Abstract
Cloning of RFID tags can lead to financil losses in many commercial RFID applications. There are two general strategies to provide security: prevention and detection. The security community and the RFID chip manufacturers are currently focused on the former by making tags hard to clone. This paper focuses on the latter by investigating a method to pinpoint tags with the same ID. This method is suitable for low-cost tags since it makes use of writing a new random number on the tag’s memory every time the tag is scanned. A back-end that issues these numbers detects tag cloning attacks as soon as both the genuine and the cloned tag are scanned. This paper describes the method and presents a mathematical model of the level of security and an implementation based on EPC tags. The results suggest that the method provides a potentially effective way to secure RFID systems against tag cloning.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Fleisch, E., Mattern, F.: Das Internet der Dinge: Ubiquitous Computing Und RFID in Der Praxis: Visionen, Technologien, Anwendungen, Handlungsanleitungen. Springer, Berlin (2005)
Juels, A.: RFID security and privacy: A research survey. IEEE Journal of Selected Areas of Communication 24(2), 381–894 (2006)
Mirowski, L., Hartnett., J.: Deckard: A System to Detect Change of RFID Tag Ownership. International Journal of Computer Science and Network Security 7(7) (2007)
Michahelles, F., Flörkemeier, C., Lehtonen, M., Hinske, S.: An RFID-tag in Every Ski Item-Level Tagging in the Ski Industry. In: Pervasive Technology Applied - Real-World Experiences with RFID and Sensor Networks, Proceedings of the Pervasive 2006 Workshops, Dublin (2006)
Swedberg, C.: RFID Drives Highway Traffic Reports. RFID Journal (2004)
IDTechEx: Oyster Transport for London TfL, card UK (2007)
RFID News: Olympic tickets to carry wealth of personal info. (2008)
Texas Instruments: ExxonMobil Speedpass (2008)
Bacheldor, B.: Pfizer Prepares for Viagra E-Pedigree Trial. RFID Journal (Feburary 2007)
Sarja, S.: Introductory Talk: Some issues related to RFID and Security. In: Keynote Speech in Workshop on RFID Security 2006, Graz (2006)
EPCglobal Inc.: Class-1 Generation-2 UHF RFID Conformance Requirements Specification v. 1.0.2 (2005)
Feldhofer, M., Aigner, M., Dominikus, S.: An Application of RFID Tags using Secure Symmetric Authentication. In: 1st International Workshop on Privacy and Trust in Pervasive and Ubiquitous Computing, pp. 43–49 (2005)
Plos, T., Hutter, M., Feldhofer, M.: Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes. In: Workshop on RFID Security 2008, Budapest (July 2008)
Dominikus, S., Oswald, E., Feldhofer, M.: Symmetric authentication for RFID systems in practice. In: ECRYPT Workshop on RFID and Lightweight Crypto, Graz (2005)
Schneier, B.: Beyond Fear. Thinking Sensibly of Security in an Uncertain World. Copernicus Books, New York (2003)
Schechter, S.E.: Quantitatively differentiating system security. In: The First Workshop on Economics and Information Security, Berkeley (2002)
Juels, A.: Minimalist cryptography for low-cost RFID tag. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)
Juels, A.: Strengthening EPC Tags Against Cloning. In: Jakobsson, M., Poovendran, R. (eds.) Proceedings of the 2005 ACM Workshop on Wireless Security, pp. 67–76. ACM Press, Cologne (2005)
Vajda, I., Buttyán, L.: Lightweight authentication protocols for low-cost RFID tags. In: Workshop on Security in Ubiquitous Computing, Ubicomp 2003 (2003)
Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: IEEE International Conference on Pervasive Computing and Communications, pp. 640–643 (2006)
EPCglobal Inc.: Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz - 960 MHz v. 1.1.0 (2005)
Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual authentication protocol for low-cost RFID. In: ECRYPT Workshop on RFID and Lightweight Crypto, Graz (2005)
Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks SecureComm., Athens, Greece (2005)
Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: IEEE International Workshop on Pervasive Computing and Communication Security, pp. 110–114 (2005)
Bailey, D., Juels, A.: Shoehorning Security into the EPC Tag Standard. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 303–320. Springer, Heidelberg (2006)
Wolkerstorfer, J.: Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags? In: ECRYPT Workshop on RFID and Lightweight Crypto, Graz (2005)
Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An Elliptic Curve Processor Suitable For RFID-Tags. Cryptology ePrint Archive, Report 2006/227 (2006)
Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and Implementation of PUF-Based ”Unclonable” RFID ICs for Anti-Counterfeiting and Security Applications. In: IEEE International Conference on RFID 2008, pp. 58–64 (2008)
Staake, T., Thiesse, F., Fleisch, E.: Extending the EPC Network – The Potential of RFID in Anti-Counterfeiting. In: Symposium on Applied Computing, New York, pp. 1607–1612 (2005)
Lehtonen, M., Michahelles, F.: Fleisch, E.: Probabilistic Approach for Location-Based Authentication. In: 1st International Workshop on Security for Spontaneous Interaction IWSSI 2007, 9th International Conference on Ubiquitous Computing (2007)
Ilic, A., Michahelles, F., Fleisch, E.: The Dual Ownership Model: Using Organizational Relationships for Access Control in Safety Supply Chains. In: IEEE International Symposium on Ubisafe Computing (2007)
Grummt, E., Ackermann, R.: Proof of Possession: Using RFID for large-scale Authorization Management. In: Mühlhäuser, M., Ferscha, A., Aitenbichler, E. (eds.) Constructing Ambient Intelligence, AmI-07 Workshops Proceedings. Communications in Computer and Information Science, pp. 174–182 (2008)
Koscher, K., Juels, A., Kohno, T., Brajkovic, V.: EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond (2008) (Manuscript)
Koh, R., Schuster, E., Chackrabarti, I., Bellman, A.: Securing the Pharmaceutical Supply Chain. Auto-ID Labs White Paper (2003)
Mitropoulos, S., Patsos, D., Douligeris, C.: On Incident Handling and Response: A state-of-the-art approach. Computers and Security 25(5), 351–370 (2006)
Cameron, S.: The Economics of Crime Deterrence: A Survey of Theory and Evidence. Kyklos International Review for Social Sciences 41(2), 301–323 (1988)
Schechter, S.E., Smith, M.: How Much Security is Enough to Stop a Thief? The Economics of Outsider Theft via Computer Systems and Networks. In: Seventh International Financial Cryptography Conference, Guadeloupe (2003)
Soppera, A., Burbridge, T., Broekhuizen, V.: A Trusted RFID Reader for Multi-Party Services. EU RFID Convocation (2007)
EPCglobal Inc.: EPCglobal Architecture Framework Version 1.0 (2005)
Wang, J., Li, H., Yu, F.: Design of Secure and Low-cost RFID Tag Baseband. In: International Conference on Wireless Communications, Networking and Mobile Computing, pp. 2066–2069 (2007)
Sandhu, R.: Good-Enough Security: Toward a Pragmatic Business-Driven Discipline. IEEE Internet Computing 7(1), 66–68 (2003)
Weingart, S.: Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses. In: Workshop on Cryptographic Hardware and Embedded Systems, Massachusetts, pp. 302–317 (2000)
Mirowski, L., Hartnett, J., Williams, R., Gray, T.: A RFID Proximity Card Data Set. Tech. Report University of Tasmania (2008), http://eprints.utas.edu.au/6903/1/a_rfid_proximity_card_data_set.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lehtonen, M., Ostojic, D., Ilic, A., Michahelles, F. (2009). Securing RFID Systems by Detecting Tag Cloning. In: Tokuda, H., Beigl, M., Friday, A., Brush, A.J.B., Tobe, Y. (eds) Pervasive Computing. Pervasive 2009. Lecture Notes in Computer Science, vol 5538. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01516-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-01516-8_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01515-1
Online ISBN: 978-3-642-01516-8
eBook Packages: Computer ScienceComputer Science (R0)