Transcript PowerPoint 演示文稿

Anti-counterfeiting via Federated
RFID Tags’ Diversities
Lei Yang
Tsinghua University
Pai Peng, Fan Dang, Xiang-Yang Li, Yunhao Liu
Diversity
Outline
01. Motivation
02. Overview
03. Fingerprinting tags
04. Fingerprinting genuineness
05. Validating genuineness
06. Discussion
07. Implementation and evaluation
08. Conclusion
Motivation
Motivation
 WHO： 7~10% of the world’s pharmaceuticals
are counterfeits in developed countries,
25%~50% in developing countries.
 Online
counterfeit
sales
cost
about
$135
billions in 2011.
 Hong Kong Customs seized 55,000 fake drugs,
worth around 5Millions HK$ each year.
 China loses about 600 billion per year due to fake
goods.
State-of-art
How to deal with
counterfeiting using
RFID technology?
State-of-art
Serial number based anti-counterfeiting
Eavesdropping
“949837428”
“74AB8”
Cloning
Replaying
“5F8KJ3”
RFID enabled anti-counterfeiting
State-of-art
Encryption based anti-counterfeiting
Cloning
Side-channel
Reverse engineering
𝑘1 , 𝑘2 , ⋯ , 𝑘𝑁
1 𝑟
Tag
(3) 𝑟, ℎ(𝑘, 𝑟)
RFID enabled anti-counterfeiting
2 ℎ(𝑟, 𝑘)
Our approach
RFID diversity based
anti-counterfeiting
TagPrint
How TagPrint
works?
Overview the basic idea
RFID Diversity
❸ Continuous wave
❷ Double distance
❶ 𝑩𝒂𝒕𝒕𝒆𝒓𝒚 𝒇𝒓𝒆𝒆
❹ Device diversity
RFID diversity
❸ Continuous wave
❷ Double distance
❶ 𝑩𝒂𝒕𝒕𝒆𝒓𝒚 𝒇𝒓𝒆𝒆
❹ Phase
fingerprint
Antenna size, impedance matching,
clock skew, gain, …..
Goal
• Validation is totally offline.
• The validation must be user-friendly.
• The price is cheap enough.
• Defending against various attacks, reverse
engineering, eavesdropping, cloning, etc.
System Entities (Roles)
Tag Provider
Product
Manufacture
Consumer
Overview
Overview
Tag Provider
The tag provider manufactures the RFID tags, like
Alien or ImpinJ Corp.
Overview
Product
Manufacture
The product manufacturer utilizes the technique of
RFID to protect their products from being
counterfeited.
Overview
Consumer
The consumer, as a purchaser of product, desires to
know whether the product is genuine.
Threat Model
The Counterfeiter can
• eavesdrop any wireless
communications between the
reader and tags.
• read and write any tags’ memory.
• clone a tag’s memory to another one (cloned tag).
• find a tag with the phase fingerprint as same as the
genuine one’s at a price.
Threat Model
The Counterfeiter can not
• not recycle the tags from products
and re-attach them on the forged
product.
• His purpose is to pursue huge profits. There is no
motivation for counterfeiter if the counterfeiting
is unprofitable.
Workflow
❶ Fingerprint
Tags
Product
Manufacture
Tag Provider
❷ Fingerprinting
genuineness
Consumer
❸ Validating
Genuineness
How to fingerprint
tags?
Over the domain of tag provider
Acquiring Phase Fingerprint
How to acquire
the phase
fingerprint?
How to automatically, fast, reliably and
accurately measure the phase fingerprint?
Acquiring Phase Fingerprint
Conveyor-style method
Acquiring Phase Fingerprint
Nonlinear least square
Acquiring Phase Fingerprint
Acquiring Phase Fingerprint
Randomness test
The phase fingerprint follows the uniform distribution
with 0.95 significance level.
Randomness test
The reader takes impact on the phase fingerprint.
How to fingerprint
genuineness?
Over the domain of product manufacture
Challenges
❶ Joint influence
❷ Limited resolution
❸ Not User-friendly
Fingerprint a product
Geometric constraint
Acquisition constraint
checksum
checksum
𝑇𝑖 ’s coordinate
Private key
How to validate
genuineness?
Over the domain of consumers
Hyperbola based Localization
Geometric
constraint
𝜟𝒅𝒊,𝒋
𝝀
=
𝜟𝜽𝒊,𝒋
𝟒𝝅
Hyperbola based Localization
If we have three tags as
reference, we can build two
hyperbolas and their
intersection is the location
of the reader.
Unfortunately
The measured phase difference
contains the impact from the
diversity!
Hyperbola based Localization
Diversity difference
Measured phase difference
In details, the measured phase difference implicitly contains the
diversity difference, while we store the real diversity difference
in the tag’s memory. If two values are matched, the diversity
influence can be eliminated.
Hyperbola based Localization
Acquisition
constraint
The reader’s impact is removed
by the difference
Validation Procedure
Discussion
How about the security?
Security analysis
The counterfeiter must purchase about 𝑵 𝒍𝒏 𝑵 tags and
𝑵
perform 𝑵 𝒍𝒏
trails to find out the correct
𝒎
combination.
𝑵 = 𝟐𝟏𝟐 and 𝒎 ≥ 𝟒, so the
counterfeiter must purchase 𝟑𝟒, 𝟎𝟕𝟎
tags ( 𝟑𝟒𝟎𝟕 US$) and conduct
𝟑. 𝟖𝟐𝟒𝟑 × 𝟏𝟎𝟐𝟎 trails at least to find
the correct tags. Both the cloning cost
and huge computations make it hard
and unprofitable!
How about the cost?
Cost analysis
Method
Cost
Security
TagPrint
50~60 cents
high
Serial based
10 cents
low
Encryption based 50 dollars
middle
PUF based
high
100 dollars
Implementation
& Evaluation
Evaluation
Classification rate
Evaluation
0.12%
0.09%
Validation result
Impact of frequency
Impact of distance
Impact of antenna
Conclusion
• We exploit a new kind of fingerprint for a pair of
reader and tag from their backscatter signals.
• A large-scale experiment involving 6,000 tags is
performed to demonstrate the stability and
randomness of phase fingerprint.
• We jointly utilize federated tags’ fingerprints and
geometric relationships for the genuineness
validation.
• Our approach is a totally offline solution without
any communication between consumer and
product manufacturer.
Questions?
T
hank
you