Modeling Current RFID Threats and Security for Business Applications

1. Modeling Current RFID Threats and Security for Business Applications James Johnston CS 498 4/2/2009

2. Previous Models Linear Models Hierarchal Models

3. Garfinkel’s Model Organized by whom is effected Abstract analysis, with lack of information on implimentation

4. Karygiannis’ Model Class based model Hard to understand for non-implimenter

5. Zhen-Hua’s Model Two level taxonomy Organized by location of threats Well structured but lacking some information

6. Objective Model for RFID Security Disruption attacks Integrity Attacks

7. Type of Attack Attacks Collision Replay Disruption Attacks Jamming RFID Threats Eavesdropping Cloning Integrity Attacks Spoofing Tracking Desynchronization Virus Taxonomy Model

8. Disruption Attacks • Collision Attack • Used with another ID • Simple to implement, easy to fix • Replay Attack • Used with one ID • Easy to prevent • RF Jamming Attack • Requires special equipment • Harder to prevent, can lead to bigger attacks

9. Integrity Attacks • Eavesdropping • Not exactly an attack • Leads into most attacks • Cloning • Moderate difficulty • Makes a complete copy • Pushes into Spoofing • Spoofing • Can be easy to implement • Defense is heavily based on the user • Tracking • Attack on Privacy • Implementation depends on user’s knowledge • Desynchronization • Difficult to implement • Invalidates tags • Virus • Limited memory on tag • Difficult to implement

10. Questions?