Is your razor authentic? How do you know? Customers choose certain brand names because they know that name stands for quality. So when counterfeiters try their hand at Gillette razors customers are left with a sub-par razor with a Gillette logo. To protect their valuable brand name Gillette turned to RFID to solve their counterfeiting problem.
This is just one of the use cases for RFID in fighting counterfeiting. Anticounterfeiting has become a fast growing field for RFID applications. For example, people have begun to tag valuable items, such as banknotes, passports, or drugs, for the purpose of additional authentication and trust. Anticounterfeiting is also a demanding security feature for new RFID applications, such as access control key cards, credit cards, tollway payment, to prevent fraud and identity theft.
In general, for an RFID anticounterfeiting system, the reader interrogates a tag, not only for identification but also for verifying the identity. In some cases, the reader may already know the tag identity prior to RF contact. RFID tag is used as a means for additional authentication.
The identity to be protected could be any information associating with the property of the tag bearer. RF information provides a digital fingerprint for these credentials, complicating the forgery process. In the cases when a reader contacts a tag for both identification and authentication, tag integrity consists of an important part for trust in a system.
1. Financial Credentials
Euro banknotes, which are issued by European Central Bank (ECB), have been circulated by the European Union for the last 10 years. The unification of the currency system brings to Europe many commercial convenience and economic benefits. However, the widespread use of Euros has increasingly made money management more difficult. Counterfeiting banknotes is one of the most serious crimes.
According to the biannual report of ECB, a total of 311,925 counterfeit banknotes were identified and removed from circulation in the second half of 2003. Although many antiforgery technologies have been adopted for the Euro, the Euro has become a criminal favorite for money laundering. First, it is a valuable currency with a value similar to the US dollar. Second, it has high denomination banknotes like the €200 and €500 (€stands for Euros). Third, many countries accept Euros, so they facilitate the circulation of counterfeit banknotes through various channels.
The circulation of Euros between the many different countries of the European Union makes it hard for the law enforcement agencies to trace the counterfeit money. These crimes, related to the use of the Euros, have become so challenging that new technology has been demanded to fight against them.
The European Central Bank plans to put RFID tags into Euro banknotes to defense against a variety of monetary crimes, such as forgery, money smuggling, money laundering, etc. These tagged banknotes will be harder to forge and easier to trace.
Visa, MasterCard, and American Express started experimenting contactless credit card system empowered by RFID technology. They expect that the new system would speed up the checkout process compared with traditional magnetic strip swapping card. Signature authorization may be waived for transactions below $20. Researchers found that RFID credit cards are vulnerable to many integrity attacks.
They are able to skim a credit card by an unauthorized reader, eavesdrop authorized RFID sessions and clone credit cards. Using a tampered reader and a credit card emulator, a “relay” attack could be performed to place a transaction on a nearby innocent credit card.
The credit card emulator first initiates a transaction with a real reader. The credit card emulator relays any communication received from the real reader to the tampered reader so it could use them to initiate a fraudulent session with a nearby innocent credit card. In a similar manner, the reader relays information received from the innocent credit card to the credit card emulator that responds to the real reader.
Effectively, a transaction is placed on the innocent card by the real reader via communication redirection. To prevent these attacks, a card should be able to recognize authorized readers and a reader should be able to identify real cards.
2. Merchandise Chains
Gillette began to use RFID tags to label commodities and ship to Wal-Mart warehouse . Logistically the product may transit through many entities that are individually operated, from Gillette manufacturer, third-party warehouse, transportation services, and Wal-Mart. Certainly Wal-Mart will be concerned that the RFID tag information is altered by an unauthorized party after they have shipped out from Gillette. In future, Gillette may extend tag life to collect user feedback. Integrity of tagged product should be maintained to ensure that the data obtained by Gillette from tags are authentic.
The United States Food and Drug Administration (FDA) has been considering to use RFID tags to prevent counterfeit and adulterated pharmaceutical products. Mostly due to its high development and manufacturing cost, pharmaceutical products are amongst the most expensive retail merchandise.
The price of pharmaceutical products varies significantly due to variance of standards and regulations applied on drugs in different countries. Some pharmaceutical products made in Canada, are known to be much cheaper than their counterpart in USA. However, the United States is reluctant to allow importing drugs due to lacking of method for integrity check. On the other hand, high profit behind a drug price gap constantly fuels the incentive for international drug trafficking and forgeries.
Drug counterfeiting is increasingly threatening public health and consumer rights. It becomes an urgent demand to authenticate pharmaceutical products in an effective way. RFID technology can automate the identification of pharmaceutical products in a shorter time and higher level of accuracy so applying RFID in inventory and prescription is expected in the near future. It would be attractive when drug validation, anticounterfeiting, prescription, and consumer inventory are solved by an all-in-one RFID tag throughout manufacture, distribution, and postretail stages.
3. Personal Identification and Access Control
Many companies and hotels have used RFID contactless keycard for building access. Compared with traditional keys, digital key cards have many security advantages, that they are more expensive to copy and easy to disable after lost.
Contactless keycard provides fast access and is mostly referred to as a “wave.” However, security is still a concern when RFID key cards are to be used for accessing very valuable assets. People may still try to counterfeit RFID cards even at a higher cost, driven by incentives to steal high profit from controlled assets. Enhancing integrity for RFID key cards would be very desired.
As early as 20 years ago, US Federal officials had estimated that at least 30,000–60,000 passports are fraudulent among the then 3 million US passport applications received everyday. Only 1,000 fraudulent passports (typically very obvious ones) have been detected. Record shows that 80% illegal drug dealers and about 300,000 fugitives and terrorists are aided with bogus passports and visas, travel freely over the world.
To improve the integrity of passport, the US government has been issuing passports including a 64-kilobyte RFID chip that contains the passport holder’s personal information. The contents on chip will include the name, nationality, gender, date of birth, place of birth, and a digital photo of the passport holder. This data will match the data printed on the paper of the passport. RFID technology is in use to improve the security of passports, making them difficult to forge by criminals.
However, wireless passports make people more concerned about their identity safety. Especially since people carry passports where they are traveling to foreign countries, into crowded international airports and sites within public areas, which are usually unfamiliar places so people have little or no control over the environment. If the passport is ready to broadcast chip contents to any receiver, it would be a real danger to traveler’s privacy when some people try to gather passport data for unauthorized background checking, identity theft, illegal tracking, or investigation.
A Dutch company has already successfully cracked a weakly encrypted Dutch-prototype RFID passport within 2 hours, obtained all plaintext information perfectly for a clone passport. So it would be equally important to study how RFID provide integrity as well as keeping personal information safe.
4. Sensoring Network
Threats and Challenges, Pros and Cons
As we see the utilization of RFID for anticounterfeiting becomes a demanding feature for many applications, the security of RFID system becomes a vital factor to provide certain level of protection and trust. Moreover, these applications require extension of tag life and active range that a tag may be accessed by many parties at different time and location, with various levels of trust. For example, an RFID enabled Euro bill may be accessed by your local bank, supermarket and even your neighbor with a reader. In an open access RFID system, tags may operate in unknown or untrusted environments, exposing to attacks from various purposes.
Malicious readers may intercept an authentic RF communications between a tag and a reader, attempt to contact an authentic tag, or even tamper tag data. Tampered tags may spoof an authentic reader with falsified tag information. Later, we will discuss the threats and challenges to design an RFID anticounterfeiting system. Many of them are common to most RFID systems but these threats become more exacerbated for systems specialized for anticounterfeiting.