Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFID Fingerprints To Fight Tag Cloning

Posted by Soulskill on from the cloning-is-bad-haven't-you-seen-scifi dept.

Bourdain writes with news out of the University of Arkansas, where researchers are looking for ways to combat counterfeit RFID tags. Passive tags typically wait for a reader to transmit a signal of the appropriate strength and frequency before sending their own transmission. The scientists found that the amount of power required to trigger this varies quite a bit from one tag to the next, especially when many different frequencies are sampled. This and other physical characteristics give the tag its own "fingerprint" that is independent of the signal information stored in its memory, which the researchers say will facilitate the detection of cloned tags.

8 of 59 comments (clear)

  1. Potentiometer by White+Flame · · Score: 2, Interesting

    So if I have a pot wired across the power receiver, I can twiddle it until it matches. If people know the factors being sampled, they can adjust them.

  2. Does this say the same at 55-70+ mph or just at by Joe+The+Dragon · · Score: 3, Interesting

    Does this say the same at 55-70+ mph or just at much lower walking speeds?

  3. What's the point? by AdamInParadise · · Score: 2, Interesting

    Just use a sensible crypographic authentication mechanism and be done with it. I guess that it is interesting from a "pure science" point of view but I'm not quite sure that this should be used to detect fake passports.

    --
    Nobox: Only simple products.
    1. Re:What's the point? by Anonymous Coward · · Score: 1, Interesting

      They are dealing with passive RFID chips, so they probably want to keep the chips cheap and put the smarts in the reader. I agree that simply using more expensive RFID chips would make far more sense if security is an issue.

    2. Re:What's the point? by sdiz · · Score: 2, Interesting

      These are passive tags, i.e. ultra-low power consumption. You can't put any decent crypto on it.

    3. Re:What's the point? by oljanx · · Score: 2, Interesting

      It's not practical for a passive RFID tag to provide cryptographically secure authentication. Only a very small amount of power can be transmitted from the reader to the tag, just enough to transmit back a fairly simple ID. If you want a secure challenge/response mechanism it would require much more power, an active tag would be required.

  4. Re:Security enhancement at best by Anonymous Coward · · Score: 1, Interesting

    Then duplicate them in hardware?

  5. full clone by Spaham · · Score: 2, Interesting

    well, they'll just have to clone that parameter too.
    Unless of course the industrial process used to create the tags makes each one of them a bit different,
    hence defeating the identification in the first place.