Security and Privacy in RFID Applications

Abstract

Radio Frequency Identification (RFID) is a very versatile technology. It has the potential to increase the efficiency of many common applications and is thus becoming increasingly popular. The main drawback is that the general principles the technology is built on are very vulnerable to attack. The ID imbedded in every chip combined with the openness of the radio interface exposes the users to tracking. As additional sensitive information may be stored on the tags, the user may also be exposed to other security and privacy threats. This thesis investigates how easily the reading distance of RFID tags can be increased by modifying a regular reader. A thorough presentation of general privacy and security threats to RFID systems is also given together with an analysis of how the results from the experiments influence these threats. General countermeasures to defend against threats are also evaluated. Finally, the thesis investigates how easily a user can reduce the reading distance of tags he is carrying by physical shielding. The general results are that moderately increasing the reading distance of RFID tags by modifying a regular reader is possible. It is, however, not trivial. Given that the attacker has extensive knowledge of the technology and its implementation, obtaining extensive increases in reading distance by using very sophisticated techniques may be possible. Users can, on the other hand, relatively easily decrease the reading distances of tags by physically shielding them. The obtainable reading distance using an electronics hobbyist s tools, skills and knowledge is sufficient to greatly simplify the execution of several attacks aimed at RFID systems. As the technological development is likely to increase the obtainable reading distance even further, inclusion of on-tag security measures for the future is of great importance.