A Flyweight RFID Authentication Protocol

In this paper we first discuss the security threats that have to be addressed when dealing with lightweight RFID protocols: in particular, privacy/integrity attacks that compromise the forward and backward security of tags. We then analyze some recently proposed EPCGen2 compliant protocols. Finally, we propose a lightweight RFID authentication protocol that supports session unlinkability with forward and backward security. The only cryptographic mechanism that this protocol uses is a synchronized pseudorandom number generator (RNG), that is shared with the backend Server. Authentication is achieved by using a few numbers (3 or 5) drawn from the RNG. The protocol is optimistic with constant key-lookup, and can easily be implemented on an EPCGen2

[1]  Tassos Dimitriou,et al.  A secure and efficient RFID protocol that could make big brother (partially) obsolete , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[2]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[3]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[4]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[5]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[6]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[7]  Mike Burmester,et al.  Robust, anonymous RFID authentication with constant key-lookup , 2008, ASIACCS '08.

[8]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[9]  Mike Burmester,et al.  The Security of EPC Gen2 Compliant RFID Protocols , 2008, ACNS.

[10]  Bruce Schneier,et al.  Cryptanalytic Attacks on Pseudorandom Number Generators , 1998, FSE.

[11]  Hugo Krawczyk,et al.  The Shrinking Generator , 1994, CRYPTO.

[12]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[13]  Juan E. Tapiador,et al.  LAMED - A PRNG for EPC Class-1 Generation-2 RFID specification , 2009, Comput. Stand. Interfaces.

[14]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[15]  Mike Burmester,et al.  Secure EPC Gen2 Compliant Radio Frequency Identification , 2009, ADHOC-NOW.

[16]  Chin-Ling Chen,et al.  Conformation of EPC Class 1 Generation 2 standards RFID system with mutual authentication and privacy protection , 2009, Eng. Appl. Artif. Intell..

[17]  Shai Halevi,et al.  A model and architecture for pseudo-random generation with applications to /dev/random , 2005, CCS '05.

[18]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[19]  Zhan Yiju,et al.  A Minimalist Mutual Authentication Protocol for RFID System & BAN Logic Analysis , 2008, 2008 ISECS International Colloquium on Computing, Communication, Control, and Management.

[20]  Cheng-Yuan Ku,et al.  A RFID Grouping Proof Protocol for Medication Safety of Inpatient , 2008, Journal of Medical Systems.

[21]  Dong Hoon Lee,et al.  Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems , 2009, Comput. Stand. Interfaces.

[22]  Levente Buttyán,et al.  Group-Based Private Authentication , 2007, 2007 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[23]  Serge Vaudenay,et al.  Mutual authentication in RFID: security and privacy , 2008, ASIACCS '08.

[24]  S.A. Weis RFID privacy workshop , 2004, IEEE Security & Privacy Magazine.

[25]  John R. Williams,et al.  Pervasive RFID and Near Field Communication Technology , 2007, IEEE Pervasive Computing.

[26]  Gene Tsudik,et al.  Universally Composable RFID Identification and Authentication Protocols , 2009, TSEC.

[27]  Hung-Min Sun,et al.  A Gen2-Based RFID Authentication Protocol for Security and Privacy , 2009, IEEE Transactions on Mobile Computing.

[28]  Dae-Hee Seo,et al.  Secure RFID authentication scheme for EPC class Gen2 , 2009, ICUIMC '09.

[29]  Mike Burmester,et al.  Towards Provable Security for Ubiquitous Applications , 2006, ACISP.

[30]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[31]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[32]  Mike Burmester,et al.  On the Security of Route Discovery in MANETs , 2009, IEEE Transactions on Mobile Computing.

[33]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[34]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[35]  Yvo Desmedt,et al.  Secure Implementations of Identification Systems , 1991, J. Cryptol..

[36]  Hangrok Lee,et al.  The Tag Authentication Scheme using Self-Shrinking Generator on RFID System , 2008 .

[37]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[38]  Samy Bengio,et al.  Secure implementation of identification systems , 2004, Journal of Cryptology.

[39]  Mike Burmester,et al.  Provably Secure Grouping-proofs for RFID tags , 2008, IACR Cryptol. ePrint Arch..

[40]  Stéphanie Delaune,et al.  From One Session to Many: Dynamic Tags for Security Protocols , 2008, LPAR.