Towards Replay-resilient RFID Authentication

We provide the first solution to an important question, "how a physical-layer authentication method can defend against signal replay attacks''. It was believed that if an attacker can replay the exact same reply signal of a legitimate authentication object (such as an RFID tag), any physical-layer authentication method will fail. This paper presents Hu-Fu, the first physical layer RFID authentication protocol that is resilient to the major attacks including tag counterfeiting, signal replay, signal compensation, and brute-force feature reply. Hu-Fu is built on two fundamental ideas, namely inductive coupling of two tags and signal randomization. Hu-Fu does not require any hardware or protocol modification on COTS passive tags and can be implemented with COTS devices. We implement a prototype of Hu-Fu and demonstrate that it is accurate and robust to device diversity and environmental changes, including locations, distance, and temperature. Hu-Fu provides a new direction of battery-free/low-power device authentication that enables numerous IoT applications.

[1]  Athanasios V. Vasilakos,et al.  Private and Secure Tag Access for Large-Scale RFID Systems , 2016, IEEE Transactions on Dependable and Secure Computing.

[2]  Srdjan Capkun,et al.  Physical-Layer Identification of Wireless Devices , 2011 .

[3]  Fadel Adib,et al.  Multi-Person Localization via RF Body Reflections , 2015, NSDI.

[4]  R. K. Wangsness Electromagnetic fields , 1979 .

[5]  David Wetherall,et al.  A software radio-based UHF RFID reader for PHY/MAC experimentation , 2011, 2011 IEEE International Conference on RFID.

[6]  Johannes Wolkerstorfer,et al.  Strong Crypto for RFID Tags - A Comparison of Low-Power Hardware Implementations , 2007, 2007 IEEE International Symposium on Circuits and Systems.

[7]  Terry T. Ye,et al.  The “weak spots” in stacked UHF RFID tags in NFC applications , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[8]  Martin. Feldhofer Comparison of Low-Power Implementations of Trivium and Grain , 2007 .

[9]  Aggelos Bletsas,et al.  Fully-Coherent Reader With Commodity SDR for Gen2 FM0 and Computational RFID , 2015, IEEE Wireless Communications Letters.

[10]  Jue Wang,et al.  Dude, where's my card?: RFID positioning that works with multipath and non-line of sight , 2013, SIGCOMM.

[11]  Lei Yang,et al.  ShopMiner: Mining Customer Shopping Behavior in Physical Clothing Stores with COTS RFID Devices , 2015, SenSys.

[12]  Mo Li,et al.  PLACE: Physical layer cardinality estimation for large-scale RFID systems , 2015, INFOCOM.

[13]  Alex S. Taylor,et al.  RFID Reader Detector and Tilt-Sensitive RFID Tags , 2009, CHI 2009.

[14]  Mo Li,et al.  Recitation: Rehearsing Wireless Packet Reception in Software , 2015, MobiCom.

[15]  Satoshi Fukumoto,et al.  Fast and secure tag authentication in large-scale RFID systems using skip graphs , 2018, Comput. Commun..

[16]  Srdjan Capkun,et al.  Physical-layer identification of UHF RFID tags , 2010, MobiCom.

[17]  Mo Li,et al.  PET: Probabilistic Estimating Tree for Large-Scale RFID Estimation , 2011, IEEE Transactions on Mobile Computing.

[18]  Wei Xi,et al.  Verifiable Smart Packaging with Passive RFID , 2016, IEEE Transactions on Mobile Computing.

[19]  Daniel W. Engels,et al.  The Hummingbird-2 Lightweight Authenticated Encryption Algorithm , 2011, RFIDSec.

[20]  Jizhong Zhao,et al.  GenePrint: Generic and accurate physical-layer identification for UHF RFID tags , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[21]  Tadayoshi Kohno,et al.  Securing RFIDs by Randomizing the Modulation and Channel , 2015, NSDI.

[22]  Jia Di,et al.  Fingerprinting RFID Tags , 2011, IEEE Transactions on Dependable and Secure Computing.

[23]  Mo Li,et al.  Come and Be Served: Parallel Decoding for COTS RFID Tags , 2015, MobiCom.

[24]  Yunhao Liu,et al.  Cardinality Estimation for Large-Scale RFID Systems , 2008, IEEE Transactions on Parallel and Distributed Systems.

[25]  T. Kubo,et al.  Electromagnetic Fields , 2008 .

[26]  Srdjan Capkun,et al.  Attacks on physical-layer identification , 2010, WiSec '10.

[27]  Jizhong Zhao,et al.  Twins: Device-free object tracking using passive tags , 2013, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[28]  Wei Xi,et al.  Preventing Unauthorized Access on Passive Tags , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[29]  Jizhong Zhao,et al.  Replay-resilient Physical-layer Authentication for Battery-free IoT Devices , 2017, HotWireless '17.

[30]  Lei Yang,et al.  Tagoram: real-time tracking of mobile RFID tags to high precision using COTS devices , 2014, MobiCom.

[31]  Srdjan Capkun,et al.  Physical-layer Identification of RFID Devices , 2009, USENIX Security Symposium.

[32]  Petre Stoica,et al.  Spectral Analysis of Signals , 2009 .

[33]  Wei Xi,et al.  Human object estimation via backscattered radio frequency signal , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[34]  Lei Yang,et al.  Anchor-free backscatter positioning for RFID tags with high accuracy , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[35]  Srdjan Capkun,et al.  On the Practicality of UHF RFID Fingerprinting: How Real is the RFID Tracking Problem? , 2011, PETS.

[36]  Tadayoshi Kohno,et al.  EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond , 2009, CCS.