A Lightweight RFID Protocol to protect against Traceability and Cloning attacks

RFID identification is a new technology that will become ubiquitous as RFID tags will be applied to every-day items in order to yield great productivity gains or “smart” applications for users. However, this pervasive use of RFID tags opens up the possibility for various attacks violating user privacy. In this work we present an RFID authentication protocol that enforces user privacy and protects against tag cloning. We designed our protocol with both tag-to-reader and reader-to-tag authentication in mind; unless both types of authentication are applied, any protocol can be shown to be prone to either cloning or privacy attacks. Our scheme is based on the use of a secret shared between tag and database that is refreshed to avoid tag tracing. However, this is done in such a way so that efficiency of identification is not sacrificed. Additionally, our protocol is very simple and it can be implemented easily with the use of standard cryptographic hash functions. In analyzing our protocol, we identify several attacks that can be applied to RFID protocols and we demonstrate the security of our scheme. Furthermore, we show how forward privacy is guaranteed; messages seen today will still be valid in the future, even after the tag has been compromised.

[1]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[2]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[3]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[4]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[5]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[6]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[7]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[8]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[9]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[11]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[12]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[13]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.