Abstract
The deployment of RFID poses a number of security and privacy threats such as cloning, unauthorized tracking, etc. Although the literature contains many investigations of these issues on the logical level, few works have explored the security implications of the physical communication layer. Recently, related studies have shown the feasibility of identifying RFID-enabled devices based on physical-layer fingerprints. In this work, we leverage on these findings and demonstrate that physical-layer identification of HF RFID devices is also practical, that is, can achieve high accuracy and stability. We propose an improved hardware setup and enhanced techniques for fingerprint extraction and matching. Our new system enables device identification with an Equal Error Rate as low as 0.005 (0.5%) on a set 50 HF RFID smart cards of the same manufacturer and type. We further investigate the fingerprint stability over an extended period of time and across different acquisition setups. In the latter case, we propose a solution based on channel equalization that preserves the fingerprint quality across setups. Our results strengthen the practical use of physical-layer identification of RFID devices in product and document anti-counterfeiting solutions.
- Abdel-Hamid, A. T., Tahar, S., and Aboulhamid, E. M. 2003. IP watermarking techniques: Survey and comparison. In Proceedings of the IEEE International Workshop on System-on-Chip for Real-Time Applications.Google Scholar
- Agilent. 2007a. Agilent InfiniiVision 6104A. Agilent. http://www.home.agilent.com/.Google Scholar
- Agilent. 2007b. Function/Arbitrary Waveform Generator 33250A. Agilent. http://www.home.agilent.com/agilent.Google Scholar
- Bishop, C. 2006. Pattern Recognition and Machine Learning. Springer. Google ScholarDigital Library
- Boggan, S. 2006. Cracked it! http://www.guardian.co.uk/technology/2006/nov/17/news.homeaffairs/. (Last accessed 11/10.).Google Scholar
- Bolle, R., Connell, J., Pankanti, S., Ratha, N., and Senior, A. 2003. Guide to Biometrics. Springer. Google ScholarDigital Library
- Bowser, R. A., Stager, P. J., Thomson, A., and Douglas, B. L. 2008. Wireless transmitter identity validation in a wireless network. US Patent 11691041.Google Scholar
- Brik, V., Banerjee, S., Gruteser, M., and Oh, S. 2008. Wireless device identification with radiometric signatures. In Proceedings of the ACM International Conference on Mobile Computing and Networking. Google ScholarDigital Library
- Candore, A., Kocabas, O., and Koushanfar, F. 2009. Robust stable radiometric fingerprinting for wireless devices. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust, 43--49. Google ScholarDigital Library
- Damarla, C., Ivers, J., Pollard, M., Kompanek, A. J., and Trammell, B. H. 2008. Method for RF fingerprinting. US Patent 7346359.Google Scholar
- Danev, B. and Capkun, S. 2009. Transient-based identification of wireless sensor nodes. In Proceedings of the ACM/IEEE Conference on Information Processing in Sensor Networks. Google ScholarDigital Library
- Danev, B., Heydt-Benjamin, T. S., and Capkun, S. 2009. Physical-layer identification of RFID devices. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Danev, B., Luecken, H., Capkun, S., and Defrawy, K. 2010. Attacks on physical-layer identification. In Proceedings of the 3th ACM Conference on Wireless Network Security (WiSec’10). ACM, 89--98. Google ScholarDigital Library
- Dejean, G. and Kirovski, D. 2007. RF-DNA: Radio-frequency certificates of authenticity. In Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems (CHES). 346--363. Google ScholarDigital Library
- Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., and Khandelwal, V. 2008. Design and implementation of PUF-based “unclonable” RFID ICs for anti-counterfeiting and security applications. In Proceedings of the IEEE International Conference on RFID. 58--64.Google Scholar
- Edman, M. and Yener, B. August 2009. Active attacks against modulation-based radiometric identification. Tech. rep. 09-02, Rensselaer Institute of Technology.Google Scholar
- EIP Microwave. 1999. EIP 578 frequency counter. http://www.phasematrix.com/Spec_Sheets/57XB_10-99.pdf.Google Scholar
- Ellis, K. and Serinken, N. 2001. Characteristics of radio transmitter fingerprints. Radio Sci. 36, 585--597.Google ScholarCross Ref
- EPCglobal. 2009. The EPCglobal architecture framework v. 1.3. EPCglobal.Google Scholar
