ABSTRACT-

Radio Frequency Identification (RFID) is a technology which enables multiple scanning readers can
scan an entire truckload or shopping basket at once, which allows for further automation in many
industry processes. Also, bar codes replicate only an ID number, while RFID tags can contain other
information, such as product details. When combined with sensors, RFID tags can store the history of
storing conditions, mechanical shocks, and so on. The vulnerability of RFID and the objection of
consumers to buy products that include non-protected RFID are holding organizations back from
investing in this promising technology. Information security and privacy are important research areas.
RFID use radio frequencies to exchange the information between tag and reader, this wireless
communication and less computational power if RFID tag make it particularly vulnerable among
information systems. This report presents the RFID Threat Countermeasure Framework to better
understand the wide range of RFID threats and their corresponding protection countermeasures. We
conclude that RFID security and privacy developments are very promising but do require more
development to become practically useful for organizations.

1
1. AN INTRODUCTION TO RFID SYSTEM
RFID stand for radio frequency identification. This technology was invented by Charles Walton and
first used in world war II to identify and authenticate aircraft in flight (IFF: Identify Friendly Foe). It
is done to allow the identification of allied planes. Now, Radio Frequency Identification Technology
(RFID) has moved from obscurity into main stream applications that help speed the handling of
manufactured goods and materials. These systems are one of the most affordable computing
technologies with technical potential and profitable opportunities in a diverse area of applications.
Radio-Frequency identification (RFID) is aimed to use radio waves to read and capture information
stored on a tag attached to an object [2]. The RFID technology is a means of gathering data about a
certain item without the need of touching or seeing the data carrier, through the use of inductive
coupling or electromagnetic waves RFID systems generally consist of tags, readers and back-end
database form. The tag generally consists of RF analog front end, baseband processor and
nonvolatile memory, and several other modules, some of which tag also has encryption features. We
will discuss the whole working of RFID in detail afterward.

2. CLASSIFICATION OF RFID SYSTEM

RFID system are classified into two types Active RFID system and Passive RFID system.

2.1 Active RFID System - Active RFID systems use battery-powered RFID tags (also called
active tags) that continuously broadcast their own signal. In the latter case, a tag‘s lifetime is
limited by the stored energy. Active RFID tags are commonly used as ―beacons‖ to accurately
track the real-time location of assets or in high-speed environments such as tolling. Active
tags provide a much longer read range than passive tags, but they are also much more
expensive. Active tag system mainly operates on 433 MHz and 915 MHz based on the
application [3].
An Active RFID systems have three essential parts – a reader or interrogator, antenna,
and a tag. Active RFID tags possess their own power source – an internal battery that
enables them to have extremely long read ranges as well as large memory banks.
Essentially, two different types of active RFID tags are available – transponders and
beacons.

2
 2.1.1 Transponders – In a system that uses an active transponder tag, the reader will
send a signal first, and then the active transponder will send a signal back with the relevant
information. Transponder tags are very efficient because they conserve battery life when the
tag is out of range of the reader. Active RFID transponders are commonly used in secure
access control and in toll booth payment systems [2].
2.1.2 Beacons – In a system that uses an active beacon tag, the tag will not wait to hear
the reader‘s signal. Instead, true to its name, the tag will ‗beacon‘, or send out its specific
information every 3 – 5 seconds. Beacon tags are very common in the oil and gas industry,
as well as mining and cargo tracking applications. Active tag‘s beacons can be read
hundreds of meters away, but in order to conserve battery life, they may be set to a lower
transmit power in order to reach around 100 meters read range [2].

