On measuring the parasitic backscatter of sensor-enabled UHF RFID tags

https://doi.org/10.1016/j.istr.2013.02.004Get rights and content

Abstract

Radio-frequency identification (RFID) tags have found their way into many applications. When tags implement cryptographic algorithms, side-channel analysis (SCA) attacks become a concern. Especially tags in the ultra-high frequency (UHF) range are susceptible to so-called parasitic-backscatter attacks that can be applied from a distance. Whereas it is known that such attacks are a threat for passive low-cost tags, no results are so far available for sensor-enabled tags. In this work, we evaluate the parasitic backscatter of wireless identification and sensing platform (WISP) tags by conducting differential electromagnetic analysis (DEMA) attacks. We apply the attacks on a passively as well as a semi-passively operated WISP tag from a distance of 30 cm and compare the results with an attack on a commercial low-cost tag. The results show that the evaluated WISP tags are less susceptible to DEMA attacks based on the parasitic backscatter than the evaluated commercial low-cost tag. Moreover, we present a measurement approach that allows to detect the weak parasitic backscatter modulated on the strong reader field without the need for an expensive hardware receiver or a dedicated demodulation circuit.

Introduction

During the last decade, radio-frequency identification (RFID) technology has emerged from a simple identification technique toward the enabler for more advanced applications. An example for such an advanced application is data logging via sensor-enabled RFID tags in healthcare and supply-chain management (Mitrokotsa and Douligeris, 2009). In order to ensure integrity and confidentiality of gathered data, cryptography has to be applied.

A basic RFID system consists of a backend database, a reader and one or more tags. The reader is connected to the backend database and communicates with the tags contactlessly through a radio frequency (RF) field. So-called passive tags do not only receive the data from the RF field but also their power supply. Semi-passive tags and active tags on the other hand have their own power supply, for example a battery. Complexity of tags ranges from simple state-machine based approaches that can only provide a unique identifier (UID), to microcontroller-based approaches that can handle sophisticated protocols and compute cryptographic algorithms.

Sensor-enabled tags have typically microcontrollers integrated and can be realized as passive, semi-passive, or active tags (Abad et al., 2009; CAEN RFID, June 2008; Mattoli et al., 2009; Mika et al., 2009; Yeager et al., 2008). The deployed microcontrollers are low-power types like the C8051 from Silicon Laboratories (2010) or the MSP430 from Texas Instruments (2008). Sensors that are attached to the microcontroller measure for example, temperature, humidity, pressure or acceleration (Ruhanen et al., January 2008). By using cryptographic algorithms, unauthorized access to sensor data stored on the tag can be prevented. However, even if the deployed cryptographic algorithms are mathematically secure, physical implementation on a device (e.g., the microcontroller) can make them vulnerable to implementation attacks.

A well-known implementation attack is side-channel analysis (SCA) that measures physical properties of a device while executing the cryptographic algorithm to deduce secret information (e.g., the encryption key). Suitable physical properties are, for example, timing information (Kocher and Koblitz, 1996), power consumption (Kocher et al., 1999), and electromagnetic (EM) emanation (Gandolfi et al., 2001). As research has shown, SCA attacks can not only be applied to personal computers and smart cards but also to RFID tags (Hutter et al., 2010). Especially tags that operate in the ultra-high frequency (UHF) range, can be vulnerable to SCA attacks that are conducted remotely by exploiting an effect named parasitic backscatter (Oren and Shamir, 2007; Plos and Malkin, 2008).

The contribution of this work is twofold. First, we present a measurement approach for extracting the weak parasitic-backscatter information that is modulated on the strong reader field without the need for a dedicated hardware demodulation circuit. Second, we present remote SCA attacks on wireless identification and sensing platform (WISP) tags (Yeager et al., 2008) by using their parasitic backscatter as side channel. This work is a revised and extended version of a paper presented at the International Conference on Availability, Reliability and Security (ARES) 2012 (Plos et al., 2012).

In this work we apply remote SCA attacks on WISP tags, which are sensor-enabled tags operating in the UHF range. Existing publications such as the work of Szekely et al. (2013) only measure the direct emissions of a WISP tag in the near field or its power consumption, but do not consider the parasitic backscatter. WISP tags can work completely passively by using only the energy extracted from the reader field, or semi-passively when supplied by an extra battery. We apply differential electromagnetic analysis (DEMA) attacks that exploit the parasitic-backscatter effect in the far field of passively and semi-passively operated WISP tags. Comparing the results with a DEMA attack on a commercial low-cost tag lets us come to the conclusion that the evaluated WISP tags are less vulnerable to parasitic-backscatter attacks.

The remainder of this article is structured as follows. Section 2 gives an overview of different RFID systems and Section 3 briefly introduces the Electronic Product Code Generation-2 standard. The parasitic backscatter of UHF tags is described in Section 4, followed by Section 5 that explains the principle behind DEMA attacks and that discusses countermeasures. Section 6 presents a measurement approach for detecting the parasitic backscatter in presence of a strong reader field. An overview of the architecture of WISP tags is given in Section 7. The utilized measurement setup is described in Section 8. Measurement results are presented in Section 9 and conclusions are drawn in Section 10.

Section snippets

Overview of RFID systems

Over the years, different RFID systems for different fields of application have emerged. RFID systems can be mainly classified by two parameters: the frequency of the RF field and the coupling method. The two parameters are closely related to each other and have, e.g., strong impact on achievable read range and maximum data rate of an RFID system (Finkenzeller, 2003). Table 1 provides an overview of the characteristics of different RFID systems.

