How to Cheat at Deploying and Securing RFID

How to Cheat at Deploying and Securing RFID

by Frank Thornton, Paul Sanghera
Released April 2011
Publisher(s): Syngress
ISBN: 9780080556895

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

RFID is a method of remotely storing and receiving data using devices called RFID tags. RFID tags can be small adhesive stickers containing antennas that receive and respond to transmissions from RFID transmitters. RFID tags are used to identify and track everything from Exxon EZ pass to dogs to beer kegs to library books.

Major companies and countries around the world are adopting or considering whether to adopt RFID technologies. Visa and Wells Fargo are currently running tests with RFID, airports around the world are using RFID to track cargo and run customs departments, universities such as Slippery Rock are providing RFID-enabled cell phones for students to use for campus charges. According to the July 9 CNET article, RFID Tags: Big Brother in Small Packages?, "You should become familiar with RFID technology because you'll be hearing much more about it soon. Retailers adore the concept, and CNET News.com's own Alorie Gilbert wrote last week about how Wal-Mart and the U.K.-based grocery chain Tesco are starting to install "smart shelves" with networked RFID readers. In what will become the largest test of the technology, consumer goods giant Gillette recently said it would purchase 500 million RFID tags from Alien Technology of Morgan Hill, CA."

For security professionals needing to get up and running fast with the topic of RFID, this How to Cheat approach to the topic is the perfect "just what you need to know" book!

* For most business organizations, adopting RFID is a matter of when
* The RFID services market is expected to reach $4 billion by 2008
* Covers vulnerabilities and personal privacy--topics identified by major companies as key RFID issues

