Physical-layer Identification of RFID Devices

In this work we perform the first comprehensive study of physical-layer identification of RFID transponders. We propose several techniques for the extraction of RFID physical-layer fingerprints. We show that RFID transponders can be accurately identified in a controlled environment based on stable fingerprints corresponding to their physical-layer properties. We tested our techniques on a set of 50 RFID smart cards of the same manufacturer and type, and we show that these techniques enable the identification of individual transponders with an Equal Error Rate of 2.43% (single run) and 4.38% (two runs). We further applied our techniques to a smaller set of electronic passports, where we obtained a similar identification accuracy. Our results indicate that physical-layer identification of RFID transponders can be practical and thus has a potential to be used in a number of applications including product and document counterfeiting detection.

[1]  R. N. Uma,et al.  Battery power-aware encryption , 2006, TSEC.

[2]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[3]  Alanson P. Sample,et al.  Design of an RFID-Based Battery-Free Programmable Sensing Platform , 2008, IEEE Transactions on Instrumentation and Measurement.

[4]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[5]  A. Juels,et al.  The Security Implications of VeriChip Cloning , 2006 .

[6]  Andrea Goldsmith,et al.  Wireless Communications , 2005, 2021 15th International Conference on Advanced Technologies, Systems and Services in Telecommunications (TELSIKS).

[7]  David A. Cooper,et al.  Secure Biometric Match-on-Card Feasibility Report , 2007 .

[8]  Witold Kinsner,et al.  A radio transmitter fingerprinting system ODO-1 , 1996, Proceedings of 1996 Canadian Conference on Electrical and Computer Engineering.

[9]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[10]  M.B. Pursley,et al.  Crosscorrelation properties of pseudorandom and related sequences , 1980, Proceedings of the IEEE.

[11]  Michel Barbeau,et al.  Enhancing intrusion detection in wireless networks using radio frequency fingerprinting , 2004, Communications, Internet, and Information Technology.

[12]  Radha Poovendran,et al.  Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[13]  Peter Desnoyers,et al.  Capsule: an energy-optimized object storage system for memory-constrained sensor devices , 2006, SenSys '06.

[14]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[15]  Balasubramaniam Natarajan,et al.  An evolutionary approach to designing complex spreading codes for DS-CDMA , 2005, IEEE Transactions on Wireless Communications.

[16]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[17]  David Tse,et al.  Fundamentals of Wireless Communication , 2005 .

[18]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[19]  Henning Richter,et al.  Fingerprinting Passports , 2008 .

[20]  Bryan Parno,et al.  Unidirectional Key Distribution Across Time and Space with Applications to RFID Security , 2008, USENIX Security Symposium.

[21]  D.J. Yeager,et al.  Wirelessly-Charged UHF Tags for Sensor Data Collection , 2008, 2008 IEEE International Conference on RFID.

[22]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[23]  Sarvar Patel,et al.  SQUARE HASH: Fast Message Authenication via Optimized Universal Hash Functions , 1999, CRYPTO.

[24]  Alan V. Oppenheim,et al.  Discrete-time signal processing (2nd ed.) , 1999 .

[25]  Josef Pieprzyk,et al.  Broadcast anti-jamming systems , 1999, IEEE International Conference on Networks. ICON '99 Proceedings (Cat. No.PR00243).

[26]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[27]  Fan Chung Graham,et al.  Optical orthogonal codes: Design, analysis, and applications , 1989, IEEE Trans. Inf. Theory.

[28]  B. Manly Multivariate Statistical Methods : A Primer , 1986 .

[29]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[30]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[31]  I. Craw,et al.  Effects of high-pass and low-pass spatial filtering on face identification , 1996, Perception & psychophysics.

[32]  Markus G. Kuhn,et al.  An Asymmetric Security Mechanism for Navigation Signals , 2004, Information Hiding.

[33]  Kevin Fu,et al.  Getting Things Done on Computational RFIDs with Energy-Aware Checkpointing and Voltage-Aware Scheduling , 2008, HotPower.

[34]  Kwangjo Kim,et al.  Enhancing Security of EPCGlobal Gen-2 RFID against Traceability and Cloning , 2006 .

[35]  Benny Pinkas,et al.  Analysis of the Linux random number generator , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[36]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[37]  David E. Culler,et al.  SPINS: Security Protocols for Sensor Networks , 2001, MobiCom '01.

[38]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[39]  Josef Pieprzyk,et al.  Broadcast anti-jamming systems , 2001, Comput. Networks.

[40]  Wang Zanji,et al.  Performance of DSSS against Repeater Jamming , 2006, 2006 13th IEEE International Conference on Electronics, Circuits and Systems.

[41]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[42]  Yih-Chun Hu,et al.  Dynamic Jamming Mitigation for Wireless Broadcast Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[43]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[44]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[45]  Robin Dillard Detectability of Spread-Spectrum Signals , 1979, IEEE Transactions on Aerospace and Electronic Systems.

