A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems
dc.contributor.author | Ma, Di | en_US |
dc.contributor.author | Saxena, Nitesh | en_US |
dc.date.accessioned | 2014-12-09T16:53:34Z | |
dc.date.available | WITHHELD_13_MONTHS | en_US |
dc.date.available | 2014-12-09T16:53:34Z | |
dc.date.issued | 2014-12 | en_US |
dc.identifier.citation | Ma, Di; Saxena, Nitesh (2014). "A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems." Security and Communication Networks 7(12): 2684-2695. | en_US |
dc.identifier.issn | 1939-0114 | en_US |
dc.identifier.issn | 1939-0122 | en_US |
dc.identifier.uri | https://hdl.handle.net/2027.42/109577 | |
dc.description.abstract | Radio frequency identification (RFID) systems are becoming increasingly ubiquitous in both public and private domains. However, because of the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise because of the tag's promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading . Promiscuous tag response also incites different forms of relay attacks whereby a malicious colluding pair, relaying messages between a tag and a reader, can successfully impersonate the tag without actually possessing it. Because of the increasing ubiquity of RFID devices, there is a pressing need for the development of security primitives and protocols to defeat unauthorized reading and relay attacks. However, currently deployed or proposed solutions often fail to satisfy the constraints and requirements of the underlying RFID applications in terms of (one or more of) efficiency, security, and usability. This paper proposes a novel research direction, one that utilizes sensing technologies, to tackle the problems of unauthorized reading and relay attacks with a goal of reconciling the requirements of efficiency, security, and usability. The premise of the proposed work is based on a current technological advancement that enables many RFID tags with low‐cost sensing capabilities. The on‐board tag sensors will be used to acquire useful contextual information about the tag's environment (or its owner, or the tag itself). For defense against unauthorized reading and relay attacks, such context information can be leveraged in two ways. First, contextual information can be used to design context‐aware selective unlocking mechanisms so that tags can selectively respond to reader interrogations and thus minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information can be used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers. Copyright © 2011 John Wiley & Sons, Ltd. This paper proposes a novel research direction, one that utilizes sensing technologies to tackle the challenging problems of unauthorized reading and relay attacks in radio frequency identification systems. First, contextual information is used to design context‐aware selective unlocking mechanisms, so that tags can selectively respond to reader interrogations and, thus, minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information is used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers. | en_US |
dc.publisher | Prentice Hall | en_US |
dc.publisher | Wiley Periodicals, Inc. | en_US |
dc.subject.other | Unauthorized Reading | en_US |
dc.subject.other | Relay Attack Selective Unlocking | en_US |
dc.subject.other | Secure Server Verification | en_US |
dc.subject.other | Security and Privacy | en_US |
dc.subject.other | RFID | en_US |
dc.title | A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems | en_US |
dc.type | Article | en_US |
dc.rights.robots | IndexNoFollow | en_US |
dc.subject.hlbsecondlevel | Computer Science | en_US |
dc.subject.hlbtoplevel | Engineering | en_US |
dc.description.peerreviewed | Peer Reviewed | en_US |
dc.description.bitstreamurl | http://deepblue.lib.umich.edu/bitstream/2027.42/109577/1/sec404.pdf | |
dc.identifier.doi | 10.1002/sec.404 | en_US |
dc.identifier.source | Security and Communication Networks | en_US |
dc.identifier.citedreference | Saxena N, Voris J. Still and silent: motion detection for enhanced RFID security and privacy without changing the usage model. Workshop on RFID Security ( RFIDSec ), 2010. | en_US |
dc.identifier.citedreference | Salajegheh M, Clark S, Ransford B, Fu K, Juels A. CCCP: secure remote storage for computational RFIDs. 18th USENIX Security Symposium, 2009; August. | en_US |
dc.identifier.citedreference | Smith JR, Sample AP, Powledge PS, Roy S, Mamishev A. A wirelessly‐powered platform for sensing and computation. Proceedings of UbiComp 2006, 2006. | en_US |
dc.identifier.citedreference | Griffiths DJ. Introduction to Electrodynamics ( 3rd edn ). Prentice Hall: UK, 1999. | en_US |
dc.identifier.citedreference | Bourzac K. TR10: atomic magnetometers. Available online at http://www.technologyreview.com/biotech/20239/ April 2008. | en_US |
dc.identifier.citedreference | Huyghe B, Doutreloigne J. 3D orientation tracking based on unscented Kalman filtering of accelerometer and magnetometer data. IEEE Sensors Application Symposium, 2009. | en_US |
dc.identifier.citedreference | Yun X, Bachmann ER, McGhee RB. A simplified Quaternion‐based algorithm for orientation estimation from Earth gravity and magnetic field measurements. IEEE Transaction on Instrumentation and Measurement Mar 2008; 57 ( 3 ): 638 – 650. | en_US |
dc.identifier.citedreference | Goldiron. Numerex unveils hybrid tag includes active RFID, GPS, satellite and sensors. Available online at http://goldiron.wordpress.com/2009/02/25/numerex‐unveils‐hybrid‐tag‐includes‐active‐rfid‐gps‐satellite‐and‐sensors/ February 2009. | en_US |
dc.identifier.citedreference | Buckner M, Crutcher R, Moore MR, Smith SF. GPS and sensor‐enabled RFID tags. Available online at http://www.ornl.gov/webworks/cppr/y2001/pres/118169.pdf | en_US |
dc.identifier.citedreference | Cropsey G. Designing a distance and speed algorithm using the global positioning system. Available online at http://www.egr.msu.edu/classes/ece480/capstone/spring08/group10/documents/ApplicationNote‐Gabe.pdf March 2008. | en_US |
dc.identifier.citedreference | GPS Glossary 2011. Available at: http://www.gsmarena.com/glossary.php3?term=gps | en_US |
dc.identifier.citedreference | 66‐Channel LS20031 GPS Receiver Module 2011. Available at: http://www.megachip.ru/pdf/POLOLU/66_CHANNEL.pdf | en_US |
dc.identifier.citedreference | Wendlandt K, Khider M, Angermann M, Robertson P. Continuous location and direction estimation with multiple sensors using particle filtering. IEEE International Conference on Multisensor Fusion and Integration for Intelligent Systems, 2006. | en_US |
dc.identifier.citedreference | Qiu D, Lo S, Enge P, Boneh D, Peterson B. Geoencryption using Loran. The Institute of Navigation International Technical Meeting, 2007. | en_US |
dc.identifier.citedreference | Qiu D, Lo S, Enge P, Boneh D, Peterson B. Robust location tag generation from noisy location data for security applications. The Institute of Navigation International Technical Meeting, 2009. | en_US |
dc.identifier.citedreference | Warner JS, Johnston RG. Think GPS cargo tracking = high security? Technical report, Los Alamos National Laboratory 2003. | en_US |
dc.identifier.citedreference | Papadimitratos P, Jovanovic A. Protection and fundamental vulnerability of global navigation satellite systems (GNSS). International Workshop on Satellite and Space Communications ( IWSSC ). | en_US |
dc.identifier.citedreference | Hanlon B, Ledvina B, Psiaki M, Jr PK, Humphreys TE. Assessing the GPS spoofing threat. GPS world. Available online at http://www.gpsworld.com/defense/security‐surveillance/assessing‐spoofing‐threat‐3171?page_id=1 January 2009. | en_US |
dc.identifier.citedreference | Scott L. Anti‐spoofing and authenticated signal architectures for civil navigation signals. 16th International Technical Meeting of the Satellite Division of the Institute of Navigation ( ION GPS/GNSS ), 2003; 1543 – 1552. | en_US |
dc.identifier.citedreference | Kuhn M. An asymmetric security mechanism for navigation signals. 6th Information Hiding Workshop, 2004. | en_US |
dc.identifier.citedreference | Papadimitratos P, Jovanovic A. GNSS‐based positioning: attacks and countermeasures. IEEE Military Communications Conference (MILCOM). San Diego, CA, USA, 2008; 1 – 7. | en_US |
dc.identifier.citedreference | EPIC.ORG. Wal‐Mart begins tagging and tracking merchandise with RFID. Available online at http://epic.org/2010/07/wal‐mart‐begins‐tagging‐and‐tr.html July 2010. | en_US |
dc.identifier.citedreference | US Department of State. The US electronic passport. Available online at http://travel.state.gov/passport/passport_2498.html | en_US |
dc.identifier.citedreference | EMVCo. About EMV. Available online at http://www.emvco.com/about_emv.aspx November 2009. | en_US |
