Enhancing IoT Security: A Lightweight Cloning Approach for RFID/NFC Access Control Systems

Muhammad Ismaeel  Khan; Hassan  Tahir; Aftab  Arif; Md Ismail  Jobiullah; Ali Raza  A Khan; Sakera  Begum; Ihtasham  Hafeez

doi:10.48047/qy0g4n52

Authors

Muhammad Ismaeel Khan School of Information Technology, Washington University of Science and Technology, Leesburg, Vienna, VA 22182, United States Author
Hassan Tahir School of Computer Science and Information Technology, The Superior University, Lahore, Punjab 54000, Pakistan Author
Aftab Arif School of Information Technology, Washington University of Science and Technology, Leesburg, Vienna, VA 22182, United States Author
Md Ismail Jobiullah School of Information Technology, Washington University of Science and Technology, Leesburg, Vienna, VA 22182, United States Author
Ali Raza A Khan College of Cybersecurity, Virginia University of Science & Technology, Vienna, VA 22182, USA Author
Sakera Begum School of Information Technology, Washington University of Science and Technology, Leesburg, Vienna, VA 22182, United States Author
Ihtasham Hafeez School of Information Technology, Washington University of Science and Technology, Leesburg, Vienna, VA 22182, United States Author

DOI:

https://doi.org/10.48047/qy0g4n52

Keywords:

NFC, cloning attacks, Proxmark3, IoT security, access control, lightweight detection, countermeasures, data integrity

Abstract

Near Field Communication (NFC) and Radio Frequency Identification (RFID) are crucial empowering technologies exploited in asset tracking, payment systems and secure access control etc. However, their weaknesses leave their security and privacy at risk especially in case of clone-based attacks in which unauthorized users can replicate RFID/NFC cards to obtain entry to restricted zones or systems. The Proxmark3 tool is highly accessible and is used to not only demonstrate cloning capabilities, but also provide methods of reducing such threats. Cloning RFID/NFC cards that are not encrypted has a near 99% success rate as demonstrated in experiments. Even more advanced encrypted standards such as MIFARE DESFire and HID iCLASS showed a high rate of success of cloning, and this proves that current security standards are not satisfactory. The primary way this research contributes is that it introduces a lightweight and inexpensive method to examine and prevent RFID/NFC cloning attacks without involving any extra hardware. This approach had the highest detection accuracy of 95.2%. The presented technique is promoted as a scalable security paradigm of the IoT system, and its real-world implementation is needed in the healthcare, financial, and transportation industries.

Downloads

Download data is not yet available.

References

Feng, Y., Zhang, L., & Liu, Q. (2021). A systematic literature review on authentication and threat challenges on RFID-based NFC applications. IEEE Access. https://doi.org/10.1109/ACCESS.2021.3070460

Grunwald, C., & Wolf, M. (2008). E-passport hacker designs RFID security tool. Wired. https://www.wired.com/2008/04/e-passport-hack

Chen, S., & Yan, L. (2022). A low-overhead PUF for anti-clone attack of RFID tags. Microelectronics Journal. https://doi.org/10.1016/j.mejo.2022.105497. Major backdoor in millions of RFID cards allows instant cloning. SecurityWeek.

Wang, Z., Li, S., & Feng, Y. (2023). Anti-clone: A lightweight approach for RFID cloning attacks detection. Springer Communications in Computer and Information Science. https://doi.org/10.1007/978-3-031-24386-8_5

Almazan, M., & Bautista, M. (2023). A comprehensive study on RFID cloning attacks and countermeasures. Wireless Communications and Mobile Computing, 2023, 1-13. https://doi.org/10.1155/2023/4825231. Hackers found a way to open any of 3 million hotel keycard locks in seconds. Wired.

