BSI PD CEN/TR 16670:2014

$215.11

Information technology. RFID threat and vulnerability analysis

Published By	Publication Date	Number of Pages
BSI	2014	74

Guaranteed Safe Checkout

Categories: 35.240.60 - IT applications in transport, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

The scope of the Technical Report is to consider the threats and vulnerabilities associated with specific characteristics of RFID technology in a system comprising:

the air interface protocol covering all the common frequencies;
the tag including model variants within a technology;
the interrogator features for processing the air interface;
the interrogator interface to the application.

The Technical Report addresses specific RFID technologies as defined by their air interface specifications. The threats, vulnerabilities, and mitigating methods are presented as a toolkit, enabling the specific characteristics of the RFID technology being used in an application to be taken into consideration. While the focus is on specifications that are standardized, the feature analysis can also be applied to proprietary RFID technologies. This should be possible because some features are common to more than one standardized technology, and it should be possible to map these to proprietary technologies.

Although this Technical Report may be used by any operator, even for a small system, the technical details are better considered by others. In particular the document should be a tool used by RFID system integrators, to improve security aspects using a privacy by design approach. As such it is also highly relevant to operators that are not SME’s, and to industry bodies representing SME members.

PDF Catalog

PDF Pages	PDF Title
4	Contents Page
6	Foreword
7	Introduction
8	1 Scope 2 Terms and definitions
11	3 Symbols and abbreviations
12	4 Threats and Attack scenarios 4.1 Introduction
13	Figure 1 — Penetration Testing Framework: a proposed pictorial representation 4.2 Attacks to an RFID System with a Fake Reader Figure 2 — FR used as interferer
14	Figure 3 — FR used to eavesdrop RT’s signal 4.3 Attacks to a RFID system with a Fake Tag Figure 4 — Attack performed by a FT 4.4 Attacks to a RFID system with a Fake Reader and a Fake Tag
15	Figure 5 — Creating a cloned tag Figure 6 — Relay attack 4.5 Attack to a Real Tag with a Fake Reader and a Fake Tag 4.6 Attack to a Real Tag with a Fake Reader Figure 7 — Unauthorised tag activation 4.7 Attack to a Real Reader with a Fake Tag
16	Figure 8 — Use of unauthorised tag with Real Reader 5 Vulnerabilities 5.1 Introduction 5.2 Denial of service 5.3 Eavesdropping
17	5.4 Man in the Middle 6 Mitigation measures 6.1 Introduction 6.2 Mitigation measures for secured RFID Devices 6.2.1 Mitigation measures for tags 6.2.2 Mitigation measures for readers 6.2.3 Mitigation measures for the Air Interface Protocol 6.3 Mitigation measures against attacks 6.3.1 Introduction 6.3.2 Eavesdropping 6.3.3 Skimming
18	6.3.4 Relay attack 6.3.5 Denial of Service 7 Conclusions
20	Annex A (informative) Attack scenarios A.1 Amusement parks takes visitors to RFID-land A.1.1 Introduction A.1.2 Threat scenarios
21	A.1.3 DPP objectives of relevance A.1.4 Security objectives of relevance
22	A.1.5 Privacy objectives of relevance A.2 Purpose of Use and Consent A.2.1 Purpose 1
23	Figure A.1 — Athletic shoe A.2.2 Purpose 2 (with explicit consent) A.2.3 Purpose 3 (with no explicit consent
24	Figure A.2 — Screens A.3 Multi-tag and purpose RFID environment for Healthcare A.3.1 Scenario description – Emergency A.3.2 The hospital RFID environment
25	Figure A.3 — RFID enabled Bed A.3.3 Arrival at the hospital Figure A.4 — Implanted Pacemaker
26	A.3.4 Treatment at the hospital A.3.5 The value of the drug prescribed A.3.6 Returning home Figure A.5 — Drugs cabinet A.3.7 The home RFID environment
27	A.3.8 Drug repeat prescription and out of date drug recycling Figure A.6— Out of date drugs
28	Annex B Original Test Set ups and Results B.1 Test Area B.2 Equipment
29	B.3 Overview of the Tests B.3.1 Introduction B.3.2 Range tests B.3.3 Write Tests B.3.4 Illicit Reading
30	B.3.5 Eavesdropping B.3.6 Detection inside buildings B.3.7 Combined EAS/RFID systems B.4 Test procedures and results B.4.1 General
31	Table B.1 — Measurements of noise floor levels
32	B.4.2 Reading range B.4.2.1 Introduction B.4.2.2 Reading range for LF systems Figure B.1 — Measuring reading range at LF
