Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications
- URL: http://arxiv.org/abs/2402.03591v1
- Date: Mon, 5 Feb 2024 23:55:46 GMT
- Title: Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications
- Authors: Tiago M. Fernández-Caramés, Paula Fraga-Lamas, Manuel Suárez-Albela, Luis Castedo,
- Abstract summary: This paper presents a review of the most common flaws found in RFID-based IoT systems.
Second, a novel methodology that eases the detection and mitigation of such flaws is presented.
Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it.
- Score: 0.9999629695552193
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The Internet of Things (IoT) is a distributed system of physical objects that requires the seamless integration of hardware (e.g., sensors, actuators, electronics) and network communications in order to collect and exchange data. IoT smart objects need to be somehow identified to determine the origin of the data and to automatically detect the elements around us. One of the best positioned technologies to perform identification is RFID (Radio Frequency Identification), which in the last years has gained a lot of popularity in applications like access control, payment cards or logistics. Despite its popularity, RFID security has not been properly handled in numerous applications. To foster security in such applications, this article includes three main contributions. First, in order to establish the basics, a detailed review of the most common flaws found in RFID-based IoT systems is provided, including the latest attacks described in the literature. Second, a novel methodology that eases the detection and mitigation of such flaws is presented. Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it. Thus, the methodology is tested in different scenarios where tags are commonly used for identification. In such systems it was possible to clone transponders, extract information, and even emulate both tags and readers. Therefore, it is shown that the methodology proposed is useful for auditing security and reverse engineering RFID communications in IoT applications. It must be noted that, although this paper is aimed at fostering RFID communications security in IoT applications, the methodology can be applied to any RFID communications protocol.
Related papers
- Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - IoTScent: Enhancing Forensic Capabilities in Internet of Things Gateways [45.44831696628473]
This paper presents IoTScent, an open-source forensic tool that enables IoT gateways and Home Automation platforms to perform IoT traffic capture and analysis.
IoTScent is specifically designed to operate over IEEE5.4-based traffic, which is the basis for many IoT-specific protocols such as Zigbee, 6LoWPAN and Thread.
This work provides a comprehensive description of the IoTScent tool, including a practical use case that demonstrates the use of the tool to perform device identification from Zigbee traffic.
arXiv Detail & Related papers (2023-10-05T09:10:05Z) - RFID-Assisted Indoor Localization Using Hybrid Wireless Data Fusion [0.5753274939310764]
Wireless localization is essential for tracking objects in indoor environments.
Internet of Things (IoT) enables localization through its diverse wireless communication protocols.
In this paper, a hybrid section-based indoor localization method using a developed Radio Frequency Identification (RFID) tracking device and multiple IoT wireless technologies is proposed.
arXiv Detail & Related papers (2023-07-28T12:02:27Z) - Secure access system using signature verification over tablet PC [62.21072852729544]
We describe a highly versatile and scalable prototype for Web-based secure access using signature verification.
The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
arXiv Detail & Related papers (2023-01-11T11:05:47Z) - Task-Oriented Communications for NextG: End-to-End Deep Learning and AI
Security Aspects [78.84264189471936]
NextG communication systems are beginning to explore shifting this design paradigm to reliably executing a given task such as in task-oriented communications.
Wireless signal classification is considered as the task for the NextG Radio Access Network (RAN), where edge devices collect wireless signals for spectrum awareness and communicate with the NextG base station (gNodeB) that needs to identify the signal label.
Task-oriented communications is considered by jointly training the transmitter, receiver and classifier functionalities as an encoder-decoder pair for the edge device and the gNodeB.
arXiv Detail & Related papers (2022-12-19T17:54:36Z) - The Tags Are Alright: Robust Large-Scale RFID Clone Detection Through
Federated Data-Augmented Radio Fingerprinting [11.03108444237374]
We propose a novel training framework based on federated machine learning (FML) and data augmentation (DAG) to boost the accuracy of RFID clone detection.
To the best of our knowledge, this is the first paper experimentally demonstrating the efficacy of FML and DA on a large device population.
arXiv Detail & Related papers (2021-05-08T10:48:02Z) - Machine Learning for the Detection and Identification of Internet of
Things (IoT) Devices: A Survey [16.3730669259576]
The Internet of Things (IoT) is becoming an indispensable part of everyday life, enabling a variety of emerging services and applications.
The first step in securing the IoT is detecting rogue IoT devices and identifying legitimate ones.
We classify the IoT device identification and detection into four categories: device-specific pattern recognition, Deep Learning enabled device identification, unsupervised device identification, and abnormal device detection.
arXiv Detail & Related papers (2021-01-25T15:51:04Z) - Proof of Authenticity of Logistics Information with Passive RFID Tags
and Blockchain [1.7240671897505613]
We propose a design in which a reader atomically writes an evidence to blockchain along with its reading and writing a tag.
By semi-formal modeling, we confirmed that the confidentiality and integrity of the information can be maintained throughout the system.
This makes it possible to trace authentic logistics information using inexpensive passive RFID tags.
arXiv Detail & Related papers (2020-11-10T22:45:49Z) - Wireless for Machine Learning [91.13476340719087]
We give an exhaustive review of the state-of-the-art wireless methods that are specifically designed to support machine learning services over distributed datasets.
There are two clear themes within the literature, analog over-the-air computation and digital radio resource management optimized for ML.
This survey gives a comprehensive introduction to these methods, reviews the most important works, highlights open problems, and discusses application scenarios.
arXiv Detail & Related papers (2020-08-31T11:09:49Z) - Monitoring Browsing Behavior of Customers in Retail Stores via RFID
Imaging [24.007822566345943]
We propose TagSee, a multi-person imaging system based on monostatic RFID imaging.
We implement TagSee using a Impinj Speedway R420 reader and SMARTRAC DogBone RFID tags.
TagSee can achieve a TPR of more than 90% and a FPR of less than 10% in multi-person scenarios using training data from just 3-4 users.
arXiv Detail & Related papers (2020-07-07T16:36:24Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.