[46]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[47]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[48]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[49]  Srdjan Capkun,et al.  Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[50]  Jr. S. Marple,et al.  Computing the discrete-time 'analytic' signal via FFT , 1999, Conference Record of the Thirty-First Asilomar Conference on Signals, Systems and Computers (Cat. No.97CB36136).

[51]  Michel Barbeau,et al.  Radio Frequency Fingerprinting for Intrusion Detection in Wireless Networks , 2005 .

[52]  J. Lien,et al.  Degradations due to hole trapping in flash memory cells , 1989, IEEE Electron Device Letters.

[53]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[54]  Witold Kinsner,et al.  Transient analysis and genetic algorithms for classification , 1995, IEEE WESCANEX 95. Communications, Power, and Computing. Conference Proceedings.

[55]  Dong Chao,et al.  Universal Software Radio Peripheral , 2010 .

[56]  Tjeng Thiang Tjhung,et al.  Multitone jamming of FH/BFSK in Rician channels , 1999, IEEE Trans. Commun..

[57]  Prashant J. Shenoy,et al.  Rethinking Data Management for Storage-centric Sensor Networks , 2007, CIDR.

[58]  Richard A. Poisel,et al.  Modern Communications Jamming Principles and Techniques , 2003 .

[59]  Florian Kerschbaum,et al.  RFID-based supply chain partner authentication and key agreement , 2009, WiSec '09.

[60]  Gilles Brassard,et al.  On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys , 1982, CRYPTO.

[61]  Sigeru Omatu,et al.  Identification of the defective transmission devices using the wavelet transform , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[62]  David L Adamy,et al.  Ew 101: A First Course in Electronic Warfare , 2001 .

[63]  Srdjan Capkun,et al.  Implications of radio fingerprinting on the security of sensor networks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[64]  David Wetherall,et al.  Revisiting Smart Dust with RFID Sensor Networks , 2008, HotNets.

[65]  Oktay Ureten,et al.  Wireless security through RF fingerprinting , 2007, Canadian Journal of Electrical and Computer Engineering.

[66]  Jiri Matas,et al.  On Combining Classifiers , 1998, IEEE Trans. Pattern Anal. Mach. Intell..

[67]  Michel Barbeau,et al.  Detecting rogue devices in bluetooth networks using radio frequency fingerprinting , 2006, Communications and Computer Networks.

[68]  M. Ilyas,et al.  RFID Handbook: Applications, Technology, Security, and Privacy , 2008 .

[69]  Anil K. Jain,et al.  Combining multiple matchers for a high security fingerprint verification system , 1999, Pattern Recognit. Lett..

[70]  Christopher M. Bishop,et al.  Pattern Recognition and Machine Learning (Information Science and Statistics) , 2006 .

[71]  Srdjan Capkun,et al.  SecNav: secure broadcast localization and time synchronization in wireless networks , 2007, MobiCom '07.

[72]  Arun Ross,et al.  Multimodal biometrics: An overview , 2004, 2004 12th European Signal Processing Conference.

[73]  Ari Juels,et al.  Technology Evaluation: The Security Implications of VeriChip Cloning , 2006, J. Am. Medical Informatics Assoc..

[74]  Mala Mitra,et al.  Privacy for RFID Systems to Prevent Tracking and Cloning , 2008 .

[75]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[76]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[77]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[78]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[79]  L.C. Baird,et al.  Keyless Jam Resistance , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[80]  Radford M. Neal Pattern Recognition and Machine Learning , 2007, Technometrics.

[81]  O. H. Tekbas,et al.  Improvement of transmitter identification system for low SNR transients , 2004 .

[82]  Philip Levis,et al.  Usenix Association 8th Usenix Symposium on Operating Systems Design and Implementation 323 Quanto: Tracking Energy in Networked Embedded Systems , 2022 .

[83]  Ralph D. Hippenstiel,et al.  Wavelet Based Transmitter Identification , 1996, Fourth International Symposium on Signal Processing and Its Applications.

[84]  Guevara Noubir,et al.  On link layer denial of service in data wireless LANs: Research Articles , 2005 .

[85]  Y. Zhan,et al.  Spread-spectrum sequence estimation for DSSS signal in non-cooperative communication systems , 2005 .

[86]  N. Serinken,et al.  Characteristics of radio transmitter fingerprints , 2001 .

[87]  Sharath Pankanti,et al.  Guide to Biometrics , 2003, Springer Professional Computing.

[88]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[89]  Alan Bensky,et al.  Wireless positioning technologies and applications , 2008 .

[90]  Srdjan Capkun,et al.  Transient-based identification of wireless sensor nodes , 2009, 2009 International Conference on Information Processing in Sensor Networks.

[91]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[92]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.