Abstract
The deployment of RFID poses a number of security and privacy threats such as cloning, unauthorized tracking, etc. Although the literature contains many investigations of these issues on the logical level, few works have explored the security implications of the physical communication layer. Recently, related studies have shown the feasibility of identifying RFID-enabled devices based on physical-layer fingerprints. In this work, we leverage on these findings and demonstrate that physical-layer identification of HF RFID devices is also practical, that is, can achieve high accuracy and stability. We propose an improved hardware setup and enhanced techniques for fingerprint extraction and matching. Our new system enables device identification with an Equal Error Rate as low as 0.005 (0.5%) on a set 50 HF RFID smart cards of the same manufacturer and type. We further investigate the fingerprint stability over an extended period of time and across different acquisition setups. In the latter case, we propose a solution based on channel equalization that preserves the fingerprint quality across setups. Our results strengthen the practical use of physical-layer identification of RFID devices in product and document anti-counterfeiting solutions.
- Abdel-Hamid, A. T., Tahar, S., and Aboulhamid, E. M. 2003. IP watermarking techniques: Survey and comparison. In Proceedings of the IEEE International Workshop on System-on-Chip for Real-Time Applications.Google Scholar
- Agilent. 2007a. Agilent InfiniiVision 6104A. Agilent. http://www.home.agilent.com/.Google Scholar
- Agilent. 2007b. Function/Arbitrary Waveform Generator 33250A. Agilent. http://www.home.agilent.com/agilent.Google Scholar
- Bishop, C. 2006. Pattern Recognition and Machine Learning. Springer. Google Scholar
Digital Library
- Boggan, S. 2006. Cracked it! http://www.guardian.co.uk/technology/2006/nov/17/news.homeaffairs/. (Last accessed 11/10.).Google Scholar
- Bolle, R., Connell, J., Pankanti, S., Ratha, N., and Senior, A. 2003. Guide to Biometrics. Springer. Google Scholar
Digital Library
- Bowser, R. A., Stager, P. J., Thomson, A., and Douglas, B. L. 2008. Wireless transmitter identity validation in a wireless network. US Patent 11691041.Google Scholar
- Brik, V., Banerjee, S., Gruteser, M., and Oh, S. 2008. Wireless device identification with radiometric signatures. In Proceedings of the ACM International Conference on Mobile Computing and Networking. Google Scholar
Digital Library
- Candore, A., Kocabas, O., and Koushanfar, F. 2009. Robust stable radiometric fingerprinting for wireless devices. In Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust, 43--49. Google Scholar
Digital Library
- Damarla, C., Ivers, J., Pollard, M., Kompanek, A. J., and Trammell, B. H. 2008. Method for RF fingerprinting. US Patent 7346359.Google Scholar
- Danev, B. and Capkun, S. 2009. Transient-based identification of wireless sensor nodes. In Proceedings of the ACM/IEEE Conference on Information Processing in Sensor Networks. Google Scholar
Digital Library
- Danev, B., Heydt-Benjamin, T. S., and Capkun, S. 2009. Physical-layer identification of RFID devices. In Proceedings of the USENIX Security Symposium. Google Scholar
Digital Library
- Danev, B., Luecken, H., Capkun, S., and Defrawy, K. 2010. Attacks on physical-layer identification. In Proceedings of the 3th ACM Conference on Wireless Network Security (WiSec’10). ACM, 89--98. Google Scholar
Digital Library
- Dejean, G. and Kirovski, D. 2007. RF-DNA: Radio-frequency certificates of authenticity. In Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems (CHES). 346--363. Google Scholar
Digital Library
- Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., and Khandelwal, V. 2008. Design and implementation of PUF-based “unclonable” RFID ICs for anti-counterfeiting and security applications. In Proceedings of the IEEE International Conference on RFID. 58--64.Google Scholar
- Edman, M. and Yener, B. August 2009. Active attacks against modulation-based radiometric identification. Tech. rep. 09-02, Rensselaer Institute of Technology.Google Scholar
- EIP Microwave. 1999. EIP 578 frequency counter. http://www.phasematrix.com/Spec_Sheets/57XB_10-99.pdf.Google Scholar
- Ellis, K. and Serinken, N. 2001. Characteristics of radio transmitter fingerprints. Radio Sci. 36, 585--597.Google Scholar
Cross Ref
- EPCglobal. 2009. The EPCglobal architecture framework v. 1.3. EPCglobal.Google Scholar
