Abstract
RFID technology is a ubiquitous technology, and seems destined to become more a more ubiquitous. Traditional cryptographic primitives are not supported on low-cost RFID tags since, at most, 4K gates can be devoted to security-related tasks. Despite this, there are a vast number of proposals based on the use of classical hash functions, an assumption that is not realistic (at least at the present time). Furthermore, none of the published authentication protocols are resistant to active attacks. We try to address these two issues in this work by designing a new authentication protocol, secure against passive and active attacks, inspired by Shieh et al.’s protocol for smart-cards, but adapted to RFID systems. The original Shieh et al.’s scheme is considered one of the most secure an efficient protocols in the smart-card field. Because in this protocol tags should support a hash-function on-board, a new lightweight hash function, named Tav-128, is also proposed. A preliminary security analysis is shown, as well as a study on its hardware complexity, which concludes that its implementation is possible with around 2.6K gates.
Chapter PDF
Similar content being viewed by others
References
Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)
Juels, A.: RFID security and privacy: A research survey. Manuscript (2005)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: RFID systems: A survey on security threats and proposed solutions. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 159–170. Springer, Heidelberg (2006)
Piramuthu, S.: Protocols for RFID tag/reader authentication. Decision Support Systems 43, 897–914 (2007)
Ranasinghe, D., Engels, D., Cole, P.: Low-cost RFID systems: Confronting security and privacy. In: Auto-ID Labs Research Workshop (2004)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: Proc. of RFID Privacy Workshop (2003)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Proc. of ACM CCS 2004, pp. 210–219 (2004)
Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-response based RFID authentication protocol for distributed database environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 70–84. Springer, Heidelberg (2005)
Sarma, S., Weis, S., Engels, D.: RFID systems and security and privacy implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–470. Springer, Heidelberg (2003)
Cui, Y., Kobara, K., Matsuura, K., Imai, H.: Lightweight asymmetric privacy-preserving authentication protocols secure against active attack. In: Proc. of PerSec 2007 (2007)
Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: Public key cryptography for RFID-tags. In: Proc. of PerSec 2007 (2007)
McLoone, M., Robshaw, M.: Public key cryptography and RFID tags. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, Springer, Heidelberg (2006)
Shieh, W.G., Wang, J.M.: Efficient remote mutual authentication and key agreement. Computers & Security 25(1), 72–77 (2006)
EPCGlobal: EPC Generation-1 Tag Data Standards version 1.1, http://www.epcglobalinc.org/standards/
EPCGlobal: Class-1 Generation-2 UHF Air Interface Protocol Standard version 1.0.9: “Gen 2”, http://www.epcglobalinc.org/standards/
Nguyen Duc, D., Park, J., Lee, H., Kwangjo, K.: Enhancing security of EPCglobal gen-2 RFID tag against traceability and cloning. In: Proc. of Symposium on Cryptography and Information Security, Hiroshima, Japan (2006)
Kim, K.H., Choi, E.Y., Lee, S.M., Lee, D.H.: Secure EPCglobal Class-1 Gen-2 RFID system against security and privacy problems. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4277, pp. 362–371. Springer, Heidelberg (2006)
Feldhofer, M., Rechberger, C.: A case against currently used hash functions in RFID protocols. In: Proc. of RFIDSec 2006 (2006)
Yksel, K., Kaps, J., Sunar, B.: Universal hash functions for emerging ultra-low-power networks. In: Proc. of CNDS 2004 (2004)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199 (2004)
Wang, X., Lisa Yin, Y., Yu, H.: Finding collisions in the full SHA-1. In: Proc. of CRYPTO 2005, pp. 17–36 (2005)
Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda-Garnacho, A., Ramos-Alvarez, B.: Wheedham: An automatically designed block cipher by means of genetic programming. In: Proc. of CEC 2006, pp. 192–199 (2006)
Walker, J.: Randomness Battery (1998), http://www.fourmilab.ch/random/
Marsaglia, G., Tsang, W.: Some difficult-to-pass tests of randomness. Journal of Statistical Software 7(3), 37–51 (2002)
Suresh, C., Charanjit, J., Rao, J., Rohatgi, P.: A cautionary note regarding evaluation of AES candidates on smart-cards. In: Second Advanced Encryption Standard (AES) Candidate Conference (1999)
Lohmmann, T., Schneider, M., Ruland, C.: Analysis of power constraints for cryptographic algorithms in mid-cost RFID tags. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 278–288. Springer, Heidelberg (2006)
Hell, M., Johansson, T., Meier, W.: Grain - a stream cipher for constrained enviroments. In: Proc. of RFIDSec 2005 (2005)
Roberts, C.: Radio frequency identification (RFID). Computers and Security 25(1), 18–26 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A. (2007). An Efficient Authentication Protocol for RFID Systems Resistant to Active Attacks. In: Denko, M.K., et al. Emerging Directions in Embedded and Ubiquitous Computing. EUC 2007. Lecture Notes in Computer Science, vol 4809. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77090-9_71
Download citation
DOI: https://doi.org/10.1007/978-3-540-77090-9_71
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77089-3
Online ISBN: 978-3-540-77090-9
eBook Packages: Computer ScienceComputer Science (R0)