rfid privacy & security issues

Radio Frequency Identification:

Privacy & Security Issues

Brent Muir

2009

MUIR RFID: Privacy & Security 2009

Executive Summary

This report examines the privacy and security issues surrounding RFID

implementations in a real-world context. A discussion of the history and

development of RFID systems, from its origins in the military to its increasing

pervasive nature, allows the reader to better understand the motivations involved if

organisations wish to implement RFID. A brief overview of the technical parameters

of RFID is then explained. Practical uses of RFID from supply-chain management to

health care services are briefly mentioned highlighting the diverse usages of this

technology. Potential privacy and security issues relating to RFID are analysed,

including the ability to track individuals via RFID tags and the cloning of RFID tags.

These privacy and security issues are further highlighted through an in-depth

examination of two case studies: the Mifare Classic, and ePassports. Both these case

studies bring to light the vulnerabilities involved when implementing RFID systems,

in particular whether or not there is a need to store personal information on the

RFID tags as well as the strength of the cryptographic security methods utilised to

protect this information.


Table of contents

Introduction.......................................................................................................... 4

What is RFID ......................................................................................................... 5

How RFID Works ................................................................................................... 7

Implementations of RFID ...................................................................................... 8

Privacy Issues ....................................................................................................... 12

Security Issues ..................................................................................................... 18

Case Studies:........................................................................................................ 23

Translink - Mifare Classic ................................................................................. 23 US/AUS ePassports .......................................................................................... 32

Conclusion ........................................................................................................... 36

Reference List ...................................................................................................... 37

4


Introduction

Since its development, Radio Frequency Identification (RFID) has evolved to a point

where the technologies can be embedded under the skin of humans and, more

likely, to a point where people in developed nations carry at least one RFID

implementation in their wallet or purse. RFID has replaced many ageing technologies

such as barcodes and magnetic swipe cards, and this advancement of pervasive

technology has led to many security and privacy concerns. This paper will examine

these concerns and analyse the risks involved with using RFID technologies.

Before discussing the security and privacy concerns, the paper will give a brief

description of the history of RFID technology. This will be followed by a detailed

examination into the electronic components that compose RFID technologies.

Thirdly a brief mention of current RFID implementations across various fields will be

discussed. Then the privacy and security issues will be able to be examined, focusing

on the potential and real-world issues at hand. Lastly, two case studies will be

analysed: Translink's “Mifare Classic” RFID system (aka the “GO Card”); and a critical

analysis of the US and Australian ePassports (“Enhanced Identification”) RFID

systems. These two case studies will highlight the potential security and privacy

issues related to RFID implementations. Before delving into the security and privacy

issues, RFID technology needs to be explained in greater detail.

5


What is RFID

Radio Frequency Identification (or RFID) has evolved from its infancy where it had

limited usage in the military into a ubiquitous technology found in everyday goods

and products. Dating back to World War II, RFID technology originated when “the

British put radio transponders in Allied aircraft to help early radar system crews

detect good guys from bad guys”1. The use of radio frequencies to assist in the

identification process was a novel idea but it wasn’t until 1973 that it became

patented2. In fact, “these early devices usually employed a one-bit system, which

only indicated the presence or absence of the tag”3.

Peslak described RFID as “an inexpensive passive electronic device that allows for the

transmission of a distinctive signal from any product or artifact in which it is

embedded or attached”4. This is, a device that is “turned-on” by receiving certain

signals or frequencies, but is otherwise “switched-off”. RFID tags have also been

described as being “essentially microchips” which, coupled with their minute size

and cost to develop, have become increasingly “commercially and technologically

viable”5.

The development of RFID in the last half-century has reached a point where the

technology is accessible for minimal cost, in fact the RFID tags can be purchased for

under $0.20 each6. This reduction in manufacturing costs has led to the adoption of

RFID technologies in a range of industries for a variety of purposes. The development

of RFID over the last half-century can be seen in table 1 below.

1 Newitz, A. (2006) The RFID Hacking Underground Wired 2 Granneman, S. (2003) RFID Chips Are Here. 3 Cardullo, M. (2005). Genesis of the versatile RFID tag. RFID Journal, 2(1), 13–15. 4 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 5 Granneman, S. (2003) RFID Chips Are Here. 6 Roberti, M. (2004). Tag Cost and ROI [Electronic Version]. RFID Journal. Retrieved 02/08/2009, from http://www.rfidjournal.com/article/articleview/796/

6


Decade Event

1940 - 1950 Radar refined and used, major World War

II development effort.

RFID invented in 1948.

1950 - 1960 Early explorations of RFID technology,

laboratory experiments.

1960 - 1970 Development of the theory of RFID.

Start of applications field trials.

1970 - 1980 Explosion of RFID development.

Tests of RFID accelerate.

Very early adopter implementations of

RFID.

1980 - 1990 Commercial applications of RFID enter

mainstream.

1990 - 2000 Emergence of standards.

RFID widely deployed.

RFID becomes a part of everyday life.

Table 1 - The Decades of RFID 7

7 Landt, J., & Catlin, B. (2001). Shrouds of Time: The history of RFID. Pittsburgh, PA,

AIM Global.

7


How RFID Works

The technology behind RFID is fairly basic, although many implementations of RFID

have improved upon its security and communication mechanisms to suit their own

needs. As stated by the Association for Automatic Identification and Mobility (AIM),

RFID is consisted of three separate components: “an antenna; an RFID tag

(programmed transponder with unique information); and a transceiver (a reader to

receive and decode the signal)”8.

The RFID tags can come in two varieties: a transponder-only tag which only allows

one-way communication to the transceiver and are often referred to as “passive”

tags; and “active” tags which allow information to be read as well as written to the

tags.

The reader or transceiver is usually the source of power and generates a low power

radio signal broadcast through an antenna when in use. The RFID tag receives the

signal through its own internal antenna and powers a computer chip. The chip will

then exchange information with the reader.9

To facilitate a transmission, these components (the antenna, the transponder and

the transceiver) communicate with one-another and produce a transaction that

results in the sending of data across the radio frequency. Glasser et. al have

explained the RFID communication process as follows:

Typically, a reader transmits radio signals that are received by an antenna to the tag.

The tag sends a unique reply signal back to the reader, which is then decoded into an

identification number. This ID number is unique to the tag. Ideally, a global set of

standards will dictate how these ID numbers are assigned and ensure that there are

no repetitions or duplications.10

These transmissions are often encrypted to provide additional security mechanisms

for the RFID systems.

8 AIM, in Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 9 AIM, in Ibid. 10 Glasser, Goodman, & Einspruch (2007) p. 101

8

MUIR N2753006 RFID: Privacy & Security October 2009

Implementations of RFID

There are numerous implementations of RFID in all facets of modern society. Many

of these implementations follow in the footsteps of the original purpose of RFID;

that is to determine whether an object is present or not, for example supply-chain

management. However, as RFID has developed new uses for the technology have

emerged. These advanced implementations, coupled with the emergence of new

uses, have led to new privacy and security issues arising.

