Combating Tag Cloning with COTS RFID Devices

In RFID systems, a cloning attack is to fabricate one or more replicas of a genuine tag, so that these replicas behave exactly the same as the genuine tag and fool the reader for getting legal authorization, leading to potential financial loss or reputation damage for the corporations. These replicas are called clone tags. Although many advanced solutions have been proposed to combat cloning attack, they need to either modify the MAC- layer protocols or increase extra hardware resources, which cannot be deployed on commercial off-the-shelf (COTS) RFID devices for practical use. In this paper, we take a fresh attempt to counterattack tag cloning based on COTS RFID devices and the universal C1G2 standard, without any software redesign or hardware augment needed. The basic idea is to use the RF signal profile to characterize each tag. Since these physical-layer data are measured by the reader and susceptible to various environmental factors, they are hard to be estimated by the attackers; let alone be cloned. Even so, we assert that it is challenging to identify clone tags as the signal data from a genuine tag and its clones are all mixed together. Besides, the tag moving has a great impact on the measured RF signals. To overcome these challenges, we propose a clustering-based scheme that detects the cloning attack in the still scene and a chain- based scheme for clone detection in the dynamic scene, respectively. Extensive experiments on COTS RFID devices demonstrate that the detection accuracy of our approaches reaches 99.8% in a still case and 99.3% in a dynamic scene.

[1]  Mo Li,et al.  Towards More Efficient Cardinality Estimation for Large-Scale RFID Systems , 2014, IEEE/ACM Transactions on Networking.

[2]  Davide Zanetti,et al.  Privacy-preserving clone detection for RFID-enabled supply chains , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[3]  Min Chen,et al.  Tag-compass: Determining the spatial direction of an object with small dimensions , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[4]  Leonid Bolotnyy,et al.  Physically Unclonable Function-Based Security and Privacy in RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[5]  Jie Wu,et al.  RFID Estimation With Blocker Tags , 2017, IEEE/ACM Transactions on Networking.

[6]  Sanglu Lu,et al.  Multi-Touch in the Air: Concurrent Micromovement Recognition Using RF Signals , 2018, IEEE/ACM Transactions on Networking.

[7]  Chen Qian,et al.  ASAP: Scalable Collision Arbitration for Large RFID Systems , 2013, IEEE Transactions on Parallel and Distributed Systems.

[8]  Bruce Schneier,et al.  Cryptography Engineering - Design Principles and Practical Applications , 2010 .

[9]  Tadayoshi Kohno,et al.  EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond , 2009, CCS.

[10]  Mala Mitra,et al.  Privacy for RFID Systems to Prevent Tracking and Cloning , 2008 .

[11]  Lijun Chen,et al.  Fast RFID grouping protocols , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[12]  Jie Wu,et al.  Tell me what i see: recognize RFID tagged objects in augmented reality systems , 2016, UbiComp.

[13]  Stéphane Lemieux Acadia Clone Resistant Mutual Authentication for Low-Cost RFID and Contactless Credit Cards , 2007 .

[14]  Alex X. Liu,et al.  Fast and Reliable Detection and Identification of Missing RFID Tags in the Wild , 2016, IEEE/ACM Transactions on Networking.

[15]  Jiming Chen,et al.  RFID and Sensor Networks: Architectures, Protocols, Security, and Integrations , 2009 .

[16]  Xia Wang,et al.  RF-scanner: Shelf scanning with robot-assisted RFID systems , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[17]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[18]  Sean Hughes,et al.  Clustering by Fast Search and Find of Density Peaks , 2016 .

[19]  Kai Bu,et al.  You Can Clone But You Cannot Hide: A Survey of Clone Prevention and Detection for RFID , 2017, IEEE Communications Surveys & Tutorials.

[20]  Kai Bu,et al.  Approaching the time lower bound on cloned-tag identification for large RFID systems , 2014, Ad Hoc Networks.

[21]  Florian Michahelles,et al.  Securing RFID Systems by Detecting Tag Cloning , 2009, Pervasive.

[22]  Shigeng Zhang,et al.  Let's work together: Fast tag identification by interference elimination for multiple RFID readers , 2016, 2016 IEEE 24th International Conference on Network Protocols (ICNP).

[23]  Keqiu Li,et al.  Completely Pinpointing the Missing RFID Tags in a Time-Efficient Way , 2015, IEEE Transactions on Computers.

[24]  Wei Wang,et al.  Moving tag detection via physical layer analysis for large-scale RFID systems , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[25]  Longfei Shangguan,et al.  The Design and Implementation of a Mobile RFID Tag Sorting Robot , 2016, MobiSys.

[26]  Lei Yang,et al.  Tagoram: real-time tracking of mobile RFID tags to high precision using COTS devices , 2014, MobiCom.

[27]  Michal Krumnikl,et al.  EM410x RFID cloned card detection system , 2015, 2015 International Conference on Pervasive and Embedded Computing and Communication Systems (PECCS).