Context-aware defenses to RFID unauthorized reading and relay attacks

Abstract

Many RFID tags store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking, or impersonation. RFID tags are also susceptible to different forms of relay attacks. This paper presents novel sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without necessitating any changes to the traditional RFID usage model. Specifically, this paper proposes the use of cyber-physical interfaces, on-board tag sensors, to (automatically) acquire useful contextual information about the tag's environment (or its owner, or the tag itself). First, such context recognition is leveraged for the purpose of selective tag unlocking-the tag will respond selectively to reader interrogations. In particular, novel mechanisms based on an owner's posture recognition are presented. Second, context recognition is used as a basis for transaction verification in order to provide protection against a severe form of relay attacks involving malicious RFID readers. A new mechanism is developed that can determine the proximity between a valid tag and a valid reader by correlating certain (specifically audio) sensor data extracted from the two devices. Our evaluation of the proposed mechanisms demonstrate their feasibility in significantly raising the bar against RFID attacks.