Anti-counterfeiting via Federated RFID Tags’ Diversities

Lei YangTsinghua University

Pai Peng, Fan Dang, Xiang-Yang Li, Yunhao Liu

Diversity

Fingerprinting genuineness04.

Outline

Overview02.Fingerprinting tags03.

Discussion06.Validating genuineness05.

Motivation01.

Implementation and evaluation07.

Conclusion08.

Motivation1

Motivation

WHO ： 7~10% of the world’s pharmaceuticals are counterfeits in developed countries, 25%~50% in developing countries.

Online counterfeit sales cost about $135 billions in 2011.

Hong Kong Customs seized 55,000 fake drugs, worth around 5Millions HK$ each year.

China loses about 600 billion per year due to fake goods.

5% of world trade!

State-of-art

How to deal with counterfeiting using RFID technology?

“5F8KJ3”

“949837428”

“74AB8”

Serial number based anti-counterfeiting

State-of-art

Eavesdropping

Cloning

Replaying

RFID enabled anti-counterfeiting

State-of-art

Tag

(3)

(1 ) 𝑟

(2 )h(𝑟 ,𝑘)

𝑘1 ,𝑘2 ,⋯ ,𝑘𝑁

Side-channel

Reverse engineering

Encryption based anti-counterfeiting

Cloning

RFID enabled anti-counterfeiting

Our approach

Tagrint

RFID diversity based anti-counterfeiting

TagPrint

How TagPrint works?2Overview the basic idea

RFID Diversity

Double distance

❶𝑩𝒂𝒕𝒕𝒆𝒓𝒚 𝒇𝒓𝒆𝒆

Continuous wave

Device diversity

RFID diversity

Double distance

❶𝑩𝒂𝒕𝒕𝒆𝒓𝒚 𝒇𝒓𝒆𝒆

Continuous wave

Phase fingerprint Antenna size, impedance matching, clock skew, gain, …..

• Validation is totally offline.

• The validation must be user-friendly.

• The price is cheap enough.

• Defending against various attacks, reverse engineering, eavesdropping, cloning, etc.

Goal

System Entities (Roles)

Tag Provider

Product Manufacture

Consumer

Overview

Overview

Tag Provider

The tag provider manufactures the RFID tags, like Alien or ImpinJ Corp.

Overview

Product Manufacture

The product manufacturer utilizes the technique of RFID to protect their products from being counterfeited.

Overview

Consumer

The consumer, as a purchaser of product, desires to know whether the product is genuine.

Threat Model

The Counterfeiter can

• eavesdrop any wireless communications between the reader and tags.

• read and write any tags’ memory.• clone a tag’s memory to another one (cloned tag).• find a tag with the phase fingerprint as same as the

genuine one’s at a price.

Threat Model

• not recycle the tags from products and re-attach them on the forged product.

• His purpose is to pursue huge profits. There is no motivation for counterfeiter if the counterfeiting is unprofitable.

The Counterfeiter can not

Workflow

Consumer ❸ Validating

Genuineness

❶ Fingerprint Tags

Tag Provider

Product Manufacture

❷ Fingerprinting genuineness

How to fingerprint tags?3

Over the domain of tag provider

Acquiring Phase Fingerprint

How to acquire the phase

fingerprint?

How to automatically, fast, reliably and accurately measure the phase fingerprint?

Acquiring Phase Fingerprint

Conveyor-style method

Acquiring Phase Fingerprint

Nonlinear least square

Acquiring Phase Fingerprint

Acquiring Phase Fingerprint

Randomness test

The phase fingerprint follows the uniform distribution with 0.95 significance level.

Randomness test

The reader takes impact on the phase fingerprint.

How to fingerprint genuineness?4

Over the domain of product manufacture

Challenges

Joint influence

Limited resolution Not User-friendly

Fingerprint a product

Geometric constraint

Acquisition constraint

’s coordinate Private key

checksumchecksum

How to validate genuineness?5

Over the domain of consumers

Hyperbola based Localization

𝜟𝒅𝒊 , 𝒋=𝝀𝟒𝝅

𝜟~𝜽 𝒊 , 𝒋

Geometric constraint

Hyperbola based Localization

If we have three tags as reference, we can build two hyperbolas and their intersection is the location of the reader.

Unfortunately The measured phase difference contains the impact from the diversity!

Hyperbola based Localization

Measured phase difference

Diversity difference

In details, the measured phase difference implicitly contains the diversity difference, while we store the real diversity difference in the tag’s memory. If two values are matched, the diversity influence can be eliminated.

Hyperbola based Localization

The reader’s impact is removed by the difference

Acquisition constraint

Validation Procedure

Discussion6

How about the security?

Security analysis

The counterfeiter must purchase about tags and perform trails to find out the correct combination.

and , so the counterfeiter must purchase tags ( US$) and conduct trails at least to find the correct tags. Both the cloning cost and huge computations make it hard and unprofitable!

How about the cost?

Cost analysis

Method Cost Security

TagPrint 50~60 cents high

Serial based 10 cents low

Encryption based 50 dollars middle

PUF based 100 dollars high

Implementation & Evaluation7

Evaluation

Classification rate

Evaluation

Validation result

0.09%0.12%

Impact of frequency

Impact of distance

Impact of antenna

Conclusion

• We exploit a new kind of fingerprint for a pair of reader and tag from their backscatter signals.

• A large-scale experiment involving 6,000 tags is performed to demonstrate the stability and randomness of phase fingerprint.

• We jointly utilize federated tags’ fingerprints and geometric relationships for the genuineness validation.

• Our approach is a totally offline solution without any communication between consumer and product manufacturer.

Questions?

hank you T