Toll Booths

One area where RFID technology has increased productivity and decreased potential

bottlenecks is in automated toll both payment services. Instead of manually paying

for a toll at a toll booth, commuters can now drive their vehicles straight through the

toll booth without lining up to conduct a financial transaction. This is facilitated by

RFID through the use of tags that are located inside vehicles and receivers located in

the physical toll booth, so when the vehicles drive through the toll is automatically

deducted from the person's account11. However the usage of RFID in these

transactions is not without risk, Wood writes that “users of this system are leaving a

trail of data behind them... divorce courts have used highway transponder

information to find out where spouses have been traveling”12.

Financial Transactions

In addition to the toll booth implementation stated above, RFID technology has been

integrated into other financial transactions as well. In fact Glasser et. al notes that

“one of the significant potential uses of RFID is to provide a vehicle for exchanging

money without requiring people to make physical contact”13. Bray estimates that in

11 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 12 Wood in Glasser, Goodman, & Einspruch (2007) p. 105 13 Glasser, Goodman, & Einspruch (2007) p. 104

9


2006 there were “20 million RFID-enabled credit cards and 150,000 vendor readers...

already deployed in the U.S.”14.

Supply Chain Management

One of the biggest adopters of RFID technology has been in supply-chain

management in retail. Glasser et. al speculate that “one of the most anticipated

applications of RFID is using tags to replace or supplement bar codes on

manufactured products”15. Retail giant Wal-Mart in the United States has been

pushing RFID in this area since the early 2000s. In fact Peslak notes that “Wal-Mart

reemphasized its commitment to RFID over the long term by having its top 100

suppliers include tags on pallets and cases by 2005”16. Apart from the perceived

increase in productivity in their warehouses, Wal-Mart envisaged a “savings of 10–

20% in labor (sic) costs at their distribution centers (sic) through RFID”17.

RFID has not only been adopted by huge retail chains such as Wal-Mart:

One retailer who is actively using RFID is Prada, which reads tags in their clothes and

displays accessories or other information about the clothes when someone tries

them on in their display equipped dressing rooms.18

By utilising RFID technologies in this way, organisations are hoping to improve

supply-chain activities and in particular, inventory management19. One major

improvement over barcodes is that RFID tags can be individually programmed, not

just one number per product code, but one unique identifier per item. As Glasser et.

explains:

14 In Heydt-Benjamin, T. S., D. V. Bailey, et al. (2008). "Vulnerabilities in first-generation RFID-enabled credit cards." Lecture notes in computer science 4886: 2. 15 Glasser, Goodman, & Einspruch (2007) p. 102 16 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 17 Ibid 18 Cox, 2003b in Ibid 19 Ibid

10


An RFID tag... can be associated with the history of an individual item: where it was

manufactured, the date it was sold, when it was destroyed. It is also able to identify

the location of an object as well as properties such as temperature.20

Healthcare

Another important advancement utilising RFID can be seen in the healthcare

industry. Dorschner states:

Further, RFID can, at least in principle, reduce medical error by tracking surgical

tools to prevent them from being left in patients, to mark surgical sites to identify

the procedure needed and prevent wrong-sided surgery and by preventing drug

dispensing errors.21

By introducing such RFID services, the public, and the healthcare industry as a whole,

could benefit from a reduction in medical malpractice and careless mistakes.

Animal Tracking

Another important implementation of RFID is in livestock tracking. “RFID chips have

for years been implanted in animals to track livestock, locate missing pets and study

wildlife behavior”22. However it is just as easy to utilise this technology in the

tracking of humans as it is to track livestock and other animals. This has raised a few

privacy concerns. One such implementation can be found in a United Kingdom's

theme park.

Visitors to Alton Towers who purchase the service will receive an RFID band to wear

around their wrist, “marking” them to the park-wide video-capture system.23

This video surveillance system is an opt-in service that allows visitors to capture their

days' adventure in the theme park and receive a DVD movie of the fun times they

had.24

20 Glasser, Goodman, & Einspruch (2007) p. 102 21 Dorschner, in Ibid 22 Ibid 23 Tucker, P. 2006. "Fun with Surveillance." Futurist 40. 24 Ibid

11


Other privacy concerns of human tracking have arisen out of manufacturers'

integration of RFID into their products.

Michelin, which manufactures 800,000 tires a day, is going to insert RFID tags into

its tires. The tag will store a unique number for each tire, a number that will be

associated with the car's VIN (Vehicle Identification Number).25

This could lead to a scenario where your vehicle is tracked from point A to point B

without your knowledge.

25 Granneman, S. (2003) RFID Chips Are Here.

12


Privacy Issues

As touched on briefly in the previous section, RFID implementations are not without

their share of privacy issues. By examining potential and real-world RFID privacy

issues a greater understanding of the possible risks associated with RFID

implementations can be established. The main privacy concerns with RFID are the

tracking of people and their location, and the tracking of customers and their habits

by retail giants.

Tracking of People

Similar to the tracking of livestock or vehicles, the tracking of people through the use

of RFID technologies is a real threat to the privacy of individuals. RFID tags are now

small enough to be embedded under the skin of humans, or with more devious

intent, slipped into their clothing without the individual realising. Glasser et. al note

that “RFID chips intended to track humans come in two main forms: sub-dermal

implants which are injected and external tags which are worn or carried”26.

In order for the effective tracking of people through RFID to take place, governments

would have to encourage or demand that people carry certain RFID tags on their

person. An example of this has been highlighted by Garfinkel who notes that “the

Massachusetts Turnpike Authority is giving discounts to residents who pay using EZ-

Pass, a transponder system relying on radio tags”27. It is then speculated that this

decision is ‘‘discriminatory and coercive’’28. Another example of governments

pushing for RFID can be seen in the European Union (EU) where it was suggested

that the European Central Banks were investigating the placing of RFID tags into the

Euro 29. In this case the suggested reason behind the use of RFID was not to track

citizens and their use of the currency, but to stem the counterfeiting of the Euro. It is

implementations such as these that although may be altruistic in nature are easy to

manipulate for more sinister motives by people with not so friendly purposes.

26 Glasser, Goodman, & Einspruch (2007) p. 105 27 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 28 Ibid 29 The Economist, 2002 in Peslak, 2005, p. 328

13


The above example of RFID technology being utilised in the Euro never eventuated,

yet that does not mean that there aren't other RFID implementations that are

already being used to track individuals. In fact Peslak describes a scenario where

RFID is currently used to track individuals by a government body:

RFID is already being used to track and coordinate movements of people between

the U.S. and Canada. A program called NEXUS allows U.S. and Canadian citizens to

register their fingerprints, photo, and other personal data and, if approved, receive a

card with an RFID tag. When individuals wish to travel between the U.S. and Canada,

they display their cards near the inspection booth.30

Use of RFID in identification cards is not a new idea. Many governments around the

world have begun implementing RFID technologies into drivers’ licenses, passports

and even citizenship cards. Glasser et. al describe this as a major privacy concern,

“since drivers’ licenses are nearly always carried by individuals, there exists a threat

that anyone could be tracked anonymously”31. With governments adopting RFID in

official documentation, the average citizen is powerless to protect their own

personal details and privacy from being transmitted across the radio frequencies.

