How to Cheat at Deploying and Securing RFID (eBook)

Front Cover 1
How to Cheat at Deploying and Securing RFID 2
Copyright Page 4
Technical Editors 6
Contributing Authors 7
Contents 10
Chapter 1: Physics, Math, and RFID: Mind the Gap 20
Introduction 21
Some Bare-Bones Physics Concepts 21
Understanding Electricity 23
Understanding Magnetism 25
Understanding Electromagnetism 26
Electromagnetic Waves 27
Types of Electromagnetic Waves 28
The Electromagnetic Spectrum 29
The Mathematics of RFID 30
Scientific Notation 30
Logarithms 31
Decibel 32
Units 33
An Overview of RFID: How It Works 34
Summary 40
Chapter 2: The Physics of RFID 42
Introduction 43
Understanding Radio Frequency Communication 43
Elements of Radio Frequency Communication 43
Modulation: Don't Leave Antenna Without It 45
The Propagation Problem 45
The Transmission Problem 45
Frequency Bands in Modulation 45
Understanding Modulation Types 46
Amplitude Modulation and Amplitude Shift Keying 46
Frequency Modulation and Frequency Shift Keying 49
Phase Modulation and Phase Shift Keying 51
On-Off Keying (OOK) 51
RFID Communication Techniques 52
Communication Through Coupling 52
Communication Through Backscattering 53
Understanding Performance Characteristics of an RFID System 54
Cable Loss 54
Impedance 54
The Voltage Standing Wave Ratio 55
Noise 56
Beamwidth 57
Directivity 58
Antenna Gain 58
Polarization 59
Resonance Frequency 60
Performing Antenna Power Calculations 61
Effective Radiated Power 61
Power Density 61
Link Margin 62
The Travel Adventures of RF Waves 62
Absorption 62
Attenuation 63
Dielectric Effects 63
Diffraction 63
Free Space Loss 63
Interference 64
Reflection 64
Refraction 64
Scattering 65
Summary 67
Key Terms 68
Chapter 3: Working with RFID Tags 70
Introduction 71
Understanding Tags 71
Components of a Tag 71
Tag Size 74
Operating Tag Frequencies 74
Understanding Tag Types 76
Passive Tags 76
Semipassive Tags 77
Active Tags 78
Tag Classification 80
Class 0 Tags 81
Class 1 Tags 82
Class 2 Tags 82
Class 3 Tags 83
Class 4 Tags 83
Class 5 Tags 83
Read Ranges of Tags 85
Labeling and Placing a Tag 86
Labeling a Tag 86
Inlay 87
Insert 87
Smart Labels 87
Pressure-Sensitive Labels 88
RFID-Enabled Tickets 88
Tie-On Tags 88
Selecting Adhesive Types for Tags 89
Placing a Tag 89
Shadowing 90
Tag Placement and Orientation 91
Polarization and Orientation 91
Orientation in Inductive Coupling 92
Summary 93
Key Terms 94
Chapter 4: Working with Interrogation Zones 96
Introduction 97
Understanding an Interrogator 97
What an Interrogator Is Made Of 98
Interrogator Types 98
Fixed-Mount Interrogators 99
Handheld Interrogators 99
Vehicle-Mount Interrogators 100
What an Interrogator Is Good For 100
Communication With the Host Computer 100
Communication With the Tags 101
Operational Capabilities 101
Communicating With the Host 102
Serial Connections 102
Network Connections 103
Dealing With Dense Environments 105
Understanding Collisions 105
Reader Collisions 105
Tag Collisions 106
Anticollision Protocols 106
Aloha-Based Protocols 106
Tree-Based Protocols 107
Configuring Interrogation Zones 107
Configuring Interrogator Commands 108
Configuring Interrogator Settings 110
Optimizing Interrogation Zones 111
The Network Factor 111
Operation Mode 112
Reader-to-Reader Interference 112
System Performance and Tuning 113
The Tag Travel Speed 113
Summary 115
Key Terms 116
Chapter 5: Working with Regulations and Standards 120
Introduction 121
Understanding Regulations and Standards 121
Regulations 121
Standards 121
Regulating Frequency Usage 122
The Regulatory Regions 123
Safety Regulations 124
RFID Standards 126
ISO Standards 126
EPCglobal Standards 127
Air Interface and Tag Data Standards 130
Tag Data Standards 130
Air Interface Protocols 130
Impact of Regulations and Standards 131
Advantages of Regulations 131
Advantages of Standards 131
Disadvantages of Regulations and Standards 132
Regulatory and Standards Bodies 132
Summary 134
Key Terms 135
Chapter 6: Selecting the RFID System Design 138
Introduction 139
