Radio-Frequency Identification (RFID) is a technology commonly used for identification, status administration and management of different objects. It is important for people identification, as it is commonly deployed in the latest biometric passports. It operates in several frequency bands like Low frequency band from 125 kHz to 134 kHz, High frequency band with 13.56MHz working frequency, Ultra-high frequency band with 433 MHz working frequency and 860 – 960 MHz sub-band.
In Ultra-high frequency bands there are two types of RFID systems—Active and Passive.
Active RFID system operates on 433 MHz radio frequency and on 2.4GHz from Extremely High- Frequency Range. It supports range from 30 to 100+ meters. Passive RFID system operates on 860 – 960 MHz frequency and supports up to 25m range.
Commonly, a RFID system has three major components: RFID tag, RFID reader and RFID application software. RFID tags can be active (with microchip, antenna, sensors and power supply) or passive (without power supply). RFID reader is another hardware component that identifies a RFID tag and transmits its status to the RFID software application. RFID software applications (often mobile applications) monitor and administer RFID tags. They usually exchange information with RFID readers via different beacon technologies or Bluetooth.
RFID technology is very important for different IoT applications including smart homes and smart building, as it is used for cameras, GPS and intelligent sensors. According to the applied frequency ranges, some advantages and limitations of RFID systems are given in Table 1.
|RFID system type
|Low frequency band
|– Unique applicability compared to other RFID systems.
– Global standardization support.
|– Very short range – 10cm.
– Limited memory of RFID devices.
– Low throughput.
– High production costs.
|Animal tracking, access control, applications with high volumes of liquids and metals.
|High frequency band
|– Support for NFC global protocols and standards.
– Higher capacity of the memory,
|– Short range – 30cm.
– Low throughput.
|DVD kiosks, library books, personal ID cards, gaming chips, etc.
|Active RFID systems
|– Longer range.
– Lower infrastructure costs compared to Passive RFID.
– High memory capacity.
– Higher throughput.
|– High Tag’s cost.
– Restrictions due to battery power supply.
– Complex software solutions.
– Susceptibility to interference from metal and liquids.
– Lack of global standardization support.
|Vehicle tracking, auto manufacturing, mining, construction, asset tracking.
|Passive RFID systems
|– Long read range.
– Low Tag’s cost.
– Variety of tag sizes and shapes.
– Global standards support.
– High throughput.
|– High infrastructure costs.
– Moderate memory capacity.
– Susceptibility to interference from metal and liquids.
|Supply chain tracking, manufacturing, pharmaceuticals, electronic tolling, inventory tracking, race timing, asset tracking, etc.
RFID tags are implemented as an interface between the IoT ecosystem and the subscribers. This technology potential is significant because of its low cost and low power features.
Smart clothes are a representative example of RFID technology deployment in a smart home. Garments with embedded RFID tags could share information with smart home appliances, to help us improve life quality. Smart bins could help to sort clothing items into logical groups, while balancing the load size. Smart washing machines in smart homes or buildings could read the embedded RFID tags on smart clothes and set the optimal wash cycle in compliance with provided instructions.
Smart cleaning/laundry services provided in smart buildings can establish real-time communication with the building tenants, keeping them informed about the status of requested service.
RFID is also important for indoor location applications development and Angle of arrival (AOA) technology.
AOA technology implies the optimization of the mobile tag signals arrival angle from at least two adjacent sources, establishing a real-time location system with centimeters accuracy. In the context of localization systems and indoor applicability, this is a significant improvement.
RFID technology enables new consumer applications and services for smart homes and buildings like smart shelves, smart mirrors, self check-in or check-out, restricted area access control, etc.
Some important RFID technology advantages for smart home and building applications are low cost, low power consumption, great implementation potential, perspective for development of different user friendly software (mobile) applications, etc.
RFID technology limitations are susceptibility to interference caused by different objects or eavesdropping and DDoS attacks, lack of standardization support, signal collision, etc.
RFID technology is becoming increasingly popular for smart homes, smart buildings and other IoT use cases. RFID is considered to be the successor of the barcode technology.
The implementation of security mechanisms in RFID technology is based on confidentiality, integrity, and availability. Confidentiality is the information protection from unauthorized access. Integrity is related to data protection from modification and deletion by unauthorized parties. Availability represents the capability for data access when needed.
If any of these mechanisms is not operational, the security is broken. Particularly in smart homes and smart building use cases, it may result in unauthorized access to personal data, or even personal tracking. Like other wireless technologies, RFID is exposed to security threats and the most typical RFID security challenges are:
- Interference susceptibility is caused by environmental factors such as radio noise and collision caused by metal and liquids. The interference affects the RF propagation and eventually leads to error in localization services, propagation, ranges, service availability etc.
- Tag isolation is technically the simplest attack, and the most represented. It includes the jamming of tag communications and blocking data that has to be transferred to the reader.
- Tag cloning includes eavesdropping, the extraction of the unique identifier (UID) and/or the RFID content and their insertion into another tag. Tag cloning is commonly used for unauthorized access to restricted areas or even for changing – decreasing the price of certain goods in supermarkets.
- Relay/Amplification attacks consist in unauthorized amplification of the RFID signal by using a relay and extending the range of the RFID tag beyond the borders of its coverage zone.
- Denial of Service (DoS) attacks include the scenario when a tag is flooded with a large amount of information from a malicious source and cannot process the operational signals sent by real tags. Other techniques are based on jamming – emitting radio noise at the RFID system operating frequency.
- Remote tag destruction is realized by RFID zappers able to send energy remotely. This electro-magnetic field can be very high and capable of burning certain components of the tag. Remote tag destruction is possible if the kill password in some tags is misused – first by passive eavesdropping in order to open the kill password and then applying it intentionally to disable the tags.
- Man-in-the-Middle (MitM) attacks, SQL injection, virus/malware and commands injections are possible by placing an active malicious device between a tag and the reader to intercept or alter the communications between both elements and endanger the readers functioning.
- RFID skimming includes the deployment of unauthorized portable terminals, to make fraudulent charges on payment cards.
To provide a secure wireless network, described security challenges have to be taken into account when creating smart home or smart building systems based on RFID wireless technology.
For over 30 years, Marin Ivezic has been protecting people, critical infrastructure, enterprises, and the environment against cyber-caused physical damage. He brings together cybersecurity, cyber-physical systems security, operational resilience, and safety approaches to comprehensively address such cyber-kinetic risk.
Marin leads Industrial and IoT Security and 5G Security at PwC. Previously he held multiple interim CISO and technology leadership roles in Global 2000 companies. He advised over a dozen countries on national-level cybersecurity strategies.