Indeed it has been speculated that society “may one day need to inquire whether

use of RFID technology by a government is itself grounds for identifying it as

repressive”32. Many citizens value their privacy and the United Nations “codified the

fundamental human right of privacy in 1948 within their Universal Declaration of

Human Rights”33. What this means is that any breaches by governments of the UN's

declaration can be seen as a sign of a potential totalitarian move in order to control

the masses.

Tracking of Customers and their habits

Due to the pervasiveness of the technology, RFID tracking can also be carried out

through the goods that people have purchased. The organisations which implement

30 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 31 Glasser, Goodman, & Einspruch, 2007, p. 104 32 Ibid 33 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345.

14


RFID into their products are not always trying to increase productivity in their

warehouses; more often than not the motive is to study the behaviour of their

customers. As stated by Peslak, “the privacy concerns of electronic commerce

include collection of information without user’s knowledge, sales of collected

personal information, and receipt of unsolicited information, as in spamming”34. Like

electronic commerce RFID technology can be used in this way.

The use of RFID in retail has been described as providing customers with better,

more intuitive, shopping experiences by the organisations which implement it. What

it really amounts to is an incredible customer database monitoring buying habits and

other personal data. Peslak sums up this situation by noting that “tags allow the

potential for aggregation of massive amounts of personal data based on purchases

and ownership, making personal profiling possible”35. Peslak effectively describes the

various potential privacy issues related to RFID in the retail sector, as seen below in

table 2.

Table 2 – RFID Privacy Category Framework36

An example of a breach of privacy through the use of RFID in the retail sector was

noted by Hildner:

34 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 35 Ibid 36 Ibid

15


One breach of privacy through RFID became known as the Broken Arrow Affair

where Wal-Mart along with Proctor and Gamble used this technology in tracking

consumers in the Oklahoma store when they removed Max Factor Lipfinity lipsticks

Once the item was taken from the shelf a video monitor evaluated how consumers

handled the product without their knowledge.37

Currently in the United States, where this example occurred, there is no legislation in

place requiring that labels indicate the presence of an RFID chip is in a product 38.

Other countries have introduced legislation governing the use of RFID tags in retail

products, for example Hariton et. al observed:

Canada on the other hand has implemented the Personal Information Protection and

Electronic Documents Act that requires retailers to seek consent of customers for

using RFID tags in monitoring their shopping patterns.39

However although the US lacks the legislation to monitor the use of RFID in the retail

sector, the privacy issue has not gone unnoticed. Even as far back as 2000 the

Federal Trade Commission (FTC) made recommendations into creating legislation to

govern such privacy concerns. “The FTC concluded that self-regulation was

insufficient and recommended federal legislation to ensure adequate protection of

consumer privacy online”40.

Another privacy aspect is the decommissioning of the RFID tags used in retail. Peslak

states that “perhaps the most insidious of RFID uses is the potential for post-sales

monitoring... technically; all RFID tags can be permanently read through active

readers”41. Currently there are no systems or checks in place for deactivating the

RFID tags once items are purchased. This may lead to the situation where not only is

the initial purchase monitored, but whenever the tagged item is near a transceiver

subsequent monitoring can take place. Peslak further posits:

37 Hildner, 2006 in Ibid. 38 In Ibid 39 In Ibid. 40 Federal Trade Commission, 2000 in Peslak, 2005, p. 337 41 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345.

16


At present, the tags remain in a working condition after the items to which they are

attached are purchased. The tags could subsequently be read when they encounter

an RFID transceiver. Thus, if you were to walk into a store with an RFID tagged item,

an active transceiver could activate a signal from the tag and through a series of

steps identify you, your location, and any other information about you such as

criminal history, shopping records, or credit history.42

As unlikely as this may seem, the potential for the abuse of the RFID tags that lack

decommissioning protocols is present. It has been stated that the “costs of a national

or worldwide tracking system to monitor RFID tags to individuals would be cost

prohibitive and uneconomic”, but this does not mean that it is not a possibility in the

near future43.

One solution for this privacy issue could be adopted by implementing

decommissioning protocols into the RFID tags. One such method has been proposed

that involves “a deactivation or 'kill' switch for RFID tags once items enter the retail

realm”44. In this proposal the products would have an RFID tag for the supply-chain

management (manufacturing, warehousing, and delivery) phase of their existence

but upon arrival in their final destination (retail store) the RFID tag is deactivated so

that no personally identifiable information can be gained through its use. Another

option is the inclusion of an “on–off switch that could allow benefits if the consumer

wishes but could but eliminated for those who do not want to use the benefits”45. In

this solution the consumer could decide whether or not to opt-in to having their

personal information stored when purchasing goods.

Other examples of privacy solutions in the retail sector include a type of RFID tag

developed by IBM known as the 'Clipped Tag'. This RFID tag allows consumers to tear

a portion of the tag off thus “allowing information to be transmitted just a few

42 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 43 Ibid 44 Ibid 45 Ibid

17


centimeters rather than 100 feet”46. Another development in RFID technology is to

have RFID tags embedded with a 'privacy bit' as stated by Niemelä:

An alternative is to set aside a logical bit on the RFID tag. This bit is initially off when

items are in the shop. The bit is flipped to the on position to deactivate a tag at the

point of sale. If RFID readers in shops refrain from scanning private tags, i.e., those

tags whose privacy bit is turned on, then a good measure of consumer privacy will

already be in place. Tags belonging to consumers in this case will be invisible to

shops. At the same time, tags on items on shelves.47

The potential privacy breaches imposed by not deactivating RFID tags are severe.

Glasser et. al state:

There is consequently a fear that one could remotely scan a home, purse or car and

then construct an inventory of everything inside: videos, medications, fine jewelry,

etc. The person scanning could then identify the owner of the items and gain

personal information about him or her. 48

Indeed it has been noted that the “use of RFID can potentially provide a plethora of

new information about individuals if not properly safeguarded”49. However, there

are some organisations that believe “RFID tags present no more of a threat to

privacy than cell phones, toll tags, credit cards, ATM machines, and access control

badges50. To counter potential privacy breaches it has been suggested that

organisations should be made to “obtain written consent from an individual before

any personally identifiable information is acquired... obtain written consent before

RFID data is shared with a third party”51. Nabil et. al speculates that “privacy laws will

46 Ibid. 47 Niemelä, O. P. a. M. (2009). "Humans and emerging RFID Systems: Evaluating Data Protection law on the User scenario basis." International Journal of Technology and Human Interaction Volume 5(Issue 2): 85-95. 48 Glasser, Goodman, & Einspruch (2007) p. 103 49 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345. 50 AIM in Ibid 51 Glasser, Goodman, & Einspruch (2007) p. 103

18


continue to change as society evolves and changes” and in the case of RFID the

legislation will not come soon enough52.

52 Nabil Y. Razzouk, V. S., Maria Nicolaou (2008). "CONSUMER CONCERNS REGARDING RFID PRIVACY: AN EMPIRICAL STUDY." Journal of Global Business and Technology Volume 4(Number 1, Spring ): 69-78.

