Dr. Dale R. Thompson, broadly speaking, works in computer and network systems, security and privacy. "I am interested in designing and securing any distributed system, like the Internet," he says. Presently, he's applying that interest to radio frequency identification, also known as RFID.

"I believe RFID tags embedded in objects will become the standard way to identify objects to provide the link between the physical and cyber worlds," he says. "However, it is easy to clone RFID tags by copying the contents of the memory to a new tag to create a counterfeit tag that can be attached to a counterfeit product."

RFID tags are also vulnerable to side-channel attacks, in which physical characteristics of the chip, such as power consumption or timing delays, are observed and used to calculate information about the data in the chip, such as how the data has been encrypted. Until RFID tags can be made more secure against both of these vulnerabilities, the usefulness of RFID will be limited.

Thompson, together with Dr. Jia Di, has been working since 2007 to develop cost-effective and reliable anti-counterfeiting techniques to prevent cloning of RFID tags.

The project began when Thompson observed students taking measurements of RFID tags at the UA RFID Research Center. "I noticed that every tag had a unique set of measurements," he says. "I thought that being able to identify each individual tag would be beneficial in some applications." For example, "being able to uniquely identify travel documents, such as the new e-passport that has an RFID tag in it, has great value in the area of security."

The goal of this research, then, is to create a standardized, high-quality electronic fingerprint (e-fingerprint) based on these unique measurements, to authenticate pervasive electronic devices. They have already identified a number of features of passive RFID tags which can be used to uniquely identify them, such as the minimum power needed to cause the tag to respond at a variety of frequencies, and the frequency components of its response. They are in the process of ranking these features to create the e-fingerprint, with a focus on those features that are easy and inexpensive to measure but still identify the tag with high probability. In addition, they intend to design specialized authentication protocols to use this e-fingerprint, since current authentication protocols are based on cryptography, which is effective but requires more computational power than an RFID chip can provide.

Meanwhile, they have not forgotten the threat of side-channel attacks. They have designed circuits intended to use constant power and timing, and are analyzing the results with simulations. "It sounds simple, but it is more complex than you think," says Thompson. "Processing a binary one requires more power than processing a binary zero in traditional logic circuits."

Eventually, they hope to offer a variety of mitigating techniques that provide different levels of protection and have different requirements in cost and implementation complexity, in order to provide appropriately secure and flexible solutions for different applications.

This work is supported by the National Science Foundation CISE/CNS and the Cyber Trust area support under contract CNS-0716578, and has resulted in two papers, with a third in review.