Securing RFIDs by Randomizing the Modulation and Channel

RFID cards are widely used in sensitive applications such as access control and payment systems. Past work shows that an eavesdropper snooping on the communication between a card and its legitimate reader can break their cryptographic protocol and obtain their secret keys. One solution to this problem is to install stronger encryption on the cards. However, RFIDs' size, power, and cost limitations do not allow for strong encryption protocols. Further, changing the encryption on the cards requires revoking billions of cards in consumers' hands, which is impracticable. This paper presents RF-Cloak, a solution that protects RFIDs from the above attacks, without any changes to today's cards. RF-Cloak achieves this performance using a novel transmission system that randomizes both the modulation and the wireless channels. It is the first system that defends RFIDs against MIMO eavesdroppers, even when the RFID reader has no MIMO capability. A prototype of our design built using software radios demonstrates its ability to protect commercial RFIDs from both single-antenna and MIMO eavesdroppers.

[1]  J. D. Parsons,et al.  The Mobile Radio Propagation Channel , 1991 .

[2]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[3]  John Terry,et al.  OFDM Wireless LANs: A Theoretical and Practical Guide , 2001 .

[4]  Ali Abdi,et al.  Sum of gamma variates and performance of wireless communication systems over Nakagami-fading channels , 2001, IEEE Trans. Veh. Technol..

[5]  Mauro Barni,et al.  Optimum decoding and detection of multiplicative watermarks , 2003, IEEE Trans. Signal Process..

[6]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[7]  David Tse,et al.  Fundamentals of Wireless Communication , 2005 .

[8]  Abbas Jamalipour,et al.  Wireless communications , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[9]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[10]  Catherine Dehollain,et al.  Design and Optimization of Passive UHF RFID Systems , 2006 .

[11]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Ernst Haselsteiner Security in Near Field Communication ( NFC ) Strengths and Weaknesses , 2006 .

[13]  Claude Castelluccia,et al.  Noisy Tags: A Pretty Good Key Exchange Protocol for RFID Tags , 2006, CARDIS.

[14]  Jacques Reverdy,et al.  RFID Noisy Reader How to Prevent from Eavesdropping on the Communication? , 2007, CHES.

[15]  Tim Kerins,et al.  Public-Key Cryptography for RFID-Tags , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[16]  Xiaohua Li,et al.  Using Antenna Array Redundancy and Channel Diversity for Secure Wireless Transmissions , 2007, J. Commun..

[17]  Rohit Negi,et al.  Guaranteeing Secrecy using Artificial Noise , 2008, IEEE Transactions on Wireless Communications.

[18]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[19]  Hamidreza Amindavar,et al.  A universally optimum decoder for multiplicative audio watermarking , 2008, 2008 IEEE International Conference on Multimedia and Expo.

[20]  K. V. S. Rao,et al.  Effect of Gen2 protocol parameters on RFID tag performance , 2009, 2009 IEEE International Conference on RFID.

[21]  Jong-Won Yu,et al.  Transmit/receive isolator for UHF RFID reader with wideband balanced directional coupler , 2009, 2009 Asia Pacific Microwave Conference.

[22]  Alex S. Taylor,et al.  RFID Reader Detector and Tilt-Sensitive RFID Tags , 2009, CHI 2009.

[23]  P. Pursula,et al.  UHF RFID Reader With Reflected Power Canceller , 2009, IEEE Microwave and Wireless Components Letters.

[24]  Henning Siitonen Kortvedt,et al.  Eavesdropping Near Field Communicat ion , 2009 .

[25]  Tadayoshi Kohno,et al.  EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond , 2009, CCS.

[26]  Dong Chao,et al.  Universal Software Radio Peripheral , 2010 .

[27]  Gregory W. Wornell,et al.  Secure Transmission With Multiple Antennas—Part II: The MIMOME Wiretap Channel , 2010, IEEE Transactions on Information Theory.

[28]  Guang Gong,et al.  BUPLE: Securing Passive RFID Communication through Physical Layer Enhancements , 2011, RFIDSec.

[29]  Tae-Jin Lee,et al.  Channel-Aware Line Code Decision in RFID , 2011, IEEE Communications Letters.

[30]  T. Hong,et al.  RF DIRECTIONAL MODULATION TECHNIQUE USING A SWITCHED ANTENNA ARRAY FOR PHYSICAL LAYER SECURE COMMUNICATION APPLICATIONS , 2011 .

[31]  Gang Li,et al.  Bandwidth dependence of CW ranging to UHF RFID tags in severe multipath environments , 2011, 2011 IEEE International Conference on RFID.

[32]  David Wetherall,et al.  A software radio-based UHF RFID reader for PHY/MAC experimentation , 2011, 2011 IEEE International Conference on RFID.

[33]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[34]  Flavio D. Garcia,et al.  Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[35]  U. Azad,et al.  Link Budget and Capacity Performance of Inductively Coupled Resonant Loops , 2012, IEEE Transactions on Antennas and Propagation.

[36]  Srihari Nelakuditi,et al.  SpinLoc: spin once to know your location , 2012, HotMobile '12.

[37]  Osama N. Alrabadi,et al.  Directional space-time modulation: A novel approach for secured wireless communication , 2012, 2012 IEEE International Conference on Communications (ICC).

[38]  Michael P. Daly,et al.  Physical layer encryption using fixed and reconfigurable antennas , 2012 .

[39]  KatabiDina,et al.  Dude, where's my card? , 2013 .

[40]  Martin Vossiek,et al.  UHF RFID Localization Based on Synthetic Apertures , 2013, IEEE Transactions on Automation Science and Engineering.

[41]  Mohamed S. El-Mahallawy,et al.  Design and Implementation of an Encryption Algorithm for use in RFID System , 2013 .

[42]  Kevin Fu,et al.  Maximalist Cryptography and Computation on the WISP UHF RFID Tag , 2013 .

[43]  Ramarathnam Venkatesan,et al.  Dhwani: secure peer-to-peer acoustic NFC , 2013, SIGCOMM.

[44]  Peng Ning,et al.  Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time , 2013, 2013 IEEE Symposium on Security and Privacy.

[45]  Swarun Kumar,et al.  Interference alignment by motion , 2013, MobiCom.

[46]  Jue Wang,et al.  Dude, where's my card?: RFID positioning that works with multipath and non-line of sight , 2013, SIGCOMM.

[47]  Robert W. Heath,et al.  Antenna Subset Modulation for secure millimeter-wave wireless communication , 2013, 2013 IEEE Globecom Workshops (GC Wkshps).

[48]  Deepak Ganesan,et al.  EnGarde: protecting the mobile phone from malicious NFC interactions , 2013, MobiSys '13.

[49]  Ross A. Knepper,et al.  RF-compass: robot object manipulation using RFIDs , 2013, MobiCom.

[50]  Candice King,et al.  Fundamentals of wireless communications , 2013, 2014 67th Annual Conference for Protective Relay Engineers.

[51]  Swarun Kumar,et al.  LTE radio analytics made easy and accessible , 2014 .

[52]  Yasamin Mostofi,et al.  An Integrated Framework for Obstacle Mapping With See-Through Capabilities Using Laser and Wireless Channel Measurements , 2014, IEEE Sensors Journal.

[53]  Swarun Kumar,et al.  Accurate indoor localization with zero start-up cost , 2014, MobiCom.

[54]  Guoliang Xing,et al.  nShield: a noninvasive NFC security system for mobiledevices , 2014, MobiSys.