A hidden mutual authentication protocol for low-cost RFID tags

Radio-frequency identification (RFID) technology enables the identification and tracking of objects by means of the wireless signals emitted by a tag attached to the objects of interest. Without adequate protection, however, malicious attackers can easily eavesdrop, scan or forge the information within the tag, thereby threatening the integrity of the system. Previous research has shown that the basic security requirements of RFID systems, i.e. identity authentication, information privacy and location privacy, can be satisfied using conventional cryptographic components. However, such components are expensive, and therefore conflict with the general requirement for low-cost tag designs. Accordingly, this paper presents a low-cost challenge-response security protocol designated as the hidden mutual authentication protocol (HMAP) to accomplish both a mutual authentication capability between the tag and the reader and information privacy. The results show that HMAP provides an efficient means of concealing the authentication messages exchanged between the tag and the reader and is robust toward replay attacks. In addition, it is shown that HMAP is easily extended to provide complete location privacy by utilizing a hash function to generate different tag identifiers in each authentication session. Copyright © 2011 John Wiley & Sons, Ltd.

[1]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[2]  Yang Xiao,et al.  Radio frequency identification: technologies, applications, and research issues , 2007, Wirel. Commun. Mob. Comput..

[3]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[4]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[5]  Alex X. Liu,et al.  PAP: A privacy and authentication protocol for passive RFID tags , 2009, Comput. Commun..

[6]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[7]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[8]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[9]  Jong Hyuk Park Security analysis of mCrypton proper to low-cost ubiquitous computing devices and applications , 2009 .

[10]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[11]  Ari Juels,et al.  Soft blocking: flexible blocker tags on the cheap , 2004, WPES '04.

[12]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[13]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..

[14]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[15]  Soo-Young Kang,et al.  A study on secure RFID mutual authentication scheme in pervasive computing environment , 2008, Comput. Commun..

[16]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[17]  M. Feldhofer An authentication protocol in a security layer for RFID smart tags , 2004, Proceedings of the 12th IEEE Mediterranean Electrotechnical Conference (IEEE Cat. No.04CH37521).

[18]  Tsuyoshi Takagi,et al.  A hybrid approach for privacy-preserving RFID tags , 2009, Comput. Stand. Interfaces.

[19]  Whitfield Diffie,et al.  Multiuser cryptographic techniques , 1976, AFIPS '76.