I am working on a project, where I am using RFID tags, and RFID reader for some sort of authentications.
But after searching for a while, I found that passive RFID tags can be cloned. Is there any way to make copy proof? (As far I know it is not possible.)
What logic should I use that won't allow duplicate card to not get access? (By using software or hardware logic.)
What is the latest happening in RFID and NFC technologies?
Best Answer
Yes, it is quite possible to make passive tags secure, but the tag must have some local processing power, not just a static read-only memory that it reads out.
The general algorithm is called "challenge-response". The reader and the tag share some secret piece of data, but this data is never transmitted over the air. Instead, the reader chooses some random data, sends this to the tag, which performs a cryptographically-secure transformation on the data that depends on the secret data, and then sends the transformed data back to the reader. Internally, the reader performs the same transformation, and if the two results match, then the tag is known to be valid.
Such a tag cannot be cloned simply by eavesdropping on the radio signal. Of course, if an attacker physically opens the tag and reads out the secret data (along with the transformation algorithm), all bets are off.