Unreconciled Collisions Uncover Cloning Attacks in Anonymous RFID Systems

Cloning attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing cloning attack detection methods are enslaved to the knowledge of tag identifiers (IDs). Tag IDs, however, should be protected to enable and secure privacy-sensitive applications in anonymous RFID systems. In a first step, this paper tackles cloning attack detection in anonymous RFID systems without requiring tag IDs as a priori. To this end, we leverage unreconciled collisions to uncover cloning attacks. An unreconciled collision is probably due to responses from multiple tags with the same ID, exactly the evidence of cloning attacks. This insight inspires GREAT, our pioneer protocol for cloning attack detection in anonymous RFID systems. We evaluate the performance of GREAT through theoretical analysis and extensive simulations. The results show that GREAT can detect cloning attacks in anonymous RFID systems fairly fast with required accuracy. For example, when only six out of 50,000 tags are cloned, GREAT can detect the cloning attack in 75.5 s with a probability of at least 0.99.

[1]  Ramesh Govindan,et al.  Finding protocol manipulation attacks , 2011, SIGCOMM.

[2]  Elgar Fleisch,et al.  How to detect cloned tags in a reliable way from incomplete RFID traces , 2009, 2009 IEEE International Conference on RFID.

[3]  John Capetanakis,et al.  Tree algorithms for packet broadcast channels , 1979, IEEE Trans. Inf. Theory.

[4]  윤은준,et al.  EPC Class-1 Generation-2 표준을 위한 경량 RFID 상호인증 프로토콜 , 2009 .

[5]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[6]  Guillermo Owen Discrete Mathematics and Game Theory , 1999 .

[7]  Murali S. Kodialam,et al.  Fast and reliable estimation schemes in RFID systems , 2006, MobiCom '06.

[8]  Lawrence G. Roberts,et al.  ALOHA packet system with and without slots and capture , 1975, CCRV.

[9]  Sarah Spiekermann,et al.  Critical RFID Privacy-Enhancing Technologies , 2009, IEEE Security & Privacy.

[10]  Thinh P. Nguyen,et al.  A hybrid network coding technique for single-hop wireless networks , 2009, IEEE Journal on Selected Areas in Communications.

[11]  Vincent W. S. Wong,et al.  Distributed channel selection and randomized interrogation algorithms for large-scale and dense RFID systems , 2010, IEEE Transactions on Wireless Communications.

[12]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[13]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[14]  Shigeng Zhang,et al.  Complete and fast unknown tag identification in large RFID systems , 2012, 2012 IEEE 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS 2012).

[15]  Jemal H. Abawajy Enhancing RFID Tag Resistance against Cloning Attack , 2009, 2009 Third International Conference on Network and System Security.

[16]  Bo Sheng,et al.  Secure and Serverless RFID Authentication and Search Protocols , 2008, IEEE Transactions on Wireless Communications.

[17]  Davide Zanetti,et al.  Privacy-preserving clone detection for RFID-enabled supply chains , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[18]  Mo Li,et al.  PET: Probabilistic Estimating Tree for Large-Scale RFID Estimation , 2011, IEEE Transactions on Mobile Computing.

[19]  Robert F. Otondo,et al.  Information Systems and Health Care-II: Back to the Future with RFID: Lessons Learned - Some Old, Some New , 2005, Commun. Assoc. Inf. Syst..

[20]  Rabab Kreidieh Ward,et al.  Probabilistic Analysis of Blocking Attack in RFID Systems , 2011, IEEE Transactions on Information Forensics and Security.

[21]  Alex X. Liu,et al.  Every bit counts: fast and scalable RFID estimation , 2012, Mobicom '12.

[22]  Murali S. Kodialam,et al.  Anonymous Tracking Using RFID Tags , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[23]  Rico R. Harris,et al.  Feasibility of Radio Frequency Identification (RFID) and Item Unique Identification (IUID) in the Marine Corps Small Arms Weapons Tracking System , 2008 .

[24]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[25]  Darko Kirovski,et al.  RFID-CoA: The RFID tags as certificates of authenticity , 2011, 2011 IEEE International Conference on RFID.

[26]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[27]  Tadayoshi Kohno,et al.  EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond , 2009, CCS.

[28]  Leonid Bolotnyy,et al.  Physically Unclonable Function-Based Security and Privacy in RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[29]  Ming Zhang,et al.  Efficient information collection protocols for sensor-augmented RFID networks , 2011, 2011 Proceedings IEEE INFOCOM.

[30]  Jacky Hartnett,et al.  Deckard: A System to Detect Change of RFID Tag Ownership , 2007 .

[31]  Yunhao Liu,et al.  Cardinality Estimation for Large-Scale RFID Systems , 2008, IEEE Transactions on Parallel and Distributed Systems.

[32]  D. Delen,et al.  RFID for Better Supply‐Chain Management through Enhanced Information Visibility , 2007 .

[33]  Sergei Evdokimov,et al.  Privacy Enhancing Technologies for RFID – A Critical State-ofthe-Art Report , 2009 .

[34]  Florian Michahelles,et al.  Securing RFID Systems by Detecting Tag Cloning , 2009, Pervasive.

[35]  Kai Bu,et al.  Efficient pinpointing of misplaced tags in large RFID systems , 2011, 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[36]  Kai Bu,et al.  Efficient Misplaced-Tag Pinpointing in Large RFID Systems , 2012, IEEE Transactions on Parallel and Distributed Systems.