10/10/2013
Internet of Things and RFID Security Issues and
Countermeasures Featuring the Biometric e-Passport:
An Introductory Exploratory Research
By
Leutele Lucia Maria Grey
October 2013
Academic Journal
Postgraduate Diploma
Paper IT8417
Network Security and Forensics
Lecturer: Steve Cosgrove
Leutele Lucia Maria Grey FACULTY OF BUSINESS AND INFORMATION
TECHNOLOGY, PORIRUA.
Page 1 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
ABSTRACT
The combination of three technologies:
Internet of Things (IoT), Radio Frequency
Identification (RFID) and Biometric e-
Passport with a special focus on Security
Threats and Countermeasures. The IoT
refers to uniquely identifiable smart objects
(things) and their virtual representation in
an Internet-like structure. The RFID allows
individual objects to identify each other,
talk to each other at the same time
gradually forming a network of information
called the IoT. This paper describes the
capabilities of both IoT and RFID with a
special focus on security issues and
countermeasures. The biometric e-Passport
is used as a single object case study to
enable close investigation of Security Issues
and Countermeasures. It was found that
while the combination of IoT, RFID and
biometric technologies present a
sophisticated way to secure identification
documents such as e-Passports or digital
passports and travel visas, etc.,
unfortunately the idea entails a host of
security issues. The UN-ICAO is
responsible in overseeing interoperability
and provide security countermeasures to
eliminate security threats in biometric e-
Passports.
Key Words: Internet of Things, RFID,
Biometric e-Passport.
SECTION 1. INTRODUCTION
The IoT comprises of billions of
autonomous internet-connected objects
(ICOs) or "things" that can sense,
Communicate, compute, and potentially
actuate, as well as having intelligent
multimodal interfaces, physical/virtual
identities, and attributes (Zslavask, 2013).
The IoT infrastructure as demonstrated in
Figure 1, incorporates concepts from
pervasive ubiquitous and ambient
computing, which have been evolving since
the late 1990s, as they fuse the digital and
physical worlds by bringing different
concepts and technical components
together.
Figure 1: Internet of Things Architecture
Further, along with the World Wide Web
and mobility, with billions of ICOs and a
diverse abundance of sensors (e.g. RFID),
the IoT is an enabler of ubiquitous sensing.
Further, whiles smart objects are the
building blocks for the IoT, the world
vision for an IoT global networked physical
objects infrastructure, is made possible by
the success of the RFID technology Tags
and an extensive infrastructure of
Internet of Things and RFID Security Issues and Countermeasures
Featuring the Biometric e-Passport an Introductory Exploratory
Research
By
Leutele Lucia Maria Grey
2 October 2013
Page 2 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
networked RFID Readers (Kourtuem,
Kawsar, Fitton & Sundramoorthy, 2010).
While the approach optimally supports
tracking physical objects within well-
defined confines (e.g., warehouses) it limits
the sensing capabilities and deployment
flexibility required by more challenging
application scenarios. For example, the
range of the RFID Tags depend on their
frequency which means that different
frequencies are used on different RFID tags
depending on the application (Ahsan, Shah
& Kingston, 2010). This introductory
exploratory study briefly examines the IoT
and RFID, and introduces the biometric e-
Passport as a single object case study which
will be used to demonstrate security threats
and countermeasures. The rest of this paper
is organised as follows: Section 2 discusses
the other related work. Section 3 focuses on
the Problem Formulation. Section 4
examines the RFID technology. Section 5
explores the biometric e–Passport. Sections
6 and 7 investigates security threats and
countermeasures. Section 8 presents further
discussion and the paper concluded with
section 9.
SECTION 2. OTHER RELATED
WORK
López, Ranasinghe, Harrison and
McFarlane (2012) examine the
technologies fundamental to the IoT and
proposed an architecture that integrates
them into a single platform. Kortuem, et al
(2010) presents a prototyping
experimentation study which identify three
canonical smart object fundamental design
and architectural principles. Welbourne,
Battle, Cole, Gould, Rector, Raymer, and
Borriello (2009) introduce a building-scale,
community-oriented RFID ecosystem
research infrastructure which creates a
microcosm for the IoT aimed to investigate
applications, systems, and social issues
likely to emerge in a real day-to-day setting.
