Pith. sign in

REVIEW

Data Exfiltration via Multipurpose RFID Cards and Countermeasures

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 1902.00676 v3 pith:HRD3LCKB submitted 2019-02-02 cs.CR

Data Exfiltration via Multipurpose RFID Cards and Countermeasures

classification cs.CR
keywords rfidcardsdatachannelcovertleakauthenticationcapacity
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Radio-frequency identification(RFID) technology is widely applied in daily human life. The RFID cards are seen everywhere, from entrance guard to consumption. The information security of RFID cards, such as data confidentiality, tag anonymity, mutual authentication etc, has been fully studied. In the paper, using the RFID cards in MIFARE Classic and DESFire families, a bidirectional covert channel via multipurpose RFID cards between service providers is built to leak sensitive data between two simulation systems. Furthermore, by calculations and experiments, the daily channel capacity to leak data of the channel is obtained. Although the storage capacity of a single RFID card is very small, a large user base can still bring about a considerable amount to leak data. Then, the reasons for the existence of such channels are discussed. To eliminate this type of covert channels, a new authentication protocol between RFID cards and card readers are proposed. Our experimental results show a significant security improvement in prevention of such covert communications while keeping user convenience.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.