![Page 1: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/1.jpg)
Nurbek Saparkhojayev and Dale R. Thompson, Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Ph.D., P.E.
Computer Science and Computer Engineering Computer Science and Computer Engineering Dept.Dept.
University of ArkansasUniversity of Arkansas
Matching Electronic Fingerprints Matching Electronic Fingerprints of RFID Tags Using the of RFID Tags Using the Hotelling’s AlgorithmHotelling’s Algorithm
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 11
This material is based upon work supported by the National Science Foundation, Cyber Trust area, under Grant No. CNS-0716578.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science
Foundation.
Presented to: IEEE Sensors Applications Symposium, Feb. 17, 2009
![Page 2: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/2.jpg)
ProblemProblem
Counterfeiting travel documents such Counterfeiting travel documents such as ePassport, DHS PASS card, and as ePassport, DHS PASS card, and future drivers licensesfuture drivers licenses
Travel documents contain radio Travel documents contain radio frequency identification (RFID) tagsfrequency identification (RFID) tags
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 22D. R. ThompsonD. R. Thompson
![Page 3: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/3.jpg)
Threats to RFID tagsThreats to RFID tags
Cloning the tagCloning the tag– Copy contents of tag to another tagCopy contents of tag to another tag
Side-channel (non-invasive) attacksSide-channel (non-invasive) attacks– Monitor certain external parameters such as Monitor certain external parameters such as
power consumption, timing delay, or power consumption, timing delay, or electromagnetic emissionelectromagnetic emission
– Inject noise/faults to the target to cause Inject noise/faults to the target to cause irregular behaviorsirregular behaviors
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 33
![Page 4: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/4.jpg)
Tag Counterfeiting/CloningTag Counterfeiting/Cloning(Spoofing Identity)(Spoofing Identity)
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 44D. R. ThompsonD. R. Thompson
![Page 5: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/5.jpg)
Manipulating Data on Manipulating Data on PassportPassport
The Hacker’s Choice (Oct. 2, The Hacker’s Choice (Oct. 2, 2008)2008)– Copied passportCopied passport– Replaced picture with Replaced picture with
Elvis’s pictureElvis’s picture– Turned off active Turned off active
verificationverification– Tested on boarding pass Tested on boarding pass
machinemachine– http://freeworld.thc.org/thc-http://freeworld.thc.org/thc-
epassport/epassport/– http://www.youtube.com/http://www.youtube.com/
watch?v=4HngStyEm4swatch?v=4HngStyEm4s Used Jeroen van Beek method Used Jeroen van Beek method
presented at Black Hat presented at Black Hat conferenceconference
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 55
![Page 6: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/6.jpg)
Counterfeiting MitigationCounterfeiting Mitigation
Tag authentication using Tag authentication using cryptographycryptography– Store secrets on the tag that can be Store secrets on the tag that can be
verifiedverified– Secret keys, symmetric key and public Secret keys, symmetric key and public
key cryptographykey cryptography Physical unclonable functions (PUFs)Physical unclonable functions (PUFs) Electronic fingerprint (E-Fingerprint)Electronic fingerprint (E-Fingerprint)
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 66D. R. ThompsonD. R. Thompson
![Page 7: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/7.jpg)
ObjectiveObjective
Prevent counterfeiting of RFID tagsPrevent counterfeiting of RFID tags– Methods for creating electronic Methods for creating electronic
fingerprint based on physical fingerprint based on physical characteristics of tagcharacteristics of tag
– Digital integrated circuit (IC) design Digital integrated circuit (IC) design methodology that mitigates power- and methodology that mitigates power- and timing-based side-channel attackstiming-based side-channel attacks
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 77
![Page 8: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/8.jpg)
ApproachApproach Electronic fingerprint
(e-fingerprint)– Authentication
becomes a function of what the device “is” in addition to a secret it “knows.”
Digital integrated circuit Digital integrated circuit (IC) design methodology (IC) design methodology that mitigates power- that mitigates power- and timing-based side-and timing-based side-channel attackschannel attacks
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 88D. R. ThompsonD. R. Thompson
![Page 9: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/9.jpg)
Two-layer securityTwo-layer security Authentication becomes a function of what the
device “is” in addition to a secret it “knows.” Two-layers
– Cryptography– Electronic fingerprint (E-fingerprint)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 99
![Page 10: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/10.jpg)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1010
![Page 11: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/11.jpg)
Communication between Communication between reader and tagreader and tag
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1111
Tag
![Page 12: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/12.jpg)
FeaturesFeatures
Minimum power response at Minimum power response at multiple frequencies (MPRMF)multiple frequencies (MPRMF)
TimingTimingFrequencyFrequencyPhasePhaseTransientsTransients
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1212
![Page 13: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/13.jpg)
Minimum power response Minimum power response measured at multiple measured at multiple
frequenciesfrequencies
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1313
![Page 14: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/14.jpg)
What will the fingerprint What will the fingerprint look like?look like?
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1414
![Page 15: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/15.jpg)
FAR and FRRFAR and FRR
False acceptance rate (FAR)False acceptance rate (FAR)
Probability that a false Probability that a false identity claim will be identity claim will be acceptedaccepted
Type II errorType II error Like biometrics, Like biometrics,
most serious type most serious type of errorof error
False rejection rate (FRR)False rejection rate (FRR)
Probability that a true Probability that a true identity claim is falsely identity claim is falsely rejectedrejected
Type I errorType I error
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1515
![Page 16: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/16.jpg)
Hotelling’s Two-sample T^2 Hotelling’s Two-sample T^2 AlgorithmAlgorithm
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1616
![Page 17: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/17.jpg)
Create synthetic tag Create synthetic tag fingerprintsfingerprints
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1717
![Page 18: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/18.jpg)
ParametersParameters
p = 4 = number of featuresp = 4 = number of features n1 = n2 = 20 = number of samplesn1 = n2 = 20 = number of samples alpha = 0.025 (95% confidence level)alpha = 0.025 (95% confidence level) If T^2 > 13.81, assume fingerprints If T^2 > 13.81, assume fingerprints
are differentare different
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1818
![Page 19: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/19.jpg)
Case 1: Compare fingerprint of tag 0 with all Case 1: Compare fingerprint of tag 0 with all other fingerprints at varying noise levels other fingerprints at varying noise levels
(mean = 0)(mean = 0)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1919
![Page 20: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/20.jpg)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2020
![Page 21: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/21.jpg)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2121
![Page 22: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/22.jpg)
Case 2: A single tag fingerprint with std. Case 2: A single tag fingerprint with std. dev. 1.50 compared against itself at noise dev. 1.50 compared against itself at noise
levels with different meanslevels with different means
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2222
![Page 23: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/23.jpg)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2323
![Page 24: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/24.jpg)
ConclusionsConclusions
Hotelling’s performs well across a Hotelling’s performs well across a large range of standard deviations IF large range of standard deviations IF the noise has zero meanthe noise has zero mean
Modest computationsModest computations
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2424
![Page 25: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/25.jpg)
Future WorkFuture Work
Apply the algorithm to the measured Apply the algorithm to the measured features instead of the synthetic features instead of the synthetic featuresfeatures
Apply the algorithm across a much Apply the algorithm across a much larger set of parameterslarger set of parameters
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2525
![Page 26: Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints](https://reader030.vdocument.in/reader030/viewer/2022032723/56649d195503460f949eeadd/html5/thumbnails/26.jpg)
Contact InformationContact Information
Dale R. Thompson, Ph.D., P.E.Dale R. Thompson, Ph.D., P.E.Associate ProfessorAssociate ProfessorComputer Science and Computer Engineering Dept.Computer Science and Computer Engineering Dept.JBHT – CSCE 504JBHT – CSCE 5041 University of Arkansas1 University of ArkansasFayetteville, Arkansas 72701-1201Fayetteville, Arkansas 72701-1201
Phone: +1 (479) 575-5090Phone: +1 (479) 575-5090FAX: +1 (479) 575-5339FAX: +1 (479) 575-5339E-mail: [email protected]: [email protected]: http://comp.uark.edu/~drt/WWW: http://comp.uark.edu/~drt/
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2626