Reverse Engineering a Passive UHF tag
This tutorial will cover the system implementation of a passively-powered RFID tag, with a focus on the digital circuits and systems considerations. This talk will give an overview of practical RF issues, implementation and system issues from the perspective of the integrated circuits, as well as discuss the state of cryptography and security for RFID tags. This tutorial will give the overview of the system requirements for a theoretical tag that was reversed engineered from the Gen2 specification.
RFID Tag Systems Overview
- Gen2 Tag Overview
- Physical Description
- Protocol Overview
- Electrical Overview
- Economic Considerations (IC-perspective)
- RFID considerations
- Frequency
- Accuracy
- Interference
- Analog and digital
- Transistor Review
- General operation
- Diode-connected MOSFETs
- Analog components
- Power
- Demodulation
- Modulation
- Analog Power
- Charge pump
- Double-antenna implementation
- Bounds of operation
- Analog Demodulation
- AM demodulation (FM0)
- Clock generation (types)
- Analog Modulation
- Digital components
- PRNG
- Decoding data
- System Overview
- Gen2 Commands
- Packet Format
- Enumeration Procedure
- Commands
- Command processing
- Managing Tags
- Interrogator “Query” and “RN16” response.
- Collisions
- Cryptography
- Security and Privacy
- Gen2 Extensions
Speaker Biography
Dr. Brian P. Degnan received degrees in Mechanical and Computer Engineering from the Rose-Hulman Institute of Technology in 2000 and 2003 respectively after a stint studying Computer Science at the Kanazawa Institute of Technology. He earned his Ph.D in Electrical Engineering from the Georgia Institute of Technology in 2013 with a research focus of subthreshold, temperature robust circuit architectures. He is a serial entrepreneur who has taken several products from concept to sales, including video encoders and current measurement equipment. Dr. Brian Degnan’s research focus is power-constrained processing and getting the most use out of the electron. His research interests include subthreshold asynchronous digital and reprogrammable architectures, as well as lightweight encryption implementations for power constrained systems. He is currently a Postdoc under Dr. Greg Durgin with the propagation group at Georgia Tech. Brian Degnan’s work on strong encryption for passively-powered RFID and IoT is sponsored Intelligence Community Postdoctoral Research Fellowship Program at the Georgia Institute of Technology, administered by Oak Ridge Institute for Science and Education through an interagency agreement between the U.S. Department of Energy and the Office of the Director of National Intelligence.