Smith (2011) presents an IoT for the
European Research cluster aimed to define
and promote a common vision of the IoT
featuring: RUSSIA, India, Malaysia,
Korea, China, Japan and USA. d’Hont
(2004) explores the RFID and real life
application profiles that can appropriately
communicate successful application of the
technology. Juels, Molnar and Wagner,
(2005) explore the microchip privacy and
security implications with a new type of
authentication platform deployment in
passports while Kumar, Srinivasan and
Narendran (2012a, 2012b) provide a
cryptographic security analysis of the e-
Passport using the biometric digital facial
image ,a fingerprint; a palm print and iris.
Finally, Roberts (2007) present a broader
practical view of biometric system attack
vectors and outline potential defences.
SECTION 3. PROBLEM
FORMULATION
The e-Passport contains highly sensitive
data of an individual including digital facial
images, the iris, palm of the hand and
fingerprints. Therefore protecting biometric
and biographical data must be considered
highly important to the value and
consistency of an authentication system
against unauthorized access, particularly
when considering the quality of data
protection mechanism (security
mechanisms that are implemented in RFID
chips and biometrics data are vulnerable).
SECTION 4. RFID TECHNOLOGY
Automatic identification technologies such
as RFID are fundamental enablers to the
realization of the IoT because they enable
connecting ‘‘things’’ with their virtual
identity on the Internet (López, et al, 2012;
Juels et al, 2005). For example RFID tags
that are attached to objects, contain and
expose unique identification (UID)
numbers that can be read wirelessly by
interrogating devices used to obtain
information relative to individual instances
of objects, managed by networked back-
end systems (López, et al, 2012). In
addition, miniaturised sensors may now
Page 3 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
monitor the condition of objects,
consequently making it possible to
dynamically act upon changes to the status
of objects such as those derived from their
temperature, humidity, and chemical
composition. This means that historical
records including both identification and
sensor data can be utilized off-line to trace
the evolution of the objects’ location and
status throughout their life cycle (López, et
al, 2012). In addition, low-power radio
communication technologies and the
availability of increasingly powerful low-
cost embedded processors, maximise the
autonomy of objects by providing them
with networking capabilities and local
intelligence (López, et al, 2012). In
addition, the distributed information
infrastructures which use the Internet
Protocols for communication, serve as the
connection hubs for all the ‘things’,
together with other resources such as
databases, data mining tools, and computer
networks (López et al 2012).
4.1. RFID System
An RFID system may consist of various
components as depicted in Figure 2
including the:
RFID Tag (that pick up the code)
RFID Reader (receiver of tag
information, manipulator).
Antenna (tag detector, creates a
magnetic field)
Application malware (user
interface) which connects to the
database enabling objects to
connect to the Information
technology infrastructure (Ahsan et
al, 2010).
Database
These components are integrated thus
allowing the RFID system to induct an
object’s (tag) and perform various
operations on it. In other words the
integration of RFID components enable the
implementation of an RFID solution
infrastructure.
Figure 2: RFID System Component
Source: http://www.bentsystems.com
4.2 RFID Tags
Ahsan et al (2010) explains that an RFID
tag contains a microchip that stores in its
memory the object’s UID number with an
integrated circuit embedded in a silicon
chip. In addition, the RFID memory chip
can be permanently fixed or changeable
depending on the read/write characteristics.
For example, read-only and rewrite circuits
are different as read-only tags contain fixed
data which cannot be changed without
being re-programed electronically (Ahsan
et al, 2010). On the other hand, re-write tags
can be programmed through the reader at
any time without limits (Ahsan et al, 2010).
The RFID tags as pictured in Figure 3,
come in different sizes and shapes
depending on the application and the
environment at which they will be used.
Figure 3: Variety of different shapes and sizes of
RFID tags: Source: Ashan et al 2010
4.3 Five Classes of RFID Tags
RFID tags can also be classified by their
capabilities such as read and write data as
displayed in Figure 4 (Ahsan et al, 2010).
