Skip to main content
SpringerLink
Log in

Securing RFID Systems by Detecting Tag Cloning

  • Conference paper
Pervasive Computing (Pervasive 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5538))

Included in the following conference series:

Abstract

Cloning of RFID tags can lead to financil losses in many commercial RFID applications. There are two general strategies to provide security: prevention and detection. The security community and the RFID chip manufacturers are currently focused on the former by making tags hard to clone. This paper focuses on the latter by investigating a method to pinpoint tags with the same ID. This method is suitable for low-cost tags since it makes use of writing a new random number on the tag’s memory every time the tag is scanned. A back-end that issues these numbers detects tag cloning attacks as soon as both the genuine and the cloned tag are scanned. This paper describes the method and presents a mathematical model of the level of security and an implementation based on EPC tags. The results suggest that the method provides a potentially effective way to secure RFID systems against tag cloning.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Fleisch, E., Mattern, F.: Das Internet der Dinge: Ubiquitous Computing Und RFID in Der Praxis: Visionen, Technologien, Anwendungen, Handlungsanleitungen. Springer, Berlin (2005)

    Google Scholar 

  2. Juels, A.: RFID security and privacy: A research survey. IEEE Journal of Selected Areas of Communication 24(2), 381–894 (2006)

    Article  MathSciNet  Google Scholar 

  3. Mirowski, L., Hartnett., J.: Deckard: A System to Detect Change of RFID Tag Ownership. International Journal of Computer Science and Network Security 7(7) (2007)

    Google Scholar 

  4. Michahelles, F., Flörkemeier, C., Lehtonen, M., Hinske, S.: An RFID-tag in Every Ski Item-Level Tagging in the Ski Industry. In: Pervasive Technology Applied - Real-World Experiences with RFID and Sensor Networks, Proceedings of the Pervasive 2006 Workshops, Dublin (2006)

    Google Scholar 

  5. Swedberg, C.: RFID Drives Highway Traffic Reports. RFID Journal (2004)

    Google Scholar 

  6. IDTechEx: Oyster Transport for London TfL, card UK (2007)

    Google Scholar 

  7. RFID News: Olympic tickets to carry wealth of personal info. (2008)

    Google Scholar 

  8. Texas Instruments: ExxonMobil Speedpass (2008)

    Google Scholar 

  9. Bacheldor, B.: Pfizer Prepares for Viagra E-Pedigree Trial. RFID Journal (Feburary 2007)

    Google Scholar 

  10. Sarja, S.: Introductory Talk: Some issues related to RFID and Security. In: Keynote Speech in Workshop on RFID Security 2006, Graz (2006)

    Google Scholar 

  11. EPCglobal Inc.: Class-1 Generation-2 UHF RFID Conformance Requirements Specification v. 1.0.2 (2005)

    Google Scholar 

  12. Feldhofer, M., Aigner, M., Dominikus, S.: An Application of RFID Tags using Secure Symmetric Authentication. In: 1st International Workshop on Privacy and Trust in Pervasive and Ubiquitous Computing, pp. 43–49 (2005)

    Google Scholar 

  13. Plos, T., Hutter, M., Feldhofer, M.: Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes. In: Workshop on RFID Security 2008, Budapest (July 2008)

    Google Scholar 

  14. Dominikus, S., Oswald, E., Feldhofer, M.: Symmetric authentication for RFID systems in practice. In: ECRYPT Workshop on RFID and Lightweight Crypto, Graz (2005)

    Google Scholar 

  15. Schneier, B.: Beyond Fear. Thinking Sensibly of Security in an Uncertain World. Copernicus Books, New York (2003)

    Google Scholar 

  16. Schechter, S.E.: Quantitatively differentiating system security. In: The First Workshop on Economics and Information Security, Berkeley (2002)

    Google Scholar 

  17. Juels, A.: Minimalist cryptography for low-cost RFID tag. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Juels, A.: Strengthening EPC Tags Against Cloning. In: Jakobsson, M., Poovendran, R. (eds.) Proceedings of the 2005 ACM Workshop on Wireless Security, pp. 67–76. ACM Press, Cologne (2005)

    Google Scholar 

  19. Vajda, I., Buttyán, L.: Lightweight authentication protocols for low-cost RFID tags. In: Workshop on Security in Ubiquitous Computing, Ubicomp 2003 (2003)

    Google Scholar 

  20. Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: IEEE International Conference on Pervasive Computing and Communications, pp. 640–643 (2006)

    Google Scholar 

  21. EPCglobal Inc.: Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz - 960 MHz v. 1.1.0 (2005)

    Google Scholar 

  22. Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual authentication protocol for low-cost RFID. In: ECRYPT Workshop on RFID and Lightweight Crypto, Graz (2005)

    Google Scholar 

  23. Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks SecureComm., Athens, Greece (2005)

    Google Scholar 

  24. Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: IEEE International Workshop on Pervasive Computing and Communication Security, pp. 110–114 (2005)

    Google Scholar 

  25. Bailey, D., Juels, A.: Shoehorning Security into the EPC Tag Standard. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 303–320. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  26. Wolkerstorfer, J.: Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags? In: ECRYPT Workshop on RFID and Lightweight Crypto, Graz (2005)

    Google Scholar 

  27. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An Elliptic Curve Processor Suitable For RFID-Tags. Cryptology ePrint Archive, Report 2006/227 (2006)

