1University of Luxembourg [Luxembourg] (Campus Kirchberg
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Campus de Limpertsberg
162a, avenue de la Faïencerie
L-1511 Luxembourg
Campus de Belval
2, avenue de l'Université
L-4365 Esch-sur-Alzette - Luxembourg)
Abstract : We present a taxonomy of attacks on user untraceability in RFID systems. In particular, we consider RFID systems in terms of a layered model comprising a physical layer, a communication layer, and an application layer. We classify the attacks on untraceability according to their layer and discuss their applicability.Our classification includes two new attacks. We first present an attack on the RFID protocol by Kim et al. targeting the communication-layer. We then show how an attacker could perform an application-layer attack on the public transportation system in Luxembourg.Finally, we show that even if all of his tags are untraceable a person may not be untraceable. We do this by exhibiting a realistic scenario in which the attacker uses the RFID profile of a person to trace him.
https://hal.inria.fr/hal-01559457 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Monday, July 10, 2017 - 4:49:26 PM Last modification on : Friday, November 8, 2019 - 3:06:02 PM Long-term archiving on: : Wednesday, January 24, 2018 - 4:25:14 PM
Ton Van Deursen. 50 Ways to Break RFID Privacy. 6th International Summer School (ISS), Aug 2010, Helsingborg, Sweden. pp.192-205, ⟨10.1007/978-3-642-20769-3_16⟩. ⟨hal-01559457⟩