Next Article in Journal
Experimental Investigations of a Precision Sensor for an Automatic Weapons Stabilizer System
Next Article in Special Issue
Security Enhancement of Wireless Sensor Networks Using Signal Intervals
Previous Article in Journal
Compound Event Barrier Coverage in Wireless Sensor Networks under Multi-Constraint Conditions
Article Menu
Issue 1 (January) cover image

Export Article

Open AccessArticle
Sensors 2017, 17(1), 28; doi:10.3390/s17010028

Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications

Department of Electronics and Systems, Faculty of Computer Science, Universidade da Coruña, 15071 A Coruña, Spain
*
Author to whom correspondence should be addressed.
Academic Editors: Luca Roselli, Federico Alimenti and Stefania Bonafoni
Received: 20 October 2016 / Revised: 28 November 2016 / Accepted: 20 December 2016 / Published: 24 December 2016
(This article belongs to the Special Issue New Generation Sensors Enabling and Fostering IoT)

Abstract

The Internet of Things (IoT) is a distributed system of physical objects that requires the seamless integration of hardware (e.g., sensors, actuators, electronics) and network communications in order to collect and exchange data. IoT smart objects need to be somehow identified to determine the origin of the data and to automatically detect the elements around us. One of the best positioned technologies to perform identification is RFID (Radio Frequency Identification), which in the last years has gained a lot of popularity in applications like access control, payment cards or logistics. Despite its popularity, RFID security has not been properly handled in numerous applications. To foster security in such applications, this article includes three main contributions. First, in order to establish the basics, a detailed review of the most common flaws found in RFID-based IoT systems is provided, including the latest attacks described in the literature. Second, a novel methodology that eases the detection and mitigation of such flaws is presented. Third, the latest RFID security tools are analyzed and the methodology proposed is applied through one of them (Proxmark 3) to validate it. Thus, the methodology is tested in different scenarios where tags are commonly used for identification. In such systems it was possible to clone transponders, extract information, and even emulate both tags and readers. Therefore, it is shown that the methodology proposed is useful for auditing security and reverse engineering RFID communications in IoT applications. It must be noted that, although this paper is aimed at fostering RFID communications security in IoT applications, the methodology can be applied to any RFID communications protocol. View Full-Text
Keywords: RFID; IoT; security; pentesting; ISO/IEC 14443; ISO/IEC 11784; ISO/IEC 11785; MIFARE RFID; IoT; security; pentesting; ISO/IEC 14443; ISO/IEC 11784; ISO/IEC 11785; MIFARE
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Fernández-Caramés, T.M.; Fraga-Lamas, P.; Suárez-Albela, M.; Castedo, L. Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications. Sensors 2017, 17, 28.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top