Understanding RFID Frequency Ranges 139
RFID Frequency Ranges and Performance 141
The Low-Frequency (LF) Range 142
The High-Frequency (HF) Range 143
Ultra High Frequency (UHF) Range 143
The Microwave Range 144
Selecting Operating Frequency 146
Selecting Tags 147
Kinds of Tag 147
Tag Types 147
Tag Classes 147
Operating Frequency 148
Read Performance 148
Data Capacity 149
Tag Form and Size 149
Environmental Conditions 150
Standards Compliance 150
Selecting Readers 150
Reader Types 150
Ability to Upgrade 151
Installation Issues 151
Legal Requirements 151
Manageability 152
Quantity 152
Ruggedness 152
Working With Antennas 152
Understanding Antenna Types 152
Dipole Antennas 153
Monopole Antennas 154
Linearly Polarized Antenna 154
Circularly Polarized Antennas 155
Omnidirectional Antennas 156
Helical Antennas 156
Selecting Antennas 156
Selecting Transmission Lines 157
Impedance 157
Cable Length and Loss 157
Transmission Line Types 158
Mounting Equipment for RFID Systems 158
Conveyors 159
Dock Doors 160
Forklifts 160
Stretch Wrap Stations 161
Point-of-Sale Systems 161
Smart Shelf 162
Summary 163
Key Terms 164
Chapter 7: Performing Site Analysis 166
Introduction 167
Planning the Site Analysis 167
Plan the Steps Ahead 167
Understanding Blueprints 168
Performing a Physical Environmental Analysis 169
Harsh Environmental Conditions 169
Physical Obstructions 170
Metallic Material 170
Packaging 170
Cabling 170
Electrostatic Discharge 170
Performing an RF Environmental Analysis 171
Planning a Site Survey 172
Determining the Ambient EM Noise 173
Analyzing the Electrical Environmental Conditions 175
Protecting the RFID System from Interference and Noise 175
Preparing Your Own Blueprints 176
Let the Experiment Begin 176
Using the Results of Your Experiment 178
Summary 179
Key Terms 180
Chapter 8: Performing Installation 182
Introduction 183
Preparing for Installation 183
Putting Together an RFID Solution 184
Considering Power Sources 185
Batteries 185
Power Supply Units 186
Uninterruptible Power Supplies 186
Power Over Ethernet 186
The Standard Installation Process and Practices 187
Design Selection 187
Site Analysis 187
Installation Tasks 187
System Management 188
The Tag Thing 189
Installing Hardware 189
Installing Readers 190
Installing Antennas 190
Installing Cables 191
Testing During Installation 191
Interrogation Zone Tests 191
Unit Tests 192
Application Integration Tests 192
System Tests 192
Ensuring Safety 193
Equipment Safety from the Environment 193
Electrostatic Discharge 194
Grounding 195
Ground Loops 196
Safety Regulations 196
Working With Various Installation Scenarios 196
Setting Up Stationary Portals 197
Setting Up a Conveyor Portal 197
Setting Up a Dock Door Portal 199
Setting Up a Shelf Portal 200
Setting Up Mobile Portals 202
Handheld Interrogator Portals 202
Mobile-Mount Portals 202
Summary 204
Key Terms 205
Chapter 9: Working With RFID Peripherals 206
Introduction 207
Smart Labels: Where RFID Meets Barcode 207
Working With RFID Printers 208
Understanding RFID Printers 209
Installing the RFID Printer 212
Configuring the RFID Printer 214
Troubleshooting the RFID Printer 216
Understanding Ancillary Devices and Concepts 220
Encoders and Label Applicators 220
RFID Printer Encoders 220
Automated Label Applicators 221
Pneumatic Piston Label Applicators 221
Wipe-On Label Applicators 222
Feedback Systems 224
Photo Eyes 225
Light Trees 225
Horns 226
Motion Sensors 227
Real-Time Location Systems 227
Summary 230
Key Terms 231
Chapter 10: Monitoring and Troubleshooting RFID Systems 234
Introduction 235
Monitoring an RFID System 235
Understanding Root-Cause Analysis 235
Understanding Monitoring 238
Status Monitoring 238
Performance Monitoring 239
Monitoring and Troubleshooting Interrogation Zones 239
Mean Time Between Failures (MTBF) 239
Average Tag Traffic Volume 240
Actual Versus Predicted Traffic Rate 241
Read Errors to Total Reads Rate 242
Read Error Change Rate 242
Monitoring and Troubleshooting Tags 243
Identifying Improperly Tagged Items 243
