A proposed formula for comparing kill password effectiveness in single password RFID systems
ECU Security Research Insitute
Faculty of Computing, Health and Science
School of Computer and Security Science
The Electronic Product Code standard for RFID systems plays a significant role in worldwide RFID implementations. A feature of the RFID standards has been the RFID Kill command which allows for the "permanent" destruction of an RFID tag through the issuing of a simple command. Whilst the inclusion of this command may be vital for user privacy it also opens up significant avenues for attack. Whilst such attacks may be well documented there has been little to no discussion of the efficacy of the differing mitigation approaches taken. A simple formula to calculate the full timing of such an attack on differing RFID setups is presented. The formula allows for users to model the effect that altering such aspects as timeout or transmission response time will have on RFID security.
Article freely accessible. ECU Security conference