This Article 
 Bibliographic References 
 Add to: 
Fingerprinting RFID Tags
November/December 2011 (vol. 8 no. 6)
pp. 938-943
Senthilkumar Chinnappa Gounder Periaswamy, University of Arkansas, Fayetteville
Dale R. Thompson, University of Arkansas, Fayetteville
Jia Di, University of Arkansas, Fayetteville
Radio frequency identification (RFID) tags are low-cost devices that are used to uniquely identify the objects to which they are attached. Due to the low cost and small size that are driving the technology, a tag has limited computational capabilities and resources. These limitations constrain the use of conventional encryption algorithms and security protocols to prevent cloning and counterfeiting of an RFID tag. Therefore, we propose to create an electronic fingerprint of a tag based upon the physical attributes of the tag. We have fingerprinted RFID tags based upon their minimum power responses measured at multiple frequencies. The fingerprint can be used effectively to identify the tags in the future with high probability and to detect counterfeit tags. This mechanism does not increase the cost of the tag and can be applied to any existing tag, because it is independent of the computational capabilities and resources of the RFID tag.

[1] EPC Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz-960 MHz, Ver. 1.1.0, EPCglobal Inc., http:/, Dec. 2005.
[2] R. Chaudhry, D.R. Thompson, and C. Thompson, “RFID Technical Tutorial and Threat Modeling, Ver.1.0,” technical report, Dept. of Computer Science and Computer Eng., Univ. of Arkansas,, Dec. 2005.
[3] A. Juels, “RFID security and Privacy: A Research Survey,” IEEE J. Selected Areas in Comm., vol. 24, no. 2, pp. 381-394, Feb. 2006.
[4] A. Juels, D. Molnar, and D. Wagner, “Security and Privacy Issues in E-Passports,” Proc. Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), 2005.
[5] J. Westhues, “Hacking the Prox Card,” RFID: Applications, Security, and Privacy, S. Garfinkel and B. Rosenberg, eds., pp. 291-300, Addison-Wesley, 2005.
[6] G.D. Koning Gans, J. Hoepman, and F.D. Garcia, “A Practical Attack on the MIFARE Classic,” Proc. Eighth IFIP WG 8.8/11.2 Int'l Conf. Smart Card Research and Advanced Appl. (CARDIS '08), pp. 267-282, 2008.
[7] Y. Oren and A. Shamir, “Remote Password Extraction from RFID Tags,” IEEE Trans. Computers, vol. 56, no. 9, pp. 1292-1296, Sept. 2007.
[8] M. Hutter, S. Mangard, and M. Feldhofer, “Power and EM Attacks on Passive 13.56 MHz RFID Devices,” Proc. Ninth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 320-333, 2007.
[9] A. Juels, “Strengthening EPC Tags against Cloning,” Proc. Fourth ACM Workshop Wireless Security (WiSe '05), pp. 67-76, 2005.
[10] D.N. Duc, J. Park, H. Lee, and K. Kim, “Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning,” Proc. 2006 Symp. Cryptography and Information Security, 2006.
[11] T. Dimitriou, “A Lightweight RFID Protocol to Protect against Traceability and Cloning Attacks,” Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), Sept. 2005.
[12] S.S. Kumar and C. Paar, “Are Standards Compliant Elliptic Curve Cryptosystems Feasible on RFID?” Proc. Workshop RFID Security, July 2006.
[13] Y.K. Lee, L. Batina, and I. Verbauwhede, “EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID Authentication Protocol,” IEEE Int'l Conf. RFID, pp. 97-104, 2008.
[14] M. Burmester and B. de Medeiros, “The Security of EPC Gen2 Compliant RFID Protocols,” Proc. Int'l Conf. Applied Cryptography and Network Security, 2008.
[15] M. Burmester, B. de Medeiros, and R. Motta, “Robust, Anonymous RFID Authentication with Constant Key-Lookup,” Proc. 2008 ACM Symp. Information, Computer and Comm. Security (ASIACCS '08), pp. 283-291, 2008.
[16] G. Avoine and P. Oechslin, “RFID Traceability: A Multilayer Problem,” Proc. Financial Cryptography (FC '05), pp. 125-140, 2005.
[17] S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, and M. Szydlo, “Security Analysis of a Cryptographically-Enabled RFID Device,” Proc. USENIX Security Symp., pp. 1-16, 2005.
[18] D. Carluccio, K. Lemke, and C. Paar, “Electromagnetic Side Channel Analysis of a Contactless Smart Card: First Results,” Proc. ECRYPT Workshop RFID and Lightweight Crypto, pp. 44-51, July 2005.
[19] Z. Kfir and A. Wool, “Picking Virtual Pockets Using Relay Attacks on Contactless Smartcard Systems,” Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), Sept. 2005.
[20] P. Tuyls and L. Batina, “RFID-Tags for Anti-Counterfeiting,” Proc. Topics in Cryptology—The Cryptographers' Track at the RSA Conf. (CT-RSA '06), 2006.
[21] J. Hall, M. Barbeau, and E. Kranakis, “Detection of Rogue Devices in Bluetooth Networks Using Radio Frequency Fingerprinting,” Proc. IASTED Int'l Conf. Comm. and Computer Networks, Dec. 2006.
[22] NIST/SEMATECH e-Handbook of Statistical Methods. Nat'l Inst. of Standards and Technology,, 2007.
[23] K.B. Rasmussen and S. Capkun, “Implications of Radio Fingerprinting on the Security of Sensor Networks,” Proc. Third Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '07), Sept. 2007.
[24] T. Kohno, A. Broido, and K.C. Claffy, “Remote Physical Device Fingerprinting,” IEEE Trans. Dependable and Secure Computing, vol. 2, no. 2, pp. 93-108, Apr. 2005.
[25] M.J. Riezenman, “Cellular Security: Better, but Foes Still Lurk,” IEEE Spectrum, vol. 37, no. 6, pp. 39-42, June 2000.
[26] R. Jones, Most Secret War. Hamilton, 1978.
[27] R. Gerdes, T.E. Daniels, M. Mina, and S. Russell, “Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach,” Proc. 13th Ann. Network and Distributed System Security Symp., Feb. 2006.
[28] D.E. Holcomb, W.P. Burleson, and K. Fu, “Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags,” Proc. Conf. RFID Security, 2007.
[29] H.P. Romero, K.A. Remley, D.F. Williams, and C.-M. Wang, “Electromagnetic Measurements for Counterfeit Detection of Radio Frequency Identification Cards,” IEEE Trans. Microwave Theory and Techniques, vol. 57, no. 5, pp. 1383-1387, May 2009.
[30] B. Danev, T.S. Heydt-Benjamin, and S. Capkun, “Physical-Layer Identification of RFID Devices,” Proc. 18th USENIX Security Symp. (USENIX '09), 2009.
[31] Voyantic Ltd., http:/, 2010.
[32] D.C. Montgomery, Design and Analysis of Experiments. John Wiley & Sons, Inc., 2001.
[33] D.W. Aha, D. Kibler, and M.K. Albert, “Instance-Based Learning Algorithms,” Machine Learning, vol. 6, pp. 37-66, 1991.

Index Terms:
Authentication, pervasive computing, unauthorized access, wireless sensor networks.
Senthilkumar Chinnappa Gounder Periaswamy, Dale R. Thompson, Jia Di, "Fingerprinting RFID Tags," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, pp. 938-943, Nov.-Dec. 2011, doi:10.1109/TDSC.2010.56
Usage of this product signifies your acceptance of the Terms of Use.