An RFID Skimming Gate Using Higher Harmonics
This paper describes a novel antenna design for communicating with ISO/IEC 14443A RFID cards at larger distances than the normal 5-10 cm. The set-up consists of two antennas, one to activate the card at the normal frequency of 13.56 MHz, and another to receive its response at the higher harmonic frequency of 40.68 MHz. The strong field required to power the card at larger distances is likely to drown out its response. By detecting the higher harmonic frequencies originating from the card’s response this problem is solved, making communication at larger distances possible. The two antennas, placed 100 cm apart, form an RFID gate that can communicate with cards in the middle of the gate. This is a substantial improvement of the maximum skimming distance of 25 cm reported in literature.
KeywordsRFID contactless smart card ISO/IEC 14443 skimming eavesdropping
Unable to display preview. Download preview PDF.
- 1.The ARRL Antenna Book. The American Radio Relay League (2000)Google Scholar
- 2.Engelhardt, M., Pfeiffer, F., Finkenzeller, K., Biebl, E.: Extending ISO/IEC 14443 type a eavesdropping range using higher harmonics. In: Proceedings of 2013 European Conference on Smart Objects, Systems and Technologies (SmartSysTech), pp. 1–8. IEEE (2013)Google Scholar
- 3.European Radiocommunications Committee (ERC): ERC report 69 – propagation model and interference range calculation for inductive systems 10 kHz - 30 MHz (1999)Google Scholar
- 4.Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 3rd edn. Wiley (2010)Google Scholar
- 6.Hancke, G.P.: Practical attacks on proximity identification systems. In: IEEE Symposium on Security and Privacy (S&P 2006), pp. 328–333. IEEE (2006)Google Scholar
- 7.Hancke, G.P.: Practical eavesdropping and skimming attacks on high-frequency RFID tokens. J. Comput. Secur. 19(2), 259–288 (2011)Google Scholar
- 8.ISO/IEC: ISO/IEC 14443-3:2011, Identification cards – Contactless integrated circuit cards – Proximity cards – Part 3: Initialization and anticollision (2011)Google Scholar
- 9.Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pp. 47–58. IEEE (2005)Google Scholar
- 10.Kirschenbaum, I., Wool, A.: How to build a low-cost, extended-range RFID skimmer. In: Proceedings of the 15th USENIX Security Symposium, pp. 43–57. Usenix (2006)Google Scholar
- 12.Texas Instruments: HF antenna cookbook - technical application report 11-08-26-001, March 2001Google Scholar