Page 4 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
Figure 4: 5 Classifications of RFID Tags: Source: Ahsan et al (2010)
4.4 Types of RFID Tags
The three types of RFID tags are: passive,
semi-active and active. Semi-active tags
have a combination of active and passive
tags characteristics (Ahsan et al, 2010) and
are compared in Figure 5
Figure 5. Passive and Active RFID
Comparison
SECTION 5. BIOMETRIC
E-PASSPORT
5.1 Case Study
Historically, the biometric e-Passport came
into operation since 1998, however,
according to (Kc et al, 2005), it was only
after the tragic terror attacks of 9/11/2001,
that the U.S. Congress made a mandatory
declaration that by the end of year 2005,
passports of all foreign travellers travelling to
the US including the passports of all those
individuals that are produced in the U.S.
must carry biometric information based on
guidelines issued by the International Civil
Aviation Organization (ICAO) (Kc et al,
2005). An e-Passport is the same as a
traditional passport with the addition of a
small integrated circuit (or “chip”)
embedded in it which stores the same data
visually displayed in the paper passport,
with an acceptable biometric identifier as in
Figure 7 e.g. a digital facial
Figure: 7 ISO Biometric Standard
Requirement
image which will facilitate the use of a face
recognition technology at the port-of-entry;
a UID number and the inclusion of a digital
signature to protect the stored data from
being altered. A biometric identifier is
a measurable physical or behavioural
characteristic of an individual, which can be
Page 5 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
used to verify the identity of that individual
or to compare against other entries when
stored in a database. Basically, the
approved biometric features can be one of
the following: a digital facial photo, or a
digital photo of the palm of the hand, or a
finger print, or the digital image of the iris
and must include a digital signature of the
passport holder, home country and the host
country (Malčík & Drahanský, 2012).
While biometric technologies have
the ability to improve travel document
systems which is a crucial milestone,
naturally, there are security threats due to
the fact that all biometric features are
usually very sensitive information requiring
appropriate treatment along with security
measures (Malčík et al, 2012) which will be
discussed in detail in sections 6, 7, and 8.
With the introduction of the RFID
technology for implementation of the e-
Passport, the ICAO standards required all
country members’ biometric e-Passports to
be labelled with the international logo as
shown in Figure 8.
Moreover, the ISO 14443
standards’ required frequency for
transmission is 13.56 MHz with a short
range (max. 15 cm). Also the passport
RFID chip must provide, among others, the
cryptographic functions, the read/write
memory modules accompanied by memory
modules that are readable only for the tag
itself (i.e. no information from these
memory cells can be retrieved out of the
device) (Malčík et al, 2012). Section 5.2
discusses the e-Passport system design
which is a transition from the user-oriented
document to document-oriented to
programmers or database personnel and
connecting to a logical and physical design
walkthrough before implementation
(Kumar et al, 2012).
5.2 Logical Data Structure The ICAO issued a standardized data
structure called Logical Data Structure
(LDS) aimed to maintain interoperability
(Kolahan & Thapaliya, 2011) as described
in Table 1, for the storage of data
elements (Kumar et al, 2012) To ensure
global interoperability the ICAO
standards states that e-Passport RFID
Tags and Readers must be maintained ,
and that all 16 data groups must be
write protected and can be written only at
the time of issue (Kolahan et al, 2011;
Kumar et al 2012) . Table 1 provides an
example of an e-Passport LDS for an
issuing state in which a hash of data
groups 1-16 are stored in the security data
element (SOD), and each of which should
be signed by the issuing state (Kumar et al,
2012).
Table 1. An e-Passport Logical Data
Structure
5.3. Passport Certification
The biometric authentication procedure for
e-Passports involve two processes namely:
Registration and Verification (Kumar et al,
2012).
Page 6 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
a) Registration
During the registration phase, an e-Passport
applicant registers his/her biometric at a
secure location under human supervision.
In addition, a feature extraction program is
used to encode the biometric data after
which it is stored on the user’s e-Passport
Tag (Kumar et al, 2012).
b) Verification
According to (Kumar et al, 2012), the user
authentication and identity verification
processes at an inspection terminal requires
the user to present a sample of biometric in
which the same feature extraction algorithm
is used to encode the newly supplied
biometric (Kumar et al, 2012). Further, a
matching algorithm is used at the terminal
to measure the degree of similarity between
the registered and supplied biometric
(Kumar et al, 2012). Finally, it is only when
the results showed that the degree of
similarity is greater than a certain threshold
value that the biometric is accepted and the
user identity is verified successfully. In
addition, the chip memory as demonstrated
in Figure 9, is logically
Figure 9: Content hidden in the Chip
Source: (Kumar et al, 2012).
divided into two main regions which means
one is accessible from outside of the chip
(via wireless communication), while the
other one hides its contents inside for the
internal function and is part of the security
of the chip (Kumar et al, 2012). In addition,
the part of the chip memory available for
reading provides sixteen separate data
groups (labelled as DG1, DG2…DG16 (see
Fig. 9 and Table 1.), and each group
incorporates different data. While
dissimilar types of protection are used for
the groups of the stored data the data groups
DG1, DG2, DG3 and DG5 are important
within the scope of the biometric e-
Passports, because they are used for storing
information related to identity check
(Kumar et al, 2012). Section 5.4 presents a
simple RFID System architecture and
functionalities.