Table of contents

  1. Copyright
  2. Technical Editors
  3. Contributing Authors
  4. 1. Physics, Math, and RFID: Mind the Gap
    1. Introduction
    2. Some Bare-Bones Physics Concepts
    3. Understanding Electricity
    4. Understanding Magnetism
    5. Understanding Electromagnetism
      1. Electromagnetic Waves
      2. Types of Electromagnetic Waves
      3. The Electromagnetic Spectrum
    6. The Mathematics of RFID
      1. Scientific Notation
      2. Logarithms
      3. Decibel
      4. Units
    7. An Overview of RFID: How It Works
    8. Summary
  5. 2. The Physics of RFID
    1. Introduction
    2. Understanding Radio Frequency Communication
      1. Elements of Radio Frequency Communication
      2. Modulation: Don’t Leave Antenna Without It
        1. The Propagation Problem
        2. The Transmission Problem
      3. Frequency Bands in Modulation
    3. Understanding Modulation Types
      1. Amplitude Modulation and Amplitude Shift Keying
      2. Frequency Modulation and Frequency Shift Keying
      3. Phase Modulation and Phase Shift Keying
      4. On-Off Keying (OOK)
    4. RFID Communication Techniques
      1. Communication Through Coupling
      2. Communication Through Backscattering
    5. Understanding Performance Characteristics of an RFID System
      1. Cable Loss
      2. Impedance
      3. The Voltage Standing Wave Ratio
      4. Noise
      5. Beamwidth
      6. Directivity
      7. Antenna Gain
      8. Polarization
      9. Resonance Frequency
    6. Performing Antenna Power Calculations
      1. Effective Radiated Power
        1. Power Density
        2. Link Margin
    7. The Travel Adventures of RF Waves
      1. Absorption
      2. Attenuation
      3. Dielectric Effects
      4. Diffraction
      5. Free Space Loss
      6. Interference
      7. Reflection
      8. Refraction
      9. Scattering
    8. Summary
    9. Key Terms
  6. 3. Working with RFID Tags
    1. Introduction
    2. Understanding Tags
      1. Components of a Tag
      2. Tag Size
    3. Operating Tag Frequencies
    4. Understanding Tag Types
      1. Passive Tags
      2. Semipassive Tags
      3. Active Tags
    5. Tag Classification
      1. Class 0 Tags
      2. Class 1 Tags
      3. Class 2 Tags
      4. Class 3 Tags
      5. Class 4 Tags
      6. Class 5 Tags
    6. Read Ranges of Tags
    7. Labeling and Placing a Tag
      1. Labeling a Tag
        1. Inlay
        2. Insert
        3. Smart Labels
        4. Pressure-Sensitive Labels
        5. RFID-Enabled Tickets
        6. Tie-On Tags
      2. Selecting Adhesive Types for Tags
      3. Placing a Tag
        1. Shadowing
        2. Tag Placement and Orientation
        3. Polarization and Orientation
        4. Orientation in Inductive Coupling
    8. Summary
    9. Key Terms
  7. 4. Working with Interrogation Zones
    1. Introduction
    2. Understanding an Interrogator
      1. What an Interrogator Is Made Of
      2. Interrogator Types
        1. Fixed-Mount Interrogators
        2. Handheld Interrogators
        3. Vehicle-Mount Interrogators
      3. What an Interrogator Is Good For
        1. Communication With the Host Computer
        2. Communication With the Tags
        3. Operational Capabilities
      4. Communicating With the Host
        1. Serial Connections
        2. Network Connections
    3. Dealing With Dense Environments
      1. Understanding Collisions
        1. Reader Collisions
        2. Tag Collisions
      2. Anticollision Protocols
        1. Aloha-Based Protocols
        2. Tree-Based Protocols
    4. Configuring Interrogation Zones
      1. Configuring Interrogator Commands
      2. Configuring Interrogator Settings
    5. Optimizing Interrogation Zones
      1. The Network Factor
        1. Operation Mode
        2. Reader-to-Reader Interference
        3. System Performance and Tuning
        4. The Tag Travel Speed
    6. Summary
    7. Key Terms
  8. 5. Working with Regulations and Standards
    1. Introduction
    2. Understanding Regulations and Standards
      1. Regulations
      2. Standards
    3. Regulating Frequency Usage
      1. The Regulatory Regions
      2. Safety Regulations
    4. RFID Standards
      1. ISO Standards
      2. EPCglobal Standards
      3. Air Interface and Tag Data Standards
        1. Tag Data Standards
        2. Air Interface Protocols
    5. Impact of Regulations and Standards
      1. Advantages of Regulations
      2. Advantages of Standards
      3. Disadvantages of Regulations and Standards
    6. Regulatory and Standards Bodies
    7. Summary
    8. Key Terms
  9. 6. Selecting the RFID System Design
    1. Introduction
    2. Understanding RFID Frequency Ranges
    3. RFID Frequency Ranges and Performance
