RFID安全方面的一些论文资源-CSDN文库

共8个文件

pdf：8个

,Hash

chain,

Tree

based

5星 · 超过95%的资源需积分: 9 117 浏览量 2009-05-12 20:00:09 上传评论收藏 6.42MB ZIP 举报

资源推荐

资源详情

资源评论

收起资源包目录

RFID 安全论文打包.zip （8个子文件）

dom oracles are practical a paradigm for designing efficient protocols.pdf 1.11MB

Defining strong privacy for rfid.pdf 378KB

Enhancement of the RFID security method with ownership transfer.pdf 68KB

How to construct random functions.pdf 1.28MB

EPC RFID Tags in Security Applications.pdf 2.21MB

Finding popular categories for RFID tags.pdf 448KB

Information Theory and Anonymity.pdf 93KB

Iolus a framework for scalable secure multicasting.pdf 1.62MB

EPC RFID Tags in Security Applications:

Passport Cards, Enhanced Drivers Licenses, and Beyond

Karl Koscher

University of Washington

Ari Juels

RSA Labs

Tadayoshi Kohno

University of Washington

Vjekoslav Brajkovic

University of Washington

ABSTRACT

EPC (Electronic Product Code) tags are industry-standard

RFID devices poised to supplant optical barcodes in many

applications. They are prevalent in case and pallet track-

ing, and also percolating into individual consumer items and

border-crossing documents.

In this paper, we explore the systemic risks and challenges

created by increasingly common use of EPC for security ap-

plications. As a central case study, we examine the recently

issued United States Passport Card and Washington State

“enhanced” drivers license (WA EDL), both of which incor-

porate Gen-2 EPC tags. We explore several issues:

1. Cloning: We report on the data format of Passport

Cards and WA EDLs and demonstrate their apparent

susceptibility to straightforward cloning into oﬀ-the-

shelf EPC tags. We show that a key anti-cloning fea-

ture proposed by the U.S. Department of Homeland

Security (the tag-unique TID) remains undeployed in

these cards.

2. Read ranges: We detail experiments on the read-

range of Passport Cards and WA EDLs across a vari-

ety of physical conﬁgurations. These read ranges help

characterize both issues regarding owner privacy and

vulnerability to clandestine “skimming” and cloning.

3. Design drift: We ﬁnd that unlike Passport Cards,

WA EDLs are vulnerable to scanning while placed in

protective sleeves, and also to denial-of-service attacks

and covert-channel attacks.

We consider the implications of these vulnerabilities to

overall system security, and oﬀer suggestions for improve-

ment. We also demonstrate anti-cloning techniques for oﬀ-

the-shelf EPC tags, overcoming practical challenges in a pre-

vious proposal to co-opt the EPC “kill” command to achieve

tag authentication.

Our aim in this paper is to ﬁll a vacuum of experimen-

tally grounded guidance on security applications for EPC

tags not just in identity documents, but more broadly in

the authentication of objects and people.

Key words: authentication, cloning, EPC, PASS,

passport card, RFID, WHTI.

1. INTRODUCTION

EPC (Electronic Product Code) tags [19] are RFID de-

vices poised to supplant optical barcodes in a wide variety

of applications. Today EPC tags ﬁgure most prominently

in the tracking of cases and pallets in supply chains. Propo-

nents of the technology envision a future in which tagging

of individual items facilitates a full life-cycle of automation

from shop ﬂoors to retail points of sale, in home appliances,

and through to recycling facilities.

As one example of this application, EPC tags are see-

ing a landmark deployment this year in the U.S. in identity

documents used at national border crossings. The United

States Passport Card (also known as the PASS Card), a

land-border and seaport entry document ﬁrst issued in the

summer of 2008, incorporates an EPC tag. This identity

document was issued in response to the Western Hemisphere

Travel Initiative (WHTI) [46], which, among others, phases

out exemptions in document requirements for border cross-

ing (previously, United States and Canadian citizens only

had to present photo ID and a birth certiﬁcate). Certain

states have issued or plan to issue Enhanced Drivers Li-

censes (EDLs), WHTI-compliant documents, which will also

make use of EPC. Washington State started issuing EDLs in

early 2008 [32], with New York State following in September

2008 [2].

