Abstract:
Radio Frequency IDentification (RFID) technology continues to flourish as an inherent part of virtually every ubiquitous environment. However, it became clear that the public— implying the industry— seriously needs mechanisms emerging the security and privacy issues for increasing RFID applications. This thesis examines security and privacy of RFID authentication protocols and presents three main contributions. First, we show that RFID protocols having unbalanced states for which tag identification is performed in different order of computational complexities are subject to side-channel attacks and do not preserve the RFID privacy. Second, we introduce a timing attack such that if the database querying in tag identification is performed through a static process, RFID protocol is vulnerable to the proposed attack that could easily jeopardize the system’s untraceability criteria. We formulate success probability of our attack and demonstrate its success on some well known protocols. Finally, we analyze security of RFID delegation systems and present an unnoticed security flaw that makes tag impersonation attack possible. To overcome these weakness, we give some possible countermeasures.