Feng, Y., Huang, W., Wang, S., et al. (2022). Anti-Clone: A lightweight approach for RFID cloning attacks detection. CollaborateCom / Springer. https://doi.org/10.1007/978-3-031-24386-8_5. Detection of RFID cloning attacks: A spatiotemporal trajectory data approach. Elsevier Computers & Security. https://doi.org/10.1016/j.cose.2023.102611

Khan, S., & Shalaginov, A. (2023). RFID-based security solutions: Advances, challenges, and future perspectives. International Journal of Computer Applications. https://doi.org/10.5120/ijca2023/1

Yang, Y., & Huang, L. (2023). Design and implementation of RFID-based access control systems: A review. Security and Privacy. https://doi.org/10.1002/sp.436

Huang, K., Lin, C., & Liu, Y. (2022). Secure Lightweight RFID Mutual Authentication Without Explicit Challenge–Response. In AC3. https://doi.org/10.1007/978-3-031-17081-2_6. A lightweight IoT framework for RFID-based access control. International Journal of Security and Networks, 20(1), 12-27. https://doi.org/10.1007/s10198-024-00401-1

Mazhar, T., & Shaheen, Z. (2023). Enhancing NFC-based access systems through secure cryptographic techniques. Computers, Materials & Continua, 72(1), 209-225. https://doi.org/10.32604/cmc.2023.01234

Ozturk, H., & Ercan, O. (2023). RFID security: Vulnerabilities, threats, and countermeasures. International Journal of Computer Applications, 28(5), 19-33. https://doi.org/10.5120/ijca2023/1

Khan, S., & Shalaginov, A. (2023). RFID-based security solutions: Advances, challenges, and future perspectives. International Journal of Computer Applications. https://doi.org/10.5120/ijca2023/1. IoT security for RFID-based systems: A survey. International Journal of Network Security, 32(1), 44-61. https://doi.org/10.37927/ijns.2024.04323

Zhang, X., & Choi, H. (2023). Improving the security of RFID systems in IoT applications. IEEE Transactions on IoT, 11(8), 1021-1035. https://doi.org/10.1109/tiot.2023.3314653

Caballero-Gil, P., Caballero-Gil, C., & Molina-Gil, J. (2022). RFID authentication protocol based on a novel EPC Gen2 PRNG. arXiv preprint arXiv:2208.05345. A novel approach to combating RFID cloning attacks using adaptive cryptography. Journal of Cyber Security Technology, 22(3), 111-130. https://doi.org/10.1007/jcst.2024.02545

Gupta, S., & Kumar, P. (2023). Blockchain-based solutions for RFID security: A comparative study. Computers & Security, 107, 102364. https://doi.org/10.1016/j.cose.2022.102364

Liu, F., & Zhang, T. (2023). Detection of RFID cloning attacks using deep learning techniques. IEEE Transactions on Industrial Informatics, 19(4), 2497-2505. https://doi.org/10.1109/TII.2023.3325016. Real-time RFID clone detection using machine learning. Sensors, 24(1), 1-12. https://doi.org/10.3390/s24110401

Al-Sharafi, A., & Rahman, S. (2023). A hybrid RFID security system based on AI-based anomaly detection. Artificial Intelligence Review, 46(3), 202-215. https://doi.org/10.1007/s10462-022-09819-3

Feng, Z., Li, P., Xu, H., & Wang, R. (2019). A Lightweight RFID Mutual Authentication Protocol with PUF. Sensors, 19(13), 2957. https://doi.org/10.3390/s19132957. Improving RFID system performance with encryption and anti-cloning mechanisms. IEEE Internet of Things Journal, 21(5), 1301-1308. https://doi.org/10.1109/jiot.2023.2681429

Ren, Q., Fu, X., Wu, H., et al. (2021). A Novel RFID Authentication Protocol Based on Reconfigurable RRAM PUF. Micromachines, 12(12), 1560. https://doi.org/10.3390/mi12121560. RFID system vulnerability analysis and a new countermeasure framework. Journal of Information Security and Applications, 68, 102493. https://doi.org/10.1016/j.jisa.2023.102493

Zhang, F., & Yan, J. (2023). Security vulnerabilities in NFC-based systems: Countermeasures and future trends. Sensors & Actuators A: Physical, 266, 1-10. https://doi.org/10.1016/j.sna.2023.03.005

Han, S., & Kim, Y. (2023). RFID/NFC tag cloning attack detection using signal strength analysis. IEEE Internet of Things Journal, 20(8), 1341-1354. https://doi.org/10.1109/JIOT.2023.3549279. A lightweight method for detecting RFID tag cloning using passive monitoring. International Journal of Security and Networks, 29(1), 21-34.

