Abstract
Many RFID tags store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking, or impersonation. RFID tags are also susceptible to different forms of relay attacks. This paper presents novel sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without necessitating any changes to the traditional RFID usage model. Specifically, this paper proposes the use of cyber-physical interfaces, on-board tag sensors, to (automatically) acquire useful contextual information about the tag's environment (or its owner, or the tag itself). First, such context recognition is leveraged for the purpose of selective tag unlocking-the tag will respond selectively to reader interrogations. In particular, novel mechanisms based on an owner's posture recognition are presented. Second, context recognition is used as a basis for transaction verification in order to provide protection against a severe form of relay attacks involving malicious RFID readers. A new mechanism is developed that can determine the proximity between a valid tag and a valid reader by correlating certain (specifically audio) sensor data extracted from the two devices. Our evaluation of the proposed mechanisms demonstrate their feasibility in significantly raising the bar against RFID attacks.
Highlights
T HE low cost, small size, and the ability of allowing computerized identification of objects make Radio Frequency IDentification (RFID) systems increasingly ubiquitous in both public and private domains
Wireless Identification and Sensing Platform (WISP) are passively-powered RFID tags that are compliant with the Electronic Product Code (EPC) protocol
WISP is chosen as our test platform because: (1) it is the only existing programmable UHF RFID device, and (2) it has an extensible hardware architecture which allows for integration of new sensors
Summary
T HE low cost, small size, and the ability of allowing computerized identification of objects make Radio Frequency IDentification (RFID) systems increasingly ubiquitous in both public and private domains. A typical RFID system consists of tags, readers and/or back-end servers. Due to the inherent weaknesses of underlying wireless radio communication, RFID systems are plagued with a wide variety of security and privacy threats [18]. A large number of these threats are due to the tag’s promiscuous response to any reader requests. This renders sensitive tag information subject to unauthorized reading [14]. Information (such as an identifier) gleaned from an RFID tag can be used to track the owner of the tag, or to clone the tag so that an adversary can impersonate the tag’s owner [18]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
