skip to main content

Title: RCID: Fingerprinting Passive RFID Tags via Wideband Backscatter
Tag cloning and spoofing pose great challenges to RFID applications. This paper presents the design and evaluation of RCID, a novel system to fingerprint RFID tags based on the unique reflection coefficient of each tag circuit. Based on a novel OFDM-based fingerprint collector, our system can quickly acquire and verify each tag’s RCID fingerprint which are independent of the RFID reader and measurement environment. Our system applies to COTS RFID tags and readers after a firmware update at the reader. Extensive prototyped experiments on 600 tags confirm that RCID is highly secure with the authentication accuracy up to 97.15% and the median authentication error rate equal to 1.49%. RCID is also highly usable because it only takes about 8 s to enroll a tag and 2 ms to verify an RCID fingerprint with a fully connected multi-class neural network. Finally, empirical studies demonstrate that the entropy of an RCID fingerprint is about 202 bits over a bandwidth of 20 MHz in contrast to the best prior result of 17 bits, thus offering strong theoretical resilience to RFID cloning and spoofing.
; ; ; ; ;
Award ID(s):
Publication Date:
Journal Name:
IEEE Conference on Computer Communications (INFOCOM 2002)
Page Range or eLocation-ID:
700 to 709
Sponsoring Org:
National Science Foundation
More Like this
  1. Radio frequency identification (RFID) is a technology for automated identification of objects and people. RFID technology is expected to find extensive use in applications related to the Internet of Things, and in particular applications of Internet of Battlefield Things. Of particular interest are passive RFID tags due to a number of their salient advantages. Such tags, lacking energy sources of their own, use backscattering of the power of an RF source (a reader) to communicate. Recently, passive RFID tag-to-tag (T2T) communication has been demonstrated, via which tags can directly communicate with each other and share information. This opens the possibility of building a Network of Tags (NeTa), in which the passive tags communicate among themselves to perform data processing functions. Among possible applications of NeTa are monitoring services in hard-to-reach locations. As an essential step toward implementation of NeTa, we consider a novel multi-hop network architecture; in particular, with the proposed novel turbo backscattering operation, inter-tag distances can be significantly increased. Due to the interference among tags’ transmissions, one of the main technical challenges of implementing such the NeTa architecture is the routing protocol design. In this paper, we introduce a design of a routing protocol, which is based onmore »a solution of a non-linear binary optimization problem. We study the performance of the proposed protocol and investigate impacts of several network factors, such as the tag density and the transmit power of the reader.« less
  2. Continuous location authentication (CLA) seeks to continuously and automatically verify the physical presence of legitimate users in a protected indoor area. CLA can play an important role in contexts where access to electrical or physical resources must be limited to physically present legitimate users. In this paper, we present WearRF-CLA, a novel CLA scheme built upon increasingly popular wrist wearables and UHF RFID systems. WearRF-CLA explores the observation that human daily routines in a protected indoor area comprise a sequence of human-states (e.g., walking and sitting) that follow predictable state transitions. Each legitimate WearRF-CLA user registers his/her RFID tag and also wrist wearable during system enrollment. After the user enters a protected area, WearRF-CLA continuously collects and processes the gyroscope data of the wrist wearable and the phase data of the RFID tag signals to verify three factors to determine the user's physical presence/absence without explicit user involvement: (1) the tag ID as in a traditional RFID authentication system, (2) the validity of the human-state chain, and (3) the continuous coexistence of the paired wrist wearable and RFID tag with the user. The user passes CLA if and only if all three factors can be validated. Extensive user experiments onmore »commodity smartwatches and UHF RFID devices confirm the very high security and low authentication latency of WearRF-CLA.« less
  3. Currently, there is an increasing interest in the use of RFID systems with passive or battery-less tags with sensors incorporated, also known as computational RFID (CRFID) systems. These passive tags use the reader signal to power up their microcontroller and an attached sensor. Following the current standard EPC C1G2, the reader must identify the tag (receive the tag's identification code) prior to receive data from its sensor. In a typical RFID scenario, several sensor tags share the reader interrogation zone, and during their identification process, their responses often collide, increasing their identification time. Therefore, RFID application developers must be mindful of tag anti-collision protocols when dealing with CRFID tags in dense RFID sensor networks. So far, significant effort has been invested in simulation-based analysis of the performance of anti-collision protocols regarding the tags identification time. However, no one has explored the experimental performance of anti-collision protocols in an RFID sensor network using CRFID. This paper: (i) demonstrates that the impact of one tag identification time over the total time required to read one sensor data from that same tag is very significant, and (ii) presents an UHF-SDR RFID system which validates the improvement of FuzzyQ, a fast anticollision protocol, inmore »relation to the protocol used in the current RFID standard.« less
  4. Passive radio-frequency identification (RFID) tags are attractive because they are low cost, battery-free, and easy to deploy. This technology is traditionally being used to identify tags attached to the objects. In this paper, we explore the feasibility of turning passive RFID tags into battery-free temperature sensors. The impedance of the RFID tag changes with the temperature and this change will be manifested in the reflected signal from the tag. This opens up an opportunity to realize battery-free temperature sensing using a passive RFID tag with already deployed Commercial Off-the-Shelf (COTS) RFID reader-antenna infrastructure in supply chain management or inventory tracking. However, it is challenging to achieve high accuracy and robustness against the changes in the environment. To address these challenges, we first develop a detailed analytical model to capture the impact of temperature change on the tag impedance and the resulting phase of the reflected signal. We then build a system that uses a pair of tags, which respond differently to the temperature change to cancel out other environmental impacts. Using extensive evaluation, we show our model is accurate and our system can estimate the temperature within a 2.9 degree centigrade median error and support a normal read range ofmore »3.5 m in an environment-independent manner.« less
  5. Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user’s tapping rhythm. In addition to verifying the RFID card’s identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user’s secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.