Identifying Reasons for Tag Failures 244
Managing Tag Failures 245
Management Prior to Applying Tags 245
Management During Application 246
Management After Applying the Tags/During Tracking 246
Monitoring and Troubleshooting Hardware 247
Understanding the Causes of Hardware Failures 247
Diagnosing RFID Hardware Failures 248
Standard Troubleshooting Procedure 249
Summary 251
Key Terms 252
Chapter 11: Threat and Target Identification 254
Introduction 255
Attack Objectives 255
Radio Frequency Manipulation 256
Spoofing 256
Insert 256
Replay 257
DOS 257
Manipulating Tag Data 257
Middleware 258
Backend 259
Blended Attacks 260
Summary 261
Chapter 12: RFID Attacks: Tag Encoding Attacks 262
Introduction 263
Case Study: John Hopkins vs. SpeedPass 263
The SpeedPass 263
Breaking the SpeedPass 267
The Johns Hopkins Attack 269
Lessons to Learn 272
Summary 275
Chapter 13: RFID Attacks: Tag Application Attacks 276
MIM 277
Chip Clones - Fraud and Theft 277
Tracking: Passports/Clothing 281
Passports 283
Chip Cloning > Fraud
Disruption 287
Summary 288
Chapter 14: RFID Attacks: Securing Communications Using RFID Middleware 290
RFID Middleware Introduction 291
Electronic Product Code System Network Architecture 291
EPC Network Software Architecture Components 291
Readers 291
RFID Middleware 292
EPC Information Service 292
Object Name Service 293
ONS Local Cache 293
EPC Network Data Standards 293
EPC 294
PML 294
RFID Middleware Overview 294
Reader Layer-Operational Overview 296
Smoothing and Event Generation Stage 299
Event Filter Stage 299
Report Buffer Stage 299
Interactions with Wireless LANs 300
802.11 WLAN 300
Attacking Middleware with the Air Interface 302
Understanding Security Fundamentals and Principles of Protection 306
Understanding PKIs and Wireless Networking 306
Understanding the Role of Encryption in RFID Middleware 307
Overview of Cryptography 307
Symmetric Ciphers 308
Asymmetric Ciphers 310
Elliptic Curve Ciphers 311
Understanding How a Digital Signature Works 311
Basic Digital Signature and Authentication Concepts 312
Why a Signature Is Not a MAC 312
Public and Private Keys 312
Why a Signature Binds Someone to a Document 313
Learning the W3C XML Digital Signature 313
Applying XML Digital Signatures to Security 316
Using Advanced Encryption Standard for Encrypting RFID Data Streams 317
Addressing Common Risks and Threats 317
Experiencing Loss of Data 318
Loss of Data Scenario 318
The Weaknesses in WEP 318
Criticisms of the Overall Design 319
Weaknesses in the Encryption Algorithm 319
Weaknesses in Key Management 320
Securing RFID Data Using Middleware 321
Fields: 321
Using DES in RFID Middleware for Robust Encryption 322
Using Stateful Inspection in the Application Layer Gateway For Monitoring RFID Data Streams 324
Application Layer Gateway 324
Providing Bulletproof Security Using Discovery, Resolution, and Trust Services in AdaptLink(tm) 325
Discovery Service 325
Resolution, ONS, and the EPC Repository 326
EPC Trust Services 326
Summary 328
Chapter 15: RFID Security: Attacking the Backend 330
Introduction 331
Overview of Backend Systems 331
Data Attacks 333
Data Flooding 333
Problem 1 333
Solution 1 333
Problem 2 333
Solution 2 333
Purposeful Tag Duplication 334
Problem 334
Solution 334
Spurious Events 334
Problem 334
Solution 334
Readability Rates 334
Problem 334
Solution 335
Virus Attacks 335
Problem 1 (Database Components) 335
Problem 2 (Web-based Components) 335
Problem 3 (Web-based Components) 335
Solution 1 336
Problem 4 (Buffer Overflow) 336
Solution 4 336
RFID Data Collection Tool - Backend Communication Attacks 336
MIM Attack 336
Application Layer Attack 336
Solution 337
TCP Replay Attack 337
Solution 337
Attacks on ONS 337
Known Threats to DNS/ONS 337
ONS and Confidentiality 338
ONS and Integrity 338
ONS and Authorization 338
ONS and Authentication 339
Mitigation Attempts 339
Summary 340
Chapter 16: Management of RFID Security 342
Introduction 343
Risk and Vulnerability Assessment 343
Risk Management 345
Threat Management 347
Summary 350
Index 352