Researchers Improve RFID Tag Security

Three scientists at the University of Massachusetts Amherst have devised an inexpensive and efficient way to improve security for RFID tags, the wireless devices that allow consumers to pay for their gas or access buildings without pulling out their wallets. The breakthrough, which uses variations in the tags’ existing memory cells, will make their stored information more secure while retaining their small, convenient size.

In July, Wayne Burleson of electrical and computer engineering, and Kevin Fu of computer science, along with electrical and computer engineering graduate student Dan Holcomb presented their results at the annual Conference on RFID Security, which were later published in the society’s proceedings. The multi-disciplinary collaboration among cryptographers and engineers, called the RFID Consortium for Security and Privacy (RFID-CUSP, http://www.rfid-cusp.org), is part of a research initiative funded by a $1.1 million grant from the National Science Foundation to improve security for the wireless “smart tag” gadgets.

“We believe we’re the first to show how a common existing circuit can both identify specific tags and protect their data,” said Burleson. “The key innovation is applying the technology to RFID tags, since they’re such tiny devices with very small memories.”

RFID tags are already used in countless identification and tracking methods, such as passports and inventory control. A common use of these devices is in access control systems, such as corporate or government ID cards, that allow access to buildings and rooms through a tiny radio frequency transmitter. Embedded in these tags are passive systems that respond automatically to electromagnetic fields produced by radio antennas trying to read the tags’ memory. This technology, while convenient, can be susceptible to breaches in security; for example, credit cards that use RFID technology are vulnerable to thieves who, with the appropriate equipment, can read information from the card without the victim ever taking it out of a pocket.

The team’s new security method uses the concept of random numbers, which are used to encrypt data sent by the tags so that each message transmitted is unique. Machines with the right hardware and software, such as your desktop computer, can easily produce a string of random numbers; however, the tiny circuitry of a matchbook-sized RFID tag isn’t built for that function. The UMass Amherst researchers’ work eliminates the need for specific machinery dedicated to the task. Using specialized software, the tag readers will be able to extract unique data from the tags’ existing hardware.

“An RFID tag has the unusual property that it’s powered up and down by an external source because it doesn’t have a battery,” Burleson said. “We exploit the powering up process and allow the tag’s physical properties to do the work.”

The method relies on the fact that the memory cells within an RFID tag lose all the information stored in them when a power supply is removed. But just when a tag is powered up -- in this case, by the receiver of the transmission -- some of its memory cells will fluctuate randomly between two binary states before settling onto a stable value. This effect is used to create a series of numbers that allow the RFID to authenticate itself to a reading device.

Since each tag varies slightly from all the others in some ways, such as its threshold voltages and minor dissimilarities in hardware, the variations in each tag’s memory cells are also enough to be used to identify each individual tag. The tag’s producer can use this property to distinguish between tags and detect illicitly cloned tags.

“There’s enough complexity in each one that can give it a unique fingerprint,” said Burleson. Burleson emphasized that the work is still preliminary and that some issues remain unresolved, including the effects of temperature, noise and data retention on the ability to generate quality random numbers and tag identifications. A new larger collaboration between the departments, called Trusted Reliable Embedded Networked Devices and Systems (TRENDS), will explore these issues in the area of embedded security.

Featured

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.