View Item 

Show simple item record

A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems
dc.contributor.authorMa, Dien_US
dc.contributor.authorSaxena, Niteshen_US
dc.date.accessioned2014-12-09T16:53:34Z
dc.date.availableWITHHELD_13_MONTHSen_US
dc.date.available2014-12-09T16:53:34Z
dc.date.issued2014-12en_US
dc.identifier.citationMa, Di; Saxena, Nitesh (2014). "A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems." Security and Communication Networks 7(12): 2684-2695.en_US
dc.identifier.issn1939-0114en_US
dc.identifier.issn1939-0122en_US
dc.identifier.urihttps://hdl.handle.net/2027.42/109577
dc.description.abstractRadio frequency identification (RFID) systems are becoming increasingly ubiquitous in both public and private domains. However, because of the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise because of the tag's promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading . Promiscuous tag response also incites different forms of relay attacks whereby a malicious colluding pair, relaying messages between a tag and a reader, can successfully impersonate the tag without actually possessing it. Because of the increasing ubiquity of RFID devices, there is a pressing need for the development of security primitives and protocols to defeat unauthorized reading and relay attacks. However, currently deployed or proposed solutions often fail to satisfy the constraints and requirements of the underlying RFID applications in terms of (one or more of) efficiency, security, and usability. This paper proposes a novel research direction, one that utilizes sensing technologies, to tackle the problems of unauthorized reading and relay attacks with a goal of reconciling the requirements of efficiency, security, and usability. The premise of the proposed work is based on a current technological advancement that enables many RFID tags with low‐cost sensing capabilities. The on‐board tag sensors will be used to acquire useful contextual information about the tag's environment (or its owner, or the tag itself). For defense against unauthorized reading and relay attacks, such context information can be leveraged in two ways. First, contextual information can be used to design context‐aware selective unlocking mechanisms so that tags can selectively respond to reader interrogations and thus minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information can be used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers. Copyright © 2011 John Wiley & Sons, Ltd. This paper proposes a novel research direction, one that utilizes sensing technologies to tackle the challenging problems of unauthorized reading and relay attacks in radio frequency identification systems. First, contextual information is used to design context‐aware selective unlocking mechanisms, so that tags can selectively respond to reader interrogations and, thus, minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information is used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers.en_US
dc.publisherPrentice Hallen_US
dc.publisherWiley Periodicals, Inc.en_US
dc.subject.otherUnauthorized Readingen_US
dc.subject.otherRelay Attack Selective Unlockingen_US
dc.subject.otherSecure Server Verificationen_US
dc.subject.otherSecurity and Privacyen_US
dc.subject.otherRFIDen_US
dc.titleA context‐aware approach to defend against unauthorized reading and relay attacks in RFID systemsen_US
dc.typeArticleen_US
dc.rights.robotsIndexNoFollowen_US
dc.subject.hlbsecondlevelComputer Scienceen_US
dc.subject.hlbtoplevelEngineeringen_US
dc.description.peerreviewedPeer Revieweden_US
dc.description.bitstreamurlhttp://deepblue.lib.umich.edu/bitstream/2027.42/109577/1/sec404.pdf
dc.identifier.doi10.1002/sec.404en_US
dc.identifier.sourceSecurity and Communication Networksen_US
dc.identifier.citedreferenceSaxena N, Voris J. Still and silent: motion detection for enhanced RFID security and privacy without changing the usage model. Workshop on RFID Security ( RFIDSec ), 2010.en_US
dc.identifier.citedreferenceSalajegheh M, Clark S, Ransford B, Fu K, Juels A. CCCP: secure remote storage for computational RFIDs. 18th USENIX Security Symposium, 2009; August.en_US
