The "Air Interface" for RFID is the most common interface we think of when evaluating RFID technology. It is the communication that occurs between the tag and the reader. Since I am putting together a presentation on RFID security, I thought this list of potential attacks within the air interface would be useful (note that this isn’t the only place to attack an RFID system):
Passive Attacks
-
Sniff backscatter data (tag to reader)
-
Sniff reader communications – PingID
Reader to Tag Attacks
-
Actively read tags – ScrollAllID, ScrollID, PingID.
-
Reprogram tags – read (verifyID); write (programID); delete (eraseID).
-
“Label Shut Up” – issue persistent “Quiet” command.
-
“Label Chatter” – elicit ongoing responses.
-
Label Killer – issue “Kill” command.
Tag to Reader Attacks
-
Label Impersonation – emulate non-existent or stolen label.
-
RFID Injection – insert new labels (real or emulated) into reading area.
-
RFID Overflow – “blocker” tag poisoning of reader.
Hope this whets your whistle for my talk on RFID Security at InfoSec World 2005.