To date, the only form of EPC ratiﬁed as a technical stan-

dard by EPCglobal, the body that oversees EPC develop-

ment, is the Class-1 Gen-2 tag. (For brevity, we refer to

this tag simply as a “Gen-2” or “EPC” tag in this paper.)

Passport Cards and other WHTI documents will incorpo-

rate this type of EPC tag, and it is likely to see the greatest

use in barcode-type RFID applications as well for some time

to come. EPC tags are attractive for their low cost (below

ten U.S. cents each). Also, thanks to their operation in the

Ultra-High Frequency (UHF) spectrum (860–960 Mhz), they

have a relatively long read range—tens of feet under benign

conditions [39].

Gen-2 tags, however, are essentially wireless barcodes,

with no speciﬁc provisions to meet security and privacy

needs. Just as their optical counterparts are subject to pho-

tocopying, Gen-2 EPC tags are vulnerable to cloning attacks

in which their publicly visible data are scanned (“skimmed”)

by an adversary and then transferred to a clone device—be

it another tag or a more sophisticated emulator.

1.1 Our contribution: vulnerability analysis

In this paper, we consider the use of EPC tags in security

applications. We emphasize a systemic approach, examining

low-level security features and discussing their signiﬁcance in

potential real-world deployment scenarios. We realize that

not all of these attacks will be applicable all the time in

the U.S. border crossing scenarios, but we feel that they

may be applicable at some times if appropriate procedures

are not in place, or may be applicable to other countries

wishing to deploy similar technologies. We focus on Passport

Cards and EDLs as an important case study in the use of

EPC for security applications, and an early example of EPC

deployment with unequivocal security requirements.

In its ﬁnal rule on the Passport Card [3], the Depart-

ment of State acknowledged a range of objections expressed

in responses to its proposed rule of 2006 [4]; four Members

of Congress expressed concerns about the security and pri-

vacy of the Passport Card. The Department indicated that

many commenters did not understand “the business model

that WHTI is designed to meet,” and cited a need for simul-

taneous reading of multiple EPC tags as a motivation for its

choice of EPC (“vicinity read RFID”) as well as the technol-

ogy’s amenability to passenger pre-processing, i.e., its rela-

tively long read range. (“Proximity-read” RFID devices, i.e.,

contactless smartcards, do not have these beneﬁts, and some

other classes of RFIDs only have the former beneﬁt but not

the latter.) The Department additionally noted that on May

1, 2007, the National Institute for Standards and Technology

(NIST) certiﬁed the Passport Card as, “meeting or exceed-

ing ISO security standards... and the best available practices

for protection of personal identiﬁcation documents.” Finally,

the Department observed that Passport Cards will not carry

personally identiﬁable information, and will be issued with

protective sleeves, radio-opaque envelopes that help prevent

unwanted scanning.

We have obtained a Passport Card and two Washington

State EDLs for our experiments. We show ﬁrst that the pub-

licly readable data in both types of identity document can

be straightforwardly cloned after a single read. Signiﬁcantly,

our analysis shows that Passport Cards and Washington

State EDLs do not carry tag-unique, or even system-unique

TIDs, but instead bear generic manufacturer codes.

The

Tag Identiﬁer (TID) of an EPC, a tag-speciﬁc serial num-

ber that may be factory programmed, is often held forth as

an anti-cloning mechanism for EPC tags. In its Privacy Im-

pact Assessment of the Passport Card, the U.S. Department

of Homeland Security (DHS) in fact highlights tag-speciﬁc

TIDs as a “powerful tool” for anti-counterfeiting [31]. As

Passport Cards and Washington State EDLs do not carry

specially formulated TIDs, however, their readable contents

are subject to direct copying into another oﬀ-the-shelf EPC

tag.

