A Practical Experience with RFID Security

Radio-frequency identification (RFID) technologies allow remote identification as well as generic data access using radio waves. It is also commonly used in transportation and other payment systems, e.g., the MIFAREof NXP Semiconductors, one of the most widely deployed contactless smart card standar...

Full description

Saved in:
Bibliographic Details
Main Authors: Chun-Chieh Chen, Inn-Tung Chen, Chen-Mou Cheng, Ming-Yang Chih, Jie-Ren Shih
Format: Conference Proceeding
Language:English
Subjects:
algebra attack
Communication system security
Costs
Cryptographic
Cryptography
Data security
ISO14443
MIFARE Classic
Passive RFID tags
Protection
Radio frequency
Radiofrequency identification
RFID
Road transportation
Security
Smart cards
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Radio-frequency identification (RFID) technologies allow remote identification as well as generic data access using radio waves. It is also commonly used in transportation and other payment systems, e.g., the MIFAREof NXP Semiconductors, one of the most widely deployed contactless smart card standards. Recently, the interest in using RFID for micro payment grows rapidly as users get used to the convenience brought by RFID,and corporations discover that RFID can significantly lower the cost of operation. However, there are security concerns, as many passive RFID technologies do not have adequate cryptographic protection. Furthermore, thecommunication can be eavesdropped by a third party, making RFID particularly vulnerable to all sorts of attacks.In this work, we examine the EasyCard of the Taipei Metro Rapid Transit (MRT) Corporation, a transportation ticketing system based on the MIFARE Classic technology. We capture and analyze the communication between a legitimate reader and an EasyCard using GNURadio, an open-source software-defined radio running on PC. We will share our experiences with EasyCard security and hopefully provide some insights into RFID security inpractice.
ISSN:1551-6245
2375-0324
DOI:10.1109/MDM.2009.71