skip to main content
research-article

Lightweight RFID authentication with forward and backward security

Published:06 June 2011Publication History
Skip Abstract Section

Abstract

We propose a lightweight RFID authentication protocol that supports forward and backward security. The only cryptographic mechanism that this protocol uses is a pseudorandom number generator (PRNG) that is shared with the backend Server. Authentication is achieved by exchanging a few numbers (3 or 5) drawn from the PRNG. The lookup time is constant, and the protocol can be easily adapted to prevent online man-in-the-middle relay attacks. Security is proven in the UC security framework.

References

  1. Arapinis, M., Delaune, S., and Kremer, S. 2008. From one session to many: Dynamic tags for security protocols. In Proceedings of the 15th International Conference on Logic for Programming Artificial Intelligence and Reasoning (LPAR'08). Lecture Notes in Computer Science, vol. 5330, Springer, Berlin, 128--142. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Avoine, G. 2010. http://www.avoine.net/rfid/.Google ScholarGoogle Scholar
  3. Avoine, G., Buttyan, L., Holczer, T., and Vajda, I. 2007. Group-based private authentication. In Proceedings of the IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks. IEEE, Los Alamitos, CA, 1-6.Google ScholarGoogle Scholar
  4. Avoine, G. and Oechslin, P. 2005. A scalable and provably secure hash-based RFID protocol. In Proceedings of the 3rd IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'05). IEEE, Los Alamitos, CA, 110--114. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Barak, B. and Halevi, S. 2005. A model and architecture for pseudo-random generation with applications to /dev/random. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05). ACM, New York, 203--212. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bengio, S., Brassard, G., Desmedt, Y., Goutier, C., and Quisquater, J.-J. 1991. Secure implementations of identification systems. J. Cryptology 4, 3, 175--183.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y., and Vikkelsoe, C. 2007. Present: An ultra-lightweight block cipher. In Cryptographic Hardware and Embedded Systems (CHES), P. Paillier and I. Verbauwhede (Eds.), Lecture Notes in Computer Science, vol. 4727. Springer, Berlin, 450--466. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Burmester, M., Le, T. V., and De Medeiros, B. 2006a. Provably secure ubiquitous systems: Universally composable RFID authentication protocols. In Proceedings of the 2nd IEEE/CreateNet International Conference on Security and Privacy in Communication Networks (SECURECOMM'06). IEEE, Los Alamitos, CA.Google ScholarGoogle ScholarCross RefCross Ref
  9. Burmester, M., Le, T. V., and De Medeiros, B. 2006b. Towards provable security for ubiquitous applications. In Information Security and Privacy, L.M. Batten and R. Safavi-Naini (Eds.), Lecture Notes in Computer Science, vol. 4058, Springer, Berlin, 295--312. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Burmester, M. and De Medeiros, B. 2008. The security of EPC Gen2 compliant RFID protocols. In Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS'08), S.M. Bellovin et al. (Eds.), Lecture Notes in Computer Science, vol. 5037. Springer, Berlin, 490--506. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Burmester, M., De Medeiros, B., and Motta, R. 2008a. Provably secure grouping-proofs for RFID tags. In Smart Card Research and Advanced Applications, G. Grimaud and F.-X. Standaert (Eds.), Lecture Notes in Computer Science, vol. 5189, Springer, Berlin, 176--190. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Burmester, M., De Medeiros, B., and Motta, R. 2008b. Robust, anonymous RFID authentication with constant key-lookup. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), M. Abe and V.D. Gligor (Eds.), ACM, New York, 283--291. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Burmester, M. and De Medeiros, B. 2009. On the security of route discovery in MANETs. IEEE Trans. Mobile Comput. 8, 9, 1180--1188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Burmester, M. and Munilla, J. 2009. A Flyweight RFID authentication protocol. Tech. rep., Workshop on RFID.Google ScholarGoogle Scholar
  15. Burmester, M., De Medeiros, B., Munilla, J., and Peinado, A. 2009a. Secure EPC Gen2 compliant radio frequency identification. In Proceedings of the Conference on Ad-Hoc Mobile and Wireless Networks. P.M. Ruiz and J.J. Garcia-Luna-Aceves (Eds.), Lecture Notes in Computer Science, vol. 5793, Springer, Berlin, 227--240. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Burmester, M., Le, T. V., De Medeiros, B., and Tsudik, G. 2009b. Universally composable RFID identification and authentication protocols. ACM Trans. Inform. Syst. Security 12, 4, 1--33. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Canniere, C., Dunkelman, O., and Knezevic, M. 2009. KATAN and KTANTAN—A family of small and efficient hardware-oriented block ciphers. In Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems (CHES'09), Springer, Berlin, 272--288. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Chen, C.-L. and Deng, Y.-Y. 2009. Conformation of EPC class 1 generation 2 standards RFID system with mutual authentication and privacy protection. Eng. Appl, Artif. Intell. 22, 8, 1284--1291. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Choi, E. Y., Lee, D. H., and Lim, J. I. 2009. Anti-cloning protocol suitable to Epcglobal class-1 generation-2 RFID systems. Comput. Standards Interfaces 31, 6, 1124--1130. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Coppersmith, D., Krawczyk, H., and Mansour, Y. 1994. The shrinking generator. In Advances in Cryptology (CRYPTO'93), Lecture Notes in Computer Science, vol. 773, Springer, Berlin, 22--39. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Dimitriou, T. 2006. A secure and efficient RFID protocol that can make big brother obsolete. In Proceedings of the International Conference on Pervasive Computing and Communications (PerCom'06). IEEE, Los Alamitos, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. EPC Global. EPC tag data standards, vs. 1.3. http://www.epcglobalinc.org/standards/EPCglobal Tag Data Standard TDS Version 1.3.pdf.Google ScholarGoogle Scholar
  23. Fedhofer, M., Wokerstorfer, J., and Rijmen, V. 2005. AES implementation on a grain of sand. In IEE Proc. Inf. Secur.152, 1, 13--20.Google ScholarGoogle ScholarCross RefCross Ref
  24. Goldreich, O., Goldwassser, S., and Micali, S. 1986. How to construct pseudorandom functions. J. ACM 33, 4. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Goldreich, O., Micali, S., and Widgerson, A. 1987. How to play any mental game. In Proceedings of the19th Symposium on Theory of Computing (STOC'87). ACM, New York, 218--229. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Hell, M., Johansson, T., and Meier, W. 2005. Grain—A stream cipher for constrained environments. eSTREAM, Ecrypt stream cipher. Tech. rep. 2005/010, ECRYPT (European Network of Excellence for Cryptology).Google ScholarGoogle Scholar
  27. Herici, D. and Muller, P. M. 2004. Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications. IEEE, Los Alamitos, CA, 149--153. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Hu, Y., Perrig, A., and Johns On, D. B. 2006. Wormhole attacks in wireless networks. IEEE J. Select. Areas Comm. 24, 370--380. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Huang, H.-H. and Ku, C.-Y. 2009. A RFID grouping proof protocol for medication safety of inpatient. J. Medical Syst. 33, 6, 467--474. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Juels, A. 2004. “Yoking-proofs” for RFID tags. In Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW'04), IEEE, Los Alamitos, CA, 138--142. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Juels, A. and Weis, S. A. 2009. Defining strong privacy for RFID. ACM Trans. Inform. Syst. Security 13, 1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Kelsey, J., Schneier, B., Wagner, D., and Hall, C. 1998. Cryptanalytic attacks on pseudorandom number generators. In, Proceedings of the 5th International Workshop on Fast Software Encryption (FSE'98). Springer, Berlin, 168--188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Kim, C. H., Avoine, G., Koeune, F., Standaert, F.-X., and Pereira, O. 2008. The Swiss-knife RFID distance bounding protocol. In Information Security and Cryptology (ICISC'08), P.J. Lee and J.H. Cheon (Eds.), Lecture Notes in Computer Science, vol. 5461. Springer, Berlin, 98--115. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Lee, H. And Hong, D. 2006. The tag authentication scheme using self-shrinking generator on RFID sys- tem. Trans. Eng. Comput. Technol.18, 52--57.Google ScholarGoogle Scholar
  35. Mangard, S., Popp, T., and Oswald, M. E. 2007. Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Menezes, A., Van Oorschot, P., and Vanstone, S. 1996. Handbook of Applied Cryptography. CRC Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Mentens, N., Genoe, J., Preneel, B., and Verbauwhede, I. 2008. A low-cost implementation of Trivium. In Pre-proceedings SASC'08, 197--204.Google ScholarGoogle Scholar