Our observations about cloning only apply to a tag’s pub-

licly readable data. Tags contain some private data in the

form of PINs, which may be tag unique. Hence it is pos-

sible in principle (although improbable in our view) that

a weak form of access-based authentication—an unortho-

dox security protocol we describe below—is in use at border

crossings. In this case, reliable tag cloning would require

either eavesdropping on a tag interrogation at the border or

physically invasive attacks on a target identity document.

Without ourselves eavesdropping on a tag interrogation at

DHS claims that they learned of the existence of tag-unique

TIDs too late to be incorporated into these cards, but have

recommended its inclusion in future WHTI-compliant doc-

uments, including EDLs from other states.

a border crossing, we are unable to determine whether or

not this technique is being deployed. We note, though, that

access-based authentication is not an explicitly supported

feature for EPC tags. The only reference to the technique

of which we are aware is a research paper [21]. Other tech-

niques, such as detection of unique radio ﬁngerprints [14] are

also a possibility in principle, but in practice very challeng-

ing for highly constrained devices such as RFID tags.

Given the ostensible vulnerability of identity documents

and other Gen-2 EPC-tagged items to cloning, a key security

issue is the range at which an EPC tag is subject to clan-

destine reading. As owners may be expected to carry their

tags in any of a variety of diﬀerent circumstances, we explore

read ranges within several diﬀerent physical environments.

We ﬁnd that both Passport Cards and EDLs are subject to

reading at a distance of at least 50 meters under optimal scan

conditions (down a long hallway, but still operating within

FCC limits). Surprisingly, although the human body—its

constituent water, in particular—is known to interfere with

EPC tag reading, we ﬁnd that an EDL in a wallet near the

body is still subject to scanning at a distance of at least two

meters. We ﬁnd that the Passport Card is not readable in

a well maintained protective sleeve—although it is readable

under certain circumstances in a crumpled sleeve. Most sur-

prisingly, perhaps, we ﬁnd that an EDL in a protective sleeve

is readable at a distance of some tens of centimeters. To the

best of our knowledge, our work here in fact represents the

ﬁrst multifaceted characterization of EPC read ranges from

the vantage point of privacy.

Our scanning experiments have a bearing not just on cloning,

but also on owner privacy: While the tags do not contain

personally identiﬁable information, they do contain unique

serial numbers that can support clandestine tracking [22].

Of course, other wireless devices, like Bluetooth peripher-

als [20], 802.11 [15], and ANT [36], are similar in this regard,

though the exposure for Passport Cards and EDLs may be

greater due to their usage models.

We also ﬁnd evidence that EDLs are vulnerable to denial-

of-service and covert-channel attacks. These vulnerabilities

stem from issuance of the cards without protection of the

PIN for their tag-disablement feature, the “kill” command.

Passport Cards do not have similar weaknesses. These ﬂaws,

along with EDLs’ heightened susceptibility to in-sleeve scan-

ning, would seem to point to either a form of design drift in

which technical protections implemented at the federal level

did not beneﬁt Washington State in the extension to EDLs,

or the risks associated with implementing a technology be-

fore the precise security requirements have been ﬁnalized.

1.2 Our contribution: countermeasures and

recommendations

We emphasize that the security impact of tag vulnerabil-

ities depends upon the operational environment. Copying

of a Passport Card or EDL does not automatically ensure

successful use at a border crossing. The card is linked via a

back-end system to a photo of its bearer which border agents

use for conﬁrmation of traveler identities. Hence, we discuss

the systemic signiﬁcance of the vulnerabilities we have iden-

tiﬁed.

