2 Classification overview
3 Physical layer
3.1 Permanently disabling tags
3.2 Temporarily disabling tags
3.3 Removal or destruction of RFID readers
3.4 Relay attacks
3.5 Defenses against physical layer attacks
4 Network—transport layer
4.1 Attacks on the tags
Cloning: Even the most important and characteristic feature of RFID systems—their unique identifier—is susceptible to attacks. Although in theory you cannot ask an RFID manufacturer to create a clone of an RFID tag (Laurie 2007), in practice replicating RFID tags does not require a lot of money or expertise considering the wide availability of writable and reprogrammable tags. An ominous example is the demonstration by a German researcher of the vulnerability of German passports (European Digital Rights (EDRI-gram) 2006) to cloning.In case that the RFID tag does not employ any security features then cloning involves just copying the tag’s ID and any associated data to the clone-tag. However, if the tag has extra security features, then the attacker should perform a more sophisticated attack such that the rogue clone-tag may fool the reader to accept it as a legitimate one. The degree of effort required to achieve this attack depends on the security features of the RFID tags. Cloning results to the circulation of identical tags, the confusion concerning the associated tagged objects and the violation of the integrity of the system.
Spoofing: Spoofing is a variant of cloning that does not physically replicate an RFID tag. In order to achieve spoofing the attackers employ special devices with increased functionality that are able to emulate RFID tags given some data content. In this type of attacks an adversary impersonates a valid RFID tag to gain its privileges. This impersonation requires full access to the same communication channels as the original tag. This includes knowledge of the protocols and secrets used in any authentication that is going to take place.
4.2 Reader attacks
Impersonation: Considering the fact that in many cases, RFID communication is unauthenticated, adversaries may easily counterfeit the identity of a legitimate reader in order to elicit sensitive information or modify data on RFID tags. The feasibility of these attacks depends on the employed security measures for authenticating the RFID reader and varies from very easy to “practically impossible”. For instance if credentials are stored on the reader then a stolen reader may reveal the necessary credentials for gaining access to RFID tags and back-end systems. However, if things are more complicated, the reader need to access the back-end to retrieve the necessary credentials.
Eavesdropping: The wireless nature of RFID makes eavesdropping one of the most serious and widely deployed threats. In eavesdropping an unauthorized individual uses an antenna in order to record communications between legitimate RFID tags and readers. This type of attack can be performed in both directions tag-to reader and reader-to tag. Since readers transmit information at much higher power than tags, the former are susceptible to this type of attacks at much greater distances and consequently to a greater degree. The signal that will be eavesdropped is also subject to the location of the eavesdropper regarding the RFID tag and reader as well as the possible countermeasures employed for deteriorating the radio signal. More precisely, in inductively coupled systems (below 135 KHz) eavesdropping on the downlink (reader to tag) is possible up to several tens of meters while on the downlink (tag to reader) eavesdropping is possible in a much shorter range up to five times the RFID tag’s nominal range (Federal Office for Information Security 2004). In backscatter systems eavesdropping is possible up to a distance of 100–200 m, while when a directional range is used the possible eavesdropping range reaches 500–1000 m. The recorded information can be used to perform more sophisticated attacks later. The feasibility of this attack depends on many factors, such as the distance of the attacker from the legitimate RFID devices.
4.3 Network protocol attacks
4.4 Defenses against network-tranport layer attacks
5 Application layer
5.1 Unauthorized tag reading
5.2 Tag modification
5.3 Middleware attacks
Buffer Overflows: Buffer overflows constitute one of the major threats and among the hardest security problems in software. Buffer overflow exploits store data or code beyond the bounds of a fixed-length buffer. Adversaries may use RFID tags to launch buffer overflows on the back-end RFID middleware. Although this might not be trivial, considering the memory storage of RFID tags, there are still commands that allow an RFID tag to send the same data block repetitively (Rieback et al. 2006) in order to overflow a buffer in the back-end RFID middleware. Other options include the use of other devices with more resources such as smart cards or devices that are able to emulate multiple RFID tags (e.g. RFID Guardian).