5.4 RFID System in a Biometric e-
Passport
Within an e-Passport RFID system, see
Figure 10, the chip contains a UID code.
For example, when the e-Passport traveller
arrived to his/her travel destination, the
customer officer scanned the e-Passport
using a scanner which activates the
microchip. The RFID tag picked up the
code which the RFID reader reads and
emits using a low-level radio frequency
(antenna) magnetic field that energises the
tag. The tag then responds to the reader’s
query and announces its presence via radio
waves (antenna), then transmit its unique
identification data. From here, data is being
decoded and passed to the local application
system database via the e-Passport
middleware which acts as an interface
between the reader and the RFID
application system (Kumar et al, 2012).
Following this, the system will then search
and match the identity code with the
information stored in the host database or
backend system. In this initial stage the
accessibility or authorisation for further
processing can be granted or refused,
depending on results received by the reader
and processed by the database (Kumar et al,
2012; Juels et al, 2005).
Page 7 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
Figure 10. IoT, RFID and Biometric e-
Passport Architecture and Deployment
SECTION 6. SECURITY THREATS
6.1 Introduction
Juels et al, (2005) states that the US and
other governments have conducted major
initiatives continuously in order to fuse
RFID and biometric technologies in a new
generation of e-Passports and other
identity cards. Further the ICAO have
envisaged the RFID chip to having the
capability to reduce fraud, allow for ease
identity checks, and enhance security.
However, RFID and biometric technologies
also entail a host of new security risks.
For example, the most common
security threats (Juels et al, 2005)
faced by biometric e-Passports include:
clandestine scanning and
clandestine tracking,
skimming and cloning,
eavesdropping
Biometric data leakage
Cryptographic weaknesses
6.2 Clandestine Tracking and
Scanning
On the one hand, clandestine scanning is
defined as a secret way of reading the
electronic data of an e-Passport without the
permission of its holder e.g. name, date,
place of birth and nationality can be
retrieved easily by anyone having access to
the reader (Juels et al, 2005). On the other
hand, clandestine tracking is the ability to
locate an individual and it can easily reveal
the location privacy. By comparison, the
clandestine tracking can be more harmful
then the clandestine scanning because the
attacker can keep track of information in a
global scale without physical presence.
6.3 Skimming and cloning
The ISO 14443 standard requires digital
signatures on the e-Passport data thus
allowing the reader to verify that the data
came from the correct passport-issuing
authority. However, digital signatures may
not bind the data to a particular e-Passport
or chip which means they offer no defense
against cloning (Juels et al, 2005).
6.4 Eavesdropping
Eavesdropping is particularly problematic
for three reasons.
• Function creep: The ICAO
guidelines envisaged that e-
Passports will likely to be use not
only in airports, but in areas such as
e-commerce, thus eavesdropping
will be possible in a variety of
circumstances (Juels et al, 2005).
• Feasibility: Given that
eavesdropping is a passive
operation, unlike clandestine
scanning, eavesdropping is feasible
at a longer distance (Juels et al,
2005).
• Detection difficulty: As it is
purely passive and does not involve
powered signal emission,
eavesdropping is difficult to detect
(unlike clandestine scanning)
(Juels et al, 2005).
Page 8 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
6.5 Biometric data-leakage
Among other data, e-Passports include
biometric images, therefore these images
would not need to be secret to support
authentication if the physical environment
were strictly controlled. However, existing
and proposed deployments of e-passports
will facilitate automation, and therefore a
weak human oversight makes the secrecy of
biometric data very important (Juels et al,
2005).
6.6 Cryptographic Weaknesses
Juels et al, (2005) states that the ICAO
guidelines include optional mechanism for
authenticating and encrypting passport-to-
reader communications see Table 2.
Which shows the four protocols PA, AA,
BAC and EAC functions and deficiencies.
Table 2: Cryptograph in E-Passport
ICAO Specifications
Source: Kolahan, H., & Thapaliya, T
(2011)
The ICAO Authentication mechanisms
were developed to ensure that a reader
initially makes optical contact with an e-
Passport, and scans the name, date of birth,
and the UID number in order to derive a
cryptographic key ‘K’ with two functions:
1. It allows the e-Passport to
establish that it is talking to a
legitimate reader before releasing
RFID tag information.
2. It is use to encrypt all data
being transmitted between the e-
Passport and the reader.
It follows then that once a reader knows
the key ‘K’, there is no mechanism for
revoking access which means that an e-
Passport holder travelling to a foreign
country gives that country’s customs officer
the right to scan his or her passport in
perpetuity. Arguably, this method generates
cryptography which has some minor flaws
(Juels et al, 2005) e.g. identity theft.
SECTION 7. COUNTERMEASURES
7.1. Faraday Cages versus the BAC
One of the simplest measures for
preventing unauthorized reading of an e-
Passport is to add a radio frequency (RF)
blocking material on top of the embedded
microchip (used by the US). For example,
materials such as the aluminium fibre are
opaque to RF signals and could be utilized
to create a faraday cage that can be used to
cover the embedded microchip, thus
preventing an intruder from reading the
data from the database inside the e-Passport
(Juels et al, 2005). However, before such a
passport could be read, therefore, it would
have to be physically opened. For this
reason, faraday cages do not prevent
eavesdropping on legitimate conversations
between readers and tags, and as a result,
the ICAO favours the BAC protocol which
is discussed in detail in Section 8.3.
Moreover, the research community has
proposed a number of tools for protecting
RFID privacy, including Blocker Tags and
the Antenna Energy Analysis.
Page 9 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
7.2. The BAC
The long-term keys for BAC have roughly
52 bits of entropy, which is too low to resist
a brute-force attack (Juels et al, 2005).
Therefore, a simple countermeasure here, is
to add a 128-bit secret, unique to each e-
Passport to the key derivation algorithm
(Juels et al, 2005). This means that the
secret will be printed together with other
information on the e-Passport, which will
require a larger passport UID number or a
separate field (Juels et al, 2005). Moreover,
to help with the mechanical reading, the
secret can be represented as a two-
dimensional bar code or written in an
Optical Character Recognition (OCR) font
to the Machine Readable Zone (MRZ) of
each e-Passport (Juels et al, 2005).
7.3. Private Collision Avoidance
(PCA)
According to Juels et al, (2005),even if a
larger e-Passport secret is being used as part
of the key derivation, the ISO 14443 uses
the UID number as part of its PCA protocol.
However, it is important to ensure that the
UID is different on each reading and are not
linked across sessions. Therefore, a simple
countermeasure is to pick a new random
identifier on every tag read (Juels et al,
2005. In general, e-passports and other
UIDs numbers should use the PCA protocol
(Juels et al, 2005).
SECTION 8. DISCUSSION
According to the ICAO standards, when a
private key is compromised, the country
cannot automatically invalidate all the e-
Passports issues with the key. For example,
for each country such as the US, there is a
country signing Chip Authenticator (CA)
which is responsible for creating a
public/private key pair used to sign the
document signer certificate. The PA
Protocol is the only mandatory
cryptographic protocol in the ICAO. Its
primary goal is to allow a Reader to verify
that the biometric face, fingerprint, palm
print or iris data in the e-Passport is
authentic. The AA Protocol is an optional
protocol in the ICAO specification which
deals with skimming and misuse as well as
to prevent eavesdropping between the
Machine Readable Travel Document
(MRTD) and Inspection Systems. A simple
challenge-response mechanism can detect
if a Tag has been substituted or cloned.
BAC is an optional protocol that tries to
ensure that only authenticated Readers can
physically access the e-Passport in order to
read the Tag data. The CA protocol aims to
replace AA as a mechanism to detect cloned
e-Passports. For example, if CA is
performed successfully it can established a
new pair of encryption and Medium Access
Control (MAC) keys to replace the BAC
derived session keys thus enabling secure
messaging (It does this by using the static
key agreement protocol). Note that the e-
Passport Tag already has a CA public key
and private key (in secure memory). The
Terminal Authentication Protocol (TAP) is
a protocol that is executed only if access
biometric data is required. It is a challenge-
response mechanism that allows the Tag to
validate the Reader used in CA. The Reader
proves to the Tag using digital certificates
that it has been authorized by both the home
and visiting nation to read the e-Passport
Tags.
