A Framework for Assessing RFID System Security and Privacy Risks

Radio Frequency Identification (RFID) is a technology for automatic identification of physical objects based on radio waves. RFID systems have been developing rapidly over the last few years and have already proven their benefits in many application domains; however they also raise serious privacy and security concerns. In this paper we present a brief review of the main threats to RFID systems and propose a methodology for the qualitative evaluation of the risk level for application domains, using three criteria: (a) the range of the system's deployment (from local networks to global, cross-platform functionality); (b) the type of link between the RFID tag and identity-related data (from systems with no link possible between RFID tags and people to RFID implants) and (c) the demand for security which is related to the size of the potential damage and to the level of motivation of potential attackers. We present a taxonomy of some of the existing RFID applications based on these criteria and discuss the most critical ones.

ROTTER Pawel; 

2008-04-15

IEEE COMPUTER SOC

JRC40240

1536-1268,   

http://csdl2.computer.org/persagen/DLAbsToc.jsp?resourcePath=/dl/mags/pc/&toc=comp/mags/pc/2008/02/mpc02toc.xml&DOI=10.1109/MPRV.2008.22,    https://publications.jrc.ec.europa.eu/repository/handle/JRC40240,   

10.1109/MPRV.2008.22,