dc.identifier.citedreferenceSmith JR, Sample AP, Powledge PS, Roy S, Mamishev A. A wirelessly‐powered platform for sensing and computation. Proceedings of UbiComp 2006, 2006.en_US
dc.identifier.citedreferenceGriffiths DJ. Introduction to Electrodynamics ( 3rd edn ). Prentice Hall: UK, 1999.en_US
dc.identifier.citedreferenceBourzac K. TR10: atomic magnetometers. Available online at http://www.technologyreview.com/biotech/20239/ April 2008.en_US
dc.identifier.citedreferenceHuyghe B, Doutreloigne J. 3D orientation tracking based on unscented Kalman filtering of accelerometer and magnetometer data. IEEE Sensors Application Symposium, 2009.en_US
dc.identifier.citedreferenceYun X, Bachmann ER, McGhee RB. A simplified Quaternion‐based algorithm for orientation estimation from Earth gravity and magnetic field measurements. IEEE Transaction on Instrumentation and Measurement Mar 2008; 57 ( 3 ): 638 – 650.en_US
dc.identifier.citedreferenceGoldiron. Numerex unveils hybrid tag includes active RFID, GPS, satellite and sensors. Available online at http://goldiron.wordpress.com/2009/02/25/numerex‐unveils‐hybrid‐tag‐includes‐active‐rfid‐gps‐satellite‐and‐sensors/ February 2009.en_US
dc.identifier.citedreferenceBuckner M, Crutcher R, Moore MR, Smith SF. GPS and sensor‐enabled RFID tags. Available online at http://www.ornl.gov/webworks/cppr/y2001/pres/118169.pdfen_US
dc.identifier.citedreferenceCropsey G. Designing a distance and speed algorithm using the global positioning system. Available online at http://www.egr.msu.edu/classes/ece480/capstone/spring08/group10/documents/ApplicationNote‐Gabe.pdf March 2008.en_US
dc.identifier.citedreferenceGPS Glossary 2011. Available at: http://www.gsmarena.com/glossary.php3?term=gpsen_US
dc.identifier.citedreference66‐Channel LS20031 GPS Receiver Module 2011. Available at: http://www.megachip.ru/pdf/POLOLU/66_CHANNEL.pdfen_US
dc.identifier.citedreferenceWendlandt K, Khider M, Angermann M, Robertson P. Continuous location and direction estimation with multiple sensors using particle filtering. IEEE International Conference on Multisensor Fusion and Integration for Intelligent Systems, 2006.en_US
dc.identifier.citedreferenceQiu D, Lo S, Enge P, Boneh D, Peterson B. Geoencryption using Loran. The Institute of Navigation International Technical Meeting, 2007.en_US
dc.identifier.citedreferenceQiu D, Lo S, Enge P, Boneh D, Peterson B. Robust location tag generation from noisy location data for security applications. The Institute of Navigation International Technical Meeting, 2009.en_US
dc.identifier.citedreferenceWarner JS, Johnston RG. Think GPS cargo tracking = high security? Technical report, Los Alamos National Laboratory 2003.en_US
dc.identifier.citedreferencePapadimitratos P, Jovanovic A. Protection and fundamental vulnerability of global navigation satellite systems (GNSS). International Workshop on Satellite and Space Communications ( IWSSC ).en_US
dc.identifier.citedreferenceHanlon B, Ledvina B, Psiaki M, Jr PK, Humphreys TE. Assessing the GPS spoofing threat. GPS world. Available online at http://www.gpsworld.com/defense/security‐surveillance/assessing‐spoofing‐threat‐3171?page_id=1 January 2009.en_US
dc.identifier.citedreferenceScott L. Anti‐spoofing and authenticated signal architectures for civil navigation signals. 16th International Technical Meeting of the Satellite Division of the Institute of Navigation ( ION GPS/GNSS ), 2003; 1543 – 1552.en_US
dc.identifier.citedreferenceKuhn M. An asymmetric security mechanism for navigation signals. 6th Information Hiding Workshop, 2004.en_US
dc.identifier.citedreferencePapadimitratos P, Jovanovic A. GNSS‐based positioning: attacks and countermeasures. IEEE Military Communications Conference (MILCOM). San Diego, CA, USA, 2008; 1 – 7.en_US
dc.identifier.citedreferenceEPIC.ORG. Wal‐Mart begins tagging and tracking merchandise with RFID. Available online at http://epic.org/2010/07/wal‐mart‐begins‐tagging‐and‐tr.html July 2010.en_US
dc.identifier.citedreferenceUS Department of State. The US electronic passport. Available online at http://travel.state.gov/passport/passport_2498.htmlen_US
dc.identifier.citedreferenceEMVCo. About EMV. Available online at http://www.emvco.com/about_emv.aspx November 2009.en_US
dc.identifier.citedreferenceWashington State Department of Licensing. Enhanced driver license/ID card. Available online at http://www.dol.wa.gov/about/news/priorities/edl.htmlen_US
dc.identifier.citedreferenceNYS DMV. Enhanced driver licenses and non‐driver identification cards. Available online at http://www.nydmv.state.ny.us/broch/C158.pdf July 2010.en_US
dc.identifier.citedreferenceFrancillon A, Danev B, Capkun S. Relay attacks on passive keyless entry and start systems in modern cars. 18th Annual Network and Distributed System Security Symposium ( NDSS ), 2011.en_US
dc.identifier.citedreferenceIT Global Consulting Ltd. RFID toll road payment. Available online at http://www.itglobalconsulting.com/rfidtollroadpayment.asp.en_US
dc.identifier.citedreferenceInfowars.com. Texas Department of Transportation to instate RFID TxTag. Available online at http://www.infowars.com/articles/bb/toll_roads_tx_tag.htm September 2005.en_US
dc.identifier.citedreferenceRFID Asia. New Ez‐Link contactless smart cards converge transit and payment applications. Available online at http://journal.rfid‐asia.info/2008/12/new‐ez‐link‐contactless‐smart‐cards.htm December 2008.en_US
dc.identifier.citedreferenceMedical News Today. VeriChip Corporation announces phase II development of in vivo glucose‐sensing RFID microchip with RECEPTORS LLC. Available online at http://www.medicalnewstoday.com/articles/165894.php October 2009.en_US
dc.identifier.citedreferenceJuels A, Molnar D, Wagner D. Security and privacy issues in E‐passports. Security and Privacy for Emerging Areas in Communications Networks ( SecureComm ), 2005.en_US
dc.identifier.citedreferenceJuels A. RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications February 2006; 24 ( 2 ): 381 – 394.en_US
dc.identifier.citedreferenceHeydt‐Benjamin TS, Bailey DV, Fu K, Juels A, O'Hare T. Vulnerabilities in first‐generation RFID‐enabled credit cards. Eleventh International Conference on Financial Cryptography (FC), 2007.en_US
dc.identifier.citedreferenceKfir Z, Wool A. Picking virtual pockets using relay attacks on contactless smartcard. Security and Privacy for Emerging Areas in Communications Networks ( SecureComm ), 2005.en_US
dc.identifier.citedreferenceDrimer S, Murdoch SJ. Keep your enemies close: distance bounding against smartcard relay attacks. 16th USENIX Security Symposium, 2007.en_US
dc.identifier.citedreferenceOren Y, Wool A. Relay attacks on RFID‐based electronic voting systems. Cryptology ePrint Archive, Report 2009/422. Available online at http://eprint.iacr.org/2009/422 2009.en_US
dc.identifier.citedreferenceJuels A, Rivest RL, Szydlo M. The blocker tag: selective blocking of RFID tags for consumer privacy. ACM Conference on Computer and Communications Security ( CCS ), 2003.en_US
dc.identifier.citedreferenceJuels A, Syverson PF, Bailey DV. High‐power proxies for enhancing RFID privacy and utility. Privacy Enhancing Technologies, 2005.en_US
dc.identifier.citedreferenceRieback MR, Crispo B, Tanenbaum AS. RFID guardian: a battery‐powered mobile device for RFID privacy management. Australasian Conference on Information Security and Privacy ( ACISP ), 2005.en_US
dc.identifier.citedreferenceKoscher K, Juels A, Brajkovic V, Kohno T. EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond. ACM Conference on Computer and Communications Security, 2009.en_US
dc.identifier.citedreferenceJuels A. RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications February 2006; 24 ( 2 ): 381 – 394.en_US
dc.identifier.citedreferenceJuels A, Weis S. Authenticating pervasive devices with human protocols. International Cryptology Conference ( CRYPTO ), 2005.en_US
dc.identifier.citedreferenceBringer J, Chabanne H, Dottax E. HB++: a lightweight authentication protocol secure against some attacks. Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006.en_US
dc.identifier.citedreferenceKatz J, Shin J. Parallel and concurrent security of the HB and HB+ protocols. Advances in Cryptology—EUROCRYPT, International Conference on the Theory and Applications of Cryptographic Techniques, 2006.en_US
dc.identifier.citedreferenceGilbert H, Robshaw M, Seurin Y. HB#: increasing the security and efficiency of HB+. Advances in Cryptology—EUROCRYPT, International Conference on the Theory and Applications of Cryptographic Techniques, 2008.en_US
