Skip to main content
SpringerLink
Log in

Position Statement in RFID S&P Panel: RFID and the Middleman

  • Conference paper
Book cover Financial Cryptography and Data Security (FC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4886))

Included in the following conference series:

Abstract

Existing bank-card payment systems, such as EMV, have two serious vulnerabilities: the user does not have a trustworthy interface, and the protocols are vulnerable in a number of ways to man-in-the-middle attacks. Moving to RFID payments may, on the one hand, let bank customers use their mobile phones to make payments, which will go a fair way towards fixing the interface problem; on the other hand, protocol vulnerabilities may become worse. By 2011 the NFC vendors hope there will be 500,000,000 NFC-enabled mobile phones in the world. If these devices can act as cards or terminals, can be programmed by their users, and can communicate with each other, then they will provide a platform for deploying all manner of protocol attacks. Designing the security protocols to mitigate such attacks may be difficult. First, it will include most of the hot topics of IT policy over the last ten years (from key escrow through DRM to platform trust and accessory control) as subproblems. Second, the incentives may lead the many players to try to dump the liability on each other, leading to overall system security that is equivalent to the weakest link rather than to sum-of-efforts and is thus suboptimal.

The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-77366-5_37

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adida, B., Bond, M., Clulow, J., Lin, A., Murdoch, S., Anderson, R.J., Rivest, R.:“Phish and Chips”. In: Security Protocols Workshop (March 2006), http://www.ross-anderson.com

  2. Anderson, R.J.: “Why Cryptosystems Fail”. Communications of the ACM 37(11), 32–40 (1994)

    Article  Google Scholar 

  3. Anderson, R.J.: Security Engineering – A Guide to Building Dependable Distributed Systems. Wiley, Chichester (2001)

    Google Scholar 

  4. Anderson, R.J.: Why Information Security is Hard – An Economic Perspective. In: Proceedings of the Seventeenth Computer Security Applications Conference, pp. 358–365. IEEE Computer Society Press, Los Alamitos (2001), http://www.cl.cam.ac.uk/ftp/users/rja14/econ.pdf

    Chapter  Google Scholar 

  5. Anderson, R.J., Bond, M.: The Man-in-the-Middle Defence. In: Security Protocols Workshop (March 2006), http://www.ross-anderson.com

  6. Baard, M.: Will new RFID technology help or hinder security? (April 27, 2005), http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1083417,00.html

  7. Heydt-Benjamin, T.S., Bailey, D.V., Fu, K., Juels, A., O’Hare, T.: Vulnerabilities in First-Generation RFID-enabled Credit Cards. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886, pp. 2–14. Springer, Heidelberg (2007)

    Google Scholar 

  8. Jayawardhana, W.: Tamil Tigers suspected of scamming millions in Britain, http://lankapage.wordpress.com/2007/01/17/

  9. Murdoch, S.J.: Chip & PIN relay attacks (February 6, 2007), http://www.lightbluetouchpaper.org/

  10. Near Field Communication and the NFC Forum: The Keys to Truly Interoperable Communications (2006), www.nfc-forum.org

  11. Clonavano carte con il bluetooth Scoperta nuova truffa telematica. In: la Repubblica (September 4, 2006), http://www.repubblica.it/2006/09/sezioni/cronaca/truffa-blue/truffa-blue/truffa-blue.html

  12. Shoesmith, K.: Garage Scam funded Terror Group, Hull Daily Mail, p. 1, (January 16, 2007), http://www.srilanka-botschaft.de/NEWSupdates_neu/Press_Releases/Press_Pol_Government_Statement_070119bE.htm

  13. Varian, H.: System Reliability and Free Riding, http://www.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/49.pdf

Download references

Author information

Authors and Affiliations

  1. Cambridge University, UK

    Ross Anderson

Authors
  1. Ross Anderson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Software Engineering Institute, Carnegie Mellon University, 4500 Fifth Avenue, 15213, Pittsburgh, PA, USA

    Sven Dietrich

  2. CRCS DEAS, Harvard University, Maxwell Dworkin 110, 33 Oxford Street, 02138, Cambridge, MA, USA

    Rachna Dhamija

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Anderson, R. (2007). Position Statement in RFID S&P Panel: RFID and the Middleman. In: Dietrich, S., Dhamija, R. (eds) Financial Cryptography and Data Security. FC 2007. Lecture Notes in Computer Science, vol 4886. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77366-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77366-5_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77365-8

  • Online ISBN: 978-3-540-77366-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation