A Light-weight Security Protocol for RFID System

RFID is automatic object identifying technology via radio frequency. And its application areas are un-describable for its convenience and pervasiveness. However, because the communication channel between the verifier and the tag is wireless, serious privacy problems such as the data leakage and the data traceability can be occur. Without resolving these privacy problems, RFID system cannot be adapted fully in any area. Many kinds of security protocols have been proposed to resolve these problems. However, previous proposals did not satisfy security requirements and still leaved vulnerabilities. In this paper, we describe the security vulnerabilities of previous works for RFID systems. Finally, we propose a security protocol which based on one-time pad scheme using random nonce and shared secret values. The proposed protocol satisfies security requirements such as the data secrecy, data anonymity and the data authenticity between the verifier and the tag. We have proved security requirements satisfaction formally by using GNY logic.

[1]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[2]  Reihaneh Safavi-Naini,et al.  Some Remarks on the Logic of Gong, Needham and Yahalom , 1994 .

[3]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[5]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[6]  Reiner Dojen,et al.  Formal verification: an imperative step in the design of security protocols , 2003, Comput. Networks.

[7]  Manuel Blum,et al.  A Secure Human-Computer Authentication Scheme , 2000 .

[8]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[9]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[10]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[11]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[12]  Juels,et al.  HB and Related Lightweight Authentication Protocols for Secure RFID Tag / Reader Authentication ∗ , 2006 .

[13]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[14]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[15]  Jaecheol Ryou,et al.  Enhancing Privacy of Universal Re-encryption Scheme for RFID Tags , 2004, EUC.

[16]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[17]  Jonathan Katz,et al.  Analyzing the HB and HB+ Protocols in the "Large Error" Case , 2006, IACR Cryptol. ePrint Arch..

[18]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[19]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[20]  Kevin Fu,et al.  Cryptanalysis of Two Lightweight RFID Authentication Schemes , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[21]  Beatrice Gralton,et al.  Washington DC - USA , 2008 .