We argue that Passport Cards and EDLs will play a role in

the border-crossing process that may give impactful promi-

nence to the data contained in the EPC tags. Like many

security processes, the passenger screening process beneﬁts

from multiple layers of security, including physical inspec-

tion of passengers and documents. But as the EPC code

can trigger a watchlist lookup, it serves as a frontline mech-

anism for passenger screening. As we discuss in section 5.1,

the literature on cognitive biases suggests a risk that the

EPC-layer of the security system will exercise undue inﬂu-

ence over passenger screening.

We argue that even if EPC-enabled identity documents

provide adequate security at border crossings, they create

a system with delicate dependence on well conceived and

tightly executed border crossing procedures and card is-

suance. Our observations on the relative weakness of EDL

in comparison with Passport Cards, for example, support

the idea that states may not be as well equipped to enforce

good security practices around document issuance as DHS,

or that there was or is not suﬃcient guidance from the DHS.

Given these concerns, we review the operational environ-

ment of the Passport Cards / EDLs and oﬀer some basic pro-

cedural recommendations for the use of EPC-enabled iden-

tity documents and some technical recommendations. With

this constructive motivation, we show that the elementary

security features in EPC tags can be co-opted to serve as a

deterrent to cloning. EPC tags include PIN-based protec-

tions both on tag disablement (“killing”) and modiﬁcation

of tag data contents. Previous research [21] proposed tech-

niques for co-opting these features in the service of tag au-

thentication, i.e., anti-counterfeiting, but oﬀered no exper-

imental validation. We demonstrate that implementation

of “kill” co-opting techniques is indeed feasible in deployed

tags, but presents some delicate technical challenges. We ex-

plore some promising initial approaches to overcoming these

challenges.

We believe that the lessons drawn from our case study in

this paper will provide valuable guidance for the deployment

of EPC tags in many security applications beyond border-

crossing, such as anti-counterfeiting and secure item pedi-

grees for pharmaceutical supply chains [45].

Organization

In section 2, we brieﬂy review related work on RFID se-

curity. We present our observations on the data format of

the Washington State EDL and Passport Cards in section 3.

We describe our exploration of defensive techniques in sec-

tion 4. In section 5, we brieﬂy consider the operational en-

vironment of the Passport Card / EDL and oﬀering some

procedural recommendations to prevent the use of cloned

documents. We conclude in section 6 with a brief discussion

of the broader implications of our ﬁndings. In the paper ap-

pendix, we provide supplementary data for our experiments,

and also images of the antennas embedded in a Passport

Card and EDL.

2. RELATED WORK

There have been a number of radio-layer cloning attacks

against RFID tags. Westhues developed a device called the

Proxmark that he successfully used to clone both proxim-

ity cards [48] as well as the VeriChip

T M

[16], a human-

implantable RFID tag. The devices targeted by Westhues

emit static identiﬁers, i.e., they are essentially wireless bar-

codes. Class-1 Gen-2 EPC tags are similar in ﬂavor to these

devices, but operate in a much higher frequency band for

which signal-processing is more complicated.

Bono et al. [8] reverse engineered and mounted brute-force

key-cracking attacks against the Texas Instruments DST,

a cryptographically enabled RFID device with short (40-

bit) keys. Similarly, Nohl et al. [27] have recently reverse-

engineered the Philips Mifare RFID tag and revealed struc-

tural weaknesses in its cipher and random-number genera-

tor. Heydt-Benjamin et al. [17] demonstrated cloning at-

tacks against a set of ﬁrst-generation RFID-enabled credit

cards.

RFID tags saw their ﬁrst prominent appearance in iden-

tity documents as additions to e-passports. Grunwald [30]

cloned the chip in an RFID-enabled passport in the fullest

sense, transferring the data from one chip to another. Juels,

Molnar, and Wagner [23] discuss the security implications of

e-passport cloning. E-passports diﬀer from Passport Cards

in that they perform cryptographic authentication. The

Smart Card Alliance, among other organizations, noted the

risks of EPC cloning in its response to the initial DHS WHTI

proposal [5].

Some commercially available RFID tags include strong

cryptography for challenge-response authentication. These

tend to be relatively expensive and have constrained range.

The literature is replete with techniques for implementing

lower-cost cryptography in RFID tags. See, e.g., [22] for a

survey and [7] for an up-to-date bibliography.

In view of the prevalence of Gen-2 EPC tags, Juels [21]

proposed techniques for authenticating these tags using two

existing commands, KILL and ACCESS. In section 4, we

report on our implementation of these techniques and the

practical challenges they pose.

3. EXPERIMENTAL EVALUATION OF PASS-

PORT CARD AND EDLS

3.1 Weakness in the TID-based anti-cloning

mechanism

As mentioned above, EPC tags contain a data ﬁeld known

as the Tag Identiﬁer (TID). At the discretion of the EPC

manufacturer, this value may be factory programmed and

locked, thereby ensuring that tags have permanent unique

identities and (theoretically) cannot be cross-copied.

In its Privacy Impact Assessment (PIA) on the Passport

Card [31], the United States Department of Homeland Se-

curity posits that:

...the risk of cloning RFID enabled cards and

an impostor with similar physical features gain-

ing illegal entry into the U.S., while unlikely, is

real. Fortunately, there is a powerful tool that

can be used to remove the risk of cloning. This

tool is the Tag Identiﬁer, or TID. The TID is

available on all Gen 2 RFID tags.

However, the Gen-2 standard only requires that the TID

identify the manufacturer, as well as enough additional in-

formation to determine the tag’s capabilities. In particu-

lar, two classes of TIDs are deﬁned: the E0

class, where

the TID consists of a manufacturer ID and a 48-bit serial

number, and the E2

class, which merely deﬁnes the man-

ufacturer and model. The TID reported by our Passport

Card is E2 00 34 11 FF B8 00 00 00 02, which corre-

sponds to an E2

-class Alien Higgs tag. [28] states that the

bytes after the manufacturer and model IDs (starting with

FF) are Alien-speciﬁc conﬁguration values, and using a new

Higgs tag, we experimentally veriﬁed that the ﬁrst three

nibbles correspond to the tag’s lock conﬁguration. The TID

reported by our Washington State EDLs is E2 00 10 50,

which corresponds to an E2

-class Impinj Monza chip.

To conﬁrm that these TIDs do not confer anti-counterfeiting

protection, we have cloned both a Passport Card and a

Washington State EDL onto commercially-available, oﬀ-the-

shelf tags from the same manufacturers as the originals. By

cloned, we mean that the EPC and TID values are reported

identically by the clone tags.

Additionally, we inferred the

lock state of both card types and duplicated that as well.

Provided that the Passport Card or Washington State EDL

do not implement additional, undocumented functionality,

the only contents that we were unable to clone were the

ACCESS PIN on both cards, and the KILL PIN of the Pass-

port Card. The TID therefore does not serve as the basic

anti-cloning tool as envisioned by DHS. One explanation for

this might be the fact that, via personal communications,

the DHS has informed us that they learned of the existence

of tag-unique TIDs too late to be incorporated into these

cards.

We further maintain that the characterization of the full,

tag-speciﬁc TID as a powerful anti-cloning tool is overly san-

guine in the long term. While such tag-speciﬁc TIDs may

prevent simple copying of one EPC into another, it does not

prevent the emulation of an EPC tag in another radio de-

vice. In other words, the TID may (or may not) help prevent

physical copying of an EPC tag, but it certainly does not

prevent logical copying.

An ordinary RFID reader makes

no distinction between a tag embodied in a ﬂake of silicon

and one emulated by a larger, more powerfully instrumented

platform.