- Ettus. 2009. Universal software radio peripheral (USRP). Ettus. http://www.ettus.com/.Google Scholar
- Ferrell, P. 1991. Method and apparatus for characterizing a radio transmitter. US Patent 5005210.Google Scholar
- FVC. 2006. Fingeprint verification competitions (FVC). http://bias.csr.uni-bo.it/fvc2006/.Google Scholar
- Gassend, B., Lim, D., Clarke, D., Devadas, S., and van Dijk, M. 2004. Identification and authentication of integrated circuits. Concurr. Comput.: Prac. Exper. 16, 11, 1077--1098. Google Scholar
Digital Library
- Gildas, A. 2010. RFID security and privacy lounge. http://www.avoine.net/rfid/index.html.Google Scholar
- Grunwald, L. 2006. New attack to RFID-systems and their middleware and backends. In Black Hat Briefings.Google Scholar
- Hall, J., Barbeau, M., and Kranakis, E. 2004. Enhancing intrusion detection in wireless networks using radio frequency fingerprinting. In Proceedings of the Communications, Internet, and Information Technology.Google Scholar
- Hall, J., Barbeau, M., and Kranakis, E. 2006. Detecting rogue devices in Bluetooth networks using radio frequency fingerprinting. In Proceedings of the IASTED International Conference on Communications and Computer Networks.Google Scholar
- Hippenstiel, R. and Payal, Y. 1996. Wavelet based transmitter identification. In Proceedings of the International Symposium on Signal Processing and Its Applications (ISSPA).Google Scholar
- IBM. 2002. JCOP - The IBM GlobalPlatform JavaCard implementation. IBM. ftp://ftp.software.ibm.com/software/pervasive/info/JCOP_Family.pdf.Google Scholar
- ICAO. 2006. Machine readable travel documents (ICAO Document 9303). http://www.icao.int/.Google Scholar
- Jana, S. and Kasera, S. K. 2008. On fast and accurate detection of unauthorized wireless access points using clock skews. In Proceedings of the ACM International Conference on Mobile Computing and Networking. Google Scholar
Digital Library
- Juels, A. 2006. RFID security and privacy: A research survey. IEEE J. Select. Areas Comm. 24, 2. Google Scholar
Digital Library
- Kaplan, D. and Stanhope, D. 1999. Waveform collection for use in wireless telephone identification. US Patent 5999806.Google Scholar
- Lakafosis, V., Traille, A., Lee, H., Gebara, E., Tentzeris, M., DeJean, G., and Kirovski, D. 2011. RF fingerprinting physical objects for anticounterfeiting applications. IEEE Trans. Micro. Theory Tech. 59, 2, 504--514.Google Scholar
Cross Ref
- Lakafosis, V., Traille, A., Lee, H., Orecchini, G., Gebara, E., Tentzeris, M., DeJean, G., and Kirovski, D. 2010. An RFID system with enhanced hardware-enabled authentication and anti-counterfeiting capabilities. In Proceedings of the IEEE MTT-S Int. Microw. Symp. Dig. 840--843.Google Scholar
- Laurie, A. 2006. Expert cracks biometric passport data. http://www.computerweekly.com/Articles/2006/11/21/219995/Expert-cracks-biometric-passport-data.htm.Google Scholar
- Margerum, D. 1969. Pinpointing Location of Hostile Radars. Microwaves.Google Scholar
- MasterCard. 2009. MasterCard PayPass M/Chip application note. http://www.paypass.com/documentation.html.Google Scholar
- Pascual Iserte, A. 2005. Channel state information and joint transmitter-receiver design in multi-antenna systems. Ph.D. thesis, Polytechnic University of Catalonia.Google Scholar
- Periaswamy, S. C. G., Thompson, D., and Di, J. 2008. Ownership transfer of RFID tags based on electronic fingerprint. In Proceedings of the International Conference on Security and Management.Google Scholar
- Periaswamy, S. C. G., Thompson, D., and Di, J. 2010a. Fingerprinting RFID tags. IEEE Trans. Depend. Secure Comput.Google Scholar
- Periaswamy, S. C. G., Thompson, D. R., and Romero, H. P. 2010b. Fingerprinting radio frequency identification tags using timing characteristics. In Proceedings of the Workshop on RFID Security (RFIDSec, Asia).Google Scholar
- Quartzlock. 2010. GPS timing and frequency standards. Quartzlock. http://www.quartzlock.com/downloads/datasheets/E8-Y_4pp.pdf.Google Scholar
- Rasmussen, K. and Capkun, S. 2007. Implications of radio fingerprinting on the security of sensor networks. In Proceedings of the International ICST Conference on Security and Privacy in Communication Networks.Google Scholar
- Reising, D. R., Temple, M. A., and Mendenhall, M. J. 2010a. Improved wireless security for GMSK-based devices using RF fingerprinting. Int. J. Electron. Secur. Digit. Forensic 3, 41--59. Google Scholar
Digital Library
