-3

According to me, active RFID tags are more likely to suffer from a security attack (i.e. the risk is higher) than passive tags because active tags manifest their presence themselves in their neighbourhood without needing that the reader provides them energy. However, my teacher did not agree with me and couldn't see an a priori difference in the security risk between passive and active tags. Could someone argue if there is or is not a difference?

schroeder
  • 123,438
  • 55
  • 284
  • 319
MysteryGuy
  • 97
  • 2
  • don't you need a reader anyway? how does the reader powering it (or not) make it safer? – dandavis Jan 08 '18 at 12:03
  • @dandavis Of course you need a reader but I was wondering if active tags, as they manifest themselves were not more likely to risk than passive ones – MysteryGuy Jan 08 '18 at 12:09
  • i'm with your teacher; obscurity is not security. the answer says active is more secure: https://security.stackexchange.com/questions/36068/security-differences-between-passive-and-active-rfid-tags?rq=1 – dandavis Jan 08 '18 at 12:11
  • You have used 3 terms seemingly to equate them: vulnerable, likely, and risk. This will only create confusion as one might 'argue' based on one of those terms with false equivalency. Are active tags more likely to be found? Sure, but if there is a malicious actor looking for passive tags, then they will be providing power, themselves. One is not more vulnerable than the other. One does not pose a higher risk. – schroeder Jan 08 '18 at 12:31
  • If you sort out your terminology, the answer will reveal itself. – schroeder Jan 08 '18 at 12:33
  • @schroeder no, I can't ser... if you could give a clear answer, I'd be glad – MysteryGuy Jan 09 '18 at 13:23
  • 1
    @MysteryGuy I did, please refer to my comment above. As it stands, this question is unanswerable because you keep changing your terms. But once you keep your terms consistent, I think you will find that there is an obvious answer. – schroeder Jan 09 '18 at 14:10

1 Answers1

0

As you have not specified a threat model, I'll assume the most common one for RFID tags: cloning of the RFID tag when used for access control.

In that case, merely being an active tag does not make it more or less risky than a passive tag. A sufficiently powerful active tag might have a longer read range, making it easier to clone at a distance, but both would be a relatively short distance (e.g., meters at most) and would not make it substantially easier. Active tags (self-powered) are also often able to have a more powerful microcontroller, offering more options for encrypted RFID communications, which might make them more secure.

Without anything more than "active vs passive" to compare, there does not seem to be a meaningful security difference.

David
  • 15,814
  • 3
  • 48
  • 73