In this paper, we present a generalized framework for active eavesdropping in a frequency hopping spread spectrum passive radio frequency identification system. In our model, there exists an adversarial reader who is able to transmit its own continuous wave signal outside the frequency band of the legitimate reader. Due to the fact that under backscatter modulation, the tag cannot distinguish different frequencies and simply sets the impedance in its circuitry to either low or high to reflect a bit of 1 or 0, and the adversarial reader's received signal is a weighted sum of the response to both its own signal and the legitimate reader's signal. Using this model, we provide a theoretical analysis of the capability of the adversarial reader in terms of the decoding error probability for slow frequency and fast frequency hopping systems. We derive analytic formulas and conduct experiments using software defined radios that act as the legitimate reader, the adversarial reader, and Intel Wireless Identification Sensing Platform tags with parameters as specified in EPC Gen2. Simulations are also used to validate our findings. We find from the theoretical analysis as well the experimental results that the active eavesdropper can achieve a better decoding error rate than a conventional passive eavesdropper, even in the case that the eavesdropper's signal is a low power signal.

• 出版日期2016-7