HMAC-based RFID Authentication Protocol with Minimal Retrieval at Server

This paper proposes a HMAC-based RFID mutual authentication protocol to improve performance at the back- end server. In existing hash-based protocols, the tag ID is a secret value for privacy, so the back-end server computes a lot of hash operations or modular operations to retrieve the tag ID. In our protocol, the Tag ID is used as a secret key of HMAC and sends the tag ID XOR-ed by a random number, where XOR-ed tag ID is stored at the back-end server and the tag. The XOR-ed tag ID is changed every session like OTP. The tag sends XORed ID to the back-end server for authentication. Thus, simple matching operation is required to retrieve the tag ID. Therefore, our protocol is much more practical than existing protocols. Keyword- RFID; HMAC; mutual authentication

[1]  S. Devadas,et al.  Design and Implementation of PUF-Based "Unclonable" RFID ICs for Anti-Counterfeiting and Security Applications , 2008, 2008 IEEE International Conference on RFID.

[2]  Y.-C. Lee,et al.  An Improvement on RFID Authentication Protocol with Privacy Protection , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[3]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[4]  Berk Sunar,et al.  A tamper-proof and lightweight authentication scheme , 2008, Pervasive Mob. Comput..

[5]  Ya-ling Zhang,et al.  A HMAC-Based RFID Authentication Protocol , 2010, 2010 2nd International Symposium on Information Engineering and Electronic Commerce.

[6]  Sung Kwon Kim,et al.  Hash-Based RFID Tag Mutual Authentication Scheme with Retrieval Efficiency , 2011, 2011 IEEE Ninth International Symposium on Parallel and Distributed Processing with Applications.

[7]  Mete Akgün,et al.  Cryptanalysis of Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2011, 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications.

[8]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[9]  Masoumeh Safkhani,et al.  Cryptanalysis of Cho et al.'s Protocol, A Hash-Based Mutual Authentication Protocol for RFID Systems , 2011, IACR Cryptol. ePrint Arch..

[10]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[11]  Ayman I. Kayssi,et al.  A PUF-based ultra-lightweight mutual-authentication RFID protocol , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[12]  Maurizio Pizzonia,et al.  Efficient and practical authentication of PUF-based RFID tags in supply chains , 2010, 2010 IEEE International Conference on RFID-Technology and Applications.

[13]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[14]  Sang-Soo Yeo,et al.  Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value , 2011, Comput. Commun..

[15]  Xuefei Leng,et al.  HB-MP+ Protocol: An Improvement on the HB-MP Protocol , 2008, 2008 IEEE International Conference on RFID.

[16]  Yong Guan,et al.  Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.