Serialized TID numbers - A headache or a blessing for RFID crackers?

Abstract

Though transponder ID (TID) numbers of RFID tags were originally introduced to identify the chip model, serialized TID numbers are currently advertised as security features of UHF chips. Serialized TID numbers do not provide any cryptographic protection, but they do introduce a practical hurdle against adversaries who want to clone RFID tags today. Furthermore, serialized TID numbers are important for end-users who want to protect their current UHF tags from cloning since cryptographic tags are not yet commercially available in that frequency range. In this overview paper, we analyze the suitability of serialized TID numbers for security applications by evaluating the effort to bypass the TID check based on known vulnerabilities and we compare this effort to the needed level of protection in an example of anti-counterfeiting in the tobacco industry. The analysis illustrates that the practical hurdle of TID checks is not high enough for industrial-scale security applications and that it can completely diminish due to commodification of the RFID technology. However, end-users of security applications can still benefit from the increased tag cloning resistance that serialized TID numbers provide before migrating to more secure solutions.