The hottest security risks cannot be ignored RFID

  • Detail

Security risks can not be ignored RFID information security strategy analysis

although RFID has not formed a global unified industrial standard due to frequency band compatibility and other reasons, more and more RFID products have been actually applied, especially in the field of logistics. Based on the powerful function of RFID itself, we fully believe that the development prospect of RFID is extremely broad, and even forms a global IOT. Because of this, its security issues can not be ignored. If an RFID chip is poorly designed or unprotected, there are many ways to obtain the structure and data of the chip, and the losses will be unimaginable

this paper analyzes the strategy of information security from three aspects: the front-end wireless device of RFID system, the security of protocol background network system and data security

threats and solutions faced by front-end wireless devices and protocols

rfid system front-end wireless devices and transmission protocols are the basis for reliable generation of system processing information, and are the basis of the whole system. In addition to the security threats commonly used in wireless systems, their tags also have specific security problems, which need to be considered in many aspects

on the research of this problem, researcher Edith Cowan of Perth University in Australia once said that the security vulnerability of the first generation RFID is that once the data is overloaded, it cannot work normally. This vulnerability is also found in the newer UHF RFID tags, which can affect critical or life-threatening RFID systems. Even the more sophisticated "second-generation RFID" that can operate at four speeds cannot escape the attack

rfid is a technology that uses radio frequency to identify identity in a long distance. It requires the reader to conduct non-contact two-way communication with the channel built in the RFID electronic label within a certain distance. It is considered safe because the reader will jump to different channels in the frequency band after encountering obstacles

in order to test the security of RFID, Australian researchers loaded all the frequency bands used by electronic labels, making it impossible for readers to communicate with electronic labels. It was found that the design of channel hopping could not prevent criminals from carrying out denial of service attacks. Because the electronic label itself cannot jump to the channel

researchers also found that beyond a distance of 3 feet, the communication between the electronic tag and the reader can be blocked, making the volume tag enter the state of "communication error". Although the reader can jump between the set frequency bands when encountering interference, the physical properties that the R Jinan gold assay glass magnesium plate universal experimental machine can meet, including the compact experiment FID electronic volume label, are not good

other research units and specific manufacturers have also found various problems in the front-end part of the system. For example, expert Rubin asserted that although some improvements have been made recently, most RFID chips are still easy to crack. One reason is that the cheapest and most popular RFID chips do not have batteries. In fact, they are powered by card readers during scanning. Rubin believes that this limits the number of passwords that can be set on the chip. Due to the lack of its own power system, such chips are also vulnerable to "power consumption hack"

a European Computer Research Organization said that software viruses can be inserted into radio frequency identification (RFID) tags. Not long ago, at a computer academic conference held in Pisa, Italy, researchers released a report, which claimed that the virus may infect the memory of RFID chips

although most computer security experts believe that RFID chips cannot be infected with computer viruses, because the amount of memory of such chips is quite limited. However, the researchers said that RFID was in danger of being infected by the virus. Fortunately, they also announced a set of preventive measures to protect RFID chips from attack

for RFID tags, the reprogrammability of the chip is indeed a problem. Pat king, the company's global strategy expert, believes that this requires "appropriate management". "Companies should not imagine that the data in the reprogrammable tag is always safe. If you have doubts about the effectiveness of the information, you should compare the information on the chip with the data stored in the database.

recently, a group of computer researchers from Vrije University in Amsterdam, the Netherlands, announced that they have found that RFID tags, including EPC tags, can be used to carry viruses and protect computer systems Cause an attack. They believe that using RFID tags that allow users to safely and correctly process, display, store and use readable and writable RFID tags will pose a great risk. A tag with malicious code will cause more infected tags, which will cause a mess

a well-known password cracking expert applied power analysis technology to crack the passwords of the most popular RFID tag brands. ADI Shamir, Professor of computer science at Weizmann college in the United States, also reported his work at the high-level seminar of RSA conference. He and one of his students have been able to hack into an RFID tag and develop a corresponding password killer - a code that can make the tag self destruct. By monitoring the energy consumption process of the tag, the researchers derived the password. (the derivation process is that when receiving incorrect data from the card reader, the energy consumption of the tag will rise.). The researchers developed the killer code of the label in only 3 hours

in order to thoroughly implement the decision and deployment of the provincial Party committee and the provincial government on implementing the major project of converting old and new kinetic energy. They said that although the tags used are outdated, even the latest products launched in the second half of last year have similar problems. It only needs a simple tool like this to invade RFID tags

