RFID Security

RFID is a method of remotely storing and receiving data using devices called RFID tags. RFID tags can be small adhesive stickers containing antennas that receive and respond to transmissions from RFID transmitters. RFID tags are used to identify and track everything from food, dogs, beer kegs to library books.

RFID tags use a standard that has already been hacked by several researchers. RFID Security discusses the motives for someone wanting to hack an RFID system and shows how to protect systems.

Coverage includes: security breaches for monetary gain (hacking a shops RFID system would allow a hacker to lower the pricing on any product products). How to protect the supply chain (malicous/mischievous hackers can delete/alter/modify all identifying information for an entire shipment of products). How to protect personal privacy (privacy advocates fear that RFID tags embedded in products, which continue to transmit information after leaving a store, will be used to track consumer habits).

The purpose of an RFID system is to enable data to be transmitted by a portable device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information, or specifics about the product tagged, such as price, colour, date of purchase, etc. .

• Deloitte & Touche expects over 10 billion RFID tags to be in circulation by the end of 2005
• Parties debating the security issue of RFID need information on the pros and cons of the technology and this is that information
• Little competition in a market desperate for information

People in the IT security field.

Chapter 1: What is RFID? Chapter 2: RFID Use Cases Chapter 3: RFID Processes Chapter 4: Threat Modeling for RFID Systems Chapter 5: Target Identification Chapter 6: RFID Processes Chapter 7: Tag Encoding Attacks Chapter 8: Tag Application Attacks Chapter 9: Attacking the Air Interface Chapter 10: Attacking Middleware Communications Chapter 11: Attacking the Directory Chapter 12: The Four Disciplines Chapter 13: Vulnerability Management Chapter 14: Identity Management in RFID Chapter 15: Trust Management Chapter 16: Threat Management