33	Table B.2 — Reading range results for LF tags B.4.2.3 Reading range for HF systems
34	Figure B.2 — Measuring reading range at HF
35	Table B.3 — Reading range results for HF tags
36	B.4.2.4 Reading range for UHF Figure B.3 — Measuring reading range at UHF
37	Table B.4 — Reading range results for UHF tags
38	Table B.5 — Reading range results of the latest integrated circuits manufactured by Impinj
39	B.4.3 Write range B.4.3.1 Introduction B.4.3.2 Write range at LF Figure B.4 — Measuring write range at LF
40	Table B.6 — Tests results
41	B.4.3.3 Write range at LF B.4.3.4 Write range at HF B.4.3.5 Write range at UHF
42	Figure B.5 — Write range equipment at UHF
43	B.4.4 Illicit reading B.4.4.1 Introduction B.4.4.2 Illicit reading of the contents of shopping bags
44	Figure B.6 — Contents of tagged items in shopping bag
45	Figure B.7 — Hand held reader
46	Table B.7 — Analysis of illicit reading of shopping bags B.4.4.3 Containers with pills
47	Figure B.8 — Tagged bottles and box of pills B.4.4.4 Proximity cards
48	B.4.4.5 Airline label tag B.4.4.6 LF tags B.4.5 Eavesdropping B.4.5.1 Introduction
49	B.4.5.2 LF and HF tests Table B.8 — Maximum distances for eavesdropping with LF and HF tags B.4.5.3 Measurements at UHF B.4.6 Detection inside buildings
50	B.4.7 Combined EAS/RFID system B.5 Analysis of results
51	B.6 Conclusions
52	Annex C Additional Test Set ups and Results C.1 Introduction C.2 Scope of tests C.3 Documenting the results C.4 Equipment required for additional tests
53	C.5 Description of tests C.5.1 Activation distance for HF system C.5.1.1 General C.5.1.2 Test set up Figure C.1 — Test setup for Operated Range Test C.5.1.3 Test Procedure
54	C.5.2 Activation distance for UHF system C.5.2.1 Introduction C.5.2.2 Test set up
55	C.5.2.3 Procedure C.5.3 Eavesdropping tests for HF system C.5.3.1 Introduction C.5.3.2 Test set up
56	Figure C.2 — Test set-up for eavesdropping measurement C.5.3.3 Procedure
57	C.5.4 Eavesdropping tests for UHF system C.5.4.1 Introduction C.5.4.2 Test set up C.5.4.3 Procedure
58	C.6 Test results C.6.1 Equipment utilised during the tests C.6.2 Description of Tests C.6.2.1 Introduction C.6.2.2 Measurement of ambient noise
59	C.6.2.3 HF Measurements C.6.2.4 Introduction C.6.2.4.1 General C.6.2.4.2 Interrogator Figure C.3 — Loop antenna for the library system C.6.2.4.3 Tags Figure C.4 — Library tag number 1
60	Figure C.5 — Library Tag number 2 Figure C.6 — Library tag number 3 and 4 Figure C.7 — Library tag number 5
61	Figure C.8 — Label shape dimension 75 by 45 mm C.6.2.4.4 Maximum Activation Range
62	Figure C.9 — Library system with library tag and loop antenna Table C.1 — Activation ranges of tags at HF
63	Figure C.10 — HF Activation distance as function of the field strength @ 10 m distance C.6.2.4.5 Maximum Eavesdropping Range
64	Figure C.11 — Trace of tag response using an active antenna Table C.2 — Maximum ranges for eavesdropping at HF C.6.2.5 Measurements at UHF C.6.2.6 Introduction C.6.2.6.1 General
65	C.6.2.6.2 Interrogator Figure C.12 — Front view of !D Top interrogator with integrated antenna Figure C.13 — Integrated antenna dimensions of the !D Top interrogator Figure C.14 — Antenna dimensions of the !D Top interrogator 112 by 122 mm
66	C.6.2.6.3 Tags Figure C.15 — The two types of retail tag (Type A at top and Type B at bottom) C.6.2.6.4 Maximum activation range
67	Figure C.16 — Photo showing the activation range at max power Table C.3 — Activation ranges measured at UHF
68	Figure C.17 — UHF Activation distance as function of the transmitter power in W e.r.p. C.6.2.6.5 Eavesdropping
69	Figure C.18 — Set-up of equipment for eavesdropping test at UHF
70	Figure C.19 — Eavesdropping test at UHF Figure C.20 — Display on portable receiver
71	C.6.2.7 Discussion C.6.2.8 Conclusion
72	Bibliography

Additional information

Status	Definitive
Pages	74
Publication Date	2014-06-30
ISBN	978 0 580 83895 8
Standard Number	PD CEN/TR 16670:2014
Title	Information technology. RFID threat and vulnerability analysis
Identical National Standard Of	CEN/TR 16670:2014
Descriptors	Interfaces (data processing), Data processing, Crime, Analysis, Radiofrequencies, Tags (data processing)
Publisher	BSI
Committee	IST/34
ICS Codes	35.240.60 - IT applications in transport

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BSI PD CEN/TR 16670:2014

PDF Catalog

Related products