A number of general-purpose tag emulation platforms such

as OpenPCD [34] and the RFID Guardian [35] already ex-

ist for HF tags. It is just a matter of time before similar

tools emerge for Gen-2 EPC tags. The Intel WISP [41],

for instance, is a physically compact RFID platform with

a fully programmable microprocessor that operates in the

UHF domain as a Gen-1 EPC tag. Release is planned in the

near future of Gen-2 EPC WISP. Thus, emulator devices are

likely to be broadly accessible in coming years.

The decision to forego the security oﬀered by the TID

in the Washington State EDL and Passport Card thus in-

creases the short-term risks of cloning, as it eliminates a

basic protection against the straightforward copying of pub-

licly viewable values into a fresh Gen-2 tag. In the longer

term, commercially-available emulator devices may reduce

the protective value of tag-speciﬁc TIDs. That said, the TID

may still have some longer-term value as a countermeasure

to easy cloning of EDLs and Passport Cards into devices

with the same form factor, i.e., Gen-2-equipped cards.

However, cloning a tag’s EPC and TID may not be suf-

ﬁcient for an adversary’s purposes; e.g., in some cases an

adversary may also need to produce a false card itself.

There are well documented, low-cost attacks against smart-

cards, which possess tamper-resistance features well beyond

those of EPC tags; see, e.g., [6]. It therefore seems probable

that an attacker with modest resources can use physically

invasive techniques to alter the data in an EPC tag. And

if only one manufacturer makes Gen-2 tags available with

programmable TIDs, they can act as clones for any manu-

facturer’s tags.

3.2 Other memory banks

Assuming the Gen-2 tags in the EDL and Passport Card

are identical to the commercial, oﬀ-the-shelf tags indicated

by their TID, the only read-protected piece of memory on

the cards is the KILL PIN on the Passport Card, and the

ACCESS PIN on both. We have experimentally veriﬁed that

the entire EPC memory bank (which contains the card’s

unique EPC value) is readable, as is the TID memory bank.

The Impinj Monza chip does not have a User memory bank,

and the Alien Higgs-2 chip only uses a User memory bank

when the KILL and ACCESS PINs are not used [28]. We

have also veriﬁed that the cards report a “no such memory

location” error when attempting to read words we do not

expect to be present (such as the User memory bank).

3.3 Kill-PIN selection

The KILL PIN is unprogrammed and not locked on the

Washington State EDLs. We have veriﬁed that we can di-

rectly write this 32-bit KILL PIN. We have not veriﬁed that

we can in fact kill an EDL (an experiment that would be

detrimental to its owner). We have veriﬁed our ability, how-

ever, to kill a cloned EDL with an identical Gen-2 tag model,

an Impinj Monza, over the air. Thus, unless the Washing-

ton State EDL Gen-2 tag is specially manufactured—which

seems unlikely, given the presence of a generic TID—it is

subject to over-the-air killing by any reader.

Alternatively, an attacker can exploit the KILL PIN as a

covert channel. She can set it as desired, thereby “marking”

the EDL bearer with a 32-bit value accessible to any other

reader.

3.4 Read-range experiments

Read ranges are a major determinant of the vulnerability

of an EDL or Passport Card to clandestine cloning attacks,

as well as attacks against privacy. As explained above, a

single scan of a tag in either type of identity document is

suﬃcient to create a clone. In an attempt to mitigate result-

ing privacy concerns, the United States Department of State

provides radio-opaque shielding sleeves with each Passport

Card. These sleeves attenuate the distance at which a card

may be read. Similarly, Washington State is making protec-

tive sleeves available to holders of its EDLs.

It is uncertain that EDL and Passport Card bearers will

consistently use their protective sleeves. These documents

require security hygiene beyond that of other commonly car-

ried cards, demanding from bearers heightened vigilance and

tolerance of inconvenience. In section 5.1, we brieﬂy exam-

ine the relevant literature on the psychology of fear appeals.

