Researchers Improve RFID Tag Security

• Oct 08, 2007

Three scientists at the University of Massachusetts Amherst have devised an inexpensive and efficient way to improve security for RFID tags, the wireless devices that allow consumers to pay for their gas or access buildings without pulling out their wallets. The breakthrough, which uses variations in the tags’ existing memory cells, will make their stored information more secure while retaining their small, convenient size.

In July, Wayne Burleson of electrical and computer engineering, and Kevin Fu of computer science, along with electrical and computer engineering graduate student Dan Holcomb presented their results at the annual Conference on RFID Security, which were later published in the society’s proceedings. The multi-disciplinary collaboration among cryptographers and engineers, called the RFID Consortium for Security and Privacy (RFID-CUSP, http://www.rfid-cusp.org), is part of a research initiative funded by a $1.1 million grant from the National Science Foundation to improve security for the wireless “smart tag” gadgets.

“We believe we’re the first to show how a common existing circuit can both identify specific tags and protect their data,” said Burleson. “The key innovation is applying the technology to RFID tags, since they’re such tiny devices with very small memories.”

RFID tags are already used in countless identification and tracking methods, such as passports and inventory control. A common use of these devices is in access control systems, such as corporate or government ID cards, that allow access to buildings and rooms through a tiny radio frequency transmitter. Embedded in these tags are passive systems that respond automatically to electromagnetic fields produced by radio antennas trying to read the tags’ memory. This technology, while convenient, can be susceptible to breaches in security; for example, credit cards that use RFID technology are vulnerable to thieves who, with the appropriate equipment, can read information from the card without the victim ever taking it out of a pocket.

The team’s new security method uses the concept of random numbers, which are used to encrypt data sent by the tags so that each message transmitted is unique. Machines with the right hardware and software, such as your desktop computer, can easily produce a string of random numbers; however, the tiny circuitry of a matchbook-sized RFID tag isn’t built for that function. The UMass Amherst researchers’ work eliminates the need for specific machinery dedicated to the task. Using specialized software, the tag readers will be able to extract unique data from the tags’ existing hardware.

The method relies on the fact that the memory cells within an RFID tag lose all the information stored in them when a power supply is removed. But just when a tag is powered up -- in this case, by the receiver of the transmission -- some of its memory cells will fluctuate randomly between two binary states before settling onto a stable value. This effect is used to create a series of numbers that allow the RFID to authenticate itself to a reading device.

Since each tag varies slightly from all the others in some ways, such as its threshold voltages and minor dissimilarities in hardware, the variations in each tag’s memory cells are also enough to be used to identify each individual tag. The tag’s producer can use this property to distinguish between tags and detect illicitly cloned tags.

“There’s enough complexity in each one that can give it a unique fingerprint,” said Burleson. Burleson emphasized that the work is still preliminary and that some issues remain unresolved, including the effects of temperature, noise and data retention on the ability to generate quality random numbers and tag identifications. A new larger collaboration between the departments, called Trusted Reliable Embedded Networked Devices and Systems (TRENDS), will explore these issues in the area of embedded security.