Kai Bu,Minyu Weng,Yi Zheng,Bin Xiao,Xuan Liu

DOI: https://doi.org/10.1109/comst.2017.2688411

2017-01-01

Abstract:Radio-frequency identification (RFID) is one of the driving technologies for Internet of Things. The architecture-succinctness and cost-effectiveness of RFID tags promise their proliferation as well as allure security and privacy breaches. The cloning attack using clone tags to impersonate genuine tags can lead to unimaginable threats because RFID applications equate tag genuineness to the authenticity of tagged objects. Proposed countermeasures, however, keep showing limitations in effectiveness, efficiency, security, privacy, or applicability as new RFID applications emerge. The countermeasures therefore require constant review and improvement to stay at the leading edge. In this paper, we conduct the first comprehensive and systematic survey of RFID clone prevention and detection solutions. We systematically classify existing RFID cloning countermeasures over the period 2003-2016, sketch the main idea and highlight the strengths and weaknesses of each solution type, and summarize the similarity and difference among solution types. We find that RFID cloning countermeasures turn to be much more complex to design than they were thought in the literature. Prevention solutions can hardly thwart RFID cloning completely. Detection solutions may have specific application requirements to take effect. Many open issues further complicate the design of RFID cloning countermeasures. We hope that our survey can provide academic researchers and industrial engineers with useful references to combat RFID cloning and therefore to secure RFID ecosystem.

Weiqing Huang,Yanfang Zhang,Yue Feng

DOI: https://doi.org/10.3390/s20082378

IF: 3.9

2020-01-01

Sensors

Abstract:With the rapid development of the internet of things, radio frequency identification (RFID) technology plays an important role in various fields. However, RFID systems are vulnerable to cloning attacks. This is the fabrication of one or more replicas of a genuine tag, which behave exactly as a genuine tag and fool the reader to gain legal authorization, leading to potential financial loss or reputation damage. Many advanced solutions have been proposed to combat cloning attacks, but they require extra hardware resources, or they cannot detect a clone tag in time. In this article, we make a fresh attempt to counterattack tag cloning based on spatiotemporal collisions. We propose adaptable clone detection (ACD), which can intuitively and accurately display the positions of abnormal tags in real time. It uses commercial off-the-shelf (COTS) RFID devices without extra hardware resources. We evaluate its performance in practice, and the results confirm its success at detecting cloning attacks. The average accuracy can reach 98.7%, and the recall rate can reach 96%. Extensive experiments show that it can adapt to a variety of RFID application scenarios.

Yue Feng,Weiqing Huang,Siye Wang,Yanfang Zhang,Shang Jiang,Ziwen Cao

DOI: https://doi.org/10.1007/978-3-031-24386-8_5

2022-01-01

Abstract:Millions of radio frequency identification (RFID) tags are pervasively used all around the globe to identify a wide variety of objects inexpensively. However, the tag cannot use energy-hungry cryptography due to the limit of size and production costs, and it is vulnerable to cloning attacks. A cloning attack fabricates one or more replicas of a genuine tag, which behave the same as the genuine tag and can deceive the reader to obtain legitimate authorization, leading to potential economic loss or reputation damage. Among the existing solutions, the methods based on radio frequency (RF) fingerprints are attractive because they can detect cloning attacks and identify the clone tags. They leverage the unique imperfections in the tag's wireless circuitry to achieve largescale RFID clone detection. However, training a high-precision detection model requires a large amount of data and high-performance hardware devices. And some methods require professional instruments such as oscilloscopes to collect fine-grained RF signals. For these reasons, we propose a lightweight clone detection method Anti-Clone. We combine convolutional neural networks (CNN) with transfer learning to combat data-constrained learning tasks. Extensive experiments on commercial off-the-shelf (COTS) RFID devices demonstrate that Anti-Clone is more lightweight than the existing methods without sacrificing detection accuracy. The detection accuracy reaches 98.4%, and the detection time is less than 5 s.

Kai Bu,Xuan Liu,Bin Xiao

DOI: https://doi.org/10.1109/iwqos.2012.6245962

2012-01-01

Abstract:Tag cloning attacks threaten a variety of Radio Frequency Identification (RFID) applications but are hard to prevent. To secure RFID applications that confine tagged objects in the same RFID system, this paper studies the cloned-tag identification problem. Although limited existing work has shed some light on the problem, designing fast cloned-tag identification protocols for applications in large-scale RFID systems is yet not thoroughly investigated. To this end, we propose leveraging broadcast and collisions to identify cloned tags. This approach relieves us from resorting to complex cryptography techniques and time-consuming transmission of tag IDs. Based on this approach, we derive a time lower bound on cloned-tag identification and propose a suite of time-efficient protocols toward approaching the time lower bound. The execution time of our protocol is only 1.4 times the value of the time lower bound, being up to 91% less than that of the existing protocol. The proposed protocols may benefit also RFID applications that distribute tagged objects across multiple places.

