Article

Strengthening EPC tags against cloning

Author:

Ari JuelsAuthors Info & Claims

WiSe '05: Proceedings of the 4th ACM workshop on Wireless security

Pages 67 - 76

https://doi.org/10.1145/1080793.1080805

Published: 02 September 2005 Publication History

Abstract

The EPC (Electronic Product Code) tag is a form of RFID (Radio-Frequency IDentification) device that is emerging as a successor to the printed barcode. Like barcodes, EPC tags emit static codes that serve to identify and track shipping containers and individual objects. EPC tags, though, have a powerful benefit: they communicate in an automated, wireless manner.Some commercial segments, like the pharmaceutical industry, are coming to view EPC tags as a tool to combat counterfeiting. EPC tags are a potent mechanism for object identification, and can facilitate the compilation of detailed object histories and pedigrees. They are poor authenticators, though. EPC tags are vulnerable to elementary cloning and counterfeiting attacks.In this paper, we present simple techniques to strengthen the resistance of EPC tags against elementary cloning attacks. Our proposals are compliant with the EPCglobal Class-1 Generation-2 UHF standard for EPC tags, which is likely to predominate in supply chains. Such EPC tags contain PIN-based access-control and privacy enhancement mechanisms that are meant to enable tag authentication of readers during the transmission of sensitive commands (like the "kill" command). We show how to leverage such PINs to achieve the opposite goal, namely reader authentication of tags. We describe what may be viewed as crude challenge-response authentication protocols. These protocols do not defend against a full range of attacks, but still have significant practical application. Our techniques can strengthen EPC tags against cloning even in environments with untrusted reading devices.

References

[1]

S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, and M. Szydlo. Security analysis of a cryptographically enabled RFID device. In USENIX Security Symposium, 2005. To appear. Available at www.rfidanalysis.org.

Digital Library

[2]

J. Collins. Marks & Spencer expands RFID retail trial. RFID Journal, 10 February 2004.

[3]

EPCglobal Web site. www.epcglobalinc.org, 2005.

[4]

EPC™ Radio-Frequency Identity Protocols Class-1 generation-2 UHF RFID Protocol for Communicaitons at 860 MHz -- 960 Mhz, Version 1.0.8, 2005. Available at http://www.autoid.org.

[5]

Security technology: Where's the smart money? The Economist, pages 69--70, 9 February 2002.

[6]

RFID: eWeek.com special report, 2004.

[7]

M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong authentication for RFID systems using the AES algorithm. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems (CHES), pages 357--370. Springer-Verlag, 2004. LNCS no. 3156.

[8]

K. P. Fishkin, S. Roy, and B. Jiang. Some methods for privacy in RFID communication. In 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 2004), 2004.

Digital Library

[9]

United States Food and Drug Administration. Combatting counterfeit drugs: A report of the Food and Drug Administration, 18 February 2004.

[10]

A. Juels. Minimalist cryptography for low-cost RFID tags. In C. Blundo and S. Cimato, editors, Security in Communication Networks (SCN '04), pages 149--164. Springer-Verlag, 2004. LNCS no. 3352.

Digital Library

[11]

A. Juels. 'Yoking-proofs' for RFID tags. In PerCom Workshops 2004, pages 138--143. IEEE Computer Society, 2004.

Digital Library

[12]

A. Juels and R. Pappu. Squealing Euros: Privacy protection in RFID-enabled banknotes. In R. Wright, editor, Financial Cryptography '03, pages 103--121. Springer-Verlag, 2003. LNCS no. 2742.

[13]

A. Juels, R.L. Rivest, and M. Szydlo. The blocker tag: Selective blocking of RFID tags for consumer privacy. In V. Atluri, editor, 8th ACM Conference on Computer and Communications Security, pages 103--111. ACM Press, 2003.

Digital Library

[14]

K. Kfir and A. Wool. Picking virtual pockets using relay attacks on contactless smartcard systems. In SecureComm '05, 2005. To appear. Available at http://eprint.iacr.org/2005/052.