Lee, J., & Kim, S. (2023). Enhancing RFID security through dynamic authentication protocols: A review. International Journal of RFID and Wireless Sensor Networks, 21(2), 89-101. https://doi.org/10.1007/s10462-023-07915-9

Liu, F., & Zhang, T. (2023). Detection of RFID cloning attacks using deep learning techniques. IEEE Transactions on Industrial Informatics, 19(4), 2497-2505. https://doi.org/10.1109/TII.2023.3325016

Pan, J., & Zhang, X. (2023). Secure RFID authentication based on a hybrid encryption approach. Journal of Cryptographic Engineering, 11(2), 159-172. https://doi.org/10.1007/s13389-023-00310-4

Xie, J., & Zheng, J. (2023). Real-time NFC tag cloning detection using artificial intelligence: A case study. Expert Systems with Applications, 185, 115679. https://doi.org/10.1016/j.eswa.2022.115679. A new framework for real-time RFID tag cloning detection based on machine learning. Future Internet, 16(5), 75.

Almazan, M., & Bautista, M. (2023). A comprehensive study on RFID cloning attacks and countermeasures. Wireless Communications and Mobile Computing, 2023, 1-13. https://doi.org/10.1155/2023/4825231

Singh, H., & Kapoor, P. (2023). Blockchain-based verification techniques for RFID/NFC tag authentication. Security and Privacy, 6(2), e210. https://doi.org/10.1002/sp.210

Gupta, R., & Kumar, N. (2023). RFID and NFC security in the Internet of Things: A survey of cloning attack detection methods. Journal of Computer Science and Technology, 38(1), 7-27. https://doi.org/10.1007/s11390-023-00185-x

Khan, F., & Zaidi, I. (2023). Evaluation of security protocols in RFID-based IoT applications: Challenges and solutions. IEEE Access, 11, 16553-16562. https://doi.org/10.1109/ACCESS.2023.3275893

Miah, M., & Akter, S. (2023). An enhanced RFID tag authentication system based on elliptic curve cryptography. International Journal of Communications and Information Technology, 17(4), 219-230. https://doi.org/10.1109/JCICT.2023.0015877

Yang, M., & Zhang, R. (2023). A robust system for RFID/NFC security based on advanced encryption algorithms. Information Sciences, 591, 380-394. https://doi.org/10.1016/j.ins.2022.11.037

Zhang, L., & Zhao, T. (2023). A survey on NFC-enabled payment security: Attacks and countermeasures. Transactions on Emerging Telecommunications Technologies, 34(5), e4610. https://doi.org/10.1002/ett.4610

Sun, Z., & Zhou, P. (2023). Preventing NFC and RFID cloning attacks: A comprehensive survey and classification. IEEE Transactions on Mobile Computing, 22(3), 314-328. https://doi.org/10.1109/TMC.2023.1232134. Towards secure RFID/NFC systems: A critical review of vulnerabilities and defense strategies. Journal of Information Security, 15(3), 128-143.

Han, S., & Kim, Y. (2023). RFID/NFC tag cloning attack detection using signal strength analysis. IEEE Internet of Things Journal, 20(8), 1341-1354. https://doi.org/10.1109/JIOT.2023.3549279

Wang, X., & Li, L. (2023). A lightweight cryptographic protocol for RFID/NFC systems to defend against cloning attacks. Journal of Applied Cryptography, 31(6), 1050-1062. https://doi.org/10.1007/s12166-023-00642-2

Singh, H., & Kapoor, P. (2023). Blockchain-based verification techniques for RFID/NFC tag authentication. Security and Privacy, 6(2), e210. https://doi.org/10.1002/sp.210. Enhancing RFID security using blockchain and smart contracts: Challenges and solutions. Journal of Network and Computer Applications, 65(2), 1005-1018.

Xie, J., & Zheng, J. (2023). Real-time NFC tag cloning detection using artificial intelligence: A case study. Expert Systems with Applications, 185, 115679. https://doi.org/10.1016/j.eswa.2022.115679

Kumar, V., Kumar, R., Jangirala, S., Kumari, S., Chen, C.M. (2022). An Enhanced RFID-Based Authentication Protocol using PUF for Vehicular Cloud Computing. Security and Communication Networks, 2022, 8998339. https://doi.org/10.1155/2022/8998339. Secure RFID systems in IoT environments: New paradigms and technologies. International Journal of IoT Security, 13(4), 22-35.

Sun, Z., & Zhou, P. (2023). Preventing NFC and RFID cloning attacks: A comprehensive survey and classification. IEEE Transactions on Mobile Computing, 22(3), 314-328. https://doi.org/10.1109/TMC.2023.1232134