2.2 Passive RFID System- Passive RFID systems use tags with no internal power source and
instead are powered by the electromagnetic energy transmitted from an RFID reader. Passive
RFID tags are used for applications such as access control, file tracking, race timing, supply
chain management, smart tags, and more. The tags also have an indefinite operational life.
The lower price point per tag and less maintenance cost makes employing passive RFID
systems economical for many industries.
Generally speaking, three main parts make up in a passive RFID system – RFID tags,
readers and back-end database. Passive RFID tags only have two main components – the
tag‘s antenna and the microchip or integrated circuit (IC).
Passive RFID tags do not all operate at the same frequency. There are three main
frequencies within which passive RFID tags operate. The frequency range, along with other
factors, strongly determines the read range, attachment materials, and application options.
2.2.1 125 – 134 KHz – Low Frequency (LF) – An extremely long wavelength with usually a
short-read range of about 1 – 10 centimeters. This frequency is typically used with animal
tracking because it is not affected much by water or metal.
2.2.2 13.56 MHz – High Frequency (HF) & Near-Field Communication (NFC) – A medium
wavelength with a typical read range of about 1 centimeter up to 1 meter. This frequency
is used with data transmissions, access control applications, DVD kiosks, and passport
security – applications that do not require a long-read range.

3
 2.2.3 865 – 960 MHz – Ultra High Frequency (UHF) – A short, high-energy wavelength of
about a one meter which translates to long read range. Passive UHF tags can be read from
an average distance of about 5 – 6 meters, but larger UHF tags can achieve up to 30+
meters of read range in ideal conditions.

ACTIVE RFID PASSIVE RFID

T Tag Power Internal to tag Energy transfer from the
reader via RF
able 1
Tag battery YES NO
Differ Availability of tag power Continuous Only within field of reader
ence Required signal strength Very low Very high
from reader to tag
betwe Available signal strength High Very low
en from tag to reader
Communication range Long range (100m or more) Short range (up to 10m)
active Sensor capacity Ability to continuously Ability to read and transfer
and monitor and record sensor sensor values only when tag is
input powered by reader
passiv
e tag

Note- In this report, we will mainly focus on passive RFID and all the discussions held from
now onwards will be about passive RFID System.

3. HOW RFID SYSTEM WORKS?

As we already discussed that RFID system consist of 3 main parts RFID tags, readers and
back-end database.
An RFID tag works as follows: the reading unit
generates an electro-magnetic field which induces a
current into the tag's antenna. The current is used to
power the chip. In passive tags the current also
charges a condenser which assures uninterrupted
power for the chip. Once activated the tag receives
commands from the reading unit and replies by
sending its unique ID number, after verification
readers get the tag to store information, and then
Fig.1 setup of RFID system

4
passed to the back-end data processing systems for management control [2].
As the reader and the wireless power of tags vary widely, and often the channel from the
reader to tag channel is called the "forward channel", and that from the tag to the reader is referred
to as "reverse channel".

4. APPLICATIONS OF RFID
RFID applications are very broad and open in nature. Some of them are listed below. Here we
categorized these applications into the field it belongs to –
4.1 Manufacturing- The reason for this growth is the significant benefits of RFID technology. For
example, RFID technology can increase a company's productivity and reliability. By generating real-
time data, RFID systems help prevent product and equipment shortages; bring customers reliable, on-
time delivery or service; track parts inventory; and provide maintenance history in the field
4.2 Retail - It can be used to prevent theft and track assets that are frequently moved and often
misplaced. It improves product visibility, helps in stock management, cashless payment and automated
checkout.
4.3 Logistic- mainly used for tracking, placing product on right shelves, help in fast delivery etc.
4.4 Transportation- RFID used for battery and fluid monitoring, status and location monitoring, access
control, toll collection, safety and security audits etc.
4.5 Medical- RFID generally used to verify patient information, reduce wait times and bottlenecks,
to locate patients.it is also use for stock management and expiry date monitoring.
4.6 Security- used to grant entry to secure areas, tracks time and movement of people, provide
automated entry, key less entry in car, identification od people (E-Passport), access control etc.

5. SECURITY REQUIREMENTS OF RFID SYSTEMS

A secure communication system must guarantee that the transmission of information
confidentiality, integrity and availability. And because of the characteristics of RFID systems and
special application environment. To ensure the security a secure RFID system should meet certain
security requirements below [1]:
5.1 Functional Reliability- the probability that an item will preform a required function without failure
under stated conditions for a stated period of time

5
5.2 Authenticity- the quality of being real. Tags and readers should conduct two-way authentication,
which is that the only legitimate reader and tag can obtain or update the status of each other.
5.3 Tag anonymity- Tag user's true identity, current location and other sensitive information,
communication should be guaranteed confidentiality. To achieve this, in the transmission between the
reader and tag, the confidential information should be encrypted.
5.4 Integrity- In the communication process, the need to ensure that the recipient received the
information during transmission has not been tampered with or replaced the attacker.
5.5 Data privacy- it is the relationship between the collection and dissemination of data, technology, the
public expectation of privacy, legal and political issues surrounding them. It is also known as
information privacy.
5.6 Backward security- Even if an attacker compromised a tag to obtain the status of its current time t1,
at time tl, secret information can‘t be used to identify the tag at time t2 (t2> t1). This is called Backward
security.

6. OVERVIEW OF PRIVACY AND SECURITY THREATS

RFID is a powerful technology with numerous application possibilities. It‘s also a technology that
raises serious privacy and security risks. Several RFID features make it particularly vulnerable among
information systems, including
 the wireless transmission between the tag and reader because as the back-end database and the
reader can be used with the conventional mature security program, it is generally believed,
readers and back-end communication channel between the database is safe.
 the tag‘s low computational power, which is often insufficient for strong security measures;
 and the tag‘s small size, which means that people can carry one without their consent or even
knowledge.

7. TYPES OF ATTACK ON RFID SYSTEMS -

Like all information systems, RFID-based systems are subject to generic attacks that threaten
system security and user privacy. However, there are also many attacks that specifically target RFID
system technologies.

6
 Over the years researchers have identified many different types of threats that could affect RFID
implementations. In this report we have selected few of the most common and famous attacks and
we will also discuss about its counter measure [6].

some of them are listed below:

 Eavesdropping
 Spoofing attack
 Relay attack
 Reply attack
 Tag cloning
 People tracking
 Tag content changes
 Password decoding

7.1 Eavesdropping: In English language, Eavesdropping is the act of secretly or stealthily listening to
the private conversation or communications of others without their consent. Similarly, in case of RFID,
hackers secretly monitor information sent from an RFID tag to a reader, or vice versa, via the air
interface (the communication channel between the reader and tag). Because eavesdropping is
passive—that is, the attacker doesn’t emit any signal—it’s highly difficult to detect.
The most common countermeasures are to encrypt the data (so eavesdropping hackers
can‘t understand the signal) and to use a metal screen to shield the tag and reader during
information exchange (such as at border checkpoints). It‘s also important to limit the distance
between the tag and reader by using the standard with the smallest communication range
sufficient for a given application. However, developers must also bear in mind that, using a
nonstandard reader, hackers can extend a standard communication range several times.

7.2 Spoofing Attack: Attackers get some information of identity by detecting communications
between readers and legitimate tags i.e. eavesdropping. Then network will be accessed by using
this information of identity to impersonate the legitimate tags or readers, which is called the
counterfeiting or spoofing attack. An attacker can fake tags, as well as fake readers.

7
 The effective means to prevent counterfeiting and spoofing attacks is to use efficient two-
way authentication protocol actualizing mutual authentication between tags and readers.

7.3 Relay attack: in a relay attack, attackers create a connection between a legitimate reader and a
victim‘s legitimate tag. From the RFID system‘s viewpoint, the communication looks as if the
legitimate tag and the reader are close to
each other, when in fact they‘re
communicating through the (usually
wireless) communication channel that the
attackers have established. Attackers can
thereby authenticate themselves in
access-control or payment systems. In

other words, an attacker in the far apart to Fig 2 relay attack

place an illegal device between the reader
and tag, the device can be to intercept the information of the reader or the tag, then modify it or
forwarded directly to the other. Information is transmitted through illegal devices, there will be
some delay, so called relay attacks.
Because attackers only transmit information without needing to understand it, the
authentication protocol (such as challenge-response) doesn‘t protect against this kind of attack.
Developers can counter this threat by shielding the tags (such as keeping them in bags made
of aluminum foil) while not in use. the distance bounding protocol, which uses response time to
estimate the distance between the reader and tag.
7.4 Replay Attack: In replay attacks, attackers abuse authorized tag carriers‘ identities by repeating
their authentication sequences. To do this, attackers might use a clone of a legitimate tag or
resend the eavesdropped signal from a PC equipped with an appropriate card and antenna. To
perform replay attacks, attackers must obtain information sent by the tag during normal
communication. Here, countering eavesdropping and unauthorized tag reading offers a first line of
defense.
A specific replay attack countermeasure is to authenticate tags using, for example, the
challenge response protocol. In this case, the tag calculates its authentication code based on the

8
 challenge the reader sends, the use of stamp program, a one-time password and using the random
number in authentication protocol, or updating ID information dynamically. In a well-designed
protocol, attackers can‘t deduce the key required to calculate a response from information
exchanged through the air interface.

7.5 Tag Cloning: Cloning is a threat frequently categorized together with spoofing. However,
spoofing and cloning are not the same. Although both threats copy data from a legitimate tag,
spoofing emulates the transmission of tag data while cloning means that the copied data is
transferred onto a new tag owned by the attacker. Just as spoofing, the communication between
legit RFID tags and readers will have to be read and stored, but a tag could also be stolen and then
physically read. The data for the cloned tags are then altered to suit to the needs of the desired
attack and copied onto an empty tag.
In tag cloning, attackers make a duplicate RFID tag, which might either be quite similar in
size or much larger than the original but have the same functionality. Attackers can use duplicates
to access a restricted area, abuse private data, or make an electronic transaction on the victim‘s
behalf. Tag authentication prevents cloning; if developers use a challenge-response protocol, the
information that attackers can obtain through the air interface (such as by eavesdropping) is
insufficient to duplicate the tag. Also, developers can apply appropriate measures at the circuit
manufacturing stage to protect tags from duplication by reverse engineering.

7.6 People Tracking: In people tracking, attackers follow tag carriers‘ movements using various
techniques, including placing fake readers in doors or deploying eavesdropping devices near
legitimate readers. Several countermeasures that I‘ve already discussed also work with tracking,
including using low-range tags or shielding tags, authenticating readers, and disabling tags when
they‘re not in use we must ensure that the information sent by the tag each time is dynamic, and
require tag has a good forward security. Generally, use two mechanisms: adopt pseudo-random
function to realize ID information encryption, or dynamic update ID. Adopting pseudo-random
number increased the cost of tagging hardware, while the problems of data synchronization
should be paid attention to when adopting dynamic update ID [6].

9
 7.7 Tag Content Change: If a tag is writeable, attackers can change its content, distorting item
attributes or leading the access-control system to falsely reject an authorized person. Furthermore,
they can insert malware—such as modified tag data that the reader interprets as a command into
writeable tags using, for example, SQL injection. In some writeable tags, developers can protect
memory content by temporarily or permanently disabling writing. Also, developers can
implement the readers so as to prevent them from interpreting a tag‘s data as a command.

7.8 Password decoding: As currently most RFID systems use encryption technology to ensure the
confidentiality and integrity of information delivery, attacking against the encryption algorithm is
a common form of attack. Attackers can decode encryption algorithms by conducting violent
attacks and the like, and decipher the intercepted cryptograph to get plain-text. To respond to this
attack, you need to design stronger encryption algorithm, or use longer keys increase the
difficulty of password cracking. Because of the constraint to the resource of RFID tags, traditional
encryption or signature algorithm is difficult to integrate into the tag. For this reason, many
international scholars work on low-cost RFID encryption algorithm. For example, Yuksel
proposed a low-cost 64-bit Hash function, only 1700 equivalent gates are required for the
realization [4]. The Feldhofer, proposed a 128-bit AES algorithm which requires only 3500
equivalent gates to be achieved, the algorithm is by far known the lowest cost AES program [5] .

