Practical limitation of co-operative RFID jamming methods in environments without accurate signal synchronization

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

9 Scopus Citations
View graph of relations

Related Research Unit(s)


Original languageEnglish
Pages (from-to)224-236
Journal / PublicationComputer Networks
Publication statusPublished - 4 Aug 2016


Radio Frequency Identification (RFID) is a core component of the Internet-of-Things. In particular cases, the communication between the tag and the reader needs to be confidential. Some passive RFID tags have very limited computational power and can therefore not implement standard cryptographic mechanisms. This disadvantage has led to several proposals where data sent by the RFID tag is 'hidden' by noisy signals generated by the RFID reader. The RFID reader can remove the noise but third-party adversaries cannot, thereby ensuring a confidential backward-channel for tag data without the need for cryptography. Although this is a promising research direction, there are also some practical limitations on the effectiveness of such schemes. This paper shows that at least one recent scheme is vulnerable to data recovery despite varying the reader's transmission power if there is a slight difference in the phase of the reader's blocking signal and the tag's data. We experimentally verify our attack and conclude that our eavesdropping and data recovery approach is efficient and realistic. Finally, we test possible mitigation methods and show that a combination of randomized step amplitude and step duration can be effective in mitigating our attack.

Research Area(s)

  • Eavesdropping, Jamming, Physical-layer security, RFID