KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems

The EPC Class-1 Generation-2 (Gen2 for short) is a Radio Frequency IDentification (RFID) technology that is gaining a prominent place in several domains. However, the Gen2 standard lacks of verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of applications based on the Gen2 technology. To address this problem, RFID tags must be equipped with a robust mechanism to authenticate readers before authorising them to access their data. In this paper, we propose a key establishment and derivation protocol which is applied at both identification phase and those remainder operations requiring security. Our solution is based on a pseudorandom number generator that uses a low computational workload, while ensuring long term secure communication to protect the secrecy of the exchanged data. Mutual authentication of the tag and the sensor and strong notions of secrecy such as forward and backward secrecy are analysed, and we prove formally that after being amended, our protocol is secure with respect to these properties.

[1]  L. Vigneron,et al.  Rule-based Programs Describing Internet Security Protocols , 2005, Electron. Notes Theor. Comput. Sci..

[2]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[3]  Yannick Seurin,et al.  HB#: Increasing the Security and Efficiency of HB+ , 2008, EUROCRYPT.

[4]  Arch-intSomjit,et al.  Business process analysis and simulation for the RFID and EPCglobal Network enabled supply chain , 2011 .

[5]  Steve Kremer,et al.  Modelling and analyzing security protocols in cryptographic process calculi , 2011 .

[6]  Francesco Rizzo,et al.  Improved security for commercial container transports using an innovative active RFID system , 2011, J. Netw. Comput. Appl..

[7]  Alessandro Armando,et al.  SATMC: a SAT-based model checker for security protocols, business processes, and security APIs , 2004, International Journal on Software Tools for Technology Transfer.

[8]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[9]  Anand Desai,et al.  A Practice-Oriented Treatment of Pseudorandom Number Generators , 2002, EUROCRYPT.

[10]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[11]  Jerry den Hartog,et al.  Formal Verification of Privacy for RFID Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[12]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[13]  Mike Burmester,et al.  Universally composable and forward-secure RFID authentication and authenticated key exchange , 2007, ASIACCS '07.

[14]  Sebastian Mödersheim,et al.  The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures , 2012, TACAS.

[15]  Alfred Menezes,et al.  Handbook Of Applied Cryptography Crc Press , 2015 .

[16]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[17]  Serge Vaudenay,et al.  Mafia fraud attack against the RČ Distance-Bounding Protocol , 2012, 2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA).

[18]  Xuefei Leng,et al.  HB-MP+ Protocol: An Improvement on the HB-MP Protocol , 2008, 2008 IEEE International Conference on RFID.

[19]  Joaquín García,et al.  Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags , 2010, Financial Cryptography Workshops.

[20]  Berk Sunar,et al.  PUF-HB: A Tamper-Resilient HB Based Authentication Protocol , 2008, ACNS.

[21]  Roman Espejo,et al.  RFID Technology , 2009 .

[22]  Muhammad Torabi Dashti,et al.  A Privacy-Friendly RFID Protocol Using Reusable Anonymous Tickets , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[23]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[24]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[25]  Rodrigo Roman,et al.  Real-time location and inpatient care systems based on passive RFID , 2010, Journal of Network and Computer Applications.

[26]  Gerhard P. Hancke,et al.  Design of a secure distance-bounding channel for RFID , 2011, J. Netw. Comput. Appl..

[27]  Olga Kouchnarenko,et al.  Automatic Verification of Security Protocols Using Approximations , 2005 .

[28]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[29]  Mihir Bellare,et al.  Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[30]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[31]  Jorge Munilla,et al.  HB-MP: A further step in the HB-family of lightweight authentication protocols , 2007, Comput. Networks.

[32]  D. Nagy,et al.  Breaking LMAP , 2007 .

[33]  Charu Arora,et al.  Validating Integrity for the Ephemerizer's Protocol with CL-Atse , 2009, Formal to Practical Security.

[34]  Joël Dansou-Eloi RFID technology , 2005, sOc-EUSAI '05.