SECTION 9. CONCLUSION
This paper is an introductory exploratory
account of the IoT and RFID with special
focus on security issues and
countermeasures. The Biometric e-Passport
single object case study is used to explore
security issues and countermeasures. The
IoT connects intelligent objects or things
The sensors and RFID technologies enable
the connect objects to firstly identify each
other, then communicate with each other
while forming a network of information,
also known as the IoT. The e-Passport
approved biometric features can be a digital
Page 10 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
facial photo, palm of the hand, a finger
print, or the iris and must include digital
signature of the holder, the issuing state and
the host state. The most common security
issues faced by biometric e-Passports are:
clandestine scanning, clandestine tracking,
skimming and cloning, eavesdropping,
biometric data leakage and cryptographic
weaknesses. The ICAO standards provides
the AA, PA BAC and EAC Protocol
countermeasures to help minimise or
eliminate security threats on e-Passports.
Finally, the research community has
proposed a number of tools for protecting
RFID privacy such as the blocker tags and
the antenna energy analysis.
SECTION 10.
ACKNOWLEDGEMENT
The author acknowledges Whitireia
Polytechnic Educational Institute, Porirua
Wellington, New Zealand.
SECTION 11. REFERENCES
Ahsan, K., Shah, H., & Kingston, P. (2010).
RFID applications: An introductory and
exploratory study. arXiv preprint
arXiv:1002.1179.
Avoine, G., Kalach, K., & Quisquater, J. J.
(2008). E-Passport: Securing international
contacts with contactless chips. In
Financial Cryptography and Data Security
pp. 141-155. Springer Berlin Heidelberg.
CISCO (2008). Wi-Fi Location-Based
Services 4.1 Design Guide.
http://www.cisco.com.
d’Hont, S. (2004). The cutting edge of
RFID technology and applications for
manufacturing and distribution. Texas
Instrument TIRIS, 16.
Juels, A., Molnar, D., & Wagner, D. (2005).
Security and Privacy Issues in E-passports.
In Security and Privacy for Emerging Areas
in Communications Networks, 2005.
Juels, A., Rivest, R. L., & Szydlo, M.
(2003, October). The blocker tag: selective
blocking of RFID tags for consumer
privacy. In Proceedings of the 10th ACM
conference on Computer and
communications security (pp. 103-111).
ACM.
Juels, A., & Pappu, R. (2003, January).
Squealing Euros: Privacy protection in
RFID-enabled banknotes. In Financial
cryptography (pp. 103-121). Springer
Berlin Heidelberg.
Kc, G. S., & Karger, P. A. (2005). Security
and privacy issues in machine readable
travel documents (MRTDs).
Kolahan, H., & Thapaliya, T (2011). Biometric Passport: security and privacy
aspects of machine readable travel.
Informatic, Electronic Government.
Kortuem, G., Kawsar, F., Fitton, D., &
Sundramoorthy, V. (2010). Smart objects
as building blocks for the internet of things.
Internet Computing, IEEE, 14(1), 44-51.
Kumar, V. N., Srinivasan, B., & Narendran,
P. (2012a). Efficient Implementation of
electronic passport scheme using
cryptographic security along with multiple
biometrics. International Journal of
Information Engineering and Electronic
Business (IJIEEB), 4(1), 18.
Kumar, V. N., & Srinivasan, B. (2012b).
Development of Electronic Passport
Scheme for Cryptographic Security and
Face, Fingerprint Biometrics using ASP.
Net. International Journal of Modern
Education and Computer Science
(IJMECS), 4(1), 40.
López, T. S., Ranasinghe, D. C., Harrison,
M., & McFarlane, D. (2012). Adding sense
Page 11 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
to the internet of things. Personal and
Ubiquitous Computing, 16(3), 291-308
Malčík, D., & Drahanský, M. (2012).
Anatomy of biometric passports. BioMed
Research International, 2012.
Roberts, C. (2007). Biometric attack
vectors and defences. Computers &
Security, 26(1), 14-25
SecureComm (2005). First International
Conference on (pp. 74-88). IEEE.
Selevan, S. (2005) Final Report Use of 1)
Sensors and 2) Radio Frequency ID (RFID)
for the National Children’s Study.