dc.identifier.citedreferenceBrands S, Chaum D. Distance‐bounding protocols. Advances in Cryptology—EUROCRYPT, International Conference on the Theory and Applications of Cryptographic Techniques, 1993.en_US
dc.identifier.citedreferenceHancke GP, Kuhn MG. An RFID distance bounding protocol. Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005.en_US
dc.identifier.citedreferenceRasmussen KB, Čapkun S. Realization of RF distance bounding. Proceedings of the USENIX Security Symposium, 2010.en_US
dc.identifier.citedreferenceRuhanen A, et al. Sensor‐enabled RFID tag handbook. Available online at http://www.bridge‐project.eu/data/File/BRIDGE_WP01_RFID_tag_handbook.pdf January 2008.en_US
dc.identifier.citedreferenceHolleman J, Yeager D, Prasad R, Smith J, Otis B. NeuralWISP: an energy‐harvesting wireless neural interface with 1‐m range. Biomedical Circuits and Systems Conference (BioCAS) 2008.en_US
dc.identifier.citedreferenceSample A, Yeager DJ, Smith JR. A capacitive touch interface for passive RFID tags. IEEE International Conference on RFID 2009.en_US
dc.identifier.citedreferenceSample A, Yeager D, Powledge P, Smith J. Design of a passively‐powered, programmable sensing platform for UHF RFID systems. IEEE International Conference on RFID, 2007.en_US
dc.identifier.citedreferenceSmith JR, Powledge PS, Roy S, Mamishev A. A wirelessly‐powered platform for sensing and computation. 8th International Conference on Ubiquitous Computing ( UbiComp ), 2006.en_US
dc.identifier.citedreferenceBuettner M, Greenstein B, Sample A, Smith JR, Wetherall D. Revisiting smart dust with RFID sensor networks. ACM Workshop on Hot Topics in Networks ( Hotnets‐VII ), 2008.en_US
dc.identifier.citedreferenceIsik MT, Akan OB. Wireless passive sensor networks. IEEE Communication Magazine August 2009; 47 ( 8 ): 92 – 99.en_US
dc.identifier.citedreferenceCzeskis A, Koscher K, Smith J, Kohno T. RFIDs and secret handshakes: defending against ghost‐and‐leech attacks and unauthorized reads with context‐aware communications. ACM Conference on Computer and Communications Security, 2008.en_US
dc.identifier.citedreferenceWagner D. Privacy in pervasive computing: what can technologists do? Invited talk, SECURECOMM 2005. Available online at http://www.cs.berkeley.edu/daw/talks/SECCOM05.ppt September 2005.en_US
dc.identifier.citedreferenceBuettner M, Prasad R, Philipose M, Wetherall D. Recognizing daily activities with RFID‐based sensors. International Conference on Ubiquitous Computing ( UbiComp ), 2009.en_US
dc.identifier.citedreferenceWISP Wiki. http://wisp.wikispaces.comen_US
dc.identifier.citedreferenceYeager D, Prasad R, Wetherall D, Powledge P, Smith J. Wirelessly‐charged UHF tags for sensor data collection. IEEE International Conference on RFID, 2008.en_US
dc.identifier.citedreferenceYeager D, Holleman J, Prasad R, Smith JR, Otis B. NeuralWISP: A Wirelessly‐Powered Neural Interface with 1‐m Range. To appear in IEEE Transactions on Biomedical Circuits and Systems.en_US
dc.identifier.citedreferenceHalperin D, Heydt‐Benjamin TS, Ransford B, Clark SS, Defend B, Morgan W, Fu K, Kohno T, Maisel WH. Pacemakers and implantable cardiac defibrillators: software radio attacks and zero‐power defenses. IEEE Symposium on Security and Privacy, 2008.en_US
dc.identifier.citedreferenceHoneywell. 1, 2 and 3 axis magnetic sensors. Available online at http://www51.honeywell.com/aero/common/documents/myaerospacecatalog‐documents/Defense_Brochures‐documents/HMC_1051‐1052‐1053_Data_Sheet.pdfen_US
dc.identifier.citedreferenceServoflo Corporation. New micro altimeter ms5607 for barometric pressure measurement. Available online at http://www.servoflo.com/news/295‐new‐5607‐barometric‐pressure‐sensor.htmlen_US
dc.identifier.citedreferenceST.com. MP34DB01 MEMS audio sensor omnidirectional digital microphone. Available online at http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/DATASHEET/CD00284650.pdf April 2011.en_US
dc.owningcollnameInterdisciplinary and Peer-Reviewed


Files in this item

Name:
sec404.pdf
Size:
184.2KB
Format:
PDF
View/Open

Show simple item record

Remediation of Harmful Language

The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.

Accessibility

If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.