- Ettus. 2009. Universal software radio peripheral (USRP). Ettus. http://www.ettus.com/.Google Scholar
- Ferrell, P. 1991. Method and apparatus for characterizing a radio transmitter. US Patent 5005210.Google Scholar
- FVC. 2006. Fingeprint verification competitions (FVC). http://bias.csr.uni-bo.it/fvc2006/.Google Scholar
- Gassend, B., Lim, D., Clarke, D., Devadas, S., and van Dijk, M. 2004. Identification and authentication of integrated circuits. Concurr. Comput.: Prac. Exper. 16, 11, 1077--1098. Google ScholarDigital Library
- Gildas, A. 2010. RFID security and privacy lounge. http://www.avoine.net/rfid/index.html.Google Scholar
- Grunwald, L. 2006. New attack to RFID-systems and their middleware and backends. In Black Hat Briefings.Google Scholar
- Hall, J., Barbeau, M., and Kranakis, E. 2004. Enhancing intrusion detection in wireless networks using radio frequency fingerprinting. In Proceedings of the Communications, Internet, and Information Technology.Google Scholar
- Hall, J., Barbeau, M., and Kranakis, E. 2006. Detecting rogue devices in Bluetooth networks using radio frequency fingerprinting. In Proceedings of the IASTED International Conference on Communications and Computer Networks.Google Scholar
- Hippenstiel, R. and Payal, Y. 1996. Wavelet based transmitter identification. In Proceedings of the International Symposium on Signal Processing and Its Applications (ISSPA).Google Scholar
- IBM. 2002. JCOP - The IBM GlobalPlatform JavaCard implementation. IBM. ftp://ftp.software.ibm.com/software/pervasive/info/JCOP_Family.pdf.Google Scholar
- ICAO. 2006. Machine readable travel documents (ICAO Document 9303). http://www.icao.int/.Google Scholar
- Jana, S. and Kasera, S. K. 2008. On fast and accurate detection of unauthorized wireless access points using clock skews. In Proceedings of the ACM International Conference on Mobile Computing and Networking. Google ScholarDigital Library
- Juels, A. 2006. RFID security and privacy: A research survey. IEEE J. Select. Areas Comm. 24, 2. Google ScholarDigital Library
- Kaplan, D. and Stanhope, D. 1999. Waveform collection for use in wireless telephone identification. US Patent 5999806.Google Scholar
- Lakafosis, V., Traille, A., Lee, H., Gebara, E., Tentzeris, M., DeJean, G., and Kirovski, D. 2011. RF fingerprinting physical objects for anticounterfeiting applications. IEEE Trans. Micro. Theory Tech. 59, 2, 504--514.Google ScholarCross Ref
- Lakafosis, V., Traille, A., Lee, H., Orecchini, G., Gebara, E., Tentzeris, M., DeJean, G., and Kirovski, D. 2010. An RFID system with enhanced hardware-enabled authentication and anti-counterfeiting capabilities. In Proceedings of the IEEE MTT-S Int. Microw. Symp. Dig. 840--843.Google Scholar
- Laurie, A. 2006. Expert cracks biometric passport data. http://www.computerweekly.com/Articles/2006/11/21/219995/Expert-cracks-biometric-passport-data.htm.Google Scholar
- Margerum, D. 1969. Pinpointing Location of Hostile Radars. Microwaves.Google Scholar
- MasterCard. 2009. MasterCard PayPass M/Chip application note. http://www.paypass.com/documentation.html.Google Scholar
- Pascual Iserte, A. 2005. Channel state information and joint transmitter-receiver design in multi-antenna systems. Ph.D. thesis, Polytechnic University of Catalonia.Google Scholar
- Periaswamy, S. C. G., Thompson, D., and Di, J. 2008. Ownership transfer of RFID tags based on electronic fingerprint. In Proceedings of the International Conference on Security and Management.Google Scholar
- Periaswamy, S. C. G., Thompson, D., and Di, J. 2010a. Fingerprinting RFID tags. IEEE Trans. Depend. Secure Comput.Google Scholar
- Periaswamy, S. C. G., Thompson, D. R., and Romero, H. P. 2010b. Fingerprinting radio frequency identification tags using timing characteristics. In Proceedings of the Workshop on RFID Security (RFIDSec, Asia).Google Scholar
- Quartzlock. 2010. GPS timing and frequency standards. Quartzlock. http://www.quartzlock.com/downloads/datasheets/E8-Y_4pp.pdf.Google Scholar
- Rasmussen, K. and Capkun, S. 2007. Implications of radio fingerprinting on the security of sensor networks. In Proceedings of the International ICST Conference on Security and Privacy in Communication Networks.Google Scholar
- Reising, D. R., Temple, M. A., and Mendenhall, M. J. 2010a. Improved wireless security for GMSK-based devices using RF fingerprinting. Int. J. Electron. Secur. Digit. Forensic 3, 41--59. Google ScholarDigital Library