    Google Scholar 

  28. Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and Implementation of PUF-Based ”Unclonable” RFID ICs for Anti-Counterfeiting and Security Applications. In: IEEE International Conference on RFID 2008, pp. 58–64 (2008)

    Google Scholar 

  29. Staake, T., Thiesse, F., Fleisch, E.: Extending the EPC Network – The Potential of RFID in Anti-Counterfeiting. In: Symposium on Applied Computing, New York, pp. 1607–1612 (2005)

    Google Scholar 

  30. Lehtonen, M., Michahelles, F.: Fleisch, E.: Probabilistic Approach for Location-Based Authentication. In: 1st International Workshop on Security for Spontaneous Interaction IWSSI 2007, 9th International Conference on Ubiquitous Computing (2007)

    Google Scholar 

  31. Ilic, A., Michahelles, F., Fleisch, E.: The Dual Ownership Model: Using Organizational Relationships for Access Control in Safety Supply Chains. In: IEEE International Symposium on Ubisafe Computing (2007)

    Google Scholar 

  32. Grummt, E., Ackermann, R.: Proof of Possession: Using RFID for large-scale Authorization Management. In: Mühlhäuser, M., Ferscha, A., Aitenbichler, E. (eds.) Constructing Ambient Intelligence, AmI-07 Workshops Proceedings. Communications in Computer and Information Science, pp. 174–182 (2008)

    Google Scholar 

  33. Koscher, K., Juels, A., Kohno, T., Brajkovic, V.: EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond (2008) (Manuscript)

    Google Scholar 

  34. Koh, R., Schuster, E., Chackrabarti, I., Bellman, A.: Securing the Pharmaceutical Supply Chain. Auto-ID Labs White Paper (2003)

    Google Scholar 

  35. Mitropoulos, S., Patsos, D., Douligeris, C.: On Incident Handling and Response: A state-of-the-art approach. Computers and Security 25(5), 351–370 (2006)

    Article  Google Scholar 

  36. Cameron, S.: The Economics of Crime Deterrence: A Survey of Theory and Evidence. Kyklos International Review for Social Sciences 41(2), 301–323 (1988)

    Google Scholar 

  37. Schechter, S.E., Smith, M.: How Much Security is Enough to Stop a Thief? The Economics of Outsider Theft via Computer Systems and Networks. In: Seventh International Financial Cryptography Conference, Guadeloupe (2003)

    Google Scholar 

  38. Soppera, A., Burbridge, T., Broekhuizen, V.: A Trusted RFID Reader for Multi-Party Services. EU RFID Convocation (2007)

    Google Scholar 

  39. EPCglobal Inc.: EPCglobal Architecture Framework Version 1.0 (2005)

    Google Scholar 

  40. Wang, J., Li, H., Yu, F.: Design of Secure and Low-cost RFID Tag Baseband. In: International Conference on Wireless Communications, Networking and Mobile Computing, pp. 2066–2069 (2007)

    Google Scholar 

  41. Sandhu, R.: Good-Enough Security: Toward a Pragmatic Business-Driven Discipline. IEEE Internet Computing 7(1), 66–68 (2003)

    Article  Google Scholar 

  42. Weingart, S.: Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses. In: Workshop on Cryptographic Hardware and Embedded Systems, Massachusetts, pp. 302–317 (2000)

    Google Scholar 

  43. Mirowski, L., Hartnett, J., Williams, R., Gray, T.: A RFID Proximity Card Data Set. Tech. Report University of Tasmania (2008), http://eprints.utas.edu.au/6903/1/a_rfid_proximity_card_data_set.pdf

Download references

Author information

Authors and Affiliations

  1. Information Management, ETH Zürich, 8092, Zurich, Switzerland

    Mikko Lehtonen, Alexander Ilic & Florian Michahelles

  2. Pervasive and Artificial Intelligence Research Group, Department of Informatics, University of Fribourg, Switzerland

    Daniel Ostojic

Authors
  1. Mikko Lehtonen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Ostojic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander Ilic
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Florian Michahelles
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Environment and Information Studies, Keio University, 5322, Endo, 252-8520, Fujisawa City, Kanagawa, Japan

    Hideyuki Tokuda

  2. Technische Universität Carolo-Wilhelmina zu Braunschweig, Mühlenpfordtstrasse 23, 38106, Braunschweig, Germany

    Michael Beigl

  3. Computing Department, InfoLab 2, South Drive, Lancaster University, LA1 4WA, Lancaster, UK

    Adrian Friday

  4. Microsoft Research, One Microsoft Way, 98052-6399, Redmond, WA, USA

    A. J. Bernheim Brush

  5. Department of Information Systems and Multimedia Design, Tokyo Denki University, 2–2 Kanda-Nishiki-cho, Chiyoda-ku, 101–8457, Tokyo, Japan

    Yoshito Tobe

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lehtonen, M., Ostojic, D., Ilic, A., Michahelles, F. (2009). Securing RFID Systems by Detecting Tag Cloning. In: Tokuda, H., Beigl, M., Friday, A., Brush, A.J.B., Tobe, Y. (eds) Pervasive Computing. Pervasive 2009. Lecture Notes in Computer Science, vol 5538. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01516-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01516-8_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01515-1

  • Online ISBN: 978-3-642-01516-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation