Does automation bias decision-making?
International Journal of Human-Computer Studies
Security Weaknesses in Bluetooth
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Strengthening EPC tags against cloning
Proceedings of the 4th ACM workshop on Wireless security
Security and Privacy Issues in E-passports
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Security analysis of a cryptographically-enabled RFID device
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
A platform for RFID security and privacy administration
LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Devices that tell on you: privacy trends in consumer ubiquitous computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Where's the beep?: security, privacy, and user misunderstandings of RFID
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Reverse-engineering a cryptographic RFID tag
SS'08 Proceedings of the 17th conference on Security symposium
Wirelessly Pickpocketing a Mifare Classic Card
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Vulnerabilities in first-generation RFID-enabled credit cards
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Physical-layer identification of RFID devices
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A wirelessly-powered platform for sensing and computation
UbiComp'06 Proceedings of the 8th international conference on Ubiquitous Computing
RFID security and privacy: a research survey
IEEE Journal on Selected Areas in Communications
Visible and controllable RFID tags
CHI '10 Extended Abstracts on Human Factors in Computing Systems
A "Gen 2" RFID monitor based on the USRP
ACM SIGCOMM Computer Communication Review
A survey on RFID security and provably secure grouping-proof protocols
International Journal of Internet Technology and Secured Transactions
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Practical eavesdropping and skimming attacks on high-frequency RFID tokens
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
On the practicality of UHF RFID fingerprinting: how real is the RFID tracking problem?
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Graceful privilege reduction in RFID security
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Location-aware and safer cards: enhancing RFID security and privacy via location sensing
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Fast cloned-tag identification protocols for large-scale RFID systems
Proceedings of the 2012 IEEE 20th International Workshop on Quality of Service
On physical-layer identification of wireless devices
ACM Computing Surveys (CSUR)
Security Risks Associated with Radio Frequency Identification in Medical Environments
Journal of Medical Systems
Implementing graceful RFID privilege reduction
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Lightweight secure communication protocols for in-vehicle sensor networks
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
Hi-index | 0.00 |
EPC (Electronic Product Code) tags are industry-standard RFID devices poised to supplant optical barcodes in many applications. We explore the systemic risks and challenges created by the increasingly common use of EPC for security applications. As a central case study, we examine the recently issued United States Passport Card and Washington State "enhanced drivers license" (WA EDL), both of which incorporate Gen-2 EPC tags. We measure multiple weaknesses, including susceptibility to cloning, extended read ranges, and the ability to remotely kill a WA EDL. We study the implications of these vulnerabilities to overall system security, and offer suggestions for improvement. We demonstrate anti-cloning techniques for off-the-shelf EPC tags, overcoming practical challenges in a previous proposal to co-opt the EPC "kill" command to achieve tag authentication. Our paper fills a vacuum of experimentally grounded evaluation of and guidance for security applications for EPC tags not just in identity documents, but more broadly in the authentication of objects and people.