This body of research suggests that the abstract warnings

accompanying EDLs and Passport Cards, e.g., the injunc-

tion on the Passport Card sleeve that, “Your Passport Card

should be kept in its protective sleeve when not in use,” may

be relatively ineﬀective in stimulating sleeve use. Addition-

ally, as shown recently by King and Mcdiarmid [25], most

bearers do not have accurate mental models of RFID pri-

vacy and security, and are therefore ill-equipped to make

informed decisions about tag management.

The eﬀective read ranges of protected and unprotected

EDLs and Passport Cards in everyday environments there-

fore both have a strong bearing on the overall security of the

border-crossing system, as well as on the privacy of people

with these cards.

While deployers of Gen-2 EPC tags typically cite a reli-

Figure 1: The sleeves used for our shielded distance

tests. The crumpled sleeve is in the foreground, with

the new sleeve behind it.

able operational range of tens of feet [39], read ranges can

vary considerably as a function of the material to which a

tag is aﬃxed, the conﬁguration of the interrogating reader,

and the physical characteristics of the ambient scanning en-

vironment.

We evaluated the read range of the Passport Card and

Washington State EDL in several diﬀerent physical environ-

ments, namely: (A) Indoors, freestanding, but with other

objects nearby; (B) Indoors, in a corridor, with no other

nearby objects; and (C) Outdoors in freespace. In all en-

vironments, we also evaluated various ways of carrying the

cards, namely: (1) Held away from the body; (2) Inside a

purse; both inside a wallet and in a side pocket; (3) In a

backpack; (4) In a wallet in a back trouser pocket; (5) In a

wallet in a front shorts pocket; and (6) Adjacent to a wallet

in a front shorts pocket. The wallet contained 14 magnetic

stripe cards, two non-magnetic stripe plastic cards, nine pa-

per cards, and approximately six dollar bills.

To evaluate the eﬀectiveness of radio-opaque protective

sleeves, we measured the maximum read range in a variety

of situations, namely: (i) In a new sleeve, held out by hand;

(ii) In a crumpled sleeve, held out by hand; (iii) In a new

sleeve, in a wallet in a back trouser pocket; and (iv) In a

crumpled sleeve, in a wallet in a back trouser pocket.

We used Secure Sleeves

T M

from Identity Stonghold, the

manufacturer supplying sleeves for both the Passport Card

and the Washington State EDL [1, 43, 44]. The sleeves are

shown in Figure 1. We do not expect the ambient environ-

ment to impact the read ranges in these tests, as the ranges

are relatively short, so all shielded experiments were per-

formed in the lab. We also experimented with the EDL in a

sleeve obtained from the State of Washington and with the

Passport Card in a sleeve obtained from Passport Services,

and we report on these experiments as well.

To perform these experiments, we used an Impinj Speed-

way R1000 reader, with a Cushcraft S9028PCL circularly-

polarized antenna. The eﬀective radiated power of the an-

tenna was 36 dBm, the maximum allowed by the FCC. The

center of the antenna was 88 cm oﬀ the ground, and the

cards were placed directly in front of the antenna. We mea-

sured the maximum distance at which we could read the

cards when held in place for up to ﬁve seconds. We report

these maximum distances in Table 1 (unshielded), Table 2

(shielded with the purchased Secure Sleeves

T M

), and Ta-

New Sleeve Crumpled Sleeve

EDL PC EDL PC

Freespace 20 cm No Reads 29 cm 34 cm

Back wallet 27 cm No Reads 57 cm No Reads

Table 2: Maximum read range in a Secure Sleeves

T M

shielded sleeve

New Sleeve Crumpled Sleeve

EDL PC EDL PC

Freespace 62 cm No Reads 63 cm No Reads

Back wallet No Reads No Reads

Table 3: Maximum read range in shielded sleeve

provided for use with the speciﬁc cards; at the time

of this writing the wallet was not available for us

to complete the measurements with the provided

sleeve and the EDL in a wallet

ble 3 (shielded with the sleeves provided for use with the

respective cards).

Remarks. An RFID tag has not a single read range, but

in eﬀect has multiple “read ranges,” depending on the op-

erational scenario [22]. The range of main interest in most

(benign) cases is that at which a reader can directly interro-

gate a tag. In a security context, though, the“eavesdropping

range” is another of interest. This is the distance from which

a rogue reader can intercept the reply of a tag to a legiti-

mate, interrogating reader. Eavesdropping is feasible at a

much greater distance than direct tag interrogation, as the

eavesdropping reader need not be close enough to the tag

to power it. Eavesdropping is also a passive activity, un-

detectable by radio-monitoring devices. Eavesdropping on

an EDL or Passport Card interrogation is suﬃcient to en-

able successful cloning as well as privacy attacks. We have

not yet conducted experiments on the eavesdropping ranges

for EDLs and Passport Cards. Such experiments would at

present require specialized ﬁrmware or equipment, as eaves-

dropping is not supported by oﬀ-the-shelf commercial read-

ers.

4. DEFENSIVE DIRECTIONS

4.1 Backward-compatible defenses against cloning

The Class-1 Gen-2 speciﬁcation has no explicit anti-cloning

features [19]. For this reason, Juels [21] proposes the co-

opting of two Gen-2 access-control commands for authenti-

cation of tags, summarized as follows:

1. The KILL command. KILL is an EPC feature de-

signed to protect consumer privacy by allowing tags to be

disabled at the point of sale in retail environments. As a

mandatory part of the standard, KILL is implemented (to

the best of our knowledge) in all Class-1 Gen-2 EPC tags.

When a tag successfully receives the KILL command along

with a tag-speciﬁc 32-bit KILL PIN P

kill

, it becomes perma-

In a few situations, we exhausted the space available to us

in our experimental environment—i.e., backed ourselves into

a wall—before we could ﬁnd the maximum distance. These

situations are denoted with a +.

评论收藏

内容反馈

rhg88888

2013-03-12

写的还可以，只是软件部分我需要的少点儿

sakesiboy

粉丝: 0
资源: 1

RFID安全方面的一些论文

RFID攻击方面的论文合集

一些有关本体方面的论文

计算机安全方面相关论文

论文研究 - 基于植被生态动态特征的森林组织（一些方法论方面）

一些期刊上的关于MATLAB应用方面的论文

论文研究-防止跟踪的高效RFID安全协议 .pdf

RFID HB协议

基于NTRU密码体制的RFID安全协议 (2014年)

客户界面上的 RFID：隐私问题-研究论文

论文研究 - 太空中海洋生物发光配准的一些理论和应用方面

发那科_DCS_中文说明书解决一些FANUC安全配置方面的问题.zip

两个威慑力量的故事：考虑绝对和限制性威慑在激发行为和组织安全研究新方向方面的作用-研究论文

“尊敬的您在安全和服务方面”-应急管理和社交媒体传播-研究论文

提供一些教育学方面的论文题目.doc

论文研究-基于二次剩余的RFID标签所有权动态转移协议.pdf

基于 RFID (IoT) 的自动考勤系统：调查分析-研究论文

论文研究-基于NTRU的RFID三方认证协议研究.pdf

使用 RFID 的图书馆自动化图书管理和跟踪系统-研究论文

物联网感知层中RFID的信息安全对策研究 (2010年)

WiMAX安全方面的一些基本知识

施工安全方面的论文.doc

收集的一些SATA协议方面的论文，个人感觉不错

论文研究-一种面向方面的网格安全模型研究.pdf

云安全方面的经典论文

基于RFID的物联网安全性研究 (2014年)

无线射频识别技术（RFID）

RFID技术中的基于物联网的智能化物流仓储管理系统设计方案

基于PUF的RFID 协议分析与改进 (2011年)

论文研究-基于字合成运算的移动双向认证协议.pdf

最新资源