in addition, Ron Rivest, a professor of electrical engineering and computer science at MIT who cooperates with Shamir to develop RSA algorithm, called on the industry to jointly create the next generation hash algorithm to replace today's SHA-1. In recent weeks, Shamir has used directional antennas and digital oscilloscopes to monitor the power consumption when RFID tags are read. The power consumption pattern can be analyzed to determine when the tag received the correct and incorrect password bits. Decryption we can aim at the beverage standard packaging. Experts in this category discussed the weakness of the basic SHA-1 hash algorithm in the meeting. "I didn't test all RFID tags, but we tested the largest brand, which has no protective measures at all." Shamir said. Rivest said, "I hope the industry can create a process similar to that for AES algorithm and develop new hash function by 2010."

rsa is worried that the information stored in the RFID tag will be stolen by any hacker who holds the RFID reader. At present, this threat is not big, but once this technology is widely accepted, the price of the reader will drop significantly, and the reader may also be built-in, which greatly increases the threat to security

the Advisory Council (hereinafter referred to as TAC), which provides IT consulting services, believes that the lack of support for point-to-point encryption (using current standards, such as iso14443/desfire) and PKI (public key infrastructure) key exchange is one of the reasons for label vulnerabilities. Many people also pointed out that "rogue tags" may damage supply chain data. In case of "denial of service" attack, changing the data in the tag to random data will reduce the speed of the supply chain. This kind of risk is no smaller than the existing risk

at the same time, in practical application, for enterprises that just use RFID, RFID tags are easy to be manipulated by hackers, shoplifters or dissatisfied employees. Another problem is that "the extremely low cost will greatly limit the function of RFID tags". The good security tools developed in the past 20 years do not match most of the current RFID tag hardware. For example, if a tag is encrypted, it will greatly consume the processing capacity of the tag and increase the cost of the tag. In order to control costs, the company needs labels with light weight and low price, which is just contrary to the safety requirements of labels

it has also been suggested that data may be stolen halfway in the process of reading into the reader

researchers and application providers are also gradually seeking solutions to so many problems, such as:

consider attack measures in chip design and implementation projects to protect important data from illegal use. Many experts have analyzed the existing security measures from the perspective of software and hardware on various destructive and non-destructive attack means against chips (such as layout reconstruction, memory reading technology, current attack and fault attack, etc.), and given suggestions on how to avoid bad design

some application manufacturers have begun to consider using security equipment to alleviate concerns about RFID tag security. For example, give each product a unique electronic product code, which is somewhat similar to the license plate number of a car. Once someone wants to destroy safety, he only gets the information of a single product. In this case, it is not worth spending time decoding, "the threshold is too high, no one will do this." Reagan said. In addition, the new EPCglobal UHF second generation protocol standard enhances the security performance of passive tags. According to sue Hutchinson, director of product management at EPCglobal, the new standard not only provides password protection, but also encrypts the process of data transmission from the tag to the reader, rather than encrypting the data on the tag

in 2005, experts from Johns Hopkins University and RSA laboratory announced the password vulnerability of using RFID technology in high security car keys and gas station payment systems

a major concern in the RFID industry is that RFID tags may be counterfeited and its coding system may be copied. Xink's new ink can eliminate this hidden danger, which is a kind of theoretically invisible printing ink. By combining this ink with Creo's invisible label technology, the fear of labels being counterfeited can be eliminated

most RFID industry owners are aware of the importance of the confidentiality of tag data. Some manufacturers have made great efforts to the privacy of RFID and provided several feasible solutions, such as:

using detectors to detect the existence of other RFID readers to prevent the exposure of the data

program RFID tags so that they can only communicate with authorized RFID readers

adopt the kill tag protocol advocated by EPCglobal to prohibit data from remaining on discarded labels

adopt stronger encryption and security functions

possible solutions

there are two main security threats in the RFID network. One is that the network vulnerability from the reader to the background causes a potential threat to the system and background information. The other is that the background network of the RFID system uses standard interconnection facilities, so the security problems in the RFID background network are the same as the interconnection. Therefore, radio frequency identification (RFID) technology is facing network security challenges, which is the consensus reached by the guests participating in the RFID related seminar of techbiz connection

for the first threat, Laura koetzle, an analyst at Forrester, a research institution, pointed out that if competitors or intruders put the "malicious tags" they developed on unsecured networks, they can transmit all the scanned data. This is it.

Copyright © 2011 JIN SHI