- Reising, D. R., Temple, M. A., and Mendenhall, M. J. 2010b. Improving intra-cellular security using air monitoring with RF fingerprints. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC).Google Scholar
- Rhrmair, U., Sehnke, F., Slter, J., Dror, G., Devadas, S., and Schmidhuber, J. 2010. Modeling attacks on physical unclonable functions. In Proceedings of the ACM Computer and Communications Security Conference (CCS). Google Scholar
Digital Library
- Romero, H. P., Remley, K. A., Williams, D. F., and Wang, C.-M. 2009. Electromagnetic measurements for counterfeit detection of radio frequency identification cards. IEEE Trans. Microw. Theory Tech. 57, 5, 1383--1387.Google Scholar
Cross Ref
- Romero, H. P., Remley, K. A., Williams, D. F., Wang, C.-M., and Brown, T. X. 2010. Identifying RF identification cards from measurements of resonance and carrier harmonics. IEEE Trans. Micro. Theory Techniques 58, 7.Google Scholar
Cross Ref
- Schaefer, J. and Strimmer, K. 2005. A shrinkage approach to large-scale covariance matrix estimation and implications for functional genomics. Statist. Appli. Genet. Molec. Biol. 4, 32.Google Scholar
- Schäfer, J., Opgen-Rhein, R., and Strimmer, K. 2010. Efficient estimation of covariance and (partial) correlation. The Comprehensive R Archive Network. http://strimmerlab.org/software/corpcor/.Google Scholar
- Shaw, D. and Kinsner, W. 1997. Multifractal modeling of radio transmitter transients for classification. In Proceedings of the IEEE Conference on Communications, Power and Computing.Google Scholar
- Shlens, J. 2005. A Tutorial on Principal Component Analysis. mplab.ucsd.edu/tutorials/pca.pdf.Google Scholar
- Sklar, B. 2001. Digital Communications: Fundamentals and Applications. Prentice-Hall, Inc., Upper Saddle River, NJ.Google Scholar
- Toonstra, J. and Kinsner, W. 1995. Transient analysis and genetic algorithms for classification. In Proceedings of the IEEE Conference on Communications, Power, and Computing (WESCANEX).Google Scholar
- Tuyls, P. and Batina, L. 2006. RFID-tags for anti-counterfeiting. In Topics in Cryptology-CT-RSA 2006, Lecture Notes in Computer Science, vol. 3860, 115--131. Google Scholar
Digital Library
- Ureten, O. and Serinken, N. 1999. Detection of radio transmitter turn-on transients. Electron. Lett. 35. 1996--1997.Google Scholar
- Ureten, O. and Serinken, N. 2007. Wireless security through RF fingerprinting. Canad. J. Elect. Comput. Eng. 32, 1.Google Scholar
Cross Ref
- van Beek, J. 2008. ePassports reloaded. In Black Hat Briefings.Google Scholar
- Williams, A. B. and Taylors, F. J. 1988. Electronic Filter Design Handbook. McGraw-Hill.Google Scholar
- Witteman, M. 2005. Attacks on digital passports. In What The Hack.Google Scholar
- Zanetti, D., Danev, B., and Capkun, S. 2010. Physical-layer identification of UHF RFID tags. In Proceedings of the 16th ACM Conference on Mobile Computing and Networking (MOBICOM). Google Scholar
Digital Library
- Zeng, K., Govindan, K., and Mohapatra, P. 2010. Non-cryptographic authentication and identification in wireless networks {security and privacy in emerging wireless networks}. IEEE Comm. 17, 5, 56--62. Google Scholar
Digital Library
- Zetter, K. 2006. Hackers clone e-passports. http://www.wired.com/science/discoveries/news/2006/08/71521. (Last accessed 11/10.)Google Scholar
Index Terms
Towards Practical Identification of HF RFID Devices
Recommendations
Secure UHF/HF dual-band RFID: strategic framework approaches and application solutions
ICCCI'11: Proceedings of the Third international conference on Computational collective intelligence: technologies and applications - Volume Part IIn the mobile RFID (Radio-Frequency Identification) environment, scanning RFID tags which are personalized can bring some privacy infringement issues. In spite of the case that private information is not stored in those tags, one can identify entities, ...
Towards Scalable Identification in RFID Systems
The search efficiency of radio frequency identification (RFID) protocols remains a challenging issue. There are many proposals that address the security and privacy issues of RFID, but most of them require reader work that is linear with the number of ...
Private identification of RFID tags
FPS'11: Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of SecurityA lightweight identification mechanism is proposed for RFID systems in which the privacy of tags is protected against unknown readers. Private identification of RFID tags allows authorized readers to easily identify the tags. The identity of the tag is ...






Comments