|射频识别（RFID）技术已在社会各领域得到了广泛应用，如门禁系统、银行卡、居民身份证等。与此同时，不断出现的RFID克隆卡时刻威胁着RFID应用系统的安全。尽管目前已提出了多种安全机制，如基于密码学的认证协议，并假设“密钥不出卡”，但在侧信道分析等新型攻击手段下，这类安全机制被绕过的风险显著增加。此外，大量RFID卡的应用诸如门禁系统等并不使用密码技术，使RFID卡被克隆的风险更大。本文提出了一种基于物理层特性的射频指纹识别方法—“牵星”法，使高频RFID卡与其唯一且不可克隆的射频特征紧密绑定，从而有效检测高频RFID克隆卡。我们对来自同厂家、同型号、同批次的120 张高频RFID卡进行了测试，识别精度可达等错误率EER=2.5%。本方法可直接用于所有基于ISO14443 Type A协议的高频RFID克隆卡检测。同时，由于该方法是对设备的射频指纹进行后期处理，因此也支持其它标准定义的RFID克隆卡的检测。该识别系统仅由一个天线、一个读卡器和一个示波器组成，是现有高频RFID卡识别系统中所需测量设备最少的一种。
|关键词: 射频指纹 射频识别 物理层 克隆攻击 安全
|“Star Drawing Operation”: A Method to Identify HF RFID Cloning Card Based on RF Fingerprinting
|ZHANG Guozhu,XIA Luning,JIA Shijie,JI Yafei
|Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;Data Assurance and Communication Security Research Center of Chinese Academy of Sciences, Beijing 100093, China;State Key Laboratory of Information Security, Beijing 100093, China;University of Chinese Academy of Sciences, Beijing 100049, China
|Radio frequency identification (RFID) technology has been widely used in many fields, such as access control system, bank card, identification card and so on. At the same time, securities of the RFID application system are being threatened by the RFID cloning cards. A variety of security mechanisms have been proposed, such as authentication protocols based on cryptography assuming “the key is not out of the card”, however, the security mechanisms may be invalid under the new attack techniques of side channel analysis, and the risk seems to increase significantly. In addition, a lot of RFID applications, such as door forbidden system does not use password technology, then it makes the RFID cloning cards more threatening. In this work, we proposed a method to effectively identify the high-frequency RFID cloning card based on its physical characteristics-named “star drawing operation” method. In this method, the RFID card is closely bounded with its unique and cannot cloning physical characteristics. We evaluate our technique on a set of 120 cards from the same manufacturer, the same model, the same batch, and achieve EER=2.5%. This method can be directly applied to identify HF RFID cloning card based on ISO14443 type A protocol. Moreover, the method is just used to identify cards based on their RF fingerprints and does not affect the extraction process of the RF fingerprints, so it can identify all RFID cloning cards based on other standard protocols, and effectively improves the security of RFID application systems. The identification system consists of an antenna, a card reader and an oscilloscope, which has the least devices in current high frequency RFID identification system.
|Key words: radio frequency fingerprinting radio frequency identification physical layer clone attack security