Active Eavesdropping in FHSS RFID Systems
In this work, we first present a new attack on the frequency hopping spread spectrum (FHSS) RFID system called active eavesdropping attack. In most semi-passive and passive RFID systems, tag to reader communications are accomplished via backscattering modulation. This implies the tag is not required to identify the frequency of the legitimate reader's transmitted signal, it simply responds to a reader's query by setting its impedance in the circuitry to low and high to represent bit 1 and 0. The adversary exploits this design weakness of the tag and broadcasts his own continuous wave (CW) at a different frequency. Consequently, the eavesdropper receives two copies of response: one from his own broadcasted CW and one from reader's CW. This attack allows the adversary to combine two copies of response together and achieve a better decoding performance. We then perform theoretical analysis to show the optimal strategy that can be employed by the adversary. Finally, we conduct simulations and experiments to verify with our theoretical results.