skip to main content


Title: RCID: Fingerprinting Passive RFID Tags via Wideband Backscatter
Tag cloning and spoofing pose great challenges to RFID applications. This paper presents the design and evaluation of RCID, a novel system to fingerprint RFID tags based on the unique reflection coefficient of each tag circuit. Based on a novel OFDM-based fingerprint collector, our system can quickly acquire and verify each tag’s RCID fingerprint which are independent of the RFID reader and measurement environment. Our system applies to COTS RFID tags and readers after a firmware update at the reader. Extensive prototyped experiments on 600 tags confirm that RCID is highly secure with the authentication accuracy up to 97.15% and the median authentication error rate equal to 1.49%. RCID is also highly usable because it only takes about 8 s to enroll a tag and 2 ms to verify an RCID fingerprint with a fully connected multi-class neural network. Finally, empirical studies demonstrate that the entropy of an RCID fingerprint is about 202 bits over a bandwidth of 20 MHz in contrast to the best prior result of 17 bits, thus offering strong theoretical resilience to RFID cloning and spoofing.  more » « less
Award ID(s):
2055751
NSF-PAR ID:
10400746
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
IEEE Conference on Computer Communications (INFOCOM 2002)
Page Range / eLocation ID:
700 to 709
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Commodity ultra-high-frequency (UHF) RFID authentication systems only provide weak user authentication, as RFID tags can be easily stolen, lost, or cloned by attackers. This paper presents the design and evaluation of SmartRFID, a novel UHF RFID authentication system to promote commodity crypto-less UHF RFID tags for security-sensitive applications. SmartRFID explores extremely popular smart devices and requires a legitimate user to enroll his smart device along with his RFID tag. Besides authenticating the RFID tag as usual, SmartRFID verifies whether the user simultaneously possesses the associated smart device with both feature-based machine learning and deep learning techniques. The user is considered authentic if and only if passing the dual verifications. Comprehensive user experiments on commodity smartwatches and RFID devices confirmed the high security and usability of SmartRFID. In particular, SmartRFID achieves a true acceptance rate of above 97.5% and a false acceptance rate of less than 0.7% based on deep learning. In addition, SmartRFID can achieve an average authentication latency of less than 2.21s, which is comparable to inputting a PIN on a door keypad or smartphone. 
    more » « less
  2. In this work, we demonstrate that it is possible to read UHF RFID tags without a carrier. Specifically, we introduce an alternative reader design that does not emit a carrier and allows reading RFID tags intended for conventional carrier-based systems. While traditional RFID tags modulate a carrier, it is important to note that a modulation circuit used for backscatter also modulates the inherent noise of the tag circuitry, including the Johnson noise, irrespective of whether a carrier is present or not. Our Modulated Noise Communication (MNC) approach leverages recent work on Modulated Johnson Noise (MJN) and can be read by an alternative RFID reader design that enables simpler, more accessible RFID readings than a conventional backscatter reader by eliminating self-jamming obstructions. MNC is shown to support wireless transmission of data packets between 2 cm to 10 cm of separation between a standard UHF RFID tag and the proposed alternative reader for data rates of 1 bps and 2 bps. 
    more » « less
  3. Radio frequency identification (RFID) is a technology for automated identification of objects and people. RFID technology is expected to find extensive use in applications related to the Internet of Things, and in particular applications of Internet of Battlefield Things. Of particular interest are passive RFID tags due to a number of their salient advantages. Such tags, lacking energy sources of their own, use backscattering of the power of an RF source (a reader) to communicate. Recently, passive RFID tag-to-tag (T2T) communication has been demonstrated, via which tags can directly communicate with each other and share information. This opens the possibility of building a Network of Tags (NeTa), in which the passive tags communicate among themselves to perform data processing functions. Among possible applications of NeTa are monitoring services in hard-to-reach locations. As an essential step toward implementation of NeTa, we consider a novel multi-hop network architecture; in particular, with the proposed novel turbo backscattering operation, inter-tag distances can be significantly increased. Due to the interference among tags’ transmissions, one of the main technical challenges of implementing such the NeTa architecture is the routing protocol design. In this paper, we introduce a design of a routing protocol, which is based on a solution of a non-linear binary optimization problem. We study the performance of the proposed protocol and investigate impacts of several network factors, such as the tag density and the transmit power of the reader. 
    more » « less
  4. Currently, there is an increasing interest in the use of RFID systems with passive or battery-less tags with sensors incorporated, also known as computational RFID (CRFID) systems. These passive tags use the reader signal to power up their microcontroller and an attached sensor. Following the current standard EPC C1G2, the reader must identify the tag (receive the tag's identification code) prior to receive data from its sensor. In a typical RFID scenario, several sensor tags share the reader interrogation zone, and during their identification process, their responses often collide, increasing their identification time. Therefore, RFID application developers must be mindful of tag anti-collision protocols when dealing with CRFID tags in dense RFID sensor networks. So far, significant effort has been invested in simulation-based analysis of the performance of anti-collision protocols regarding the tags identification time. However, no one has explored the experimental performance of anti-collision protocols in an RFID sensor network using CRFID. This paper: (i) demonstrates that the impact of one tag identification time over the total time required to read one sensor data from that same tag is very significant, and (ii) presents an UHF-SDR RFID system which validates the improvement of FuzzyQ, a fast anticollision protocol, in relation to the protocol used in the current RFID standard. 
    more » « less
  5. UHF RFID tags have been widely used for contactless inventory and tracking applications. One fundamental problem with RFID readers is their limited tag reading rate. Existing RFID readers (e.g., Impinj Speedway) can read about 35 tags per second in a read zone, which is far from enough for many applications. In this paper, we present the first-of-its-kind RFID reader (mReader), which borrows the idea of multi-user MIMO (MU-MIMO) from cellular networks to enable concurrent multi-tag reading in passive RFID systems. mReader is equipped with multiple antennas for implicit beamforming in downlink transmissions. It is enabled by three key techniques: uplink collision recovery, transition-based channel estimation, and zero-overhead channel calibration. In addition, mReader employs a Q-value adaptation algorithm for medium access control to maximize its tag reading rate. We have built a prototype of mReader on USRP X310 and demonstrated for the first time that a two-antenna reader can read two commercial off-the-shelf (COTS) tags simultaneously. Numerical results further show that mReader can improve the tag reading rate by 45% compared to existing RFID readers. 
    more » « less