  38. Michahelles, F., Thiesse, F., Schmidt, A., and Williams, J. R. 2007. Pervasive RFID and near field communication technology. IEEE Pervasive Comput. 6, 3, 94--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Molnar, D., Soppera, A., and Wagner, D. 2006. A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In Proceedings of the Workshop on Selected Areas in Cryptography (SAC'05). Lecture Notes in Computer Science, vol. 3897, Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Munilla, J., Ortiz, A., and Peinado, A. 2006. Distance bounding protocols with void-challenges for RFID. In International Conference on RFID Security (RFIDSec 2006).Google ScholarGoogle Scholar
  41. Ohkubo, M., Suzuki, K., and Kinoshita, S. 2003. Cryptographic approach to “privacy-friendly” tags. In Proceedings of the RFID Privacy Workshop.Google ScholarGoogle Scholar
  42. Paise, R.-I. and Vaudenay, S. 2008. Mutual authentication in RFID: Security and privacy. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), M. Abe and V.D. Gligor (Eds.), ACM, New York, 292--299. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., and Ribagorda, A. 2009. LAMED - A PRNG for EPC class-1 generation-2 RFID specification. Comput. Standard Interfaces 31, 1, 88--97. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Poschmann, A., Leander, G., Schramm, K., and Paar, C. 2007. New lightweight crypto algorithms for RFID. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS'07), IEEE, Los Alamitos, CA, 1843--1846.Google ScholarGoogle Scholar
  45. Qingling, C., Yiju, Z., and Yonghua, W. 2008. A minimalist mutual authentication protocol for RFID system and BAN logic analysis. In Proceedings of the International Colloquium on Computing, Communication, Control and Management (ISECS). 2, 449--453. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., and Vo, S. 2001. A statistical test suite for random and pseudo-random number generators for cryptographic applications. Tech.rep. http://csrc.nist.gov/rng/.Google ScholarGoogle Scholar
  47. Seo, D., Baek, J., and Cho, D. 2005. Secure RFID authentication scheme for EPC class Gen2. In Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication (ICUIMC'09), 221--227. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Sharma, S. E., Weiss, S. A., and Engels, D. W. 2003. RFID systems and security and privacy implications. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES'02), Lecture Notes in Computer Science, vol. 2523. Springer, Berlin, 454--469. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Sun, H.-M. and Ting, W.-C. 2009. A Gen2-based RFID authentication protocol for security and privacy. IEEE Trans. Mobile Comput. 99, 1, 1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Van Le, T., Burmester, M., and De Medeiros, B. 2007. Universally composable and forward-secure RFID authentication and authenticated key exchange. In Proceedings of the ACM Symposium on Information, Computer, and Communications Security (ASIACCS'07). ACM, New York, 242--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Vaudenay, S. 2007. On privacy models for RFID. In Proceedings of the 13th International Conference on Theory and Application of Cryptology and Information Security (ASIACRYPT'07), M. Abe and V.D. Gligor (Eds.), ACM, New York, 68--87. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Walker, J. 1998. Randomness battery. Tech. rep. http://csrc.nist.gov/rng/,Google ScholarGoogle Scholar
  53. Zhang, D., Manolopoulos, Y., Theodoridis, Y., and Tsotras, V. 2009. Power analysis attacks—Revealing the secrets of smart cards. In Encyclopedia of Database Systems, L. Liu and M. Tamer Ozsu (Eds.), Springer, Berlin.Google ScholarGoogle Scholar

Index Terms

  1. Lightweight RFID authentication with forward and backward security

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Information and System Security
          ACM Transactions on Information and System Security  Volume 14, Issue 1
          May 2011
          366 pages
          ISSN:1094-9224
          EISSN:1557-7406
          DOI:10.1145/1952982
          Issue’s Table of Contents

          Copyright © 2011 ACM

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 6 June 2011
          • Accepted: 1 August 2010
          • Revised: 1 June 2010
          • Received: 1 January 2010
          Published in tissec Volume 14, Issue 1

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader