User Tools

Site Tools

Security issues in RFID

On basic level security for RFID is like anything else. You have to look what it is used for and then try to protect against the normal attacks. There are some distinct limitation on RFID systems that have to be taken into account.

<math> e^2</math>

RFID security threats

Several issues that has to be taken into account when thinking the use of RFID.


RFID tags are used mostly to track different items, when they are going through the logistic systems of consumer markets. The problem is how to prevent unauthorised read and eavesdropping attacks.

?? Unauthorised read
     ::The straight forward solution for this is to authenticate the reader before delivering the data. The RFID limitations make this challenging task, especially on cheaper passive tags.!!
?? Eavesdropping
     ::Instead of trying actively read the data from tag, an adversary may try to eavesdrop the read of legitimate reader !!


An attacker may try to spoof the tag-ID and thus pretend to be a certain item. Secure authentication is required. There are several ways to do spoofing.

?? Replay attack

     :: Attacker reads the tag, stores the value and replays it to the real authorized reader. Effective against protocols not verifying the identity of reader e.g. hash based systems.  !!

Denial of Service

An attacker may try to burden the tag with several read requests, thus blocking read possibilities from legitimate readers. With battery powered tags, this can be used to empty the tags (active tags) or readers battery.

RFID capabilities

RFID tags have several limitations that has to be taken into account when trying to solve the aforementioned problems.

  • Not much computational capability or storage capacity
    • Less than 5000 logical gates available (preferably be close to 1000) (EPC standard leaves 200-2000 gates for security use)
    • one bit storage requires 4 gates
  • short communication range
  • Reader provides the power for passive tags

RFID security solutions


finding out what someone has been shopping, tracking a person by knowing item he is carrying … (Garfinkel, 2005)

?? Tag killing 
  :: Deactivating the tag to prevent it's reading. This can be done with special command or by destroying the tag. 

Problem is that after the tag is killed it cannot be used at all. Thus it is not possible to use the tag for identifying the item for guarantee repairs. Similarly beneficial monitoring like fridge monitoring it contents is not possible if the tag is dead. !!

?? Encryption 
  :: Plain ID encryption is not enough, since encrypted ID can be tracked instead of real ID. Some addiotional tricks are required.  !!
?? Pseudonyms
  :: Adding several identities that are used randomly will put extra burden to the tracker. All the pseudonyms can be retrieved by sending enough ID queries to the tag.Plain ID encryption is not enough, since encrypted ID can be tracked instead of real ID. Some additional tricks are required.  !!

There are several publications that relate to this area. More analysis on the papers at: RFID-publications


<bibtex> @InProceedings{PLSP07,

Author         = {Poschmann, Axel and Leander, Gregor and Schramm, Kai and Paar, Christof},
Title          = {New Light-Weight Crypto Algorithms for RFID},
BookTitle      = {IEEE International Symposium on Circuits and Systems - ISCAS 2007},
Address        = {New Orleans,Louisiana, USA},
URL            = {},
month          = may,
year           = 2007

} </bibtex>

Describes a modified DES called DESL that requires less than 2000 logical gates. Good comparison between different approaches too.



@article{SPPR07, author = {Piramuthu, Selwyn}, title = { Protocols for RFID tag/reader authentication}, journal = {Decision Support Systems}, volume = 43, number = {3, Integrated Decision Support}, month = {April}, year = 2007, pages = {897-914}, URL = {},



A comprehensive analysis on different RFID authentication schemes by Piramuthu.