Researchers say RFID 'fingerprint' could prevent counterfeiting
By Donald Melanson 
posted November 19th 2009 7:01PM
posted November 19th 2009 7:01PM
While it hasn't exactly been a detriment to their widespread adoption, RFID tags have proven to be relatively easy to exploit in a number of cases. Some researchers at the University of Arkansas say they've now found a novel way to change that, however, with a new method that effectively amounts to a "fingerprint" for RFID tags. The short of it is that they discovered that each RFID tag has unique minimum power response at multiple radio frequencies, and that power responses across tags were significantly different, even for tags of the same model. That, along with several other unique, unspecified physical characteristics allowed them to create an electronic fingerprint that's tied to each RFID tag, but doesn't actually depend on any modifications or encryption on the tag itself -- which almost incidentally means it can be implemented with relative ease and at no added cost.
Could someone please explain this clearer to me?? Thanks..
@Ashley Jones RFID tags are easily counterfeited by copying information and putting it on counterfeit tags. These researchers discovered that every RFID tag has a minimum power level of signal to which the RFID tag responds, and these minimum power levels are unique to every tag. That way, when someone makes a counterfeit tag, it has the same information on it, but can be identified as counterfeit because its minimum power level is different.
@Ashley Jones I'm guessing this relies on small variations in the finished RFID tag, which are byproducts of the imperfect manufacturing process. So they came up with a method that looks at those properties that vary to uniquely identify an RFID tag in a way that can't really be duplicated given today's manufacturing technology.
@Mark Thanks guys!! Very Helpful!
Huh, well this is different. Rather than inventing something new, they figured out that something we already make has a feature nobody knew about before.
@Mark Hmm down-ranked for noticing that this breakthrough followed a completely different pattern than we usually see? Odd... I'm not really sure what to take from that.
@Mark now you are talking to yourself :P
Ugh please...
just tell the Dev team that this will permanantly unlock their iPhone 3gs and watch them find a way to defeat this in 3 days...
Anything involving electronics and security can be defeated.
thats why I lock my 72 GTO down with 4 steel Boots on the wheel... they need a crane to steat that mofo.
@Name: Ahaha that's effing awesome. Do you have pix of ur GTO? I'd like to see it :)
First of all, I don't see why the iPhone needed to be brought into this conversation. Second, this has NOTHING to do with a software aspect, since it requires physical modification of the RFID tag. Since these tags are so small, it is improbable (if not impossible) and impractical to take the time and effort to modify this.
Correct me if I'm wrong here....
@Name: Unless they have access to a new physical manufacturing process that can create absolutely perfect(at the molecular/atomic level) replicas of an RFID tag, I doubt it.
it was hacked by the time you finished reading the article
@nerd You mean someone came up with a way to make the manufacturing process that accurate??? No way!!! Really?? So we now have the ability to make (the same type of) transistors 100% identical to each other??? Wow!!!! It sure didn't take long. That's amazing!
[/Sarcasm] : )
The reason everything can be hacked is because it's created by another person. If one live, thinking human could think of the algorithm to lock down some things, that means there will probably be another human that could attempt to figure the algorithm out. There needs to be a cause for the discovery to occur though, that's why the iPhone constantly gets unlocked and re-locked and unlocked again. I know it doesn't happen THAT often, but when it does, the hackers are back at it right away cracking the code.
@Teerim Except that this isn't an algorithm. They're basically doing the same thing as an MD5 checker, except on a real, physical object. Without some new way of making hyper-accurate replicas of the RFID tag, theres no way. Basically the reason why this is unbreakable is because it wasn't a human that came up with the algorithm, it was the universe, itself.
@Teerim is that why the bible is so damn hard to decode?
Nope...that's just the nature of fantastical bullshit.
Didn't the Mythbusters hack RFID's?
Ok, and will any of these parameters change due to temperature, distance from reader, position / angle we hold the card to the reader, ect ?
@PGP-Protector That was pretty much my first response.
The existence of unique fingerprints doesn't, by itself, provide any guarantees of security. In order for this to be useful, they must show that it is not easy to duplicate a fingerprint. Of course, that is an impossible task, since you never know what future tech might make this an easy task.
Hell no, I won't put an RFID into my body..
@Mark
The article kinda didn't talk about putting them into your body. At all. Did you think they meant replacing your fingerprints with these? Because they didn't.
@n_shakuras
Oh no, I meant using this as a grand scheme to put financial information on it so that you one couldn't sell or buy anything without it..
Well, logic would state that whatever the degree of differentiation in the power scale, it would be limited to some finite amount. The question I have is to what amount? One billion? One trillion? Once that limit is reached, duplicates will occur.
Also, theoretically, if this feature is an anomaly due to the imperfect production process, then it is also possible that it could be also be "accidentally" duplicated.
@Jim I thought about that too - the imperfection is bound to be repeated eventually, and with how many RFIDs are produced, I can't think it would take THAT long to happen.
@Jim True, there could be some accidental duplicates... but it's really hard to find the exact duplicate for a particular tag that you want to "hack" or copy
interesting..
Corsair? Is that you? If yes, I'm one of the Tech Ninjas that made cellphone cloning go away using similar technology. So, hit me on the cell. I got some stuff for you ;^/...
I agree that if someone can develop a system or process for using this (or any other) RFID fingerprint idea then someone can work around it or break it. However, security is really a balancing act between the value of what you are trying to protect and the costs or convenience of protecting the asset or access. If this works, then you can probably create a layered approach at little extra cost and probably no extra work by the user. This is similar to auto safety. You can't completely protect yourself against death or serious injury in a car crash, but seat belts and airbags are still pretty good things to have.
Wouldn't each reader have it's own "fingerprint" as well and give different readings for the same chip?
So as manufacturing becomes more uniform as RFID gets widespread, will the "finger prints" become less unique? Unless chaos theory abounds here, uniqueness should dwindle.