Fast Identification of Blocked RFID Tags

The widely used RFID systems are vulnerable to the denial-of-service (DoS) attacks launched by malicious blocker tags. This paper studies how to quickly and completely identify the valid RFID tags that are blocked. The existing work that can seemingly address this problem suffers from either low time-efficiency or serious false positives. This paper proposes a hybrid approach that consists of two complementary component protocols, namely Aloha Filtering (AF) and Poll&Listen (PL). AF is fast but inaccurate, while PL is accurate but slow. Taking the merit of each protocol, our hybrid approach is to first repeat the fast AF for multiple rounds to quickly filter out the target tags that are definitely not blocked. Then, on the size-reduced remaining set that just contains a small number of suspicious tags, we invoke the accurate PL to verify the intactness of each suspicious tag with 100 percent confidence. We optimize the round count of AF that trades off between the time costs of AF and PL to minimize the total time of AF+PL. As required in the optimization process, we need to know the size of the blocked tag set and that of the unknown tag set, which, however, are not known in advance. To estimate these two set sizes, we propose a supplementary protocol called Simultaneous Estimation of the Blocked tag size and the Unknown tag size (SEBU). The key advantages of our approach over the prior art are four-fold. First, unlike the detection protocol that just discovers the existence of blocking attacks, our approach exactly identifies all the blocked target tags. Second, our approach is compliant with the C1G2 standard, and does not require any modifications to be made to the commercial RFID tags. It only needs to be installed on readers as a software module. Third, our approach does not involve any false positives. Finally, our approach significantly reduces the execution time when compared with the state-of-the-art schemes that can completely identify the blocked tags.