CEN/TR 16670:2014
Current
The latest, up-to-date edition.
Information technology - RFID threat and vulnerability analysis
04-06-2014
Foreword
Introduction
1 Scope
2 Terms and definitions
3 Symbols and abbreviations
4 Threats and Attack scenarios
5 Vulnerabilities
6 Mitigation measures
7 Conclusions
Annex A (informative) - Attack scenarios
Annex B - Original Test Set ups and Results
Annex C - Additional Test Set ups and Results
Bibliography
The scope of the Technical Report is to consider the threats and vulnerabilities associated with specific characteristics of RFID technology in a system comprising:—the air interface protocol covering all the common frequencies;—the tag including model variants within a technology;—the interrogator features for processing the air interface;—the interrogator interface to the application.The Technical Report addresses specific RFID technologies as defined by their air interface specifications. The threats, vulnerabilities, and mitigating methods are presented as a toolkit, enabling the specific characteristics of the RFID technology being used in an application to be taken into consideration. While the focus is on specifications that are standardized, the feature analysis can also be applied to proprietary RFID technologies. This should be possible because some features are common to more than one standardized technology, and it should be possible to map these to proprietary technologies.Although this Technical Report may be used by any operator, even for a small system, the technical details are better considered by others. In particular the document should be a tool used by RFID system integrators, to improve security aspects using a privacy by design approach. As such it is also highly relevant to operators that are not SME’s, and to industry bodies representing SME members.Although this Technical Report may be used by any operator, even for a small system, the technical details are better considered by others. In particular the document should be a tool used by RFID system integrators, to improve security aspects using a privacy by design approach. As such it is also highly relevant to operators that are not SME’s, and to industry bodies representing SME members.
| Committee |
CEN/TC 225
|
| DocumentType |
Technical Report
|
| PublisherName |
Comite Europeen de Normalisation
|
| Status |
Current
|
| Standards | Relationship |
| PD CEN/TR 16670:2014 | Identical |
| S.R. CEN/TR 16670:2014 | Identical |
| NEN NPR CEN/TR 16670 : 2014 | Identical |
| PD CEN/TR 16968:2016 | Electronic Fee Collection. Assessment of security measures for applications using Dedicated Short-Range Communication |
| DIN EN 16571:2014-10 | INFORMATION TECHNOLOGY - RFID PRIVACY IMPACT ASSESSMENT PROCESS |
| BS EN 16571:2014 | Information technology. RFID privacy impact assessment process |
| CEN/TR 16968:2016 | Electronic Fee Collection - Assessment of security measures for applications using Dedicated Short-Range Communication |
| UNI EN 16571 : 2014 | INFORMATION TECHNOLOGY - RFID PRIVACY IMPACT ASSESSMENT PROCESS |
| EN 16571:2014 | Information technology - RFID privacy impact assessment process |
| DIN EN 16571 E : 2014 | INFORMATION TECHNOLOGY - RFID PRIVACY IMPACT ASSESSMENT PROCESS |
| I.S. EN 16571:2014 | INFORMATION TECHNOLOGY - RFID PRIVACY IMPACT ASSESSMENT PROCESS |
| S.R. CEN/TR 16968:2016 | ELECTRONIC FEE COLLECTION - ASSESSMENT OF SECURITY MEASURES FOR APPLICATIONS USING DEDICATED SHORT-RANGE COMMUNICATION |
| ISO/IEC 18000-6:2013 | Information technology — Radio frequency identification for item management — Part 6: Parameters for air interface communications at 860 MHz to 960 MHz General |
| ISO/IEC 18000-7:2014 | Information technology Radio frequency identification for item management Part 7: Parameters for active air interface communications at 433 MHz |
| ISO/IEC 18000-61:2012 | Information technology — Radio frequency identification for item management — Part 61: Parameters for air interface communications at 860 MHz to 960 MHz Type A |
| ISO/IEC 18046-1:2011 | Information technology — Radio frequency identification device performance test methods — Part 1: Test methods for system performance |
| ISO/IEC 18000-2:2009 | Information technology — Radio frequency identification for item management — Part 2: Parameters for air interface communications below 135 kHz |
| ISO/IEC 18000-4:2015 | Information technology Radio frequency identification for item management Part 4: Parameters for air interface communications at 2,45 GHz |
| ISO/IEC 18000-62:2012 | Information technology — Radio frequency identification for item management — Part 62: Parameters for air interface communications at 860 MHz to 960 MHz Type B |
| ISO/IEC 18000-1:2008 | Information technology Radio frequency identification for item management Part 1: Reference architecture and definition of parameters to be standardized |
| ISO/IEC 18000-64:2012 | Information technology — Radio frequency identification for item management — Part 64: Parameters for air interface communications at 860 MHz to 960 MHz Type D |
| ISO/IEC 18000-63:2015 | Information technology Radio frequency identification for item management Part 63: Parameters for air interface communications at 860 MHz to 960 MHz Type C |
| TR 101 543 : 1.1.1 | ELECTROMAGNETIC COMPATIBILITY AND RADIO SPECTRUM MATTERS (ERM); RFID EVALUATION TESTS UNDERTAKEN IN SUPPORT OF M/436 PHASE 1 |
| ISO/IEC 18000-3:2010 | Information technology — Radio frequency identification for item management — Part 3: Parameters for air interface communications at 13,56 MHz |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.