8. THE LATEST PROBLEMS OF RFID SECURITY TECHNOLOGY TO BE

SOLVED –
8.1 The threats and security protocol research of RFID security: Technology Security protocol is
different from other protocols; people will never know what means of attack the attackers will take
the next step. The details people consider the safest one may sometimes lead to be loopholes. So,
discovering the possible threats, inventing new attacking models and designing authentication
protocols which are more reliable will be the major field the researchers of RFID security
technology devote in.
8.2 Low-power and low-cost RFID Security Mechanism: As the RFID system is different from
other systems are unique, for low-cost tags, to achieve perfect security is more difficult, higher
security means higher overhead and cost of hardware and software. From the above analysis we can

10
 see, there are a number of security protocols, or security flaws, or requires a lot of hardware
overhead, it is difficult to achieve in low-cost tag, not a low-power RFID system for low-cost
characteristics, to meet the security needs and practical security authentication mechanism.
Therefore, for low-cost low-power RFID system security research, is still a serious problem.
8.3 Design of the encryption algorithm which is applied to RFID system: Now most of the
authentication protocol are transmitted using encryption technology to ensure data security.
Although the traditional password techno cooked, but because of the special nature and limitations
of RFID tags, for example, tag generally don‘t have the microprocessor, just is made up of thousands
of logic gate circuit, limited storage space, limited power supply and so on, the traditional encryption
or signature algorithm is difficult to be integrated into such devices. The researchers gave a number
of simplified encryption algorithm, which although greatly reduced hardware costs, still exceeded
the capacity of low-cost tags. Therefore, we must design and implement low-cost and efficient
encryption algorithms fit for RFID systems.

9. CONCLUSION:
Due to the increasing number of RFID implementations, RFID security and privacy are increasingly
gaining more importance. Unfortunately, the wireless RFID communication is vulnerable for attacks,
which contributes to the delay of mass RFID adoption. Although RFID is becoming more
standardized, the current protection capabilities still lack in their abilities to counter or prevent RFID
threats and therefore gain acceptance in the commercial sector. But as RFID technology keeps
improving, security and privacy effectiveness will also grow. In the end it will take time for
protection capabilities to become more standardized and be implemented as part of a RFID system.
Of course, RFID system security threats and problems to be solved are not just those listed in this
report, along with the rapid development of RFID technology and applications, RFID system
security threats and attacks will increase and become more and more complex. Therefore, RFID
systems security technology is always an open issue, scholars and researchers need to make
unremitting efforts.

11
REFERENCES
[1] Hong Li, YongHui Chen and ZhangQing He ―The Survey of RFID Attacks and Defenses‖, 8th
International Conference on Wireless Communications, Networking and Mobile Computing , 2012
[2] R. Want,‖ An introduction to RFID technology‖, IEEE Pervasive Computing ( Volume: 5 , Issue:
1 , Jan.-March 2006 )
[3] Pawel Rotter, ―A Framework for Assessing RFID System Security and Privacy Risks”, IEEE
Pervasive Computing ( Volume: 7 , Issue: 2 , April-June 2008 )
[4] Yüksel K. ―Universal Hashing for Ultra-Low-Power Cryptographic Hardware Applications‖
Worcester: Dept. of Electronical Engineering, WPI, 2004(in American).
[5] Martin Feldhofer, Sandra Dominikus, Johannes Wolkerstorfer,‖Strong Authentication for RFID
Systems Using the AES Algorithm‖ Conference of Cryptographic Hardware and Embedded
Systems,2004: 357-370.
[6] Gurudatt Kulkarni ; Rupali Shelke ; Ramesh Sutar ; Sangita Mohite,‖ RFID security issues &
challenges”, International Conference on Electronics and Communication Systems (ICECS),2014

12