Abstract:Radio Frequency Identification (RFID) systems are among the most widespread computing technologies with technical potential and profitable opportunities in numerous applications worldwide. Further, RFID is the core technology behind the Internet of Things (IoT), which can accomplish the real-time transmission of information between objects without manual operation. However, RFID security has been taken for granted for several years, causing multiple vulnerabilities that can even damage human functionalities. The latest ISO/IEC 18000-63:2015 standard concerning RFID dates to 2015, and much freedom has been given to manufacturers responsible for making their devices secure. The lack of a substantial standard for devices that implement RFID technology creates many vulnerabilities that expose end-users to elevated risk. Hence, this paper gives the reader a clear overview of the technology, and it analyzes 23 well-known RFID attacks such as Reverse Engineering, Buffer Overflow, Eavesdropping, and Malware. Moreover, given the exceptional capabilities and utilities of RFID devices, this paper has focused on security measures and defenses for protecting them, such as Active Jamming, Shielding tag, and Authentication.

What problem does this paper attempt to address?

This paper aims to solve the security and privacy problems existing in RFID (Radio Frequency Identification) technology. Specifically, the paper attempts to solve the following problems: 1. **Insufficient security of RFID systems**: - The paper points out that although RFID technology is widely used in many fields, its security has long been ignored, resulting in various vulnerabilities and potential threats. - The lack of unified security standards gives manufacturers greater freedom in designing and producing RFID devices, thus reducing the security of the devices. 2. **Classification and analysis of RFID attacks**: - The paper describes in detail 23 known RFID attack methods, such as reverse engineering, buffer overflow, eavesdropping, and malware. - These attacks can be divided into multiple levels such as the physical layer, network transmission layer, application layer, middleware layer, and strategic layer, and each attack has its specific target and method. 3. **RFID security measures and defense mechanisms**: - In order to deal with the above threats, the paper proposes a variety of security measures and defense mechanisms, including but not limited to: - **Sleep and destroy tags**: Make the tag invalid by sending a specific command to protect consumer privacy. - **Shield tags**: Use a Faraday cage or active jamming to isolate the tag and prevent unauthorized reading. - **Block tags**: Create a jamming signal to prevent the reader from reading the tag data within a specific range. - **Pseudonym tags**: Use multiple pseudonyms in turn as tag identifiers to increase the difficulty of tracking. - **Proxy privacy devices**: Users carry their own privacy - protecting devices instead of relying on public readers. - **Authentication**: Conduct two - way authentication through shared keys and pseudo - random functions (PRF) to ensure communication security. 4. **Standardization and guidelines**: - The paper also mentions the security guidelines for RFID systems designed by the National Institute of Standards and Technology (NIST) in the United States, which cover control measures in three aspects: management, operation, and technology. In summary, by comprehensively analyzing the security threats of RFID technology and proposing corresponding defense measures, this paper aims to improve the security of RFID systems and ensure their reliable application in various fields.

RFID Exploitation and Countermeasures

Implementation Issues and Countermeasures Facing RFID Applications in Libraries

Attacks on and Countermeasures for Two RFID Protocols

Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications

You Can Clone but You Cannot Hide: A Survey of Clone Prevention and Detection for RFID

Radio frequency identification: technologies, applications, and research issues

Experimental Analysis of an RFID Security Protocol

Ubiquitous Rfid: Where Are We?

Preventing Unauthorized Access on Passive Tags

Session-based Security Enhancement of RFID Systems for Emerging Open-Loop Applications

An authentication approach to enhance RFID security

Radio frequency identification technology: applications, technical challenges and strategies

A Review of RFID Sensors, the New Frontier of Internet of Things

Data Exfiltration via Multipurpose RFID Cards and Countermeasures

Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks

Technical Analysis of Security Infrastructure in RFID Technology

Security Modeling for RFID Tag and Safety Improvement of EPC C1G2 Protocol

Defense against impersonating attackers: An efficient RFID mutual authentication protocol based on standard

A scheme to enhance security of RFID middleware

Shedding Light on RFID Distance Bounding Protocols and Terrorist Fraud Attacks

Reverse Engineering of RFID devices