Kai Bu,Xuan Liu,Bin Xiao

DOI: https://doi.org/10.1109/iwqos.2012.6245962

2012-01-01

Abstract:Tag cloning attacks threaten a variety of Radio Frequency Identification (RFID) applications but are hard to prevent. To secure RFID applications that confine tagged objects in the same RFID system, this paper studies the cloned-tag identification problem. Although limited existing work has shed some light on the problem, designing fast cloned-tag identification protocols for applications in large-scale RFID systems is yet not thoroughly investigated. To this end, we propose leveraging broadcast and collisions to identify cloned tags. This approach relieves us from resorting to complex cryptography techniques and time-consuming transmission of tag IDs. Based on this approach, we derive a time lower bound on cloned-tag identification and propose a suite of time-efficient protocols toward approaching the time lower bound. The execution time of our protocol is only 1.4 times the value of the time lower bound, being up to 91% less than that of the existing protocol. The proposed protocols may benefit also RFID applications that distribute tagged objects across multiple places.

Kai Bu,Xuan Liu,Bin Xiao

DOI: https://doi.org/10.1016/j.adhoc.2013.08.011

IF: 4.816

2014-01-01

Ad Hoc Networks

Abstract:Tag cloning attacks threaten a variety of Radio Frequency Identification (RFID) applications but are hard to prevent. To secure RFID applications that confine tagged objects in the same RFID system, this paper studies the cloned-tag identification problem. Although limited existing work has shed some light on the problem, designing fast cloned-tag identification protocols for applications in large-scale RFID systems is yet not thoroughly investigated. To this end, we propose leveraging broadcast and collisions to identify cloned tags. This approach relieves us from resorting to complex cryptography techniques and time-consuming transmission of tag IDs. Based on this approach, we derive a time lower bound on cloned-tag identification and propose a suite of time-efficient protocols toward approaching the time lower bound. The execution time of our protocol is only 1.4 times the value of the time lower bound, being over 91% less than that of the existing protocol. Even better, we further dig up an adaptive protocol that can yield higher time efficiency under some scenarios. The proposed protocols may benefit also RFID applications that distribute tagged objects across multiple places.

Weiqing Huang,Yanfang Zhang,Yue Feng

DOI: https://doi.org/10.3390/s20082378

IF: 3.9

2020-01-01

Sensors

Abstract:With the rapid development of the internet of things, radio frequency identification (RFID) technology plays an important role in various fields. However, RFID systems are vulnerable to cloning attacks. This is the fabrication of one or more replicas of a genuine tag, which behave exactly as a genuine tag and fool the reader to gain legal authorization, leading to potential financial loss or reputation damage. Many advanced solutions have been proposed to combat cloning attacks, but they require extra hardware resources, or they cannot detect a clone tag in time. In this article, we make a fresh attempt to counterattack tag cloning based on spatiotemporal collisions. We propose adaptable clone detection (ACD), which can intuitively and accurately display the positions of abnormal tags in real time. It uses commercial off-the-shelf (COTS) RFID devices without extra hardware resources. We evaluate its performance in practice, and the results confirm its success at detecting cloning attacks. The average accuracy can reach 98.7%, and the recall rate can reach 96%. Extensive experiments show that it can adapt to a variety of RFID application scenarios.

Kai Bu,Minyu Weng,Yi Zheng,Bin Xiao,Xuan Liu

DOI: https://doi.org/10.1109/comst.2017.2688411

2017-01-01

Abstract:Radio-frequency identification (RFID) is one of the driving technologies for Internet of Things. The architecture-succinctness and cost-effectiveness of RFID tags promise their proliferation as well as allure security and privacy breaches. The cloning attack using clone tags to impersonate genuine tags can lead to unimaginable threats because RFID applications equate tag genuineness to the authenticity of tagged objects. Proposed countermeasures, however, keep showing limitations in effectiveness, efficiency, security, privacy, or applicability as new RFID applications emerge. The countermeasures therefore require constant review and improvement to stay at the leading edge. In this paper, we conduct the first comprehensive and systematic survey of RFID clone prevention and detection solutions. We systematically classify existing RFID cloning countermeasures over the period 2003-2016, sketch the main idea and highlight the strengths and weaknesses of each solution type, and summarize the similarity and difference among solution types. We find that RFID cloning countermeasures turn to be much more complex to design than they were thought in the literature. Prevention solutions can hardly thwart RFID cloning completely. Detection solutions may have specific application requirements to take effect. Many open issues further complicate the design of RFID cloning countermeasures. We hope that our survey can provide academic researchers and industrial engineers with useful references to combat RFID cloning and therefore to secure RFID ecosystem.

Yue Feng,Weiqing Huang,Siye Wang,Yanfang Zhang,Shang Jiang,Ziwen Cao

DOI: https://doi.org/10.1007/978-3-031-24386-8_5

2022-01-01

Abstract:Millions of radio frequency identification (RFID) tags are pervasively used all around the globe to identify a wide variety of objects inexpensively. However, the tag cannot use energy-hungry cryptography due to the limit of size and production costs, and it is vulnerable to cloning attacks. A cloning attack fabricates one or more replicas of a genuine tag, which behave the same as the genuine tag and can deceive the reader to obtain legitimate authorization, leading to potential economic loss or reputation damage. Among the existing solutions, the methods based on radio frequency (RF) fingerprints are attractive because they can detect cloning attacks and identify the clone tags. They leverage the unique imperfections in the tag's wireless circuitry to achieve largescale RFID clone detection. However, training a high-precision detection model requires a large amount of data and high-performance hardware devices. And some methods require professional instruments such as oscilloscopes to collect fine-grained RF signals. For these reasons, we propose a lightweight clone detection method Anti-Clone. We combine convolutional neural networks (CNN) with transfer learning to combat data-constrained learning tasks. Extensive experiments on commercial off-the-shelf (COTS) RFID devices demonstrate that Anti-Clone is more lightweight than the existing methods without sacrificing detection accuracy. The detection accuracy reaches 98.4%, and the detection time is less than 5 s.

Yue Feng,Weiqing Huang,Siye Wang,Yanfang Zhang,Shang Jiang

DOI: https://doi.org/10.1016/j.comnet.2021.107922

IF: 5.493

2021-01-01

Computer Networks

Abstract:With the rapid development of the internet of things (IoT), radio frequency identification (RFID) technology plays an important role in various fields. However, tags are vulnerable to cloning attacks because they are limited by size and production costs. A cloning attack fabricates one or more replicas of a genuine tag, which behave exactly the same as the genuine tag and can deceive the reader to obtain legitimate authorization, leading to potential economic loss or reputation damage. Many advanced solutions have been proposed to combat cloning attacks. Existing trajectory-based RFID clone detection methods use historical trajectories for model training. However, the environment of the RFID monitoring area is complex and diverse and changes in real time. The features trained based on historical trajectories cannot effectively adapt to the complex environment. In this article, we make a novel attempt to counterattack tag cloning based on real-time trajectories. We propose the clone attack detection approach (deClone), which can intuitively and accurately display the positions of abnormal tags in real time. It requires only commercial off-the-shelf (COTS) RFID devices, unlike methods based on radio frequency (RF) fingerprints and synchronization keys, which require additional hardware devices or software redesign. According to the experimental results, our scheme improves the detection precision by 16.71% compared with that of the existing trajectory-based detection methods.

Kai Bu,Mingjie Xu,Xuan Liu,Jiaqing Luo,Shigeng Zhang

DOI: https://doi.org/10.1109/mass.2014.12

2014-01-01

Abstract:Cloning attacks seriously impede the security of Radio-Frequency Identification (RFID) applications. In this paper, we tackle deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few clones tolerated. We propose two protocols, BASE and DeClone, toward fast and deterministic clone detection for large anonymous RFID systems. BASE leverages the observation that clone tags make tag cardinality exceed ID cardinality. DeClone is built on a recent finding that clone tags cause collisions that are hardly reconciled through rearbitration. For DeClone to achieve detection certainty, we design breadth first tree traversal toward quickly verifying unreconciled collisions and hence the cloning attack. We validate their detection performance through analysis and simulation. The results show that BASE delivers faster detection for small systems while DeClone for large ones especially when clone ratio increases.

Kai Bu,Xuan Liu,Jiaqing Luo,Bin Xiao,Guiyi Wei

DOI: https://doi.org/10.1109/TIFS.2012.2237395

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloning attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing cloning attack detection methods are enslaved to the knowledge of tag identifiers (IDs). Tag IDs, however, should be protected to enable and secure privacy-sensitive applications in anonymous RFID systems. In a first step, this paper tackles cloning attack detection in anonymous RFID systems without requiring tag IDs as a priori. To this end, we leverage unreconciled collisions to uncover cloning attacks. An unreconciled collision is probably due to responses from multiple tags with the same ID, exactly the evidence of cloning attacks. This insight inspires GREAT, our pioneer protocol for cloning attack detection in anonymous RFID systems. We evaluate the performance of GREAT through theoretical analysis and extensive simulations. The results show that GREAT can detect cloning attacks in anonymous RFID systems fairly fast with required accuracy. For example, when only six out of 50,000 tags are cloned, GREAT can detect the cloning attack in 75.5 s with a probability of at least 0.99.

Xiulong Liu,Heng Qi,Keqiu Li,Jie Wu,Weilian Xue,Geyong Min,Bin Xiao

DOI: https://doi.org/10.1007/978-3-319-11197-1_7

2014-01-01

Abstract:This paper studies a practically important problem of cloned tag detection in large-scale RFID systems where an attacker compromises genuine tags and produces their replicas, namely cloned tags, to threaten RFID applications. Although many efforts have been made to address this problem, the existing work can hardly satisfy the stringent real-time requirement, and thus cannot catch cloning attacks in a time-efficient way. Moreover, the existing work does not consider energy-efficiency, which is very critical when battery-powered active tags are used. To fill these gaps, this paper proposes a Location Polling-based Cloned tag Detection (LP-CTD) protocol by taking both time-efficiency and energy-efficiency into consideration. LP-CTD reports the existence of cloned tags when the reader finds an expected singleton slot appearing as collision one. To improve the efficiency of detecting cloned tags, only sampled tags in LP-CTD participate in the detection process. Theoretical analysis on the proposed protocol is conducted to minimize their execution time and energy consumption. Extensive simulation experiments are conducted to evaluate the performance of the proposed protocols. The results demonstrate that the proposed LP-CTD protocol considerably outperforms the latest related protocols by reducing more than 80% of the execution time, and more than 90% of the energy consumption.

Kai Bu,Mingjie Xu,Xuan Liu,Jiaqing Luo,Shigeng Zhang,Minyu Weng

DOI: https://doi.org/10.1109/TII.2015.2482921

IF: 12.3

2015-01-01

IEEE Transactions on Industrial Informatics

Abstract:Cloning attacks seriously impede the security of radio-frequency identification (RFID) applications. This paper tackles deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few cl...

Manmeet Mahinderjit-Singh,Xue Li,Zhanhuai Li

DOI: https://doi.org/10.7726/jait.2013.1002

2013-01-01

Journal of Advanced Internet of Things

Abstract:Counterfeiting is a generalized term which includes both the act of RFID tags, cloning and fraud. RFID tag counterfeiting attacks lead to financial losses, loss of trust and confidence in the adoption and acceptance of RFID technology. The challenge of implementing a cost-based counterfeit detection system in RFID supply chains is non-trivial because counterfeit tags exist across billions of RFID tags. In this paper, a cost-sensitive learning approach is presented. The motivation of this work is to effectively reduce the overall cost of counterfeiting attack for RFID tagged products. Experiments are conducted to present the efficiency, effectiveness, misclassification cost and test cost evaluations. Findings from this paper conclude that MetaCost learners provide the best result. However, when compared to AdaCost, MetaCost is more expensive in classifying counterfeit tags.

Xin Ai,Honglong Chen,Kai Lin,Zhibo Wang,Jiguo Yu

DOI: https://doi.org/10.1109/tifs.2020.3023785

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Radio-Frequency Identification (RFID) is an emerging technology which has been widely applied in various scenarios, such as tracking, object monitoring, and social networks, etc. Cloning attacks can severely disturb the RFID systems, such as missed detection for the missing tags. Although there are some techniques with physical architecture design or complicated encryption and cryptography proposed to prevent the tags from being cloned, it is difficult to definitely avoid the cloning attack. Therefore, cloning attack detection and identification are critical for the RFID systems. Prior works rely on that each clone tag will reply to the reader when its corresponding genuine tag is queried. In this article, we consider a more general attack model, in which each clone tag replies to the reader's query with a predefined probability, i.e., attack probability. We concentrate on identifying the tags being attacked with the probability no less than a threshold $P_{t}$ with the required identification reliability $\alpha $ . We first propose a basic protocol to Identify the Probabilistic Cloning Attacks with required identification reliability for the large-scale RFID systems called IPCA. Then we propose two enhanced protocols called MS-IPCA and S-IPCA respectively to improve the identification efficiency. We theoretically analyze the parameters of the proposed IPCA, MS-IPCA and S-IPCA protocols to maximize the identification efficiency. Finally we conduct extensive simulations to validate the effectiveness of the proposed protocols.

Xiong Li,Chenglian Liu

2012-01-01

Abstract:RFID is a technology for automatic identification and tracking, which as a substitute for barcodes is an important part of The Internet of Things. However, since the inherent characteristic that the information transmitted in the open air can easily be intercepted and eavesdropped, the security and privacy is an important issue for RFID communication system. In this paper, we propose a novel RFID authentication protocol conform to EPC Class-1 Generation-2 tag, and it can detecting cloned tag by using electronic fingerprint method.

Jiawei Li,Ang Li,Dianqi Han,Yan Zhang,Tao Li,Yanchao Zhang

DOI: https://doi.org/10.1109/infocom48880.2022.9796663

2022-01-01

Abstract:Tag cloning and spoofing pose great challenges to RFID applications. This paper presents the design and evaluation of RCID, a novel system to fingerprint RFID tags based on the unique reflection coefficient of each tag circuit. Based on a novel OFDM-based fingerprint collector, our system can quickly acquire and verify each tag's RCID fingerprint which are independent of the RFID reader and measurement environment. Our system applies to COTS RFID tags and readers after a firmware update at the reader. Extensive prototyped experiments on 600 tags confirm that RCID is highly secure with the authentication accuracy up to 97.15% and the median authentication error rate equal to 1.49%. RCID is also highly usable because it only takes about 8 s to enroll a tag and 2 ms to verify an RCID fingerprint with a fully connected multi-class neural network. Finally, empirical studies demonstrate that the entropy of an RCID fingerprint is about 202 bits over a bandwidth of 20 MHz in contrast to the best prior result of 17 bits, thus offering strong theoretical resilience to RFID cloning and spoofing.

Fei Wang,Bin Xiao,Kai Bu,Jinshu Su

DOI: https://doi.org/10.1109/icc.2013.6654842

2013-01-01

Abstract:Blocker tags are initially introduced to protect regular tags in certain ID ranges, called blocking ranges, from unwanted scanning in RFID systems. But if misused, blocker tags can cause blocking attacks that corrupt the communication between interfered regular tags and readers. Previous approaches can only detect blocking behavior. However, they cannot distinguish malicious blocking from legitimate blocking that can be perfectly allowed to protect customer's privacy. To solve the problem, we carry out the first attempt in the paper to detect real blocking attacks by identifying malicious blocking ranges from authorized ones in a system. We present two pioneer probe-based protocols that can accurately identify malicious blocking ranges in popular tree-based RFID systems, and get rid of their impact before performing RFID applications. We validate the efficacy of the two protocols through theoretical analysis and simulation experiments. The results show that our protocols can identify blocking ranges very fast even when the blocker tag percentage is very low, for example, dozens of blocker tags among tens of thousands of regular tags. Our protocols deliver also a faster blocker tag detection than previous detection methods; our best protocol reduces detection time by over 90% compared with the state-of-the-art detection method.

Xuan Liu,Shigeng Zhang,Kai Bu,Bin Xiao

DOI: https://doi.org/10.1109/mass.2012.6502501

2012-01-01

Abstract:The RFID technology greatly improves efficiency of many applications including inventory control, object tracking, and supply chain management. In such applications, it is common that new objects are added into the system or existing objects are misplaced in wrong regions. When this happens, fast and complete identification of such tags is very important. We name this problem unknown tag identification, as these tags appear to be unknown by the reader(s) currently covering them. In this paper, we propose a series of protocols to identify unknown tags completely and fast. In these protocols, we develop several novel techniques to efficiently resolve collisions caused by known tags when identifying unknown tags, which greatly improve the time efficiency. To our knowledge, this is the first work that completely identify all the unknown tags with deterministic approaches. Simulation results show the superior performance of the proposed protocols: Compared with a baseline method which collects IDs of all the tags in the system, our best protocol reduces the execution time by 63% in average and by 85% at most.