dc.identifier.citedreference | Washington State Department of Licensing. Enhanced driver license/ID card. Available online at http://www.dol.wa.gov/about/news/priorities/edl.html | en_US |
dc.identifier.citedreference | NYS DMV. Enhanced driver licenses and non‐driver identification cards. Available online at http://www.nydmv.state.ny.us/broch/C158.pdf July 2010. | en_US |
dc.identifier.citedreference | Francillon A, Danev B, Capkun S. Relay attacks on passive keyless entry and start systems in modern cars. 18th Annual Network and Distributed System Security Symposium ( NDSS ), 2011. | en_US |
dc.identifier.citedreference | IT Global Consulting Ltd. RFID toll road payment. Available online at http://www.itglobalconsulting.com/rfidtollroadpayment.asp. | en_US |
dc.identifier.citedreference | Infowars.com. Texas Department of Transportation to instate RFID TxTag. Available online at http://www.infowars.com/articles/bb/toll_roads_tx_tag.htm September 2005. | en_US |
dc.identifier.citedreference | RFID Asia. New Ez‐Link contactless smart cards converge transit and payment applications. Available online at http://journal.rfid‐asia.info/2008/12/new‐ez‐link‐contactless‐smart‐cards.htm December 2008. | en_US |
dc.identifier.citedreference | Medical News Today. VeriChip Corporation announces phase II development of in vivo glucose‐sensing RFID microchip with RECEPTORS LLC. Available online at http://www.medicalnewstoday.com/articles/165894.php October 2009. | en_US |
dc.identifier.citedreference | Juels A, Molnar D, Wagner D. Security and privacy issues in E‐passports. Security and Privacy for Emerging Areas in Communications Networks ( SecureComm ), 2005. | en_US |
dc.identifier.citedreference | Juels A. RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications February 2006; 24 ( 2 ): 381 – 394. | en_US |
dc.identifier.citedreference | Heydt‐Benjamin TS, Bailey DV, Fu K, Juels A, O'Hare T. Vulnerabilities in first‐generation RFID‐enabled credit cards. Eleventh International Conference on Financial Cryptography (FC), 2007. | en_US |
dc.identifier.citedreference | Kfir Z, Wool A. Picking virtual pockets using relay attacks on contactless smartcard. Security and Privacy for Emerging Areas in Communications Networks ( SecureComm ), 2005. | en_US |
dc.identifier.citedreference | Drimer S, Murdoch SJ. Keep your enemies close: distance bounding against smartcard relay attacks. 16th USENIX Security Symposium, 2007. | en_US |
dc.identifier.citedreference | Oren Y, Wool A. Relay attacks on RFID‐based electronic voting systems. Cryptology ePrint Archive, Report 2009/422. Available online at http://eprint.iacr.org/2009/422 2009. | en_US |
dc.identifier.citedreference | Juels A, Rivest RL, Szydlo M. The blocker tag: selective blocking of RFID tags for consumer privacy. ACM Conference on Computer and Communications Security ( CCS ), 2003. | en_US |
dc.identifier.citedreference | Juels A, Syverson PF, Bailey DV. High‐power proxies for enhancing RFID privacy and utility. Privacy Enhancing Technologies, 2005. | en_US |
dc.identifier.citedreference | Rieback MR, Crispo B, Tanenbaum AS. RFID guardian: a battery‐powered mobile device for RFID privacy management. Australasian Conference on Information Security and Privacy ( ACISP ), 2005. | en_US |
dc.identifier.citedreference | Koscher K, Juels A, Brajkovic V, Kohno T. EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond. ACM Conference on Computer and Communications Security, 2009. | en_US |
dc.identifier.citedreference | Juels A. RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications February 2006; 24 ( 2 ): 381 – 394. | en_US |
dc.identifier.citedreference | Juels A, Weis S. Authenticating pervasive devices with human protocols. International Cryptology Conference ( CRYPTO ), 2005. | en_US |
dc.identifier.citedreference | Bringer J, Chabanne H, Dottax E. HB++: a lightweight authentication protocol secure against some attacks. Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. | en_US |
dc.identifier.citedreference | Katz J, Shin J. Parallel and concurrent security of the HB and HB+ protocols. Advances in Cryptology—EUROCRYPT, International Conference on the Theory and Applications of Cryptographic Techniques, 2006. | en_US |
dc.identifier.citedreference | Gilbert H, Robshaw M, Seurin Y. HB#: increasing the security and efficiency of HB+. Advances in Cryptology—EUROCRYPT, International Conference on the Theory and Applications of Cryptographic Techniques, 2008. | en_US |
