Different Security Attacks on RFID Systems

Like other information systems, RFID systems are vulnerable to attack and can be compromised at various stages. Generally the attacks against a RFID system can be categorized into four major groups: attacks on authenticity, attacks on integrity, attacks on confidentiality, and attacks on availability. Besides being vulnerable to common attacks such as eavesdropping, man-in-the-middle and denial of service, RFID technology is, in particular, susceptible to spoof and power attacks. This section illustrates the different kinds of attacks on RFID systems.

  1. Eavesdropping: Since an RFID tag is a wireless device that emits a unique identifier upon interrogation by a RFID reader, there exists a risk that the communication between tag and reader can be eavesdropped. Eavesdropping occurs when an attacker intercepts data with any compliant reader for the correct tag family and frequency while a tag is being read by an authorized RFID reader. Since most RFID systems use clear text communication due to tag memory capacity or cost, eavesdropping is a simple but efficient means for the attacker to obtain information on the collected tag data. The information picked up during the attack can have serious implications – used later in other attacks against the RFID system.
  2. Man-in-the-Middle Attack: Depending on the system configuration, a man-in-the-middle attack is possible while the data is in transit from one component to another. An attacker can interrupt the communication path and manipulate the information back and forth between RFID components. This is a real-time threat. The attack will reveal the information before the intended device receives it and can change the information en route.
Read the rest

RFID Standards

As far as standards of RFID are concerned, an RFID system can use a few standards. Reason behind this being that there is no one universally accepted standard at the moment. Since years, competing standards have been one of the crucial challenges for RFID. The specifications and standards may be decided and composed at the national, international, industry or trade association level. The individual organizations may call their own specifications as “standard”. When these individual organizations set various industry standards and specifications, normally they are based on international standards in order to make implementation and support easier. Apart from this, there comes an added advantage of providing a wider choice of available products.

These standards can be applied to include the content and format of the codes placed on the tags, the frequencies and protocols that will be used by the tags and readers to transmit the RFID data, the applications use, and the security and tamper-resistance of tags on packaging and freight containers. Currently, Wal-Mart and the Department of Defense (DoD) are the two largest drivers of RFID. Both the Department of Defense (DoD) and Wal-Mart have issued mandates for their top suppliers to use RFID technology when shipping products to their distribution centers. With a slightly different long-term outlook, they are both looking to accomplish the same thing.

In the above mentioned RFID standards debate, the ISO (International Standards Organization) and the EPC Global have both been leading figures. The ISO has their 18000 standard and the EPC standard has been introduced by the EPC Global Center.… Read the rest

Components of an RFID System

Radio frequency Identification (RFID) as the name implies uses radio frequency to exchange data between two entities for identification purpose. It is a wireless technology to collect information without any human interventions.

An RFID system is basically an integrated combination of various components which work together for detection and identification of objects or persons. These are the components which are primarily responsible for working of any RFID system whether basic or complex. Although there can always be additional components associated with RFID systems like sensors etc. but the following are amongst the key components of these systems:

  1. A tag (sometimes called a transponder), which is composed of a semiconductor chip, an antenna, and sometimes a battery.
  2. An interrogator (sometimes called a reader or a read/write device), which is composed of an antenna, an RF electronics module, and a control electronics module.
  3. A controller (sometimes called a host), which most often takes the form of a PC or a workstation running database and control (often called middleware) software.

The tag and the reader communicate information between one another via radio waves. When a tagged object enters the read zone of a reader, the reader signals the tag to transmit its stored data. Tags can hold many kinds of information about the objects they are attached to, including serial numbers, time stamps, configuration instructions, and much more. Once the reader has received the tag’s data, that information is relayed back to the controller via a standard network interface, such as an Ethernet LAN or even the internet.… Read the rest

Introduction to Radio Frequency Identification (RFID)

In past few recent years, the automatic identification techniques have become quite more than popular and they have also find their places into the core of service industries, manufacturing companies, aviation, clothing, transport systems and much more. And, it’s pretty clear by this point of time that the automated identification technology especially RFID, is highly helpful in providing information regarding the timings, location and even more intense information about people, animals, goods etc. in transit. RFID is responsible for storage of large amount of data and is reprogrammable also as in contrast with its counterpart barcodes automatic identification technology.

In everyday life, the most common form of an electronic data-carrying device if often a smartcard which is probably based upon the contact field. But, this kind of a contact oriented card is normally impractical and less flexible to use. On the contrary, if we think of a contactless card with contactless data transferring capabilities, it would be far more flexible. This communication happens between the data carrying device and its reader. Now, this situation may further appear as ideal if it so happens that the power for the data carrying device comes from the reader by making use of the contactless technology. Because of this specific kind of power transferring and data carrying procedures, the contactless automatic identification systems are termed as Radio frequency Identification Systems.

What is RFID?

The term RFID stands for Radio Frequency Identification. Radio stands for invocation of the wireless transmission and propagation of information or data.… Read the rest

Disaster Recovery Plan (DRP) in Business

Fire, flood, earthquake and accidental deletion of data are all acts that can cause disastrous consequences on data. Such disasters can prevent the network from operating normally, which in turn can hamper the organisation’s business. These disasters can be classified into man-made disasters and environmental disasters. Man-made disasters are intentionally or unintentionally caused by humans. For example, a user accidentally deletes the data, virus and malicious programs can damage data and various other events can cause data loss and downtime. Environmental disasters are non-preventive but can be reduced if appropriate precautions are taken. Environmental disasters include fire, flood, earthquake, tornado and hurricane.

Disaster recovery deals with recovery of data that is damaged due to destructive activities. The time required to recover from a disaster depends on the disaster recovery plan implemented by the organisation. A good disaster recovery plan can prevent an organisation from any type of disruption.

Disaster Recovery Plan/Business Continuity Plan

A Disaster Recovery Plan (DRP) helps to identify threats to an existing business such as terrorism, fire, earthquake and flood. It also provides guidance on how to deal with occurrence of such events. Disasters are unpredictable; hence, planning for the worst is important for any business. A DRP is also called a Business Continuity Plan (BCP). The only difference between Disaster Recovery Plan and Business Continuity Plan is the focus. The focus of Business Continuity Plan is to provide continuity of operations in the organisation. Whereas, Disaster Recovery Plan focuses on recovery and rebuilding of the organisation after a disaster has occurred.

Read the rest

Case Study: Success Story of Google Search Engine

One of the most popular search engines is Google. Unknown to many, the term is coined by Milton Sirotta, the nephew of Edward Kasner who is an American Mathematician. The term is in reference with the number which is represented by the number 1 followed by 100 zeros. The same utilization of the term reflects the mission of the company to deliver immense and infinite resources to be available online.

The founders of the company, Larry Page and Sergey Brin, were not in good terms back then when they met as graduate students of computer science in Stanford University in 1995. They used to argue on everything that they are discussing. The strong personalities always clashed. But eventually, they have found a common ground. The retrieving of various yet important information from massive set data has been the big challenge that they were up to at that time. So, on January 0f 1996, they began the collaboration of BackRub, the name they have formulated because of the unique approach to back links to a given website. Larry procured the use of low-end PCs instead of the big yet very expensive machines. After a year, the news about the newest search engine spread around the campus. Then, they began to search for the perfection of their technology. They were encouraged to put up their service of a search engine company by themselves.

They talked to Andy Bechtolsheim, one of the founders of the Sun Microsystems, after the demo, he thought that Google has a lot of potential so he decided to lend them $100,000.… Read the rest