Deckard: A System to Detect Change of RFID Tag Ownership

Summary Change of tag ownership compromises the security goals of Radio Frequency Identification (RFID). When an attacker clones or steals an authorized subject’s tag, they are willingly granted access as RFID assumes the owner of a tag is always the authorized entity. We present Deckard, a new approach to preventing change of tag ownership. Deckard uses the principles of intrusion detection to look for anomalous behavior which may indicate a change of tag ownership has occurred. We have evaluated its performance in detecting synthesized attacks inside a sanitized RFID proximity tag audit log. The results suggest that intrusion detection systems can be used in RFID, although the weaknesses of statistical anomaly detection are also apparent when used on RFID data. We conclude with a call to further research of intrusion detection in RFID systems.

[1]  E. Amoroso Intrusion Detection , 1999 .

[2]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[3]  A. Juels,et al.  The security implications of VeriChip cloning. , 2006, Journal of the American Medical Informatics Association : JAMIA.

[4]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Lloyd R. Jaisingh Statistics for the Utterly Confused , 2000 .

[6]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[8]  Damith C. Ranasinghe,et al.  Low-Cost RFID Systems: Confronting Security and Privacy , 2005 .

[9]  Ian Witten,et al.  Data Mining , 2000 .

[10]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[11]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[12]  Richard P. Lippmann,et al.  An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[13]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[14]  Ari Juels,et al.  Technology Evaluation: The Security Implications of VeriChip Cloning , 2006, J. Am. Medical Informatics Assoc..

[15]  Qiang Chen,et al.  An anomaly detection technique based on a chi‐square statistic for detecting intrusions into information systems , 2001 .

[16]  Salvatore J. Stolfo,et al.  Real time data mining-based intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[17]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .