Mutual authentication with malware protection for a RFID system

Radio Frequency Identification (RFID) system is a remote identification technology which is taking the place of barcodes to become electronic tags of an object. However, its radio transmission nature is making it vulnerable in terms of security. Recently, research proposed that an RFID tag can contain malicious code which might spread viruses, worms and other exploits to middleware and back-end systems. This paper is proposing a framework which will provide protection from malware and ensure the data privacy of a tag. The framework will use a sanitization technique with a mutual authentication in the reader level. This will ensure that any malicious code in the tag is identified. If the tag is infected by malicious code it will stop execution of the code in the RFIF system. Here shared unique parameters are used for authentication. It will be capable of protecting an RFID system from denial of service (DOS) attack, forward security and rogue reader better than existing protocols. The framework is introducing a layer concept on a smart reader to reduce coupling between different tasks. Using this framework, the RFID system will be protected from malware and also the privacy of the tag will be ensured.

Smart RFID reader protocol for malware detection

Radio frequency identification (RFID) is a remote identification technique promises to revolutionize the way a specific object use to identify in our industry. However, large scale implementation of RFID sought for protection, against Malware threat, information privacy and un-traceability, for low cost RFID tag. In this paper, we propose a framework to provide privacy for tag data and to provide protection for RFID system from malware. In the proposed framework, malware infected tag is detected by analysing individual component of the RFID tag. It uses sanitization technique for analysing individual component. Here authentication based shared unique parameters is used as a method to protect privacy. This authentication protocol will be capable of handling forward and backward security and identifying rogue reader better than existing protocols. Using this framework, the RFID system will be protected from malware and the privacy of the tag will be ensured as well.

Malware detection and prevention in RFID systems

The threat that malware poses to RFID systems was identified only recently. Fortunately, all currently known RFID malware is based on SQLIA. Therefore, in this chapter we propose a dual pronged, tag based SQLIA detection and prevention method optimized for RFID systems. The first technique is a SQL query matching approach that uses simple string comparisons and provides strong security against a majority of the SQLIA types possible on RFID systems. To provide security against second order SQLIA, which is a major gap in the current literature, we also propose a tag data validation and sanitization technique. The preliminary evaluation of our query matching technique is very promising, showing 100% detection rates and 0% false positives for all attacks other than second order injection.