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis," in Fault Diagnosis and Tolerance in Cryptography (FDTC), 2010 Workshop on, 2010, pp. 10-19.
  48. P. Peris-Lopez, et al., "LAMED - A PRNG for EPC Class-1 Generation-2 RFID specification," Comput. Stand. Interfaces, vol. 31, pp. 88-97, 2009.
  49. A. Juels, ""Yoking-proofs" for RFID tags," in Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second IEEE Annual Conference on, 2004, pp. 138-143.
  50. G. P. Hancke and M. G. Kuhn, "An RFID Distance Bounding Protocol," in Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on, 2005, pp. 67-73.
  51. Y. C. Kim, et al., "Side channel analysis countermeasures using obfuscated instructions," in Security Technology (ICCST), 2010 IEEE International Carnahan Conference on, 2010, pp. 42-51.
  52. P. Peris-Lopez, et al., "Vulnerability analysis of RFID protocols for tag ownership transfer," Computer Networks, vol. 54, pp. 1502-1508, 2010.
  53. S. Weis, et al., "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems," 2003.
  54. S.-S. Yeo and S. Kim, "Scalable and Flexible Privacy Protection Scheme for RFID Systems Security and Privacy in Ad-hoc and Sensor Networks." vol. 3813, R. Molva, et al., Eds., ed: Springer Berlin / Heidelberg, 2005, pp. 153-163.
  55. A. Juels, "Power games in RFID security," in Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for, 2009, pp. 1-1.
  56. S. Vaudenay, "On Privacy Models for RFID Advances in Cryptology - ASIACRYPT 2007." vol. 4833, K. Kurosawa, Ed., ed: Springer Berlin / Heidelberg, 2007, pp. 68-87.
  57. S. Karthikeyan and M. Nesterenko, "RFID security without extensive cryptography," presented at the Proceedings of the 3rd ACM w orkshop on Security of ad hoc and sensor networks, Alexandria, VA, USA, 2005.
  58. J. Saito and K. Sakurai, "Grouping proof for RFID tags," in Advanced Information Networking and Applications, 2005. AINA 2005. 19th International Conference on, 2005, pp. 621-624 vol.2.
  59. S. Piramuthu, "On Existence Proofs for Multiple RFID Tags," in Pervasive Services, 2006 ACS/IEEE International Conference on, 2006, pp. 317-320.