      1. The Low-Frequency (LF) Range
      2. The High-Frequency (HF) Range
      3. Ultra High Frequency (UHF) Range
      4. The Microwave Range
    4. Selecting Operating Frequency
    5. Selecting Tags
      1. Kinds of Tag
      2. Tag Types
      3. Tag Classes
      4. Operating Frequency
      5. Read Performance
      6. Data Capacity
      7. Tag Form and Size
      8. Environmental Conditions
      9. Standards Compliance
    6. Selecting Readers
      1. Reader Types
      2. Ability to Upgrade
      3. Installation Issues
      4. Legal Requirements
      5. Manageability
      6. Quantity
      7. Ruggedness
    7. Working With Antennas
      1. Understanding Antenna Types
        1. Dipole Antennas
        2. Monopole Antennas
        3. Linearly Polarized Antenna
        4. Circularly Polarized Antennas
        5. Omnidirectional Antennas
        6. Helical Antennas
      2. Selecting Antennas
    8. Selecting Transmission Lines
      1. Impedance
      2. Cable Length and Loss
      3. Transmission Line Types
    9. Mounting Equipment for RFID Systems
      1. Conveyors
      2. Dock Doors
      3. Forklifts
      4. Stretch Wrap Stations
      5. Point-of-Sale Systems
      6. Smart Shelf
    10. Summary
    11. Key Terms
  10. 7. Performing Site Analysis
    1. Introduction
    2. Planning the Site Analysis
      1. Plan the Steps Ahead
      2. Understanding Blueprints
    3. Performing a Physical Environmental Analysis
      1. Harsh Environmental Conditions
      2. Physical Obstructions
      3. Metallic Material
      4. Packaging
      5. Cabling
      6. Electrostatic Discharge
    4. Performing an RF Environmental Analysis
      1. Planning a Site Survey
      2. Determining the Ambient EM Noise
      3. Analyzing the Electrical Environmental Conditions
      4. Protecting the RFID System from Interference and Noise
    5. Preparing Your Own Blueprints
      1. Let the Experiment Begin
      2. Using the Results of Your Experiment
    6. Summary
    7. Key Terms
  11. 8. Performing Installation
    1. Introduction
    2. Preparing for Installation
      1. Putting Together an RFID Solution
      2. Considering Power Sources
        1. Batteries
        2. Power Supply Units
        3. Uninterruptible Power Supplies
        4. Power Over Ethernet
      3. The Standard Installation Process and Practices
        1. Design Selection
        2. Site Analysis
        3. Installation Tasks
        4. System Management
        5. The Tag Thing
    3. Installing Hardware
      1. Installing Readers
      2. Installing Antennas
      3. Installing Cables
      4. Testing During Installation
        1. Interrogation Zone Tests
        2. Unit Tests
        3. Application Integration Tests
        4. System Tests
    4. Ensuring Safety
      1. Equipment Safety from the Environment
      2. Electrostatic Discharge
      3. Grounding
      4. Ground Loops
      5. Safety Regulations
    5. Working With Various Installation Scenarios
      1. Setting Up Stationary Portals
        1. Setting Up a Conveyor Portal
        2. Setting Up a Dock Door Portal
        3. Setting Up a Shelf Portal
      2. Setting Up Mobile Portals
        1. Handheld Interrogator Portals
        2. Mobile-Mount Portals
    6. Summary
    7. Key Terms
  12. 9. Working With RFID Peripherals
    1. Introduction
    2. Smart Labels: Where RFID Meets Barcode
    3. Working With RFID Printers
      1. Understanding RFID Printers
      2. Installing the RFID Printer
      3. Configuring the RFID Printer
      4. Troubleshooting the RFID Printer
    4. Understanding Ancillary Devices and Concepts
      1. Encoders and Label Applicators
        1. RFID Printer Encoders
        2. Automated Label Applicators
          1. Pneumatic Piston Label Applicators
          2. Wipe-On Label Applicators
      2. Feedback Systems
        1. Photo Eyes
        2. Light Trees
        3. Horns
        4. Motion Sensors
    5. Real-Time Location Systems
    6. Summary
    7. Key Terms
  13. 10. Monitoring and Troubleshooting RFID Systems
    1. Introduction
    2. Monitoring an RFID System
      1. Understanding Root-Cause Analysis
      2. Understanding Monitoring
        1. Status Monitoring
        2. Performance Monitoring
    3. Monitoring and Troubleshooting Interrogation Zones
      1. Mean Time Between Failures (MTBF)
      2. Average Tag Traffic Volume
      3. Actual Versus Predicted Traffic Rate
      4. Read Errors to Total Reads Rate
      5. Read Error Change Rate
    4. Monitoring and Troubleshooting Tags
      1. Identifying Improperly Tagged Items
      2. Identifying Reasons for Tag Failures
      3. Managing Tag Failures
        1. Management Prior to Applying Tags