Smith, I. , CASAGRAS2. (2011). Internet
of Things around the World. An EU
Framework 7 Projects. RFID I Danmark
2011. Presents 7 IoTs project.
Welbourne, E., Battle, L., Cole, G., Gould,
K., Rector, K., Raymer, S., & Borriello, G.
(2009). Building the internet of things using
RFID: the RFID ecosystem experience.
Internet computing, IEEE, 13(3), 48-55.
Zslavask, A. (2013). Internet of things and
ubiquitous sensing.www.computer.com
SECTION 12: BIBLIOGRAPHY
Bohn, J. (2008). Prototypical
implementation of location-aware services
based on a middleware architecture for
super-distributed RFID tag infrastructures.
Personal and Ubiquitous Computing,
12(2), 155-166.
Bogari, E. A., Zavarsky, P., Lindskog, D.,
& Ruhl, R. (2012). An analysis of security
weaknesses in the evolution of RFID
enabled passport. In Internet Security
WorldCIS, 2012 World Congress on (pp.
158-166). IEEE.
Bose, I., Ngai, E.W., Teo, T.S., &
Spiekermann, S. (2009). Managing RFID
projects in organisations. EJIS, 18(6), 534-
540.
Bolotnyy, L., & Robins, G. (2007). Multi-
tag RFID systems. International Journal of
Internet Protocol Technology, 2(3), 218-
231.
Bolotnyy, L., & Robins, G. (2007, March).
Physically unclonable function-based
security and privacy in RFID systems. In
Pervasive Computing and
Communications, 2007. PerCom'07. Fifth
Annual IEEE International Conference on
(pp. 211-220). IEEE.
Burmester, M., & De Medeiros, B. (2007,
July). RFID security: attacks,
countermeasures and challenges. In
Proceedings of the 5th RFID academic
convocation. The RFID Journal
Conference
Callaghan, V., Clarke, G., & Chin, J.
(2009). Some socio-technical aspects of
intelligent buildings and pervasive
computing research. Intelligent Buildings
International, 1(1), 56-74.
Cavadini, D., Fasel, A. M. D., & Cimasoni,
L. (2009). Introducing the Biometrical
Electronic Passport (ePass).
CISCO (2008). Wi-Fi Location-Based
Services 4.1 Design Guide.
http://www.cisco.com.
CISCO (2008).RFID Tag Considerations.
Chapter 11.
Dodge, M., & Kitchin, R. (2009). Software,
objects, and home space. Environment and
Planning A, 41(6), 1344-1365
Duc, D. N., Lee, H., & Kim, K. (2006).
Enhancing security of EPCglobal Gen-2
Page 12 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
RFID against traceability and cloning.
Auto-ID Labs Information and
Garcia-Alfaro, J., Barbeau, M., & Kranakis,
E. (2008, April). Security threats on EPC
based RFID systems. In Information
Technology: New Generations, Fifth
International Conference on pp. 1242-
1244). IEEE
Garfinkel, S. L., Juels, A., & Pappu, R.
(2005). RFID privacy: An overview of
problems and proposed solutions. Security
& Privacy, IEEE, 3(3), 34-43
Habibi, M. H., Gardeshi, M., & Alaghband,
M. R. (2011). Practical attacks on a RFID
authentication protocol conforming to EPC
C-1 G-2 standard. arXiv preprint
arXiv:1102.0763.
Heim, K. (2007). Man grips future with
microchip implants in hands. Seattle Times,
1.
Henrici, D., & Müller, P. (2004). Tackling
security and privacy issues in radio
frequency identification devices. In
Pervasive Computing (pp. 219-224).
Springer Berlin Heidelberg.
Henzl, M. (2011). Security of Contactless
Smart Cards. In Proceedings of the 17th
Conference STUDENT EEICT pp. 585-589.
Kinoshita, S., Ohkubo, M., Hoshino, F.,
Morohashi, G., Shionoiri, O., & Kanai, A.
(2005). Privacy enhanced active RFID tag.
Cognitive Science Research Paper-
University of Sussex CSRP, 577, 100.
Mitrokotsa, A., Beye, M., & Peris-Lopez,
P. (2009). Classification of RFID Threats
based on Security Principles.
Molnar, D., & Wagner, D. (2004). Privacy
and security in library RFID: issues,
practices, and architectures. In Proceedings
of the 11th ACM conference on Computer
and communications security pp. 210-219.
ACM
Molnar, D., Soppera, A., & Wagner, D.
(2005). Privacy for RFID through trusted
computing. In Proceedings of the 2005
ACM workshop on Privacy in the electronic
society pp. 31-34. ACM
Najera, P., Moyano, F., & Lopez, J. (2009).
Security Mechanisms and Access Control
Infrastructure for e-Passports and General
Purpose e-Documents. J. UCS, 15(5), 970-
991
Nithyanand, R. (2009). A Survey on the
Evolution of Cryptographic Protocols in
ePassports. IACR Cryptology ePrint
Archive, 2009, 200.
Ohkubo, M., Suzuki, K., & Kinoshita, S.
(2003). Cryptographic approach to
“privacy-friendly” tags. In RFID privacy
workshop (Vol. 82). MIT, Cambridge, MA.
Ohkubo, M., Suzuki, K., & Kinoshita, S.
(2005). RFID privacy issues and technical
challenges. Communications of the ACM,
48(9), 66-71.
Pasupathinathan, V., Pieprzyk, J., & Wang,
H. (2008). Security analysis of Australian
and EU e-passport implementation. Journal
of Research and Practice in Information
Technology, 40(3), 187
Peris-Lopez, P., Hernandez-Castro, J. C.,
Estevez-Tapiador, J. M., & Ribagorda, A.
(2006). RFID systems: A survey on security
threats and proposed solutions. In Personal
Wireless Communications (pp. 159-170).
Springer Berlin Heidelberg.
Peris-Lopez, P., Hernandez-Castro, J. C.,
Estevez-Tapiador, J. M., & Ribagorda, A.
(2011). Attacking RFID systems.
Information Security Management
Handbook, 5, 313.
Page 13 of 13
©2013 Leutele Grey Leutele LM Grey Information Technology IT8417 Network Security and Forensics Semester 2.2013
Popper, D. E. (2007). Traceability: tracking
and privacy in the food system.
Geographical review, 97(3), 365-388.
RFID Security (2008). The Government of
the Hong Kong Special Administrative
Region.
Rotter, P. (2009). Security and Privacy in
RFID Applications. Development and
Implementation of RFID Technology
SA, S. W. (2011). RFID (radio frequency
identification): Principles and applications.
www. eecs. harvard. Edu/rfid-article.
Shih, D. H., Lin, C. Y., & Lin, B. (2005).
Privacy and security aspects of RFID tags.
In The Proceedings of Southwest DSI 2005
Annual Conference, Dallas, TX (pp. 332-
44). China Statistics Press
Singh, G., Kaur, R., & Sharma, H.
(2008).Various Attacks and their
Countermeasure on all Layers of RFID
System.
Sirotich, M. (2007, October). E-Passport
security under the microscope. In The
Second Workshop on the Social
Implications of National Security: (Vol. 2,
pp. 257-280).
Smith, D. B. (2006). Using Radio
Frequency Identification (RFID)
technology in humans in the United States
for total control. Bowie State University
Smith, J. E. (2006). You Can Run, But You
Can't Hide: Protecting Privacy from Radio
Frequency Identification Technology.
NCJL & Tech., 8, 249.
Song, B., & Mitchell, C. J. (2008). RFID
authentication protocol for low-cost tags. In
Proceedings of the first ACM conference on
Wireless network security (pp. 140-147).
ACM
Soon, T., J. & Tievan, L. (2008).RFID
Security. Institute for Infocomm Research
Thiesse, F. (2006). Managing risk
perceptions of RFID. Auto-ID Labs White
Paper WP-BIZAPP-031, Auto-ID Lab St.
Gallen, Switzerland.
Thompson, D. R., Chaudhry, N., &
Thompson, C. W. (2006, March). RFID
security threat model. In Conf. on Applied
Research in Information Technology
Van Kraneneburg, R. (2008). A critique of
ambient technology and the all-seeing
network of RFID. Institute of Network
Cultures Amsterdam
Wang, V. P. J. P. H. (2008). Formal security
analysis of Australian E-passport
implementation. Information Security
2008, 75
Warner, D. J. (2006). Call to Action: The
Fourth Amendment, the future of radio
frequency identification, and society. A.
Loy. LAL Rev., 40, 853
Weis, S. A. (2003). Security and privacy in
radio-frequency identification devices.
Massachusetts Institute of Technology.
Wyld, D. C. (2010). 24-Karat protection:
RFID and retail jewellery marketing.
International Journal of UbiComp (IJU),
1(1).