IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

Workshop on RFID Security 2006

Mike McGregor, VP of Engineering at SecureRF attended the Workshop on RFID Security 2006 in Graz, Austria and he filed this report.

I traveled to beautiful Graz, Austria in July 2006 for The Workshop on RFID Security 2006. Although there was a relatively small audience (approximately 80 people, last year there was 60), it was clear that progress is being made in the area of RFID security. The conference was held primarily over two days and consisted of four invited speakers who offered a real world discussion along with about 12 academic papers which were more theoretical. It appeared that the audience seemed to have a 70/30 Academic/Industry split. Most of the slides or papers can be viewed on the conference web site –

  • Sanjay Sarma gave a keynote introduction where he went over some of the history and issues of passive RFID tagging and the role of EPC. He dived into the Data Mining benefits of RFID (but skipped privacy issues). The most surprising aspect of his talk was his advocacy of the vindictive sentinel a device that fills the air with chaff (which would seem to be a bandwidth killer) and some mechanism to remove the rogue reader from the accepted list of readers.
  • Marc Langheinrich gave a talk on privacy issues. I have to say this was one of the best presentations on the topic (which is quite separate to security) that I have ever seen. Rather than go through his talk, go look at his slides well worth looking at!
  • Kevin Fu (MIT RFID Security Lab) gave a good talk on what it means to build secure scalable systems, his slides are also well worth looking at.
  • Kim Nguyen: Went through the new E-passport system, highlighting some of the deficencies of the Basic Access Controls (BAC) and how the new Extended Access Control (EAC) will deal with them.
  • Phillips discussed the application of NFC to security. Time will tell if their approach is good.
  • Distance-Bounding protocols, basically this is an extremely important problem that is not yet solved although some progress was demonstrated.
  • Securing RFID communications with Ultra Wideband Modulation. This was presented for passive tags, but I feel it is completely impractical due to the power it needs (along with the complexity of the tag circuits)
  • Three papers on Elliptic Curve Engines for RFID. These papers are very similar and get near identical results to those I obtained over four years ago. Fundamentally the entropy of the algorithm is still too high to be practical for passive RFID.
  • We had a paper on HASH functions, which is the industry’s current approach, where it was pointed out that these functions actually require more gates than current crypto functions.
  • Two papers on minimalist approach to crypto: DESL and LMAP
  • RFID Acceptor TAG (RAT): It determines which tag you will accept and requires every user to have one of these systems.
  • ISO 14443 cloning device (for less than 40 euro) was presented that successfully cloned a number of interesting high profile devices including World Cup tickets, Digital e-passport, Mifare and DESFire cryptographically enabled smartcards and Atmel AT88SC153 smartcards.

Thank you to the Institute for Applied Information Processing and Communications (IAIK) of Graz University of Technology for organizing this event.