Replay Attack

Replay Attack on RFID

A replay attack is a security exploit where an adversary captures a valid RFID tag response and retransmits it to a reader at a later time, impersonating the legitimate tag. Unlike cloning, which creates a physical counterfeit tag, a replay attack uses an active transmitter to broadcast the captured signal — the attacker does not need to programme a tag IC.

How a Replay Attack Works

1. Capture phase: The attacker uses an RF receiver (software-defined radio or custom hardware) to record the backscatter signal from a legitimate tag during a normal reader-tag interaction. The captured data includes the tag's EPC and any other memory content transmitted.

2. Replay phase: At a later time, the attacker positions an active transmitter near a target reader and retransmits the captured tag response. If the reader accepts the replayed signal, it processes it as a legitimate tag read.

Why Replay Attacks Are Possible

Basic EPC Gen2 communication is stateless — a tag's response to a reader query is deterministic based on its memory contents. If the EPC and protocol fields remain the same, the response to the same query will always be identical. This determinism makes replay feasible because a captured response is valid indefinitely.

The attack is particularly relevant in access control and authentication scenarios where a single valid tag response grants access (e.g., RFID-based vehicle entry gates, personnel access badges).

Limitations

Replay attacks face several practical constraints:

Timing: EPC Gen2 singulation involves precise timing between reader commands and tag responses. The attacker must replay the signal within the correct time slot, which requires real-time signal processing capability.

Session state: If the reader uses S2 or S3 sessions, a replayed EPC that has already been inventoried will be ignored (the session flag state does not match). However, after the persistence timer expires, the tag becomes targetable again.

Physical proximity: The replaying transmitter must be within the reader's antenna pattern and at a power level consistent with normal backscatter. Anomalous signal strength may trigger detection in sophisticated readers.

Countermeasures

Crypto Suite challenge-response: The most effective defence. When the reader issues a random challenge (nonce) during tag authentication, the tag's response is unique to that specific nonce. A replayed response from a previous session will not match the current challenge, and the reader will reject it.

Mutual Authentication: Bidirectional challenge-response ensures both reader and tag prove their identity. Even if the attacker captures a complete authentication exchange, the random nonces change with every session, rendering the captured data useless for replay.

Rolling codes: Some proprietary RFID systems implement rolling code mechanisms where the tag increments an internal counter with each transaction. Each response is unique, and the reader tracks the expected counter value.

Time-stamped reads: Middleware can detect replay patterns by correlating tag read events with expected physical movements. A tag that was last seen in a distant location appearing instantly at a local reader is suspicious and can be flagged for manual verification.