A Case Against Currently Used Hash Functions in RFID Protocols

Designers of RFID security protocols can choose between a wide variety of cryptographic algorithms However, when implementing these algorithms on RFID tags fierce constraints have to be considered Looking at the common assumption in the literature that hash functions are implementable in a manner suitable for RFID tags and thus heavily used by RFID security protocol designers we claim the following Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the Advanced Encryption Standard (AES) instead of hash functions from the SHA family as building blocks for RFID security protocols In turn, we present a low-power architecture for the widely recommended hash function SHA-256 which is the basis for the smallest and most energy-efficient ASIC implementation published so far To back up our claim we compare the achieved results with the smallest available AES implementation The AES module requires only a third of the chip area and half of the mean power Our conclusions are even stronger since we can show that smaller hash functions like SHA-1, MD5 and MD4 are also less suitable for RFID tags than the AES Our analysis of the reasons of this result gives some input for future hash function designs.

[1]  Luigi Dadda,et al.  The design of a high speed ASIC unit for the hash function SHA-256 (384, 512) , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[2]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[3]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[4]  Manfred Josef Aigner,et al.  A Universal And Efficient SHA-256 Implementation for FPGAs , 2004 .

[5]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Sandra Dominikus,et al.  A hardware implementation of MD4-family hash algorithms , 2002, 9th International Conference on Electronics, Circuits and Systems.

[7]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[8]  Berk Sunar,et al.  Energy Comparison of AES and SHA-1 for Ubiquitous Computing , 2006, EUC Workshops.

[9]  Akashi Satoh,et al.  ASIC hardware focused comparison for hash functions MD5, RIPEMD-160, and SHS , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[10]  Dong Hoon Lee,et al.  Efficient RFID Authentication Protocol for Ubiquitous Computing Environment , 2005, EUC Workshops.

[11]  Ingrid Verbauwhede,et al.  Secure and Low-cost RFID Authentication Protocols , 2005 .

[12]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[13]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[14]  Odysseas G. Koufopavlou,et al.  Implementation of the SHA-2 Hash Family Standard Using FPGAs , 2005, The Journal of Supercomputing.