Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Privacy Security Your Rights Online

RFID Fingerprints To Fight Tag Cloning 59

Posted by Soulskill
from the cloning-is-bad-haven't-you-seen-scifi dept.
Bourdain writes with news out of the University of Arkansas, where researchers are looking for ways to combat counterfeit RFID tags. Passive tags typically wait for a reader to transmit a signal of the appropriate strength and frequency before sending their own transmission. The scientists found that the amount of power required to trigger this varies quite a bit from one tag to the next, especially when many different frequencies are sampled. This and other physical characteristics give the tag its own "fingerprint" that is independent of the signal information stored in its memory, which the researchers say will facilitate the detection of cloned tags.
This discussion has been archived. No new comments can be posted.

RFID Fingerprints To Fight Tag Cloning

Comments Filter:
  • by sdiz (224607) on Saturday November 21, 2009 @12:59AM (#30182276)

    Those fingetprints are physical charactistics due to manufacturing process. You can't duplicate them in software.

  • by cortesoft (1150075) on Saturday November 21, 2009 @01:03AM (#30182290)

    I don't know if it will be that easy. These fingerprints seem to be based on the fact that all RFID chips have flaws, and they are all flawed in different ways.... including the device that is trying to act as the clone of the RFID. What this means is that this clone RFID has to be able to mimic EXACTLY the flaws of the real thing without giving itself away by its OWN flaws. Without knowing more details about the flaws they are trying to measure, it is hard to say whether that would be possible. If the flaws are easily mimicked in the sense that you can create a clone whose own defects are not detected because they are all superseded by the original's flaws, it may work. If they vary so much that every clone will have some flaw that is severe enough to shine through, it would be impossible.

  • by oljanx (1318801) on Saturday November 21, 2009 @01:41AM (#30182454)
    Because it's not practical to produce a reader capable of transmitting enormous amounts of power, the complexity of passive tags is inherently limited. They are essentially glorified bar codes. This type of "fingerprinting" might add another level of complexity to the identification of tags, but it's not going to prevent counterfeit tags. At best it will slow down the production of counterfeit tags by an insignificant amount of time.
  • Re:What's the point? (Score:4, Informative)

    by owlstead (636356) on Saturday November 21, 2009 @04:28AM (#30182962)

    Depends on the chip. If you include ISO 14443 processor cards then you can have crypto, combined with secure on chip storage of the key of course. You are giving away this chip, so you must make sure that the chip storage and on board crypto is sufficiently protected against attacks. E.g for passports you can have active authentication or chip authentication to verify that the chip is not cloned.

  • This is nothing new (Score:5, Informative)

    by ian_mackereth (889101) * on Saturday November 21, 2009 @04:34AM (#30182988) Journal
    This sort of physical characteristic fingerprinting has been done for years on magnetic stripe cards and EEPROM smartcards, so this is nothing new in theory, just in what physical characteristics are being measured.

    In mag stripes, the magnetic remanence of the strip is different from card to card, in EEPROM, differences in the voltage levels and speed of reading of the cells are used.

    The general principle is that it's no point having unbreakable crypto if the data can simply be copied to a new medium. Consider a card (of whatever type) that stores monetary value for public transport or photocopying or whatever: Put $100 on it and copy the data, not knowing which bits are what. Copy that data onto a heap of cards bought with $5 of credit on them and sell them in the grey market for $50 each and pocket the profit.

    With this sort of technique, though, part of that encrypted data is a fingerprint based on the physical characteristics of the original card. The new cards will generate a fingerprint in the reader that doesn't match the original, making the copies invalid.

    Sure, if you can crack the encryption, this method is useless, but that's not the point. Crypto can be pretty good and costs more than a cheap reader/writer to break to duplicate cards/RFIDs.

  • Re:What's the point? (Score:3, Informative)

    by owlstead (636356) on Saturday November 21, 2009 @04:44AM (#30183010)

    Replying on myself here, but the original article does not seem to include processor chip technology.

    That and it should have read ISO 14443 processor chips of course, not ISO 14443 processor cards. It's Saturday morning over here - need cafeine.

There must be more to life than having everything. -- Maurice Sendak

Working...