dc.identifier.citedreference | Brands S, Chaum D. Distance‐bounding protocols. Advances in Cryptology—EUROCRYPT, International Conference on the Theory and Applications of Cryptographic Techniques, 1993. | en_US |
dc.identifier.citedreference | Hancke GP, Kuhn MG. An RFID distance bounding protocol. Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005. | en_US |
dc.identifier.citedreference | Rasmussen KB, Čapkun S. Realization of RF distance bounding. Proceedings of the USENIX Security Symposium, 2010. | en_US |
dc.identifier.citedreference | Ruhanen A, et al. Sensor‐enabled RFID tag handbook. Available online at http://www.bridge‐project.eu/data/File/BRIDGE_WP01_RFID_tag_handbook.pdf January 2008. | en_US |
dc.identifier.citedreference | Holleman J, Yeager D, Prasad R, Smith J, Otis B. NeuralWISP: an energy‐harvesting wireless neural interface with 1‐m range. Biomedical Circuits and Systems Conference (BioCAS) 2008. | en_US |
dc.identifier.citedreference | Sample A, Yeager DJ, Smith JR. A capacitive touch interface for passive RFID tags. IEEE International Conference on RFID 2009. | en_US |
dc.identifier.citedreference | Sample A, Yeager D, Powledge P, Smith J. Design of a passively‐powered, programmable sensing platform for UHF RFID systems. IEEE International Conference on RFID, 2007. | en_US |
dc.identifier.citedreference | Smith JR, Powledge PS, Roy S, Mamishev A. A wirelessly‐powered platform for sensing and computation. 8th International Conference on Ubiquitous Computing ( UbiComp ), 2006. | en_US |
dc.identifier.citedreference | Buettner M, Greenstein B, Sample A, Smith JR, Wetherall D. Revisiting smart dust with RFID sensor networks. ACM Workshop on Hot Topics in Networks ( Hotnets‐VII ), 2008. | en_US |
dc.identifier.citedreference | Isik MT, Akan OB. Wireless passive sensor networks. IEEE Communication Magazine August 2009; 47 ( 8 ): 92 – 99. | en_US |
dc.identifier.citedreference | Czeskis A, Koscher K, Smith J, Kohno T. RFIDs and secret handshakes: defending against ghost‐and‐leech attacks and unauthorized reads with context‐aware communications. ACM Conference on Computer and Communications Security, 2008. | en_US |
dc.identifier.citedreference | Wagner D. Privacy in pervasive computing: what can technologists do? Invited talk, SECURECOMM 2005. Available online at http://www.cs.berkeley.edu/daw/talks/SECCOM05.ppt September 2005. | en_US |
dc.identifier.citedreference | Buettner M, Prasad R, Philipose M, Wetherall D. Recognizing daily activities with RFID‐based sensors. International Conference on Ubiquitous Computing ( UbiComp ), 2009. | en_US |
dc.identifier.citedreference | WISP Wiki. http://wisp.wikispaces.com | en_US |
dc.identifier.citedreference | Yeager D, Prasad R, Wetherall D, Powledge P, Smith J. Wirelessly‐charged UHF tags for sensor data collection. IEEE International Conference on RFID, 2008. | en_US |
dc.identifier.citedreference | Yeager D, Holleman J, Prasad R, Smith JR, Otis B. NeuralWISP: A Wirelessly‐Powered Neural Interface with 1‐m Range. To appear in IEEE Transactions on Biomedical Circuits and Systems. | en_US |
dc.identifier.citedreference | Halperin D, Heydt‐Benjamin TS, Ransford B, Clark SS, Defend B, Morgan W, Fu K, Kohno T, Maisel WH. Pacemakers and implantable cardiac defibrillators: software radio attacks and zero‐power defenses. IEEE Symposium on Security and Privacy, 2008. | en_US |
dc.identifier.citedreference | Honeywell. 1, 2 and 3 axis magnetic sensors. Available online at http://www51.honeywell.com/aero/common/documents/myaerospacecatalog‐documents/Defense_Brochures‐documents/HMC_1051‐1052‐1053_Data_Sheet.pdf | en_US |
dc.identifier.citedreference | Servoflo Corporation. New micro altimeter ms5607 for barometric pressure measurement. Available online at http://www.servoflo.com/news/295‐new‐5607‐barometric‐pressure‐sensor.html | en_US |
dc.identifier.citedreference | ST.com. MP34DB01 MEMS audio sensor omnidirectional digital microphone. Available online at http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/DATASHEET/CD00284650.pdf April 2011. | en_US |
dc.owningcollname | Interdisciplinary and Peer-Reviewed |
Files in this item
Remediation of Harmful Language
The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.
Accessibility
If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.