Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

The Business Case for Attacks Against RFID Applications

The goal of instituting RFID security measures should be to find a balance between an investment in security and the resulting business benefits.
By Lukas Grunwald
Feb 16, 2009These days, companies are employing radio frequency identification to help raise the bar against cloning and counterfeiting. Examples include adding RFID tags to ink cartridges for desktop printers and one-time-use components for medical devices. What do such diverse products have in common? In both cases, the suppliers of these goods generate recurring revenue from selling disposables rather than the devices that utilize them. The disposables have wide adoption in the market place, high profit margins and a potentially low barrier for counterfeiting.

These are the key ingredients providing the ideal breeding ground for criminal activity. When a manufacturer sees noticeable drops in its revenue due to cheaper counterfeits appearing in the marketplace, it often turns to RFID, hoping to prevent such counterfeiting. However, if the company selects an inadequate solution, or implements it poorly, then RFID is of little help.

Let's consider the case of a printer manufacturer selling ink jet printers and matching ink cartridges. As is typical for the industry, the manufacturer does not make money by selling the printers themselves, but rather the ink cartridges. To prevent counterfeiting, the firm attaches RFID labels to every cartridge it ships, and equips every printer with an RFID interrogator. The reader then verifies the data on the tag before printing, in order to prevent the most common type of "attack"—unauthorized refilling of used ink cartridges.

The manufacturer may allow certain authorized partners to make third-party ink cartridges, or to refill original ones. For this purpose, the company could provide new RFID tags for relabeling, or offer a programming station for resetting the original labels to factory settings so the refilled cartridges will operate in RFID-enabled printers. After the RFID system is deployed for a year, however, the company still notices a 12 percent revenue loss due to counterfeit cartridges and refills. What has happened?

One possibility is that the firm chose an inadequate anticounterfeiting technology. For example, the system's security is almost insignificant if it relies entirely on unique tag IDs or tag data that is read-only. In such a situation, information can be copied to another compatible tag that is writeable. In the process, the data can be modified arbitrarily. The original tag can then be replaced with the cloned one to fool the system. If an attacker understands the semantics of the data stored on the tag (figuring out the semantics is often a trivial matter), he can tailor a tag that the printer will accept as genuine. Depending on the implementation, even a "magic" tag may be possible that will always be accepted by the printer and never expire, even after an unauthorized refill.

But let's assume things are not that simple. The company implemented an RFID application in which the system's security relies on a slightly more expensive type of tag with cryptographic features: The tags provide mutual authentication and data encryption. Here, security relies on knowledge of a shared secret key (meaning both the RFID reader and each tag need to know the same secret key). The crypto features make cloning and tampering more difficult to achieve, but a number of things can still go wrong.

For instance, the secret key may still easily be extracted from either the tag or the reader. After obtaining the key, an attacker can produce an unlimited number of clones until the key is revoked (which would likely be impractical if there were a large number of printers in the field and no network access to them). It is a common misconception that key-extraction attacks are purely academic—that the only feasible physical attacks require expensive equipment and considerable expertise, such as the ability to take a chip apart and reverse-engineer its internal circuitry on the lowest possible level using an electron microscope. If that were indeed the case, then the cost for breaking a single tag would, by far, exceed the price of the product it protects.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations