A low-resource public-key identification scheme for RFID tags and sensor nodes

We revisit a public key scheme presented by Shamir in [19] (and simultaneously by Naccache in [15]) and examine its applicability for general-purpose RFID tags in the supply chain. Using a combination of new and established space-saving methods, we present a full-fledged public key identification scheme, which is secure yet highly efficient. The 1024-bit scheme fits completely (including RAM) into 4682 gate equivalents and has a mean current consumption of 14.2μA. The main novelty in our implementation is the replacement of the long pseudo-random sequence, originally stored on 260 bytes of EEPROM in [19], by a reversible stream cipher using less than 300 bits of RAM. We show how our scheme offers tag-to-reader and reader-to-tag authentication and how it can be fit into the existing RFID supply chain infrastructure.

[1]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[2]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[3]  Anna M. Johnston Digitally Watermarking RSA Moduli , 2001, IACR Cryptol. ePrint Arch..

[4]  Ari Juels,et al.  Shoehorning Security into the EPC Tag Standard , 2006, SCN.

[5]  Johannes Wolkerstorfer,et al.  ECC Processor with Low Die Size for RFID Applications , 2007, 2007 IEEE International Symposium on Circuits and Systems.

[6]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[7]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[8]  Berk Sunar,et al.  State of the art in ultra-low power public key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[9]  Adi Shamir,et al.  Memory Efficient Variants of Public-Key Schemes for Smart Card Applications , 1994, EUROCRYPT.

[10]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[11]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[12]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[13]  Serge Vaudenay,et al.  When Stream Cipher Analysis Meets Public-Key Cryptography , 2006, Selected Areas in Cryptography.

[14]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[15]  Máire O'Neill,et al.  Public Key Cryptography and RFID Tags , 2007, CT-RSA.

[16]  Peter Stevenhagen,et al.  The number field sieve , 2008 .

[17]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.