-

97

105

According to the latest research of emerging technologies in the next few decades, an era of fully integrated Future Internet is coming. The Internet of Things (IoT) paradigm will be the one of the leading technologies in the transformation from nowadays Internet into the Future Internet. Many European projects related to IoT were announced this year, such as Horizon 2020. In definition, IoT includes smart objects, machine to machine (M2M) communication, radio frequency (RF) technologies, and a central hub of information. One of the major requirements for IoT is that objects must have a unique identity, which would make them practically addressable when exchanging information. To achieve that, RFID tags can be used. There are three types of RFID tags: active, semi-passive, and passive. Considering their basic characteristics, passive tags are the most suitable to use in IoT. Passive RFID tags can have certain security issues. In this paper, using the STRIDE threat model, potential issues of passive RFID tags are described and discussed, with the currently known guidelines for their elimination.

L. Xie, B. Sheng, Y. Yin, S. Lu, X. Lu, "iFridge: An intelligent fridge for food management based on RFID technology," in Proceedings of UbiComp’13, Zurich, Switzerland, 2013. [Online]. Available: http://www.ubicomp.org/ubicomp2013/adjunct/adjunct/p291.pdf

OWASP Foundation, "OWASP Internet of Things top ten project," 2014. [Online]. Available: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project#tab=OWASP_Internet_of_Things_Top_10_for_2014 [Accessed on November 2014].

D. Shih, C. Lin, B. Lin, "Privacy and sec aspects of RFID tags," 2004. [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.304.9121&rep=rep1&type=pdf [Accessed on November 2014].

X. Jia, Q. Feng, T Fan, Q. Lei, "RFID technology and its applications in Internet of Things (IoT)," in Proceedings of International Conference on Consumer Electronics, Communications and Networks (CECNet), Yichang, pp. 1282–1285, 2012. [Online]. Available: http://dx.doi.org/10.1109/CECNet.2012.6201508

J. Gubbia, R. Buyyab, S. Marusic, M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions," Journal of Future Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, 2013. [Online]. Available: http://dx.doi.org/10.1016/j.future.2013.01.010

S. Bandyopadhyay, M. Sengupta, S. Maiti, S. Dutta, "Role of middleware for Internet of Things: A study," International Journal of Computer Science & Engineering Survey (IJCSES), vol. 2, no. 3, pp. 94–105, 2011. [Online]. Available: http://www.oalib.com/paper/2635746#.VI_k3FlwqUk

OpenIoT, "Open source cloud solution for the Internet of Things," 2014. [Online]. Available: http://openiot.eu/ [Accessed on November 2014].

T. Kavitha, D. Sridharan, "Security vulnerabilities in wireless sensor networks: A survey," Journal of Information Assurance and Security, vol. 5, pp. 31–44, 2010. [Online]. Available: http://www.mirlabs.org/jias/secured/Volume5-Issue1/vol5-issue1.html

Fortinet Reveals, "Internet of Things: Connected Home," Survey Results, 2014. [Online]. Available: http://www.fortinet.com/press_releases/2014/internet-of-things.html [Accessed on November 2014].

D. R. Thompson, N. Chaudhry, C. W. Thompson, "RFID security threat model," in Proceedings Acxiom Laboratory for Applied Research (ALAR) Conference, 2006. [Online]. Available: http://www.csce.uark.edu/~drt/publications/rfid-threats-alar-060303.pdf

F. Swiderski, W. Snyder, Threat Modeling, Microsoft Press, 2004.

M. Safkhani, N. Bagheri, M. Naderi, Y. Luo, Q. Chai, "Tag impersonation attack on two RFID mutual authentication protocols," in Proceedings of Availability, Reliability and Security (ARES) Conference, Vienna, pp. 581–584, 2011. [Online]. Available: http://dx.doi.org/10.1109/ARES.2011.87

F. Gandino, B. Montrucchio, M. Rebaudengo, Tampering in RFID: A Survey on Risks and Defenses, Mobile Network and Applications, Springer, 2009.

V. Potdar, C. Wu, E. Chang, "Tamper detection for ubiquitous RFID-enabled supply chain," Computational intelligence and security, Lecture Notes in Computer Science, vol. 3802, pp. 273–278, 2005. [Online]. Available: http://dx.doi.org/ 0.1007/11596981_40

A. Yamamoto, S. Suzuki, H. Hada, J. Mitsugi, F. Teraoka, O. Nakamura, "A tamper detection method for RFID tag data," in Proceedings of IEEE International Conference on RFID, Las Vegas, USA, pp. 51–57, 2008. [Online]. Available: http://dx.doi.org/10.1109/RFID.2008.4519365

A. N. M. Noman, K. Curran, T. Lunney, "A watermarking based tamper detection solution for RFID tags," in Proceedings of Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) Conference, Darmstadt, pp. 98–101, 2010. [Online]. Available: http://dx.doi.org/10.1109/IIHMSP.2010.32

A. X. Liu, L. A. Bailey, "PAP: A privacy and authentication protocol for passive RFID tags," Journal of Computer Communications Archive, vol. 32, no. 7–10, pp. 1194–1199, 2009. [Online]. Available: http://dx.doi.org/10.1016/j.comcom.2009.03.006

S.-H. Kim, H.-J. Lee, H.-W. Jung, B. K. Maeng, Y. Park, "IPAP: Improved privacy and authentication protocol for passive RFID tags," in Proceedings of Network Infrastructure and Digital Content, IEEE International Conference, Beijing, pp. 30–34, 2010. [Online]. Available: http://dx.doi.org/10.1109/ICNIDC.2010.5657894

D. Tagra, M. Rahman, S. Sampalli, "Technique for preventing DoS attacks on RFID systems," in Proceedings of Software, Telecommunications and Computer Networks (SoftCOM) Conference, Split, pp. 6–10, 2010. [Online]. Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5623669

P. Peris-Lopez, J. C. Hernandez-Castro, J. M.E. Tapiador, A. Ribagorda, "Advances in ultralightweight cryptography for low-cost RFID tags: Gossamer protocol," Lecture Notes in Computer Science, vol. 5379, pp 56–68, 2009. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-00306-6_5