Abstract: The security of many near-field RFID systems such as credit cards, access control, e-passports, and e-voting, relies on the assumption that the tag holder is in close proximity to the reader. This assumption should be reasonable due to the fact that the nominal operation range of the RFID tag is only few centimeters. In this work we demonstrate a range extension setup which breaks this proximity assumption. Our system allows full communications with a near-field RFID reader from a range of 115cm – two orders of magnitude greater than nominal range – and uses power that can be supplied by a car battery. The added flexibility offered to an attacker by this range extension significantly improves the effectiveness and practicality of relay attacks on real-world systems.

Download:[PPTX] [PDF] [BIB]

Topic Group - Physical attacks on RFID: [IACR ePrint '09 (RFID e-Voting)] [IEEE RFID '10 (RFID e-Voting)] [Smart SysTech'12 (RFID Jamming)] [ESORICS '13 (RFID Range Extension)]