19


Security Issues

Many of the privacy issues related to RFID are compounded by the addition of the

security risks associated with RFID implementations. By exploring the potential and

real-world RFID security issues a greater understanding of the possible risks

associated with RFID implementations can be established. The main security

concerns with RFID are: the cloning of RFID devices; the tempering of RFID devices;

and the cryptographic means to protect RFID devices.

As noted by Kaminsky, “the problem is that RFID technology, although good for

inventory tracking as a replacement for barcodes, is not well suited for security”53. It

is this proposition that is demonstrated by the amount of potential security issues

that exist in reference to RFID. Although it has been stated that RFID security is only

relevant if the information stored on the tags is considered valuable54. Following on

from this security issue, “one solution is to limit the technology itself – by restricting

data stored in a chip to an ID number and storing all other data in a secure

database”55. Indeed, “technical difficulties have been reported with RFID including

tag collisions, tag failure, and tag detuning” with each of these issues causing

potential security risks in the use of RFID56.

Cloning RFID devices

One of the greatest improvements of RFID technologies over other forms of

technology is due to the ability to assign unique identifiers into every tag, thereby

instantly being able to uniquely identify an object or a person. However this feature

is also seen as a potentially major security issue with RFID. The security issue arises

out of the fact that the physical presence of an RFID tag does not necessarily

correspond with the authorised user having possession of that tag. Hijacking or

cloning RFID tags posses a great risk when using RFID as a security mechanism. Ghai

gives a simple definition of RFID hacking:

53 K aminsky in Ibid 54 Garretson, C. (2007) RFID holes create security concerns Network World Volume, DOI: 55 Glasser, Goodman, & Einspruch (2007) p. 107 56 Peslak, A. R. (2005). "An ethical exploration of privacy and radio frequency identification." Journal of Business Ethics 59(4): 327-345.

20


Similar to credit card or identity theft... card hacking refers to an imposter using

someone's personal identity information to obtain physical access to privileged areas

and information.57

Just like in other forms of identity theft, RFID hacking or cloning is using someone

else's credentials to allow that person to assume the identity of someone else,

except that with RFID cloning only the radio waves from the original tag are needed.

In this respect RFID cloning is much simpler than traditional forms of identity theft

which require much more information about, and from, the individual before the

assumed identity can be used.

Even though organisations are aware of this potential risk many are still

implementing RFID as a security mechanism, in particular to replace other physical

access proximity card systems. Ibid details an example of this where a “...company

has long been aware that its proximity cards are vulnerable to hacking but does not

believe that the cards are... vulnerable”58.

The lack of concern from some organisations is in itself a potential security risk. The

cloning of RFID tags is not fictional, in fact Roberts describes one system where the

integrity of the RFID tags had been compromised:

His RFID cloner was on display at the recent RSA Security Conference in San

Francisco, where he demonstrated for InfoWorld how the device could be used to

steal access codes from HID brand proximity cards, store them, then use the stolen

codes to fool a HID card reader.59

Two solutions to this security risk have been suggested, one is to use other forms of

protection alongside the physical possession of the RFID tags, such as PINs or

biometric means, and the other solution is to employ a behavioural monitoring

57 Ghai, V. (2008). "An Automation ANSWER." Retrieved 04/08/2009, from http://govtsecurity.com/federal_homeland_security/mirfare_classic_card_hacked/. 58 Roberts, P. F. (2007). "Battle brewing over RFID chip-hacking demo " InfoWorld Retrieved 04/08/2009, from http://www.networkworld.com/news/2007/022707-battle-brewing-over-rfid-chip-hacking.html 59 Roberts, P. F. (2007). "Battle brewing over RFID chip-hacking demo " InfoWorld Retrieved 04/08/2009, from http://www.networkworld.com/news/2007/022707-battle-brewing-over-rfid-chip-hacking.html

21


system that can lock down RFID tags is abuse is detected. Both solutions are

described by Ghai;

A system should be put in place to check current physical access permissions in real-

time across multiple points (picture identification, biometric data, cryptographic

keys, PIN) while simultaneously checking logical systems activity before allowing

access.

Taking a page from what credit card companies and banks are doing to fight credit/

debit card abuse, an automatic “fraud protection” system can watch for

uncharacteristic or unusually high card usage (swipes, etc.). Using pre-set, policy-

based rules, the system takes a rapid course of action when multiple card swipes are

noticed for one person, multiple swipes are detected from one card over a short

period of time across different locations or there are multiple rejects for one card.60

Broache and McCullagh agree with the inclusion of additional security mechanisms,

stating that many organisations “are also exploring using a card that would have to

be activated by the user, through a fingerprint or some other biometric method,

before any information could be read remotely”61.

Either of these suggestions would eliminate the ability for someone to clone a RFID

tag and be able to gain access to systems or premises as another person. However

neither of these suggestions deal with the underlying security issue, which is the

weak cryptographic protection utilised by these RFID tags.

Tampering of data embedded in RFID devices

Another security risk associated with RFID tags is the ability to manipulate the data

stored on the tags, either by a third party who is cloning the tag or by the authorised

tag holder.

60 Ghai, V. (2008). "An Automation ANSWER." Retrieved 04/08/2009, from http://govtsecurity.com/federal_homeland_security/mirfare_classic_card_hacked/. 61 A. Broache and D. McCullagh (2006) New RFID travel cards could pose privacy threat. CNET News Volume, DOI:

22


As highlighted by Muir, “RFID is a wireless technology and is therefore subject to

third-party interception unless the signal is secured”62. This creates a scenario where

“Man-In-The-Middle” attacks are possible against RFID systems and tags. This risk is

further compounded “if the chip has a writable memory area, as many do, to data

tampering”63. Data tampering occurs when the integrity of the data stored on the

RFID tags is compromised. Generally this type of security risk is associated with RFID

tags that are used in financial transactions, such as RFID transport cards which store

amounts of money on the tag itself rather than in a centralised database.

One solution to card tampering is to store the RFID tags out of radio signal range to

eliminate the potential for the signal to be cloned or altered, for example via the use

of a Faraday cage.

A Faraday cage is a physical cover that assumes the form of a metal sheet or mesh

that is opaque to certain radio waves. Consumers can today purchase Faraday cages

in the form of wallets and slipcases to shield their RFID-enabled cards against

unwanted scanning.64

Again this solution is only a temporary one as it does not address the real security

risk facing the RFID tags and systems, that is, the weak cryptographic protection

utilised by RFID systems.

Cryptographic Functions

Probably the most detrimental security issue with RFID is the type of encryption

mechanisms in place within the RFID systems and tags. This issue is in part due to the

constraints in the RFID chips used in the tags. As stated by Schwartz, “chip limitations

make it difficult to incorporate sophisticated encryption algorithms”65. These

limitations have led to the previous two security issues: the cloning, and tampering

of RFID tags.

62 Muir, S. (2007). "RFID security concerns." Library Hi Tech 25(1): 95-107. 63 Newitz, A. (2006) The RFID Hacking Underground Wired Volume, DOI: 64 Heydt-Benjamin, T. S., D. V. Bailey, et al. (2008). "Vulnerabilities in first-generation RFID-enabled credit cards." Lecture notes in computer science 4886: 2. 65 Schwartz in Glasser, Goodman, & Einspruch (2007) p. 107

23


One cause of the use of weak cryptographic mechanisms in the RFID tags has been

surmised as poor foresight by the RFID system designers when initially implementing

cryptographic mechanisms. Kaminsky explains this situation by noting:

They [the organisations which build RFID systems] didn't want to change to a more

secure implementation because of backwards compatibility issues, and they had a

lot of sites that use these cards...66

Apart from the lack, or inability, to upgrade cryptographic standards in RFID systems,

organisations which build RFID systems face another problem, which is many of

these organisations choose to use proprietary encryption standards instead of

utilising well recognised encryption standards. Thus the organisations are assuming

that because their encryption standard is not publicised it will remain unbroken. This

philosophy goes against “Kerckhoffs’ Principle” which states “the cryptanalyst has

complete knowledge of the cipher (i.e. the decryption key is the only thing unknown

to the cryptanalyst)”67.

By keeping encryption standards proprietary organisations are not allowing their

cryptosystems to be peer reviewed by cryptographic experts, and therefore the

standards chosen are often easily breakable. In the case studies below it will be

shown that this exact security issue has been encountered and overcome by hackers.

66 Kaminsky in Ibid. 67 Boyd (2009)

24


Case Studies

Through conducting a critical analysis of two real-world implementations of RFID

technology the potential privacy and security issues already discussed can be further

explained. Two different RFID systems have been chosen to be examined: the Mifare

Classic, which is used all around the world in transportation networks, including in

Queensland through Translink; and enhanced identification RFID systems, such as

ePassports.

Translink - Mifare Classic

Translink in conjunction with Queensland Transport have implemented the Mifare

Classic RFID system to facilitate a cashless ticketing system, where it is locally known

as the “Go” card. The Mifare Classic is an ISO 14443-A compliant RFID system which

was first launched overseas in 199568. According to NXP, the creators of this system,

the Mifare Classic has to date sold more than 1 billion cards, equating to “more than

70% of the contactless smart card market”69. The Mifare Classic RFID system has

been deployed in countries such as Korea, China, the United Kingdom, and now

Australia70.

Garcia describes the Mifare Classic tags as more advanced than traditional RFID tags:

Such cards contain a slightly more powerful IC than classical RFID chips (developed

for identification only), equipping them with modest computational power and

making them suitable for applications beyond identification, such as access control

and ticketing systems.71

The inclusion of an integrated circuit (IC) means that the Mifare Classic tags are

actually “active” RFID tags, being able to contain more information than just a

68 NXP, S. (2009). "Mifare Classic - More Information." Retrieved 04/08/2009, from http://www.nxp.com/#/pip/pip=[pfp=41863]|pp=[t=pfp,i=41863]. 69 Ibid. 70 NXP, S. (2009). "Mifare Classic - More Information." Retrieved 04/08/2009, from http://www.nxp.com/#/pip/pip=[pfp=41863]|pp=[t=pfp,i=41863]. 71 Garcia, F. D., P. van Rossum, et al. (2009). Wirelessly Pickpocketing a Mifare Classic Card.

25


unique serial number. However this increased ability to store more information is

also a reason why it is a greater security risk than traditional passive RFID tags.

Due to its market share the Mifare Classic has come under increasing scrutiny over

the security mechanisms that are in place to protect the data stored on these RFID

tags. Having such a market dominance has brought the Mifare Classic to the

attention of hackers. Successful attacks on the Mifare Classic date back as far as

2007, where it was demonstrated that the RFID tags could be cloned, this was well

before the Mifare Classic system was deployed in Queensland72. Security issues are

not the only problem facing this RFID system, as the Mifare Classic is also subject to

privacy concerns.

Privacy Issues

The most prevalent privacy issue facing the Mifare Classic RFID system is in the

potential tracking of passengers. Each RFID tag in the “Go” card implementation of

the Mifare Classic system contains a Global Unique Identifier (GUID), or a serial

number of the card. This GUID is used to register the card and to track the journeys

undertaken on the card.

There are two types of “Go” card, registered and unregistered. Anyone may

purchase a “Go” card, which comes as an unregistered card containing no personally

identifiable information about the card holder. By registering the “Go” card Translink

claims that the user is more “protected” in case their card is stolen or lost by

allowing the balance of the card to be transferred to a new card and by blocking the

GUID of the old card73. This may indeed be the case if you get your “Go” card stolen,

but this “protection” comes at a high cost to the users' privacy. Other incentives to

register “Go” cards include the ability to manage the cards online; including topping-

up credit and accessing the journey history.

In order to register a “Go” card a user must provide Translink with additional

personally identifiable information including: name, address, phone numbers, bank

72 Diodati (2008) 73 Translink (2008)

26


account details, and credit card numbers74. This sounds more like a customer

database for a retail chain than a transportation system. This information is stored

on a database maintained by Translink, and it must be stated that even once

registered, “your physical smart card will not hold any personal information”75.

Although Translink's privacy policy complies with Information Privacy Act 2009 there

is no immediate explanation why this information is necessary.

This requirement for additional information is surplus to the functioning of the

system and just facilitates the development of a massive customer database which

can then be sold off to third-parties. In fact, Translink states that the information

supplied by the customers can be provided to third parties as approved by Translink

as long as they comply with Translink’s privacy policy; “where personal information

is shared with other parties, requiring those parties to comply strictly with our

privacy requirements”76. This may be fine in theory, but no organisation has the

ability to monitor the use of personal information once it has been disclosed outside

of their control. It also raises the question as to which third-parties Translink are able

to share the personal information from their customer database. According to their

privacy policy these include: financial institutions; service providers such as call

centres; and research organisations77. The last two are some of the worst offenders

when it comes to the abuse of personal information.

The ability to track passengers in the “Go” card system is facilitated by the

requirement for passengers to swipe on at the beginning of their journey and swipe

off again at the conclusion of their journey78. This journey information is stored by

the RFID system and can be accessed by “authorised” users, including the registered

card holder, or for that matter anyone in physical possession of that card, and

people who have access to the secure database maintained by Translink. The ability

to track and monitor passengers’ raises many privacy concerns, and storage of this

information is in turn a major security issue.

74 Translink (2009) Go Privacy Policy 75 Ibid 76 Ibid 77 Ibid 78 Translink (2008)

27


Security Issues

As stated previously, the Mifare Classic is based on ISO 14443-A:

...the Mifare Classic complies with parts 1 to 3 of the ISO standard 14443-A,

specifying the physical characteristics, the radio frequency interface, and the anti-

collision protocol. The Mifare Classic does not implement part 4 of the standard,

describing the transmission protocol, but instead uses its own secure communication

layer. In this layer, the Mifare Classic uses the proprietary stream cipher CRYPTO1 to

provide data confidentiality and mutual authentication between card and reader.79

The inclusion of a proprietary encryption algorithm is the first security issue evident

in the Mifare Classic RFID system. By ignoring Kerckhoffs’ Principle the designers

were testing fate, and eventually the encryption ciphers become broken. Put bluntly

by de Koning and Verdult, “the Mifare system relied on security by obscurity and

now the secrets are revealed there is no card-level security left”80. The

authentication system used by the Mifare Classic can be seen in the diagrams below.