The frequency of the RF field used by RFID systems

The Electronic Product Code Generation-2 standard

An important communication protocol for RFID systems operating in the UHF range is the Electronic Product Code (EPC) Generation-2 (Gen-2) standard (EPCglobal, January 2005). Driving force behind this standard is EPCglobal, which is a not-for-profit organization founded in 2003. In 2006, the EPC Gen-2 standard has also been approved as an ISO standard (ISO 18000-6C (International Organization for Standardization (ISO), 2004)). The EPC Gen-2 standard is planned to be a future replacement for

Parasitic backscatter of UHF tags

As mentioned in Section 2, UHF RFID tags are operating in the far field. There, the electromagnetic waves of the RF signal emitted by the reader are completely separated from the reader antenna. For an 868 MHz carrier signal as it is typically used in UHF RFID systems in Europe, the far field starts at a distance of about 5.4 cm from the reader antenna. For transmitting data to the reader, UHF tags use backscatter modulation. This mechanism is used by both passive and semi-passive tags. In

Differential electromagnetic analysis

Differential electromagnetic analysis (DEMA) attacks base on the same principle as differential power analysis (DPA) attacks, but use the EM emissions of a device as side channel instead of the power consumption. DPA attacks have been introduced by Kocher et al. (1999) in 1998. The first DEMA attack has been presented by Gandolfi et al. (2001) three years later. DPA and DEMA attacks are both very powerful techniques that utilize the fact that state transitions in complementary metal oxide

Measurement approach for detecting the parasitic backscatter

As mentioned in Section 4, the signal reflected by the tag antenna contains the tag's backscatter. The backscatter information is modulated on the reflected signal, which has the same carrier frequency as the RF signal originally emitted by the reader. In order to detect the weak parasitic backscatter, special hardware receiver or demodulation circuits are typically required to suppress the strong carrier signal. Such dedicated demodulation circuits have been proposed, for example, by Kasper

Wireless identification and sensing platform (WISP) tags

By using the measurement approach previously described, the parasitic backscatter of a so-called wireless identification and sensing platform (WISP) tag is analyzed. The WISP tag has been introduced by Intel Research Seattle and is a platform for sensing and computing. The tag operates in the UHF range between 860 and 960 MHz and uses the EPC Gen-2 standard (cf. Section 3) for communication. The WISP tag has an ultra low-power 16-bit microcontroller (MSP430 from Texas Instruments (2008)) and

Measurement setup

An appropriate measurement setup has been built for performing DEMA attacks on a WISP tag and on a commercial passive UHF tag. The main components of the measurement setup are: a digital-storage oscilloscope, a UHF RFID reader, an EM probe, a 30 dB broadband amplifier, and the DUT which is in our case the analyzed tag. The digital-storage oscilloscope is a Lecroy Wave Pro 725Zi which is also used as measurement PC in our setup. The oscilloscope communicates with the UHF reader, which is a CEAN

Measurement results

Measurements have been conducted in the near field and in the far field of a WISP tag. For comparison, we have also performed measurements in the far field of a commercial passive RFID tag. Aim of the DEMA attacks on the WISP tag has been the S-box operation of the Advanced Encryption Standard (AES) (National Institute of Standards and Technology (NIST), November 2001). The S-box operation is a non-linear function and its output depends on known input data and secret key information, making it

Conclusion

In this work we have presented first DEMA-attack results in the far field of WISP tags. For comparison, also DEMA attacks in the far field of a commercial low-cost tag have been performed. The attacks base on the so-called parasitic backscatter. For obtaining successful DEMA attacks of the WISP tag it has been necessary to increase its data-dependent leakage by switching an output pin of the tag's microcontroller in step with the processed data. Operating the WISP tag passively has led to a

Acknowledgment

This work has been supported by the European Commission through the ICT program under contract ICT-2007-216676 (ECRYPT II) and by the Austrian Science Fund (FWF) under grant number P22241-N23 (Investigation of Implementation Attacks – IIA).

References (33)

  • E. Abad et al.

    RFID smart tag for traceability and cold chain monitoring of foods: Demonstration in an intercontinental fresh fish logistic chain

    Journal of Food Engineering

    (2009)
  • CAEN RFID

    A927 temperature logger UHF semi-passive tag

    (June 2008)
  • C. Clavier et al.

    Differential power analysis in the presence of hardware countermeasures

  • EPCglobal

    EPC radio-frequency identity protocols Class-1 Generation-2 UHF RFID protocol for communications at 860 MHz – 960 MHz Version 1.0.9

    (January 2005)
  • K. Finkenzeller

    RFID-handbook

    (2003)
  • K. Gandolfi et al.

    Electromagnetic analysis: concrete results

  • C. Herbst et al.

    An AES smart card implementation resistant to power analysis attacks

  • M. Hutter et al.

    On the security of RFID devices against implementation attacks

    International Journal of Security and Networks

    (2010)
  • International Organization for Standardization (ISO)

    ISO/IEC 18000–6: information technology AIDC techniques — RFID for item management – Part 6: parameters for air interface communications at 860–960 MHz

    (2004)
  • International Organization for Standardization (ISO)

    ISO/IEC 29167–1: information technology — automatic identification and data capture techniques – Part 1: air interface for security services and file management for RFID architecture

    (2012)
  • T. Kasper et al.

    EM side-channel attacks on commercial contactless Smartcards using low-cost equipment

  • P.C. Kocher

    Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems

  • P.C. Kocher et al.

    Differential power analysis

  • T. Korak et al.

    Applying remote side-channel analysis attacks on a security-enabled NFC tag

  • S. Mangard et al.

    Power analysis attacks – revealing the secrets of smart cards

    (2007)
  • Mattoli V, Mazzolai B, Mondini A, Zampolli S, Dario P. Flexible tag datalogger for food logistics. In: Proceedings of...
  • Cited by (0)

    View full text