Implementing public-key cryptography on passive RFID tags is practical

Passive radio-frequency identification (RFID) tags have long been thought to be too weak to implement public-key cryptography: It is commonly assumed that the power consumption, gate count and computation time of full-strength encryption exceed the capabilities of RFID tags. In this paper, we demonstrate that these assumptions are incorrect. We present two low-resource implementations of a 1,024-bit Rabin encryption variant called WIPR—in embedded software and in hardware. Our experiments with the software implementation show that the main performance bottleneck of the system is not the encryption time but rather the air interface and that the reader’s implementation of the electronic product code Class-1 Generation-2 RFID standard has a crucial effect on the system’s overall performance. Next, using a highly optimized hardware implementation, we investigate the trade-offs between speed, area and power consumption to derive a practical working point for a hardware implementation of WIPR. Our recommended implementation has a data-path area of 4,184 gate equivalents, an encryption time of 180  ms and an average power consumption of 11 $$\upmu $$μW, well within the established operating envelope for passive RFID tags.

[1]  Rodrigo Roman,et al.  User-centric secure integration of personal RFID tags and sensor networks , 2013, Secur. Commun. Networks.

[2]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[3]  Avishai Wool,et al.  Toward practical public key anti-counterfeiting for low-cost EPC tags , 2011, 2011 IEEE International Conference on RFID.

[4]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[5]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[6]  Manfred Josef Aigner,et al.  D4.2.2 Secure Semi-Passive RFID Tags – Prototype and Analysis , 2008 .

[7]  Avishai Wool,et al.  A Secure Supply-Chain RFID System that Respects Your Privacy , 2014, IEEE Pervasive Computing.

[8]  Klaus Finkenzeller,et al.  Rfid Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification , 2003 .

[9]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[10]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[11]  Serge Vaudenay,et al.  When Stream Cipher Analysis Meets Public-Key Cryptography , 2006, Selected Areas in Cryptography.

[12]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[13]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[14]  Guevara Noubir,et al.  The F_f-Family of Protocols for RFID-Privacy and Authentication , 2011, IEEE Transactions on Dependable and Secure Computing.

[15]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[16]  Martin Feldhofer,et al.  Security-Enabled Near-Field Communication Tag With Flexible Architecture Supporting Asymmetric Cryptography , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[17]  Yvonne Schuhmacher,et al.  Rfid Handbook Fundamentals And Applications In Contactless Smart Cards And Identification , 2016 .

[18]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[19]  Adi Shamir,et al.  Memory Efficient Variants of Public-Key Schemes for Smart Card Applications , 1994, EUROCRYPT.

[20]  Jiang Wu,et al.  How to improve security and reduce hardware demands of the WIPR RFID protocol , 2009, 2009 IEEE International Conference on RFID.

[21]  Ingrid Verbauwhede,et al.  Hierarchical ECC-Based RFID Authentication Protocol , 2011, RFIDSec.

[22]  Daniel M. Dobkin The RF in RFID, Second Edition: UHF RFID in Practice , 2012 .

[23]  Thomas Unterluggauer,et al.  8/16/32 Shades of Elliptic Curve Cryptography on Embedded Processors , 2013, INDOCRYPT.

[24]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[25]  Martin Feldhofer,et al.  A low-resource public-key identification scheme for RFID tags and sensor nodes , 2009, WiSec '09.

[26]  Anna M. Johnston Digitally Watermarking RSA Moduli , 2001, IACR Cryptol. ePrint Arch..

[27]  Klaus Finkenzeller,et al.  Book Reviews: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd ed. , 2004, ACM Queue.

[28]  Berk Sunar,et al.  State of the art in ultra-low power public key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[29]  Martin Feldhofer,et al.  WIPR Public Key Identi cation on Two Grains of Sand , 2008 .

[30]  Johannes Wolkerstorfer,et al.  ECC Processor with Low Die Size for RFID Applications , 2007, 2007 IEEE International Symposium on Circuits and Systems.