- Reising, D. R., Temple, M. A., and Mendenhall, M. J. 2010b. Improving intra-cellular security using air monitoring with RF fingerprints. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC).Google Scholar
- Rhrmair, U., Sehnke, F., Slter, J., Dror, G., Devadas, S., and Schmidhuber, J. 2010. Modeling attacks on physical unclonable functions. In Proceedings of the ACM Computer and Communications Security Conference (CCS). Google ScholarDigital Library
- Romero, H. P., Remley, K. A., Williams, D. F., and Wang, C.-M. 2009. Electromagnetic measurements for counterfeit detection of radio frequency identification cards. IEEE Trans. Microw. Theory Tech. 57, 5, 1383--1387.Google ScholarCross Ref
- Romero, H. P., Remley, K. A., Williams, D. F., Wang, C.-M., and Brown, T. X. 2010. Identifying RF identification cards from measurements of resonance and carrier harmonics. IEEE Trans. Micro. Theory Techniques 58, 7.Google ScholarCross Ref
- Schaefer, J. and Strimmer, K. 2005. A shrinkage approach to large-scale covariance matrix estimation and implications for functional genomics. Statist. Appli. Genet. Molec. Biol. 4, 32.Google Scholar
- Schäfer, J., Opgen-Rhein, R., and Strimmer, K. 2010. Efficient estimation of covariance and (partial) correlation. The Comprehensive R Archive Network. http://strimmerlab.org/software/corpcor/.Google Scholar
- Shaw, D. and Kinsner, W. 1997. Multifractal modeling of radio transmitter transients for classification. In Proceedings of the IEEE Conference on Communications, Power and Computing.Google Scholar
- Shlens, J. 2005. A Tutorial on Principal Component Analysis. mplab.ucsd.edu/tutorials/pca.pdf.Google Scholar
- Sklar, B. 2001. Digital Communications: Fundamentals and Applications. Prentice-Hall, Inc., Upper Saddle River, NJ.Google Scholar
- Toonstra, J. and Kinsner, W. 1995. Transient analysis and genetic algorithms for classification. In Proceedings of the IEEE Conference on Communications, Power, and Computing (WESCANEX).Google Scholar
- Tuyls, P. and Batina, L. 2006. RFID-tags for anti-counterfeiting. In Topics in Cryptology-CT-RSA 2006, Lecture Notes in Computer Science, vol. 3860, 115--131. Google ScholarDigital Library
- Ureten, O. and Serinken, N. 1999. Detection of radio transmitter turn-on transients. Electron. Lett. 35. 1996--1997.Google Scholar
- Ureten, O. and Serinken, N. 2007. Wireless security through RF fingerprinting. Canad. J. Elect. Comput. Eng. 32, 1.Google ScholarCross Ref
- van Beek, J. 2008. ePassports reloaded. In Black Hat Briefings.Google Scholar
- Williams, A. B. and Taylors, F. J. 1988. Electronic Filter Design Handbook. McGraw-Hill.Google Scholar
- Witteman, M. 2005. Attacks on digital passports. In What The Hack.Google Scholar
- Zanetti, D., Danev, B., and Capkun, S. 2010. Physical-layer identification of UHF RFID tags. In Proceedings of the 16th ACM Conference on Mobile Computing and Networking (MOBICOM). Google ScholarDigital Library
- Zeng, K., Govindan, K., and Mohapatra, P. 2010. Non-cryptographic authentication and identification in wireless networks {security and privacy in emerging wireless networks}. IEEE Comm. 17, 5, 56--62. Google ScholarDigital Library
- Zetter, K. 2006. Hackers clone e-passports. http://www.wired.com/science/discoveries/news/2006/08/71521. (Last accessed 11/10.)Google Scholar
Index Terms
- Towards Practical Identification of HF RFID Devices
Recommendations
Secure UHF/HF dual-band RFID: strategic framework approaches and application solutions
ICCCI'11: Proceedings of the Third international conference on Computational collective intelligence: technologies and applications - Volume Part IIn the mobile RFID (Radio-Frequency Identification) environment, scanning RFID tags which are personalized can bring some privacy infringement issues. In spite of the case that private information is not stored in those tags, one can identify entities, ...
Towards Scalable Identification in RFID Systems
The search efficiency of radio frequency identification (RFID) protocols remains a challenging issue. There are many proposals that address the security and privacy issues of RFID, but most of them require reader work that is linear with the number of ...
A distributed architecture for scalable private RFID tag identification
The fast growth of Radio Frequency IDentification (RFID) implies a deployment challenge, namely how to keep this technology scalable without renouncing security and privacy features. This paper focuses on combining tag privacy and scalability using the ...
Comments