Diagram 1 - Authentication Protocol 81

79 Garcia, van Rossum, Verdult, & Schreur (2009) 80 Gerhard de Koning Gans and R. Verdult. (2007). "Proxmark." Retrieved 04/08/2009, from http://www.proxmark.org/proxmark. 81 Garcia, van Rossum, Verdult, & Schreur (2009)

28


Diagram 2- Mifare Classic Protocol 82

Through numerous attempt the Crypto-1 cipher was finally reverse-engineered, and

“the heart of the cipher is a 48-bit linear feedback shift register and a filter function”

83 (as depicted in diagram 3).

This cipher consists of a 48-bit linear feedback shift register (LFSR) with generating

polynomial x48+x43+x39+x38+x36+x34+x33+x31+x29+x24+x23 + x21 + x19 + x13 +

x9 + x7 + x6 + x5 + 1 and a non-linear filter function f. 84

82 Courtois, N. T. (2009). Differential Attack on MiFare Classic or How to Steal Train Passes and Break into Buildings Worldwide…. Eurocrypt 2009 Rump Session, University College London. 83 Dayal, G. (2008). "How they hacked it: The MiFare RFID crack explained A look at the research behind the chip compromise." Retrieved 02/08/2009, from http://www.computerworld.com/s/article/9069558/How_they_hacked_it_The_MiFare_RFID_crack_explained?pageNumber=1. 84 Garcia, van Rossum, Verdult, & Schreur (2009)

29


Diagram 3 - Structure of CRYPTO1 Algorithm85

Armed with this information attacks against the Mifare Classic began to emerge. In

fact there are numerous methods available to recover the encryption key from a

Mifare Classic tag, one of the ways utilises a side-channel attack. Garcia notes that

the Mifare Classic mixes the data link layer and the secure communication layer of

the RFID tag which results in the parity bits computed over plaintext during the

transmission of data86. Garcia states:

During the authentication protocol, if the reader sends wrong parity bits, the card

stops communicating. However, if the reader sends correct parity bits, but wrong

authentication data, the card responds with an (encrypted) error code. This breaks

the confidentiality of the cipher, enabling an attacker to establish a side channel.87

Another method exists where the attacker uses a constant challenge, changing only

the challenge of the tag, “ultimately obtaining a special internal state of the

cipher”88. The issue with this method is that the special states have to be

precomputed which means that the attack isn't as portable as some other

methods89.

The Digital Security Group of the Radboud University Nijmegen (DSG), who assisted

in originally reverse-engineering the Crypto-1 cipher have also devised a method that

requires a small amount of data be collected from a genuine Mifare reader.

According to the DSG:

85 Garcia, van Rossum, Verdult, & Schreur (2009) 86 Ibid 87 Ibid 88 Ibid 89 Ibid

30


With this data we can compute, off-line, the secret key within a second. There is no

precomputation required, and only a small amount of RAM. Moreover, when one has

an intercepted a "trace" of the communication between a card and a reader, we can

compute all the cryptographic keys from this single trace, and decrypt it.90

These methods discussed do not require advanced hardware and can be conducted

for less than a few hundred dollars which poses a real security threat to any systems

based on the Mifare Classic. “With minimal effort, hackers are proving that it is

possible for these cards to be cracked, copied and used to impersonate someone

else's identity...”91.

Before Queensland Transport implemented the Mifare Classic RFID system they had

been made well aware of the security breaches in the underlying infrastructure,

"Translink is aware of the testing academics in Europe have undertaken on the

Mifare smart card...” 92. The group which originally cracked the cipher stated that

“Queensland's “Go” card system was already obsolete” because the card's security

encryption had already been cracked93. Translink's response to this threat was very

dismissive, claiming that:

Translink's Go card system uses multiple layers of security and these academics have

only demonstrated an ability to gain access to one of these layers. Translink also has

in place systems to detect and reject smart cards that may have been manipulated

fraudulently.94

In fact NXP, the creator of the Mifare Classic RFID system, have since moved to a

new standard incorporating AES encryption algorithms to address this security

vulnerability95.

90 Digital Security Group of the Radboud University Nijmegen. (2008). "Security Flaw in Mifare Classic." Retrieved 04/08/2009, from http://www.ru.nl/ds/research/rfid/. 91 Ghai (2008) 92 Casey, S. (2008 ) Go cards 'doomed' over security. 93 Ibid 94 Ibid 95 NXP, S. (2009). "Mifare Classic - More Information." Retrieved 04/08/2009, from http://www.nxp.com/#/pip/pip=[pfp=41863]|pp=[t=pfp,i=41863].

31


Other methods to address this security issue, as suggested by Garcia, would be for

the system integrators to; “diversify all keys in the card; or cryptographically bind the

contents of the card to the GUID, for instance by including a MAC”96. Another way to

protect one's “Go” card would be to “keep it inside an RFID blocker that emits

spurious signals to confuse RFID scanners, a form of electronic warfare against

snoopers”97.

In the case of Translink's “Go” card the biggest threat would be to clone a card, in

particular one which has just been recharged with a large amount of money, thus a

hacker could keep a cloned copy of the tag and re-use the same clone whenever

he/she ran out of money on their card.

Another potential security issue with Translink's “Go” card system relates to the card

registration process. Currently the registration form and login page use the GUID of

the card as the username, because it is a unique identifier; however if a user forgets

their password for their account they will be prompted with a security question in

order to verify their identity. This security question cannot be manually changed and

it has to be one of three default questions offered by Translink in their registration

process (as seen in Diagram 5). This poses a security risk as it limits the possibilities

and the answers to two of the questions (maiden name and the city you were born

in) can be located through public databases.

96 Garcia, van Rossum, Verdult, & Schreur (2009) 97 Gualtieri, D. M. (2004). Technology's Assault on Privacy. Phi Kappa Phi Forum.

32


Diagram 5 – Security Question from Registration Form98

98 Translink (2009) https://forms.translink.com.au/go_registration.php

Security question

(please answer one of

the following security

question for

identification purposes)

(Required)

Your mother's maiden name

Name of your first pet

City or town where you were born

Answer:

33


Case Studies

US/AUS Enhanced Identification

As technology advances it brings with it more secure methods of hindering the

counterfeiting of identification. This too can be said of RFID technologies. Many

governments around the world are now issuing these “enhanced identification”

documents which are embedded with RFID tags to assist in correctly processing

identities and speed up queues at airports99. Both Australia and the United States of

America (US) have introduced ePassports which are designed to facilitate this goal.

Fontana describes the US ePassport as:

...a contact-less smartcard with a secure microprocessor that employs a passive

radio frequency to transmit data over an encrypted wireless link to a reader.100

The passive nature of the RFID tag is to ensure that the tags cannot be “skimmed”

(read) from a distance and require the proper reader to power the chip101.

As well as standard encryption techniques being used in the RFID tags embedded in

ePassports, these documents contain a technology called Basic Access Control (BAC).

This technology utilises digital signature to ensure that only proper readers can

access the personally identifiable data stored on the chip as well as ensuring integrity

of the data102. The Australian Department of Foreign Affairs and Trade (DFAT)

explains the process of BAC as follows:

...Basic Access Control (BAC) to prevent the chip from being accessed until the

Machine Readable Zone (MRZ) on the data page has been read. In addition, the new

series incorporates Active Authentication (AA) which offers an additional level of

99 Department of Foreign Affairs and Trade. (2009). "The Australian ePassport." from http://www.dfat.gov.au/dept/passports/. 100 Fontana, J. (2006). Storm building over RFID-enabled passports [Electronic Version]. Network World. Retrieved 04/08/2009, from http://www.networkworld.com/news/2006/092106-rfid-passports.html 101 Ibid 102 Ibid

34


confidence to passport holders that their personal details contained on the chip are

secure and protected.103

Privacy Issues

Unlike the previous case study where personally identifiable information was not

stored on the RFID tags, ePassports contain all the users' personally identifiable

information stored on the RFID chip. Therefore storage of this information can be

deemed as a potential privacy issue. Before the final design of the US ePassport was

decided upon it was suggested that the ePassports only contain an RFID embedded

with a GUID that links it to a secure database containing the users' personal

information104.

Unfortunately this idea was not accepted and instead all of the users' personal

information is stored on the device, “a unique ID number along with a name,

address, date and place of birth and digital photo”105.

There is no research to date indicating that the digital signature used to protect the

personal information on the ePassports, either here in Australia or in the US, has

been broken. However, it has been demonstrated that it is possible to skim the GUID

of ePassports. This poses a serious privacy issue:

...It may be possible to determine the nationality of a passport holder by

"fingerprinting" the characteristics of the RFID chip... Taken to an extreme, this could

make it possible to craft explosives that detonate only when someone from the US is

nearby...106

Mahaffey agrees noting that although the actual data on the chip can't be read, "the

simple ability for an attacker to know that someone is carrying a passport is a

dangerous security breach"107. One suggested method for overcoming the privacy

103 Department of Foreign Affairs and Trade, 2009 104 Glasser, Goodman, & Einspruch (2007) p. 104 105 Ibid 106 Evers, J., & McCullagh, D. (2006). Researchers: E-passports pose security risk [Electronic Version]. CNET News. Retrieved 04/08/2009, from http://news.cnet.com/Researchers-E-passports-pose-security-risk/2100-7349_3-6102608.html 107 In Ibid

35


issue related to carrying ePassports is “hitting the chip with a blunt, hard object to

disable it. A nonworking RFID doesn’t invalidate the passport, so you can still use

it”108.

Security Issues

The security of the ePassport RFID tags in the United Kingdom was broken back in

2007, which resulted in the ability to read and copy the personally identifiable

information stored on the tag109. This is a major security breach, however the digital

signatures and encryption of the US and Australian ePassports have yet to be

broken. Also, in Germany Grunwald demonstrated in 2006 that he could clone the

RFID chip from his passport and write it to another RFID tag110. The data stored on

the FRID chip could not be altered, just copied, which could possibly be used in a

forged passport, although the holder of the passport would need to physically

resemble the owner of the original ePassport for this forgery to succeed.

Security researchers have not, however, figured out how to alter the personal

information, which is protected with a digital signature designed to enable

unauthorized changes to be detected. Creating a fake passport therefore would be

most useful to anyone who can forge the physical document and resembles the

actual passport holder.111

Another security feature of the US ePassports is the fact that they contain anti-

skimming material on the front cover “which greatly complicates the capture of data

when the book is fully or mostly closed112.

State Department officials claim that a layer of metallic anti-skimming material in

the front cover and spine of the book can prevent information from being read from

a distance, provided that the book is fully closed113.

108 Wortham, J. (2007) How To: Disable Your Passport's RFID Chip Wired Volume, DOI: 109 Garretson, C. (2007) RFID holes create security concerns Network World Volume, DOI: 110 Evers, J. and D. McCullagh (2006) Researchers: E-passports pose security risk. CNET News 111 Broache A. and M. D. (2006) New RFID travel cards could pose privacy threat. CNET News 112 Ibid

36


A major security issues has been highlighted by Fontana:

...many security experts are still questioning whether e- passports, which have a 10-

year life span, have enough security built in to survive a decade of hackers and

technology advancements while protecting e-passports users from data theft,

identity theft and other security and privacy intrusions.114

This is an important point as many countries’ ePassports to date have had their

encryption standards broken already. A possible solution to this scenario is to update

the encryption standard used in ePassports whenever a security breach is identified,

however, this method is costly as replacing all current passports would pose a huge

financial burden. It is much more likely that any identified breaches in security would

be kept from the public for as long as possible to deter a potential backlash.

113 Ibid 114 Fontana, J. (2006) Storm building over RFID-enabled passports Network World

37


Conclusion

It is clear that RFID systems are here to stay, at least in the foreseeable future,

however as this report has highlighted there are many potential privacy and security

concerns facing these systems. For any organisation contemplating implementing an

RFID system they should first identify the real business need. If personally

identifiable information is not needed to be stored on the RFID tags then it should

not be included as it could present an attractive reason for hackers to attempt to

breach RFID system.

The security standards of these systems must be robust, and if possible, upgradeable

if the need presents itself. It is unacceptable for any organisation implementing such

an RFID system to rely solely on the anonymity of the encryption cipher to act as the

RFID tags' only safeguard. Such archaic thinking will only result in breaches of

security, and probably privacy as well, and be the reason that the RFID system needs

upgrading sooner rather than later. As highlighted by the ePassport example, a 10

year lifespan may be detrimental to the integrity of the RFID security mechanisms in

place. These considerations need to be made and all associated risks need to be

discussed if an organisation is considering deploying an RFID system, whether it’s for

retail or other purposes.

38


Reference List

Anonymous. (2004). RFID: good or bad. International Journal of Productivity and Performance Management, 53(5/6).

Anonymous. (2005). Tiny Trackers: protecting privacy in an RFID world. Newsletter on Intellectual Freedom(November).

Boyd, C. (2009). Lecture 2: Historical Ciphers (Part 1). INB355/INN355, School of Information Technology

Queensland University of Technology. Broache, A. (2006). RFID passports arrive for Americans [Electronic Version]. CNET News

Retrieved 04/08/2009, from http://news.cnet.com/RFID-passports-arrive-for-Americans/2100-1028_3-6105534.html

Broache A., & D., M. (2006). New RFID travel cards could pose privacy threat [Electronic Version]. CNET News. Retrieved 04/08/2009, from http://news.cnet.com/New-RFID-travel-cards-could-pose-privacy-threat/2100-1028_3-6062574.html

Cardullo, M. (2005). Genesis of the versatile RFID tag. RFID Journal, 2(1), 13–15. Casey, S. (2008 ). Go cards 'doomed' over security [Electronic Version]. Retrieved 02/08/2009, from http://www.brisbanetimes.com.au/news/queensland/go-cards-doomed-over-security/2008/04/11/1207856789056.html Courtois, N. T. (2009). Differential Attack on MiFare Classic or How to Steal Train Passes and Break into Buildings Worldwide…. Paper presented at the Eurocrypt 2009 Rump Session. Dayal, G. (2008). How they hacked it: The MiFare RFID crack explained A look at the research behind the chip compromise. Retrieved 02/08/2009, from

http://www.computerworld.com/s/article/9069558/How_they_hacked_it_The_MiFare_RFID_crack_explained?pageNumber=1