        2. Management During Application
        3. Management After Applying the Tags/During Tracking
    5. Monitoring and Troubleshooting Hardware
      1. Understanding the Causes of Hardware Failures
      2. Diagnosing RFID Hardware Failures
      3. Standard Troubleshooting Procedure
    6. Summary
    7. Key Terms
  14. 11. Threat and Target Identification
    1. Introduction
    2. Attack Objectives
      1. Radio Frequency Manipulation
        1. Spoofing
        2. Insert
        3. Replay
        4. DOS
      2. Manipulating Tag Data
      3. Middleware
      4. Backend
    3. Blended Attacks
    4. Summary
  15. 12. RFID Attacks: Tag Encoding Attacks
    1. Introduction
    2. Case Study: John Hopkins vs. SpeedPass
    3. The SpeedPass
      1. Breaking the SpeedPass
      2. The Johns Hopkins Attack
        1. Lessons to Learn
    4. Summary
  16. 13. RFID Attacks: Tag Application Attacks
    1. MIM
    2. Chip Clones - Fraud and Theft
    3. Tracking: Passports/Clothing
      1. Passports
    4. Chip Cloning > Fraud
    5. Disruption
    6. Summary
  17. 14. RFID Attacks: Securing Communications Using RFID Middleware
    1. RFID Middleware Introduction
      1. Electronic Product Code System Network Architecture
      2. EPC Network Software Architecture Components
        1. Readers
        2. RFID Middleware
        3. EPC Information Service
      3. Object Name Service
      4. ONS Local Cache
      5. EPC Network Data Standards
        1. EPC
        2. PML
      6. RFID Middleware Overview
      7. Reader Layer—Operational Overview
        1. Smoothing and Event Generation Stage
        2. Event Filter Stage
        3. Report Buffer Stage
      8. Interactions with Wireless LANs
      9. 802.11 WLAN
    2. Attacking Middleware with the Air Interface
    3. Understanding Security Fundamentals and Principles of Protection
      1. Understanding PKIs and Wireless Networking
      2. Understanding the Role of Encryption in RFID Middleware
        1. Overview of Cryptography
      3. Symmetric Ciphers
        1. Asymmetric Ciphers
        2. Elliptic Curve Ciphers
      4. Understanding How a Digital Signature Works
        1. Basic Digital Signature and Authentication Concepts
        2. Why a Signature Is Not a MAC
        3. Public and Private Keys
        4. Why a Signature Binds Someone to a Document
        5. Learning the W3C XML Digital Signature
        6. Applying XML Digital Signatures to Security
        7. Using Advanced Encryption Standard for Encrypting RFID Data Streams
        8. Addressing Common Risks and Threats
      5. Experiencing Loss of Data
        1. Loss of Data Scenario
      6. The Weaknesses in WEP
      7. Criticisms of the Overall Design
      8. Weaknesses in the Encryption Algorithm
      9. Weaknesses in Key Management
    4. Securing RFID Data Using Middleware
      1. Fields
    5. Using DES in RFID Middleware for Robust Encryption
    6. Using Stateful Inspection in the Application Layer Gateway For Monitoring RFID Data Streams
      1. Application Layer Gateway
    7. Providing Bulletproof Security Using Discovery, Resolution, and Trust Services in AdaptLink™
      1. Discovery Service
      2. Resolution, ONS, and the EPC Repository
        1. EPC Trust Services
    8. Summary
  18. 15. RFID Security: Attacking the Backend
    1. Introduction
    2. Overview of Backend Systems
    3. Data Attacks
      1. Data Flooding
        1. Problem 1
        2. Solution 1
        3. Problem 2
        4. Solution 2
      2. Purposeful Tag Duplication
        1. Problem
        2. Solution
      3. Spurious Events
        1. Problem
        2. Solution
      4. Readability Rates
        1. Problem
        2. Solution
    4. Virus Attacks
      1. Problem 1 (Database Components)
      2. Problem 2 (Web-based Components)
      3. Problem 3 (Web-based Components)
        1. Solution 1
      4. Problem 4 (Buffer Overflow)
        1. Solution 4
    5. RFID Data Collection Tool - Backend Communication Attacks
      1. MIM Attack
      2. Application Layer Attack
        1. Solution
      3. TCP Replay Attack
        1. Solution
    6. Attacks on ONS
      1. Known Threats to DNS/ONS
      2. ONS and Confidentiality
      3. ONS and Integrity
      4. ONS and Authorization
      5. ONS and Authentication
        1. Mitigation Attempts
    7. Summary
  19. 16. Management of RFID Security
    1. Introduction
    2. Risk and Vulnerability Assessment
    3. Risk Management
    4. Threat Management
    5. Summary

Product information

  • Title: How to Cheat at Deploying and Securing RFID
  • Author(s): Frank Thornton, Paul Sanghera
  • Release date: April 2011
  • Publisher(s): Syngress
  • ISBN: 9780080556895