Radio based technologies are subjec

Radio based technologies are subject to various types of attacks as it happens for any technology that utilizes
the wireless communication channels. As a result, RFID systems are subject to attacks that threaten system
security and user privacy. To overcome security and privacy problems, we have to develop protecting
technologies and apply countermeasures that prevent tag misuse. An overview of potential RFID privacy and
security threats is reported in [35]. In eavesdropping, the communication channel is used to secretly monitor data
transmitted between RFID tag and RFID reader. Data can be encrypted, the distance between the tag and the
reader can be limited, and the tag and reader can be shielded during transmission. These techniques can also be used to counter other threats, such as tag cloning and replay attacks. The communication channel can be used by
attackers for tag cloning, where attackers make a duplicate RFID tag with the same functionality with the
original. Tag authentication can be used to prevent tag cloning additional to the other techniques. Replay attacks
are performed when authorized tag carriers’ identities are abused by repeating their authentication sequence.
Attackers use a clone of a legitimate tag or capture the signal and send it again from their own computer.
In relay attacks, a connection is created between a legitimate reader and a victim’s legitimate tag. In order to
counter relay attacks, cryptographic techniques have been developed, such as distance bounding, pairings and
threshold cryptography. These techniques have been integrated into a novel approach, called threshold-based
distance bounding protocol [36], which distributes a user’s private key among various personal devices to
improve security and reliability. For the future, it is reported [36] that “research is needed to develop a practical,
low-cost, dedicated broadcast channel, accessible to all devices”.
Concerning unauthorized tag reading threat, consumers need to be protected from unwanted scanning of RFID
tags on cloths, shoes or other items they possess. EPC Global has designed a “kill switch” in their tags that lets
vendors permanently disable a tag at the point of sale, instead of removing it [37]. This allows the tag to be
embedded into the product. However, many applications require the tags to remain active in purchased goods.
For example, for returned products, for a recall of specific set of products, for recycling, for store-issued coupons
that can be scanned at the checkout counter, for a refrigerator or pantry shelf that need to check expiration date,
for airport tickers that allow tracking of passengers within the airport, etc [38]. A better and low cost solution is
the “blocker tag” that protect items in the hands of consumers, while at the same time permitting unimpeded
reading of tags in commercial environments. As reported in [38], “a blocker tag simulates the full spectrum of
possible serial numbers for tags, thereby obscuring the serial numbers of other tags. The blocker tag effectively
overwhelms this process by forcing it to sweep the full space of all possible tag identifiers, which is extremely
large”.
People tracking, tag content changes, physical tag destructions, blocking and jamming are also listed as
potential security and privacy treats in [35]. Blocking attack is performed by misusing a blocker tag [38], which
causes a denial of service as the reader continuously query tag identifiers that do not exist. Jamming is caused
when attackers generate a radio noise at the same frequency as that of the system.