UMass Amherst Research Advances RFID Security
Three researchers at the University of Massachusetts Amherst have come up with a way to improve security on RFID devices using existing technologies and without increasing the size of the small gadgets.
RFID tags are used in a wide range of applications today, from building security to inventory tracking. They use passive systems that respond to radio antennas that read their memory. According to a release from UMass Amherst, "This technology, while convenient, can be susceptible to breaches in security; for example, credit cards that use RFID technology are vulnerable to thieves who, with the appropriate equipment, can read information from the card without the victim ever taking it out of a pocket."
In order to combat this, the UMass Amherst researchers--Wayne Burleson, Kevin Fu, and Dan Holcomb--came up with a method that uses random numbers so that each message transmitted by an RFID tag is unique. It uses "specialized software" that allows tag readers to "extract unique data from the tags' existing hardware."
“We believe we’re the first to show how a common existing circuit can both identify specific tags and protect their data,” Burleson said in a prepared statement. “The key innovation is applying the technology to RFID tags, since they’re such tiny devices with very small memories. An RFID tag has the unusual property that it’s powered up and down by an external source because it doesn’t have a battery. We exploit the powering up process and allow the tag’s physical properties to do the work.”
According to the research, when powered up, RFID devices undergo a fluctuation in their memory cells unique to each individual device. Hence, individual devices can be identified, and cloned devices can be detected as such.
The researchers said their work is still preliminary. Further research will be conducted through a new collaboration between UMass Amherst's computer science and electrical and computer engineering departments, dubbed Trusted Reliable Embedded Networked Devices and Systems (TRENDS).
The research was originally published by the RFID Consortium for Security and Privacy (link below) following the Conference on RFID Security, which was held this summer.
Read More: