Are there any special security challenges of the RFID /NFC technology and in which use cases?

And how could these challenges be best met?

These questions underpinned the internal workshop of the united Silicon Alps cluster focus groups RFID and Cybersecurity on the 12th. of April 2021. The interaction of these two focus groups enabled the mutual visibility of interests and competencies and set the basis for new cooperation. The workshop included impulse keynote presentations and intensive discussions in plenum and in groups.

In the first keynote,  Josef Preishuber-Pflügl and Johannes Lehrhofer CISC Semiconductor) emphasized the key challenges and security requirements in the following applications: Road Tolling Rain RFID, contactless payment RFID, IIoT Sensor Onboarding NFC, BLE and IIoT Sensor Data Handling NFC, BLE.

The second keynote of Michael Jerne and Mario Lamberger (NXP) commented on some possible threats to RFID (such as classical HW attacks if the NFC device gets lost/is stolen, eavesdropping on the communication, privacy challenges and protocol attacks like replay/relay attacks, as a realistic threat in the automotive space, e.g. car access, key&go) and presented the security approaches to counteract them available at NXP.

The perspective of research on lightweight cryptography for implementation in constrained environments (RFID, sensors, smart cards, etc.) has been introduced by Maria Eichlseder, Assistant Professor of Cryptology & Privacy at IAIK | Institute of Applied Information Processing and Communications,  specifically on the example of the  NIST LWC Competition for Lightweight Crypt with three finalists co-designed at TU Graz: ASCON, ISAP, and ELEPHANT.

Presentations:

• NFC and RAIN RFID (Cybersecurity meets RFID), Josef Preishuber-Pflügl & Johannes Lehrhofer (CISC Semiconductor)
• “RFID MEETS SECURITY”, Michael Jerne and Mario Lamberger (NXP)
• Lightweight Cryptography, Maria Eichlseder (TU Graz)

Discussion

The lively discussion after the keynotes highlighted the high interest of participants in dealing with specific technology challenges in selected use cases and the readiness to discuss constructively critical aspects, such as the discrepancies between technology development and application in practice, between systems during the development phase and in operation, costs vs. security considerations and dilemmas in the company, respectively cybersecurity challenges in IIoT.

Our journey will continue. Since hackers and protective measures are an ongoing race, one has to be always vigilant and a step ahead of threats. We warmly thank the speakers and participants for their commitment and ideas!

Next meeting

Looking forward to meeting you at the next cluster focus group workshops and the coming Silicon Alps Event with all cluster focus group on 2 Juli 2021 in Klagenfurt!

Best regards,

Your Silicon Alps Team