Chu,Zhong Huang,Rui Xu,Guangjun Wen,Lilan Liu

DOI: https://doi.org/10.32604/cmc.2020.010190

2020-01-01

Abstract:Blocker tag attack is one of the denial-of-service (DoS) attacks that threatens the privacy and security of RFID systems. The attacker interferes with the blocked tag by simulating a fake tag with the same ID, thus causing a collision of message replies. In many practical scenarios, the number of blocked tags may vary, or even be small. For example, the attacker may only block the important customers or high-value items. To avoid the disclosure of privacy and economic losses, it is of great importance to fast pinpoint these blocked ones. However, existing works do not take into account the impact of the number of blocked tags on the execution time and suffer from incomplete identification of blocked tags, long identification time or privacy leakage. To overcome these limits, we propose a cross layer blocked tag identification protocol (CLBI). CLBI consists of multiple rounds, in which it enables multiple unblocked tags to select one time slot and concurrently verify them by using tag estimation in physical layer. Benefiting from the utilization of most collision slots, the execution time can be greatly reduced. Furthermore, for efficient identification of blocked tags under different proportions, we propose a hybrid protocol named adaptive cross layer blocked tag identification protocol (A-CLBI), which estimates the remaining blocked tag in each round and adjusts the identification strategy accordingly. Extensive simulations show that our protocol outperforms state-of-the-art blocked tags identification protocol.

Xiulong Liu,Xin Xie,Xibin Zhao,Kun Wang,Keqiu Li,Alex X. Liu,Song Guo,Jie Wu

DOI: https://doi.org/10.1109/tmc.2018.2793219

IF: 6.075

2018-01-01

IEEE Transactions on Mobile Computing

Abstract:The widely used RFID systems are vulnerable to the denial-of-service (DoS) attacks launched by malicious blocker tags. This paper studies how to quickly and completely identify the valid RFID tags that are blocked. The existing work that can seemingly address this problem suffers from either low time-efficiency or serious false positives. This paper proposes a hybrid approach that consists of two complementary component protocols, namely Aloha Filtering (AF) and Poll&Listen (PL). AF is fast but inaccurate, while PL is accurate but slow. Taking the merit of each protocol, our hybrid approach is to first repeat the fast AF for multiple rounds to quickly filter out the target tags that are definitely not blocked. Then, on the size-reduced remaining set that just contains a small number of suspicious tags, we invoke the accurate PL to verify the intactness of each suspicious tag with 100 percent confidence. We optimize the round count of AF that trades off between the time costs of AF and PL to minimize the total time of AF+PL. As required in the optimization process, we need to know the size of the blocked tag set and that of the unknown tag set, which, however, are not known in advance. To estimate these two set sizes, we propose a supplementary protocol called Simultaneous Estimation of the Blocked tag size and the Unknown tag size (SEBU). The key advantages of our approach over the prior art are four-fold. First, unlike the detection protocol that just discovers the existence of blocking attacks, our approach exactly identifies all the blocked target tags. Second, our approach is compliant with the C1G2 standard, and does not require any modifications to be made to the commercial RFID tags. It only needs to be installed on readers as a software module. Third, our approach does not involve any false positives. Finally, our approach significantly reduces the execution time when compared with the state-of-the-art schemes that can completely identify the blocked tags.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Xia Wang,Jia Liu,Yanyan Wang,Xingyu Chen,Lijun Chen

DOI: https://doi.org/10.1016/j.comnet.2019.106894

IF: 5.493

2019-12-01

Computer Networks

Abstract:Due to limited on-chip resources, RFID tags may blindly respond to any readers authorized or not, leading to privacy leakage when sensitive data are exposed. A feasible solution to this problem is deploying blocker tags that emulate and behave like the genuine tags. With this deployment, there is always a virtual tag produced by the blocker tag that responds to the reader when the genuine tag to be protected replies, resulting in irreconcilable collisions and thus preventing privacy-leakage. This paper studies the problem of missing tag identification in blocker-enabled RFID systems. Unlike existing work, the reader in this problem will always get the responses from blocker tags even the genuine tags are lost, which makes the existing solutions unavailable. To address this problem, we propose three efficient protocols. The first is a group-based protocol that splits the entire tag set into three subsets and separately deals with each of them in different ways. The second protocol is called collision-reconciled protocol that turns some useless collision slots into useful singleton slots, increasing slot availability and thereby reducing the execution time. The third protocol is a concurrent missing tag identification protocol that improves the time efficiency of missing-event detection by running grouping and missing identification in parallel rather than in sequence. Theoretical analyses and extensive simulations show that our protocols are far superior to benchmark. For example, our best protocol can improve the identification efficiency by a factor of 6.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture