Through electronic fingerprinting it is now possible to prevent cloning of passive radio frequency identification (RFID) tags.
The technology, based on one or more unique physical attributes of individual tags rather than information stored on them, will prevent the production of counterfeit tags and thus greatly enhance security and privacy for government agencies, businesses and consumers, said researchers at the University of Arkansas.[private]
“RFID tags embedded in objects will become the standard way to identify objects and link them to the cyberworld,” said Dale R. Thompson, associate professor of computer science and computer engineering at Arkansas. “However, it is easy to clone an RFID tag by copying the contents of its memory and applying them to a new, counterfeit tag, which can then be attached to a counterfeit product – or person, in the case of these new e-passports. What we’ve developed is an electronic fingerprinting system to prevent this from happening.”
The researchers found individual tags are unique, not because of the data or memory they contain, but because of radio-frequency and manufacturing differences.
RFID tags are becoming more prevalent, Thompson said. They see use in a wide range of applications, including government processes, industry and manufacturing, supply-chain operations, payment and administration systems, and especially retail.
“In spite of this wide deployment, security and privacy issues have to be addressed to make it a dependable technology,” Thompson said.
A passive RFID tag harvests its power from an RFID reader, which sends radio frequency signals to the tag. The tag, which consists of a microchip connected to a radio antenna, modulates the signal and communicates back to the reader. Working with an Avery Dennison M4E testcube designed for determining the best placement of RFID tags on packages, Thompson, Jia Di, associate professor of computer science and computer engineering and co-principal investigator on the project, and students in the Security, Network, Analysis and Privacy Lab measured tags’ minimum power response at multiple frequencies.
The researchers did this using an algorithm that repeatedly sent reader-to-tag signals starting at a low power value and increasing the power until the tag responded. Radio frequencies ranged from 903 to 927 megahertz and increased by increments of 2.4 megahertz. These measurements revealed each tag had a unique minimum power response at multiple radio frequencies. Moreover, power responses were significantly different for same-model tags.
“Repeatedly, our experiments demonstrated that the minimum power response at multiple frequencies is unique for each tag,” Thompson said. “These different responses are just one of several unique physical characteristics that allowed us to create an electronic fingerprint to identify the tag with high probability and to detect counterfeit tags.”
Like other electronics equipment, cost and size have driven development of RFID technology. This emphasis means that most tags have limited computational capabilities; they do not include conventional encryption algorithms and security protocols to prevent cloning and counterfeiting. The electronic fingerprinting system addresses these concerns without increasing the cost or physically modifying the tag, Thompson said. The method can work along with other security protocols for identification and authentication because it is independent of the computational capabilities and resources of the tag.
Thompson and Di are also developing network circuits resistant to side-channel attacks against readers and tags.[/private]