Fernando, Harinda and Abawajy, Jemal 2013, Malware detection and prevention in RFID systems. In Bessis, Nik, Xhafa, Fatos, Varvarigou, Dora, Hill, Richard and Li, Maozhen (ed), Internet of things and inter-cooperative computational technologies for collective intelligence, Springer, Heidelberg, Germany, pp.143-166, doi: 10.1007/978-3-642-34952-2_6.
The threat that malware poses to RFID systems was identified only recently. Fortunately, all currently known RFID malware is based on SQLIA. Therefore, in this chapter we propose a dual pronged, tag based SQLIA detection and prevention method optimized for RFID systems. The first technique is a SQL query matching approach that uses simple string comparisons and provides strong security against a majority of the SQLIA types possible on RFID systems. To provide security against second order SQLIA, which is a major gap in the current literature, we also propose a tag data validation and sanitization technique. The preliminary evaluation of our query matching technique is very promising, showing 100% detection rates and 0% false positives for all attacks other than second order injection.
Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact firstname.lastname@example.org.