Practical limitation of co-operative RFID jamming methods in environments without accurate signal synchronization

Radio Frequency Identification (RFID) is a core component of the Internet-of-Things. In particular cases, the communication between the tag and the reader needs to be confidential. Some passive RFID tags have very limited computational power and can therefore not implement standard cryptographic mechanisms. This disadvantage has led to several proposals where data sent by the RFID tag is 'hidden' by noisy signals generated by the RFID reader. The RFID reader can remove the noise but third-party adversaries cannot, thereby ensuring a confidential backward-channel for tag data without the need for cryptography. Although this is a promising research direction, there are also some practical limitations on the effectiveness of such schemes. This paper shows that at least one recent scheme is vulnerable to data recovery despite varying the reader's transmission power if there is a slight difference in the phase of the reader's blocking signal and the tag's data. We experimentally verify our attack and conclude that our eavesdropping and data recovery approach is efficient and realistic. Finally, we test possible mitigation methods and show that a combination of randomized step amplitude and step duration can be effective in mitigating our attack.

[1]  Gerhard P. Hancke,et al.  A Generic NFC-enabled Measurement System for Remote Monitoring and Control of Client-side Equipment , 2011, 2011 Third International Workshop on Near Field Communication.

[2]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[3]  Martin Braun,et al.  The Universal Software Radio Peripheral (USRP) Family of Low‐Cost SDRs , 2015 .

[4]  R. Negi,et al.  Secret communication using artificial noise , 2005, VTC-2005-Fall. 2005 IEEE 62nd Vehicular Technology Conference, 2005..

[5]  Gerhard P. Hancke,et al.  Security Challenges for User-Oriented RFID Applications within the "Internet of Things" , 2010 .

[6]  Gerhard P. Hancke Distance-bounding for RFID: Effectiveness of ‘terrorist fraud’ in the presence of bit errors , 2012, 2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA).

[7]  Gerhard P. Hancke,et al.  Device Synchronisation: A Practical Limitation on Reader Assisted Jamming Methods for RFID Confidentiality , 2015, WISTP.

[8]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[9]  Olivier Savry,et al.  A cross layer approach to preserve privacy in RFID ISO/IEC 15693 systems , 2012, 2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA).

[10]  Srdjan Capkun,et al.  On Limitations of Friendly Jamming for Confidentiality , 2013, 2013 IEEE Symposium on Security and Privacy.

[11]  Radha Poovendran,et al.  A Framework to Securing RFID Transmissions by Varying Transmitted Reader's Power , 2013, RFIDSec Asia.

[12]  Gerhard P. Hancke,et al.  Transport ticketing security and fraud controls , 2009, Inf. Secur. Tech. Rep..

[13]  Gerhard P. Hancke,et al.  Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[14]  Jacques Reverdy,et al.  RFID Noisy Reader How to Prevent from Eavesdropping on the Communication? , 2007, CHES.

[15]  Si Chen,et al.  ${\ssr{PriWhisper}}$ : Enabling Keyless Secure Acoustic Communication for Smartphones , 2014, IEEE Internet of Things Journal.

[16]  Ramarathnam Venkatesan,et al.  Dhwani: secure peer-to-peer acoustic NFC , 2013, SIGCOMM.

[17]  Gerhard P. Hancke,et al.  Attacking smart card systems: Theory and practice , 2009, Inf. Secur. Tech. Rep..

[18]  Gerhard P. Hancke Noisy Carrier Modulation for HF RFID , 2007 .

[19]  Claude Castelluccia,et al.  Noisy Tags: A Pretty Good Key Exchange Protocol for RFID Tags , 2006, CARDIS.

[20]  Rong Jin,et al.  SecNFC: Securing inductively-coupled Near Field Communication at physical layer , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[21]  Gerhard P. Hancke,et al.  Practical eavesdropping and skimming attacks on high-frequency RFID tokens , 2011, J. Comput. Secur..