Department of Foreign Affairs and Trade. (2009). The Australian ePassport. from http://www.dfat.gov.au/dept/passports/

Digital Security Group of the Radboud University Nijmegen. (2008). Security Flaw in Mifare Classic. Retrieved 04/08/2009, from http://www.ru.nl/ds/research/rfid/

Diodati, M. (2008). The MIFARE Classic Card is Hacked [Electronic Version]. Retrieved 04/08/2009, from http://identityblog.burtongroup.com/bgidps/2008/03/the-mifare-clas.html

Doggs, A. (2008). RFID SmartCard encryption cracked by researchers [Electronic Version]. Retrieved 04/08/2009, from http://www.networkworld.com/community/node/25754

Evers, J., & McCullagh, D. (2006). Researchers: E-passports pose security risk [Electronic Version]. CNET News. Retrieved 04/08/2009, from http://news.cnet.com/Researchers-E-passports-pose-security-risk/2100-7349_3-6102608.html

Fontana, J. (2006). Storm building over RFID-enabled passports [Electronic Version]. Network World. Retrieved 04/08/2009, from http://www.networkworld.com/news/2006/092106-rfid-passports.html

Garcia, F. D., van Rossum, P., Verdult, R., & Schreur, R. W. (2009). Wirelessly Pickpocketing a Mifare Classic Card.

Garretson, C. (2007). RFID holes create security concerns [Electronic Version]. Network World. Retrieved 04/08/2009, from http://www.networkworld.com/news/2007/032207-rfid-security.html

Gerhard de Koning Gans, & Verdult, R. (2007). Proxmark. Retrieved 04/08/2009, from http://www.proxmark.org/proxmark

39


Ghai, V. (2008). An Automation ANSWER. Retrieved 04/08/2009, from http://govtsecurity.com/federal_homeland_security/mirfare_classic_card_hacked/

Glasser, D. J., Goodman, K. W., & Einspruch, N. G. (2007). Chips, tags and scanners: Ethical challenges for radio frequency identification. Ethics and Information Technology, 9(2), 101-109.

Granneman, S. (2003). RFID Chips Are Here [Electronic Version]. Retrieved 04/08/2009, from http://www.securityfocus.com/columnists/169

Gualtieri, D. M. (2004). Technology's Assault on Privacy. Paper presented at the Phi Kappa Phi Forum.

Günther, O., & Spiekermann, S. (2005). RFID and the perception of control: the consumer's view.

Heydt-Benjamin, T. S., Bailey, D. V., Fu, K., Juels, A., & O Hare, T. (2008). Vulnerabilities in first-generation RFID-enabled credit cards. Lecture notes in computer science, 4886, 2.

Kearns, D. (2009). Verayo claims its RFID is unclonable [Electronic Version]. Network World. Retrieved 04/08/2009, from http://www.networkworld.com/newsletters/dir/2009/010509id2.html

Kelly, E. P., & Erickson, G. S. (2005). RFID tags: commercial applications v. privacy rights. Industrial Management and Data Systems, 105(6), 703.

Krim, J. (2005). U.S. Passports to Receive Electronic Identification Chips [Electronic Version]. Washington Post. Retrieved 04/08/2009, from http://www.washingtonpost.com/wp-dyn/content/article/2005/10/25/AR2005102501624.html

Landt, J., & Catlin, B. (2001). Shrouds of Time: The history of RFID. Pittsburgh, PA, AIM Global.

Lawson, S. (2008). Researchers find problems with RFID passport cards [Electronic Version]. IDG News Service. Retrieved 04/08/2009, from http://www.networkworld.com/news/2008/102408-researchers-find-problems-with-rfid.html?hpg1=bn

McGinity, M. (2004). Staying connected: RFID: is this game of tag fair play? Communications of the ACM, 47(1), 15-18.

Messmer, E. (2007). Plan to use RFID in border control draws fire [Electronic Version]. Network World. Retrieved 04/08/2009, from http://www.networkworld.com/news/2007/090707-dhs.html?fsrc=rss-security

Muir, S. (2007). RFID security concerns. Library Hi Tech, 25(1), 95-107. Nabil Y. Razzouk, V. S., Maria Nicolaou. (2008). CONSUMER CONCERNS REGARDING RFID PRIVACY: AN EMPIRICAL STUDY. Journal of Global Business and Technology, Volume

4(Number 1, Spring ), 69-78. Naone, E. (2009). RFID's Security Problem. Technology Review, 112(1). Neumann, P. G., & Weinstein, L. (2006). Risks of RFID. COMMUNICATIONS OF THE ACM,

49,(5). Newitz, A. (2006). The RFID Hacking Underground [Electronic Version]. Wired. Retrieved

04/08/2009, from http://www.wired.com/wired/archive/14.05/rfid.html Niemelä, O. P. a. M. (2009). Humans and emerging RFID Systems: Evaluating Data Protection

law on the User scenario basis. International Journal of Technology and Human Interaction, Volume 5(Issue 2), 85-95.

NXP, S. (2009). Mifare Classic - More Information. Retrieved 04/08/2009, from http://www.nxp.com/#/pip/pip=[pfp=41863]|pp=[t=pfp,i=41863]

Ohkubo, M., Suzuki, K., & Kinoshita, S. (2005). RFID privacy issues and technical challenges. Communications of the ACM, 48(9), 66-71.

40


Peslak, A. R. (2005). An ethical exploration of privacy and radio frequency identification. Journal of Business Ethics, 59(4), 327-345.

Roberti, M. (2004). Tag Cost and ROI [Electronic Version]. RFID Journal. Retrieved 02/08/2009, from http://www.rfidjournal.com/article/articleview/796/

Roberts, P. F. (2007). Battle brewing over RFID chip-hacking demo InfoWorld Retrieved 04/08/2009, from http://www.networkworld.com/news/2007/022707-battle-brewing-over-rfid-chip-hacking.html

Spiekermann, S. (2008). RFID and privacy: what consumers really want and fear. Personal and Ubiquitous Computing, 1-12.

Tucker, P. (2006). Fun with Surveillance. Futurist, 40. van Deursen, T., & Radomirovic, S. (2008). Security of RFID Protocols–A Case Study. Westhues, J. (2003). Proximity Cards. Retrieved 04/08/2009, from http://cq.cx/prox.pl Westhues, J. (2006). Demo: Cloning a Verichip. Retrieved 04/08/2009, from

http://cq.cx/verichip.pl Wortham, J. (2007). How To: Disable Your Passport's RFID Chip [Electronic Version]. Wired.

Retrieved 02/08/2009, from http://www.wired.com/wired/archive/15.01/start.html?pg=9

rfid privacy & security issues

Technology

implementations of rfid

rfid technologies

rfid works

history of rfid technology

rfid technology needs

development of rfid

cloning of rfid tags

privacy issues