Kai Bu,Xuan Liu,Bin Xiao

DOI: https://doi.org/10.1016/j.adhoc.2013.08.011

IF: 4.816

2014-01-01

Ad Hoc Networks

Abstract:Tag cloning attacks threaten a variety of Radio Frequency Identification (RFID) applications but are hard to prevent. To secure RFID applications that confine tagged objects in the same RFID system, this paper studies the cloned-tag identification problem. Although limited existing work has shed some light on the problem, designing fast cloned-tag identification protocols for applications in large-scale RFID systems is yet not thoroughly investigated. To this end, we propose leveraging broadcast and collisions to identify cloned tags. This approach relieves us from resorting to complex cryptography techniques and time-consuming transmission of tag IDs. Based on this approach, we derive a time lower bound on cloned-tag identification and propose a suite of time-efficient protocols toward approaching the time lower bound. The execution time of our protocol is only 1.4 times the value of the time lower bound, being over 91% less than that of the existing protocol. Even better, we further dig up an adaptive protocol that can yield higher time efficiency under some scenarios. The proposed protocols may benefit also RFID applications that distribute tagged objects across multiple places.

Xingyu Chen,Jia Liu,Xia Wang,Xiaocong Zhang,Yanyan Wang,Lijun Chen

DOI: https://doi.org/10.1109/sahcn.2018.8397134

2018-01-01

Abstract:In RFID systems, a cloning attack is to fabricate one or more replicas of a genuine tag, so that these replicas behave exactly the same as the genuine tag and fool the reader for getting legal authorization, leading to potential financial loss or reputation damage for the corporations. These replicas are called clone tags. Although many advanced solutions have been proposed to combat cloning attack, they need to either modify the MAC- layer protocols or increase extra hardware resources, which cannot be deployed on commercial off-the-shelf (COTS) RFID devices for practical use. In this paper, we take a fresh attempt to counterattack tag cloning based on COTS RFID devices and the universal C1G2 standard, without any software redesign or hardware augment needed. The basic idea is to use the RF signal profile to characterize each tag. Since these physical-layer data are measured by the reader and susceptible to various environmental factors, they are hard to be estimated by the attackers; let alone be cloned. Even so, we assert that it is challenging to identify clone tags as the signal data from a genuine tag and its clones are all mixed together. Besides, the tag moving has a great impact on the measured RF signals. To overcome these challenges, we propose a clustering-based scheme that detects the cloning attack in the still scene and a chain- based scheme for clone detection in the dynamic scene, respectively. Extensive experiments on COTS RFID devices demonstrate that the detection accuracy of our approaches reaches 99.8% in a still case and 99.3% in a dynamic scene.

Kai Bu,Mingjie Xu,Xuan Liu,Jiaqing Luo,Shigeng Zhang

DOI: https://doi.org/10.1109/mass.2014.12

2014-01-01

Abstract:Cloning attacks seriously impede the security of Radio-Frequency Identification (RFID) applications. In this paper, we tackle deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few clones tolerated. We propose two protocols, BASE and DeClone, toward fast and deterministic clone detection for large anonymous RFID systems. BASE leverages the observation that clone tags make tag cardinality exceed ID cardinality. DeClone is built on a recent finding that clone tags cause collisions that are hardly reconciled through rearbitration. For DeClone to achieve detection certainty, we design breadth first tree traversal toward quickly verifying unreconciled collisions and hence the cloning attack. We validate their detection performance through analysis and simulation. The results show that BASE delivers faster detection for small systems while DeClone for large ones especially when clone ratio increases.

Kai Bu,Xuan Liu,Jiaqing Luo,Bin Xiao,Guiyi Wei

DOI: https://doi.org/10.1109/TIFS.2012.2237395

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloning attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing cloning attack detection methods are enslaved to the knowledge of tag identifiers (IDs). Tag IDs, however, should be protected to enable and secure privacy-sensitive applications in anonymous RFID systems. In a first step, this paper tackles cloning attack detection in anonymous RFID systems without requiring tag IDs as a priori. To this end, we leverage unreconciled collisions to uncover cloning attacks. An unreconciled collision is probably due to responses from multiple tags with the same ID, exactly the evidence of cloning attacks. This insight inspires GREAT, our pioneer protocol for cloning attack detection in anonymous RFID systems. We evaluate the performance of GREAT through theoretical analysis and extensive simulations. The results show that GREAT can detect cloning attacks in anonymous RFID systems fairly fast with required accuracy. For example, when only six out of 50,000 tags are cloned, GREAT can detect the cloning attack in 75.5 s with a probability of at least 0.99.

Kai Bu,Mingjie Xu,Xuan Liu,Jiaqing Luo,Shigeng Zhang,Minyu Weng

DOI: https://doi.org/10.1109/TII.2015.2482921

IF: 12.3

2015-01-01

IEEE Transactions on Industrial Informatics

Abstract:Cloning attacks seriously impede the security of radio-frequency identification (RFID) applications. This paper tackles deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few cl...

Xiulong Liu,Heng Qi,Keqiu Li,Jie Wu,Weilian Xue,Geyong Min,Bin Xiao

DOI: https://doi.org/10.1007/978-3-319-11197-1_7

2014-01-01

Abstract:This paper studies a practically important problem of cloned tag detection in large-scale RFID systems where an attacker compromises genuine tags and produces their replicas, namely cloned tags, to threaten RFID applications. Although many efforts have been made to address this problem, the existing work can hardly satisfy the stringent real-time requirement, and thus cannot catch cloning attacks in a time-efficient way. Moreover, the existing work does not consider energy-efficiency, which is very critical when battery-powered active tags are used. To fill these gaps, this paper proposes a Location Polling-based Cloned tag Detection (LP-CTD) protocol by taking both time-efficiency and energy-efficiency into consideration. LP-CTD reports the existence of cloned tags when the reader finds an expected singleton slot appearing as collision one. To improve the efficiency of detecting cloned tags, only sampled tags in LP-CTD participate in the detection process. Theoretical analysis on the proposed protocol is conducted to minimize their execution time and energy consumption. Extensive simulation experiments are conducted to evaluate the performance of the proposed protocols. The results demonstrate that the proposed LP-CTD protocol considerably outperforms the latest related protocols by reducing more than 80% of the execution time, and more than 90% of the energy consumption.

Qingjun Xiao,Bin Xiao,Shigang Chen,Jiming Chen

DOI: https://doi.org/10.1109/TNET.2016.2586308

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:RFID technology has been widely adopted for real-world applications, such as warehouse management, logistic control, and object tracking. This paper focuses on a new angle of applying RFID technology—monitoring the temporal change of a tag set in a certain region, which is called churn estimation. This problem is to provide quick estimations on the number of new tags that have entered a monitored region, and the number of pre-existing tags that have departed from the region, within a predefined time interval. The traditional cardinality estimator for a single tag set cannot be applied here, and the conventional tag identification protocol that collects all tag IDs takes too much time, especially when the churn estimation needs to perform frequently to support real-time monitoring. This paper will take a new solution path, in which a reader periodically scans the tag set in a region to collect their compressed aggregate information in the form of empty/singleton/collision time slots. This protocol can reduce the time cost of attaining pre-set accuracy by at least 35%, when comparing with a previous work that uses only the information of idle/busy slots. Such a dramatic improvement is due to our awareness of collision slot state and the full utilization of slot state changes. Our proposed churn estimator, as shown by the extensive analysis and simulation studies, can be configured to meet any pre-set accuracy requirement with a statistical error bound that can be made arbitrarily small.

Qingjun Xiao,Bin Xiao,Shigang Chen,Jiming Chen

DOI: https://doi.org/10.1109/tnet.2016.2586308

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:RFID technology has been widely adopted for real-world applications, such as warehouse management, logistic control, and object tracking. This paper focuses on a new angle of applying RFID technology-monitoring the temporal change of a tag set in a certain region, which is called churn estimation. This problem is to provide quick estimations on the number of new tags that have entered a monitored region, and the number of pre-existing tags that have departed from the region, within a predefined time interval. The traditional cardinality estimator for a single tag set cannot be applied here, and the conventional tag identification protocol that collects all tag IDs takes too much time, especially when the churn estimation needs to perform frequently to support real-time monitoring. This paper will take a new solution path, in which a reader periodically scans the tag set in a region to collect their compressed aggregate information in the form of empty/singleton/collision time slots. This protocol can reduce the time cost of attaining pre-set accuracy by at least 35%, when comparing with a previous work that uses only the information of idle/busy slots. Such a dramatic improvement is due to our awareness of collision slot state and the full utilization of slot state changes. Our proposed churn estimator, as shown by the extensive analysis and simulation studies, can be configured to meet any pre-set accuracy requirement with a statistical error bound that can be made arbitrarily small.

Manmeet Mahinderjit-Singh,Xue Li,Zhanhuai Li

DOI: https://doi.org/10.7726/jait.2013.1002

2013-01-01

Journal of Advanced Internet of Things

Abstract:Counterfeiting is a generalized term which includes both the act of RFID tags, cloning and fraud. RFID tag counterfeiting attacks lead to financial losses, loss of trust and confidence in the adoption and acceptance of RFID technology. The challenge of implementing a cost-based counterfeit detection system in RFID supply chains is non-trivial because counterfeit tags exist across billions of RFID tags. In this paper, a cost-sensitive learning approach is presented. The motivation of this work is to effectively reduce the overall cost of counterfeiting attack for RFID tagged products. Experiments are conducted to present the efficiency, effectiveness, misclassification cost and test cost evaluations. Findings from this paper conclude that MetaCost learners provide the best result. However, when compared to AdaCost, MetaCost is more expensive in classifying counterfeit tags.

Xin Ai,Honglong Chen,Kai Lin,Zhibo Wang,Jiguo Yu

DOI: https://doi.org/10.1109/tifs.2020.3023785

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Radio-Frequency Identification (RFID) is an emerging technology which has been widely applied in various scenarios, such as tracking, object monitoring, and social networks, etc. Cloning attacks can severely disturb the RFID systems, such as missed detection for the missing tags. Although there are some techniques with physical architecture design or complicated encryption and cryptography proposed to prevent the tags from being cloned, it is difficult to definitely avoid the cloning attack. Therefore, cloning attack detection and identification are critical for the RFID systems. Prior works rely on that each clone tag will reply to the reader when its corresponding genuine tag is queried. In this article, we consider a more general attack model, in which each clone tag replies to the reader's query with a predefined probability, i.e., attack probability. We concentrate on identifying the tags being attacked with the probability no less than a threshold $P_{t}$ with the required identification reliability $\alpha $ . We first propose a basic protocol to Identify the Probabilistic Cloning Attacks with required identification reliability for the large-scale RFID systems called IPCA. Then we propose two enhanced protocols called MS-IPCA and S-IPCA respectively to improve the identification efficiency. We theoretically analyze the parameters of the proposed IPCA, MS-IPCA and S-IPCA protocols to maximize the identification efficiency. Finally we conduct extensive simulations to validate the effectiveness of the proposed protocols.

Xiong Li,Chenglian Liu

2012-01-01

Abstract:RFID is a technology for automatic identification and tracking, which as a substitute for barcodes is an important part of The Internet of Things. However, since the inherent characteristic that the information transmitted in the open air can easily be intercepted and eavesdropped, the security and privacy is an important issue for RFID communication system. In this paper, we propose a novel RFID authentication protocol conform to EPC Class-1 Generation-2 tag, and it can detecting cloned tag by using electronic fingerprint method.

Fei Wang,Bin Xiao,Kai Bu,Jinshu Su

DOI: https://doi.org/10.1109/icc.2013.6654842

2013-01-01

Abstract:Blocker tags are initially introduced to protect regular tags in certain ID ranges, called blocking ranges, from unwanted scanning in RFID systems. But if misused, blocker tags can cause blocking attacks that corrupt the communication between interfered regular tags and readers. Previous approaches can only detect blocking behavior. However, they cannot distinguish malicious blocking from legitimate blocking that can be perfectly allowed to protect customer's privacy. To solve the problem, we carry out the first attempt in the paper to detect real blocking attacks by identifying malicious blocking ranges from authorized ones in a system. We present two pioneer probe-based protocols that can accurately identify malicious blocking ranges in popular tree-based RFID systems, and get rid of their impact before performing RFID applications. We validate the efficacy of the two protocols through theoretical analysis and simulation experiments. The results show that our protocols can identify blocking ranges very fast even when the blocker tag percentage is very low, for example, dozens of blocker tags among tens of thousands of regular tags. Our protocols deliver also a faster blocker tag detection than previous detection methods; our best protocol reduces detection time by over 90% compared with the state-of-the-art detection method.

Kai Xing,Fang Liu,Xiuzhen Cheng,David H. C. Du

DOI: https://doi.org/10.1109/icdcs.2008.55

2008-01-01

Abstract:A central problem in sensor network security is that sensors are susceptible to physical capture attacks. Once a sensor is compromised, the adversary can easily launch clone attacks by replicating the compromised node, distributing the clones throughout the network, and starting a variety of insider attacks. Previous works against clone attacks suffer from either a high communication/storage overhead or a poor detection accuracy. In this paper, we propose a novel scheme for detecting clone attacks in sensor networks, which computes for each sensor a social fingerprint by extracting the neighborhood characteristics, and verifies the legitimacy of the originator for each message by checking the enclosed fingerprint. The fingerprint generation is based on the superimposed s-disjunct code, which incurs a very light communication and computation overhead. The fingerprint verification is conducted at both the base station and the neighboring sensors, which ensures a high detection probability. The security and performance analysis indicate that our algorithm can identify clone attacks with a high detection probability at the cost of a low computation/communication/storage overhead. To our best knowledge, our scheme is the first to provide realtime detection of clone attacks in an effective and efficient way.

Rui Li,Jinsong Han,Zhi Wang,Jizhong Zhao,Yihong Gong,Xiaobin Zhang

DOI: https://doi.org/10.1155/2013/148353

IF: 1.938

2013-01-01

International Journal of Distributed Sensor Networks

Abstract:Mitigating anomalies are crucial for trajectory management in logistics and supply chain systems. Among variant devices for trace detection, computational radio frequency identification (CRFID) tags are promising to draw precise trajectory from the data reported by their accelerometers. However, full coverage of the processing flow using RFID readers is usually cost inefficient, sometimes impractical. In this paper, we propose to employ CRFID tags as tagging devices and develop a working system, Tracer, for precise trajectory detection. Instead of covering the entire processing area, Tracer only deploys RFID readers in essential regions to detect the mishandling, loss, and other abnormal states of items. We design a tree-indexed Markov chain framework, which leverages statistical methods to enable fine-grained and dynamic trajectory management. Results from a preliminarily deployment on a real baggage handling system and trace-driven simulations demonstrate that Tracer is effective to detect the anomalous events with low cost and high accuracy.

Mauro Piva,Gaia Maselli,Francesco Restuccia

DOI: https://doi.org/10.48550/arXiv.2105.03671

2021-05-08

Abstract:Millions of RFID tags are pervasively used all around the globe to inexpensively identify a wide variety of everyday-use objects. One of the key issues of RFID is that tags cannot use energy-hungry cryptography. For this reason, radio fingerprinting (RFP) is a compelling approach that leverages the unique imperfections in the tag's wireless circuitry to achieve large-scale RFID clone detection. Recent work, however, has unveiled that time-varying channel conditions can significantly decrease the accuracy of the RFP process. We propose the first large-scale investigation into RFP of RFID tags with dynamic channel conditions. Specifically, we perform a massive data collection campaign on a testbed composed by 200 off-the-shelf identical RFID tags and a software-defined radio (SDR) tag reader. We collect data with different tag-reader distances in an over-the-air configuration. To emulate implanted RFID tags, we also collect data with two different kinds of porcine meat inserted between the tag and the reader. We use this rich dataset to train and test several convolutional neural network (CNN)--based classifiers in a variety of channel conditions. Our investigation reveals that training and testing on different channel conditions drastically degrades the classifier's accuracy. For this reason, we propose a novel training framework based on federated machine learning (FML) and data augmentation (DAG) to boost the accuracy. Extensive experimental results indicate that (i) our FML approach improves accuracy by up to 48%; (ii) our DA approach improves the FML performance by up to 31%. To the best of our knowledge, this is the first paper experimentally demonstrating the efficacy of FML and DA on a large device population. We are sharing with the research community our fully-labeled 200-GB RFID waveform dataset, the entirety of our code and trained models.

Machine Learning,Networking and Internet Architecture

Degang Sun,Yue Cui,Yue Feng,Jinxing Xie,Siye Wang,Yanfang Zhang

DOI: https://doi.org/10.1007/978-3-030-85928-2_27

2021-01-01

Abstract:Nowadays, Radio Frequency Identification (RFID) has become one of the most deployed Internet of Things (IoT) technologies. The security threats it facing are gaining more and more attention. In this paper, we focus on the intrusion based on unauthorized (malicious) readers by catching the information of tags and modifying the tags via a standard protocol. We design URTracker to realize the detection and localization of unauthorized readers. This system has two parts: For detection, we analyze the features of reader interference and the RFID signal channel model and propose a throughput-based method. For localization, we use the relationship between throughput and the position as fingerprints, model the localization process into a Markov Decision Process (MDP) for training via deep reinforcement learning (DRL). Experiment results show that URTracker can achieve high accuracy to detect unauthorized readers and low location error for tracking the trajectories.