Digital Library

[15]

J. Mandel, A. Roach, and K. Winstein. MIT Proximity Card Vulnerabilities. Technical report, Massachusetts Institute of Technology, March 2004. Slide presentation. Available at http://web.mit.edu/keithw/Public/MIT-Card-Vulnerabilities-March31.pdf.

[16]

J. Mara. Euro scheme makes money talk. Wired News, 9 July 2003.

[17]

D. McCullagh. RFID tags: Big Brother in small packages. CNet, 13 January 2003. Available at http://news.com.com/2010-1069-980325.html.

[18]

David Molnar and David Wagner. Privacy and Security in Library RFID : Issues, Practices, and Architectures. In B. Pfitzmann and P. McDaniel, editors, Computer and Communications Security, pages 210 -- 219. ACM, 2004.

Digital Library

[19]

Nokia unveils RFID phone reader. RFID Journal, 17 March 2004. Available at http://www.rfidjournal.com/article/view/834.

[20]

RFID, privacy, and corporate data. RFID Journal, 2 June 2003. Feature article. Available at www.rfidjournal.com on subscription basis.

[21]

R. L. Rivest. Chaffing and winnowing: Confidentiality without encryption. CryptoBytes, 4(1):12 -- 17, Summer 1998.

[22]

M. Roberti. EPCglobal ratifies gen 2 standard. RFID Journal, 16 December 2004.

[23]

S. E. Sarma, S. A. Weis, and D.W. Engels. Radio-frequency-identification security risks and challenges. RSA Laboratories. CryptoBytes, 6(1), 2003.

[24]

S.E. Sarma. Towards the five-cent tag. Technical Report MIT-AUTOID-WH-006, MIT Auto ID Center, 2001. Available from http://www.epcglobalinc.org.

[25]

M.I. Shamos. Paper v. electronic voting records - an assessment, 2004. Paper written to accompany panel presentation at Computers, Freedom, and Privacy Conference '04.

[26]

Stop & Shop supermarket company to test ExxonMobil Speedpass. Texas Instruments RFID eNews, 10, July 2002.

[27]

T. Staake, F. Thiesse, and E. Fleisch. Extending the EPC network -- the potential of RFID in anti-counterfeiting. In ACM Symposium on Applied Computing, pages 1607--1612. ACM Press, 2005.

Digital Library

[28]

C.P. Wallace. The color of money. Time Europe, 158(11). 10 September 2001.

[29]

S. A. Weis, S. Sarma, R. Rivest, and D. Engels. Security and privacy aspects of low-cost radio frequency identification systems. In First International Conference on Security in Pervasive Computing, 2003.

[30]

S.A. Weis. Radio-frequency identification security and privacy. Master's thesis, M.I.T., June 2003.

[31]

J. Westhues. Proximity cards, October 2003. Web site. Available at http://cq.cx/prox.pl.

[32]

Wal-Mart, DoD Forcing RFID. Wired News, 3 November 2003.

Cited By

Raso EBianco GBracciale LMarrocco GOcchiuzzi CLoreti P(2022)Privacy-Aware Architectures for NFC and RFID Sensors in Healthcare ApplicationsSensors10.3390/s2224969222:24(9692)Online publication date: 10-Dec-2022
https://doi.org/10.3390/s22249692
Saleh SLei RGuo WElsayed E(2022)A Survey on Counterfeits in the Information and Communications Technology (ICT) Supply ChainProceedings of Seventh International Congress on Information and Communication Technology10.1007/978-981-19-1607-6_75(849-870)Online publication date: 3-Aug-2022
https://doi.org/10.1007/978-981-19-1607-6_75
Tan CLi Q(2022)A Robust and Secure RFID-Based Pedigree System (Short Paper)Information and Communications Security10.1007/11935308_2(21-29)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/11935308_2
Show More Cited By

Index Terms

Strengthening EPC tags against cloning
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems

Recommendations

Extending the EPC network: the potential of RFID in anti-counterfeiting
SAC '05: Proceedings of the 2005 ACM symposium on Applied computing

The International Chamber of Commerce estimates that seven percent of the world trade is in counterfeit goods, with the counterfeit market being worth 500 billion USD in 2004. Many companies already use overt anti-counterfeiting measures like holograms ...
EPC RFID tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond
CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

EPC (Electronic Product Code) tags are industry-standard RFID devices poised to supplant optical barcodes in many applications. We explore the systemic risks and challenges created by the increasingly common use of EPC for security applications. As a ...
Shoehorning security into the EPC tag standard
SCN'06: Proceedings of the 5th international conference on Security and Cryptography for Networks

The EPCglobal Class-1 Generation-2 UHF tag standard is certain to become the de facto worldwide specification for inexpensive RFID tags. Because of its sharp focus on simple “license plate” tags, it supports only the most rudimentary of security and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSe '05: Proceedings of the 4th ACM workshop on Wireless security

September 2005

116 pages

ISBN:1595931422

DOI:10.1145/1080793

Conference Chairs:
Markus Jakobsson
Indiana University at Bloomington
,
Radha Poovendran
University of Washington

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 September 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

WiSE05

Sponsor:

WiSE05: 2005 ACM Workshop on Wireless Security ( co-located with Mobicom 2005 Conference )

September 2, 2005

Cologne, Germany

Acceptance Rates

Overall Acceptance Rate 10 of 41 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

137
Total Citations
View Citations
1,733
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)3

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Raso EBianco GBracciale LMarrocco GOcchiuzzi CLoreti P(2022)Privacy-Aware Architectures for NFC and RFID Sensors in Healthcare ApplicationsSensors10.3390/s2224969222:24(9692)Online publication date: 10-Dec-2022
https://doi.org/10.3390/s22249692
Saleh SLei RGuo WElsayed E(2022)A Survey on Counterfeits in the Information and Communications Technology (ICT) Supply ChainProceedings of Seventh International Congress on Information and Communication Technology10.1007/978-981-19-1607-6_75(849-870)Online publication date: 3-Aug-2022
https://doi.org/10.1007/978-981-19-1607-6_75
Tan CLi Q(2022)A Robust and Secure RFID-Based Pedigree System (Short Paper)Information and Communications Security10.1007/11935308_2(21-29)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/11935308_2
Pal K(2021)Applications of Radio Frequency Identification Technology and Security Issues in Supply Chain ManagementHandbook of Research on Recent Perspectives on Management, International Trade, and Logistics10.4018/978-1-7998-5886-7.ch013(237-264)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-5886-7.ch013
Qian YYe FChen H(2021)ReferencesSecurity in Wireless Communication Networks10.1002/9781119244400.ref(333-343)Online publication date: 25-Nov-2021
https://doi.org/10.1002/9781119244400.ref
Qian YYe FChen H(2021)RFID SecuritySecurity in Wireless Communication Networks10.1002/9781119244400.ch10(193-205)Online publication date: 25-Nov-2021
https://doi.org/10.1002/9781119244400.ch10
Ksiazak PFarrelly WCurran K(2020)A Lightweight Authentication and Encryption Protocol for Secure Communications Between Resource-Limited Devices Without Hardware ModificationResearch Anthology on Artificial Intelligence Applications in Security10.4018/978-1-7998-7705-9.ch028(586-630)Online publication date: 27-Nov-2020
https://doi.org/10.4018/978-1-7998-7705-9.ch028
Yushmanov A(2020)DEVELOP A COMPREHENSIVE SECURITY SYSTEMInterexpo GEO-Siberia10.33764/2618-981X-2020-7-1-140-1487:1(140-148)Online publication date: 8-Jul-2020
https://doi.org/10.33764/2618-981X-2020-7-1-140-148
Lounis KZulkernine M(2020)Attacks and Defenses in Short-Range Wireless Technologies for IoTIEEE Access10.1109/ACCESS.2020.29935538(88892-88932)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2993553
Miller CHinders MHinders M(2020)Classification of RFID Tags with Wavelet FingerprintingIntelligent Feature Selection for Machine Learning Using the Dynamic Wavelet Fingerprint10.1007/978-3-030-49395-0_7(207-246)Online publication date: 2-Jul-2020
https://doi.org/10.1007/978-3-030-49395-0_7
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents