Deterministic Detection of Cloning Attacks for Anonymous RFID Systems

Cloning attacks seriously impede the security of radio-frequency identification (RFID) applications. This paper tackles deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few clones tolerated. This paper proposes three protocols-BASE, DeClone, and DeClone+-toward fast and deterministic clone detection for large anonymous RFID systems. BASE leverages the observation that clone tags make tag cardinality exceed ID cardinality. DeClone is built on a recent finding that clone tags cause collisions that are hardly reconciled through rearbitration. For DeClone to achieve detection certainty, this paper designs breadth first tree traversal toward quickly verifying unreconciled collisions and hence the cloning attack. DeClone+ further incorporates optimization techniques that promise faster clone detection when clone ratio is relatively high. The performance of the proposed protocols is validated through analysis and simulation. This paper also suggests feasible extensions to enrich their applicability to distributed design.

[1]  Maurizio Rebaudengo,et al.  On Improving Automation by Integrating RFID in the Traceability Management of the Agri-Food Sector , 2009, IEEE Transactions on Industrial Electronics.

[2]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[3]  Wonjun Lee,et al.  ProTaR: Probabilistic Tag Retardation for Missing Tag Identification in Large-Scale RFID Systems , 2015, IEEE Transactions on Industrial Informatics.

[4]  Wen Yao,et al.  Leveraging complex event processing for smart hospitals using RFID , 2011, J. Netw. Comput. Appl..

[5]  Jiannong Cao,et al.  Energy-efficient active tag searching in large scale RFID systems , 2015, Inf. Sci..

[6]  Murali S. Kodialam,et al.  Fast and reliable estimation schemes in RFID systems , 2006, MobiCom '06.

[7]  Shigeng Zhang,et al.  Unknown Tag Identification in Large RFID Systems: An Efficient and Complete Solution , 2015, IEEE Transactions on Parallel and Distributed Systems.

[8]  Kai Bu,et al.  Unreconciled Collisions Uncover Cloning Attacks in Anonymous RFID Systems , 2013, IEEE Transactions on Information Forensics and Security.

[9]  Jiming Chen,et al.  Sensory-data-enhanced authentication for RFID-based access control systems , 2012, 2012 IEEE 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS 2012).

[10]  Elgar Fleisch,et al.  How to detect cloned tags in a reliable way from incomplete RFID traces , 2009, 2009 IEEE International Conference on RFID.

[11]  Shigeng Zhang,et al.  STEP: A Time-Efficient Tag Searching Protocol in Large RFID Systems , 2015, IEEE Transactions on Computers.

[12]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[13]  Yingjiu Li,et al.  Batch Clone Detection in RFID-enabled supply chain , 2014, 2014 IEEE International Conference on RFID (IEEE RFID).

[14]  Jacky Hartnett,et al.  Deckard: A System to Detect Change of RFID Tag Ownership , 2007 .

[15]  Bo Sheng,et al.  Counting RFID Tags Efficiently and Anonymously , 2010, 2010 Proceedings IEEE INFOCOM.

[16]  Luke Mirowski Exposing Clone RFID Tags at the Reader , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[17]  Srdjan Capkun,et al.  Tailing RFID Tags for Clone Detection , 2013, NDSS.

[18]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[19]  Xiang Li,et al.  DTD: A Novel Double-Track Approach to Clone Detection for RFID-Enabled Supply Chains , 2017, IEEE Transactions on Emerging Topics in Computing.

[20]  Yi Pan,et al.  A Novel Anti-Collision Algorithm in RFID Systems for Identifying Passive Tags , 2010, IEEE Transactions on Industrial Informatics.

[21]  Kai Bu,et al.  Making the most of bits : efficient protocols for monitoring large RFID systems , 2013 .

[22]  Chen Qian,et al.  ASAP: Scalable Collision Arbitration for Large RFID Systems , 2013, IEEE Transactions on Parallel and Distributed Systems.

[23]  Shigeng Zhang,et al.  Who stole my cheese?: Verifying intactness of anonymous RFID systems , 2016, Ad Hoc Networks.

[24]  Murali S. Kodialam,et al.  Anonymous Tracking Using RFID Tags , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[25]  Lawrence G. Roberts,et al.  ALOHA packet system with and without slots and capture , 1975, CCRV.

[26]  Gary M. Gaukler Item-Level RFID in a Retail Supply Chain With Stock-Out-Based Substitution , 2011, IEEE Transactions on Industrial Informatics.

[27]  Kai Bu,et al.  Approaching the time lower bound on cloned-tag identification for large RFID systems , 2014, Ad Hoc Networks.

[28]  Florian Michahelles,et al.  Securing RFID Systems by Detecting Tag Cloning , 2009, Pervasive.

[29]  Davide Zanetti,et al.  Privacy-preserving clone detection for RFID-enabled supply chains , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[30]  Benjamin Fabian,et al.  SHARDIS: A Privacy-Enhanced Discovery Service for RFID-Based Product Information , 2012, IEEE Transactions on Industrial Informatics.

[31]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.