Tailing RFID Tags for Clone Detection

RFID (Radio-Frequency IDentification) is a key emerging technology for supply-chain monitoring and detection of counterfeit and grey-market goods. The most prevalent RFID tags are, however, simply “wireless barcodes,” themselves vulnerable to cloning and counterfeiting. While continuous monitoring can, in principle, detect cloning attacks, real-world supply chains often contain significant blind zones where tag readings are unavailable, allowing attackers to inject counterfeit goods with cloned tags into supply chains undetectably. This paper introduces tailing, a novel approach, both simple and practical, for detecting cloned RFID tags in supply chains. With tailing, RFID readers write random values to tags as they pass through a supply chain, creating in each tag a tail composed of random values. The tails of legitimate tags and cloned ones diverge over time, making cloning detectable by a centralized detector even across blind zones. We show that tailing works with existing barcode-type tags (e.g., EPC tags). The centralized detector is noninteractive, and requires no modification of existing supplychain data flows. We characterize the cloning-detection efficacy of tailing analytically and through supply-chain simulations, showing that tailing presents high detection rates and low false positive rates, as well as rate tradeoffs outperforming those of previous schemes.

[1]  Mathieu David,et al.  Lightweight Cryptography for Passive RFID Tags , 2012 .

[2]  Kevin Fu,et al.  Vulnerabilities in First-Generation RFID-Enabled Credit Cards , 2007, Financial Cryptography.

[3]  Davide Zanetti,et al.  Privacy-preserving clone detection for RFID-enabled supply chains , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[4]  Refik Molva,et al.  Tracker: Security and Privacy for RFID-based Supply Chains , 2011, NDSS.

[5]  Jia Di,et al.  Fingerprinting RFID Tags , 2011, IEEE Transactions on Dependable and Secure Computing.

[6]  Florian Kerschbaum,et al.  Privacy-Preserving Pattern Matching for Anomaly Detection in RFID Anti-Counterfeiting , 2010, RFIDSec.

[7]  Julio C. Hernandez-Castro,et al.  Vulnerability Analysis of a Mutual Authentication Scheme under the EPC Class-1 Generation-2 Standard , 2008 .

[8]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[9]  Frédéric Thiesse,et al.  Extending the EPC network: the potential of RFID in anti-counterfeiting , 2005, SAC '05.

[10]  Refik Molva,et al.  CHECKER: on-site checking in RFID-based supply chains , 2012, WISEC '12.

[11]  Brian King,et al.  Securing the Pharmaceutical Supply Chain using RFID , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[12]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[13]  Jacky Hartnett,et al.  Deckard: A System to Detect Change of RFID Tag Ownership , 2007 .

[14]  T. Mackey,et al.  The global counterfeit drug trade: patient safety and public health risks. , 2011, Journal of pharmaceutical sciences.

[15]  D. M. Konidala,et al.  A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme , 2007, RFID 2007.

[16]  Florian Michahelles,et al.  Securing RFID Systems by Detecting Tag Cloning , 2009, Pervasive.

[17]  Juan E. Tapiador,et al.  Cryptanalysis of an EPC Class-1 Generation-2 standard compliant authentication protocol , 2011, Eng. Appl. Artif. Intell..

[18]  Elgar Fleisch,et al.  How to detect cloned tags in a reliable way from incomplete RFID traces , 2009, 2009 IEEE International Conference on RFID.

[19]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[20]  Yong Guan,et al.  Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[21]  Joaquín García,et al.  A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags , 2011, Wirel. Pers. Commun..

[22]  Elgar Fleisch,et al.  Probabilistic Approach for Location-Based Authentication , 2007 .

[23]  Adi Shamir,et al.  Remote Password Extraction from RFID Tags , 2007, IEEE Transactions on Computers.

[24]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[25]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[26]  Srdjan Capkun,et al.  Physical-layer identification of UHF RFID tags , 2010, MobiCom.

[27]  Chin-Ling Chen,et al.  Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection , 2009, Eng. Appl. Artif. Intell..

[28]  Norbert Felber,et al.  ECC Is Ready for RFID - A Proof in Silicon , 2008, Selected Areas in Cryptography.

[29]  Maurizio Rebaudengo,et al.  Tampering in RFID: A Survey on Risks and Defenses , 2010, Mob. Networks Appl..

[30]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[31]  Tadayoshi Kohno,et al.  EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond , 2009, CCS.

[32]  Juan E. Tapiador,et al.  Practical attacks on a mutual authentication scheme under the EPC Class-1 Generation-2 standard , 2009, Comput. Commun..

[33]  Ari Juels Strengthening EPC tags against cloning , 2005, WiSe '05.