Home    Research    People    Publications    Contact

 Sensing-Enabled RFID Security and Privacy -- A SAFE PROJECT

Passive RFID (Radio Frequency IDenti cation) tags are miniaturized devices that enable automated identification in numerous applications and circumstances (e.g., access cards, contacless credit cards, e-passports and medical implants). However, due to the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise due to the tag's promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading. Information (might simply be a plain identifier) gleaned from a RFID tag can be used to track the owner of the tag, or be utilized to clone the tag so that an adversary can impersonate the tag's owner. Promiscuous tag response also incites different forms of relay attacks whereby a malicious colluding pair, relaying messages between a tag and a reader, can successfully impersonate the tag without actually possessing it. The feasibility of executing relay attacks has been demonstrated on many RFID deployments, including the Chip-and-PIN credit card system, RFID-assisted voting system, and keyless entry and start car key system.

Providing security and privacy services for RFID tags presents a unique and formidable set of challenges. This is due to the constraints of these tags in terms of computation, memory, and power resources. The problem is exacerbated by the very strict and somewhat unusual requirements of RFID applications (originally geared for automation) in terms of usability. Consequently, currently deployed or proposed solutions often fail to meet these constraints and requirements.

Recent technological advancements enable many RFID tags with sensing capabilities. This new generation of RFID devices - supporting sensing, computation, and RFID communication - can facilitate numerous promising applications for ubiquitous sensing and computation. They also suggest new ways of providing security and privacy services by leveraging the unique properties of physical environment or physical status of the tag (or its owner). This project aims at providing context-/situation-aware security and privacy solutions for different RFID applications in terms of not only efficiency and security, but also usability, by utilizing sensors and sensing technologies.

This project is partially supported by the NSF grant CNS-1153573.
NSF Logo
Publications
   
   

  1. D. Ma, Nitesh Saxena, T. Xiang, and Y. Zhu.  Location-aware and safer cards: enhancing RFID security and privacy via location sensing. IEEE Transactions on Distributed and Secure Computing (TDSC), accepted, to appear.  [PDF]

  2. H. Li, D. Ma, N. Saxena, B. Shrestha, and Y. Zhu. Tap-Wave-Rub: Lightweight Malware Prevention for Smartphones using Intuitive Human Gestures. ACM Conference on Wireless Network Security (WiSec), Apr. 2013. [PDF]

  3. T. Halevi, Di Ma, N. Saxena, and T. Xiang. Secure proximity detection for NFC devices based on ambient sensor data. European Symposium on Security and Privacy (ESORICS). Sept. 2012.  [PDF]

  4. Di Ma and Nitesh Saxena. Towards sensing-enabled RFID security and privacy. Security and Trends in Wireless Identification and Sensing Platform Tags: Advancements in RFID. IGI Global. Aug. 2012. 

  5. D. Ma, A. K. Prasad, N. Saxena, and T. Xiang. Location-Aware and Safe Card: Enhancing RFID Security and Privacy via Location Sensing. ACM Conference on Wireless Network Security (WiSec), April 2012.  [PDF]

  6. T. Halevi, S. Lin, D. Ma, A. K. Prasad, N. Saxena, J. Voris, and T. Xiang. Sensing-enabled Defenses to RFID Unauthorized Reading and Relay Attacks without Changing the Usage Model. International Conference on Pervasive Computing and Communications (PerCom), March 2012.  [PDF]

  7. Di Ma and Nitesh Saxena. A context-aware approach to defend against unauthorized reading and relay attacks in RFID systems. Security and Communication Networks. DOI: 10.1002/sec.404, Nov. 2011.  [PDF]

  8. Di Ma and Anudath K Prasad. A context-aware approach for enhanced security and privacy in RFID electronic toll collection system.5th Workshop on Wireless Mesh and Ad Hoc NetwWiMAN), in conjunction with IEEE International Conference on Computer Communication Networks (ICCCN), Hawaii, Aug. 2011.