[35]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[36]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[37]  T. Sejnowski,et al.  RFID authentication protocol for low-cost tags , 2001 .

[38]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[39]  Albert Levi,et al.  PUF-enhanced offline RFID security and privacy , 2012, J. Netw. Comput. Appl..

[40]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[41]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[42]  Paul Müller,et al.  Providing Security and Privacy in RFID Systems Using Triggered Hash Chains , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[43]  Leonid Bolotnyy,et al.  Physically Unclonable Function-Based Security and Privacy in RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[44]  Péter Ligeti,et al.  Breaking EMAP , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[45]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.

[46]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[47]  Joaquin Garcia-Alfaro,et al.  Multiple-polynomial LFSR based pseudorandom number generator for EPC Gen2 RFID tags , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[48]  Mike Burmester,et al.  Lightweight RFID authentication with forward and backward security , 2011, TSEC.

[49]  M. Bárász Passive Attack Against the M 2 AP Mutual Authentication Protocol for RFID Tags ∗ , 2007 .

[50]  Ikkwon Yie,et al.  Probabilistic privacy leakage from challenge-response RFID authentication protocols , 2007 .

[51]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[52]  Roberto Di Pietro,et al.  An optimal probabilistic solution for information confinement, privacy, and security in RFID systems , 2011, J. Netw. Comput. Appl..

[53]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[54]  Joaquín García,et al.  A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags , 2011, Wirel. Pers. Commun..

[55]  Juan Pedro Muñoz-Gea,et al.  An efficient distributed discovery service for EPCglobal network in nested package scenarios , 2011, J. Netw. Comput. Appl..

[56]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[57]  Wen Yao,et al.  Leveraging complex event processing for smart hospitals using RFID , 2011, J. Netw. Comput. Appl..

[58]  Masoumeh Safkhani,et al.  Security analysis of LMAP++, an RFID authentication protocol , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[59]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[60]  Yuefeng Li,et al.  Business process analysis and simulation for the RFID and EPCglobal Network enabled supply chain: A proof-of-concept approach , 2011, J. Netw. Comput. Appl..

[61]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[62]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[63]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[64]  Nora Cuppens-Boulahia,et al.  Securing the Communications of Home Health Care Systems Based on RFID Sensor Networks , 2010, 2010 8th Annual Communication Networks and Services Research Conference.

[65]  Nora Cuppens-Boulahia,et al.  Formal Verification of a Key Establishment Protocol for EPC Gen2 RFID Systems: Work in Progress , 2011, FPS.

[66]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[67]  Julien Bringer,et al.  Trusted-HB: A Low-Cost Version of HB $^+$ Secure Against Man-in-the-Middle Attacks , 2008, IEEE Transactions on Information Theory.

[68]  Kazuo Ohta,et al.  A Study on Computational Formal Verification for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication , 2011, Financial Cryptography Workshops.

[69]  Shai Halevi,et al.  A model and architecture for pseudo-random generation with applications to /dev/random , 2005, CCS '05.

[70]  李南逸,et al.  Mutual authentication protocol for low cost RFID tags , 2012 .

[71]  Jin-Young Choi,et al.  Formal Verification of Cryptographic Protocol for Secure RFID System , 2008, 2008 Fourth International Conference on Networked Computing and Advanced Information Management.

[72]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[73]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[74]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[75]  José Meseguer,et al.  Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties , 2009, FOSAD.

[76]  Juan E. Tapiador,et al.  LAMED - A PRNG for EPC Class-1 Generation-2 RFID specification , 2009, Comput. Stand. Interfaces.

[77]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[78]  Yannick Chevalier,et al.  A High Level Protocol Specification Language for Industrial Security-Sensitive Protocols , 2004 .

[79]  Pascal Lafourcade,et al.  Comparing State Spaces in Automatic Security Protocol Analysis Cas , 2009 .

[80]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[81]  Sherali Zeadally,et al.  RFID technology, systems, and applications , 2011, J. Netw. Comput. Appl..

[82]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[83]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[84]  Mihir Bellare,et al.  Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques , 2000, ASIACRYPT.