Security Threat Mitigation Trends in Low-Cost RFID Systems

The design and implementation of security threat mitigation mechanisms in RFID systems, specially in low-cost RFID tags, are gaining great attention in both industry and academia. One main focus of research interests is the authentication and privacy techniques to prevent attacks targeting the insecure wireless channel of these systems. Cryptography is a key tool to address these threats. Nevertheless, strong hardware constraints, such as production costs, power consumption, time of response, and regulations compliance, makes the use of traditional cryptography in these systems a very challenging problem. The use of low-overhead procedures becomes the main approach to solve these challenging problems where traditional cryptography cannot fit. Recent results and trends, with an emphasis on lightweight techniques for addressing critical threats against low-cost RFID systems, are surveyed.

[1]  Claude Castelluccia,et al.  Noisy Tags: A Pretty Good Key Exchange Protocol for RFID Tags , 2006, CARDIS.

[2]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[3]  Kevin Fu,et al.  Cryptanalysis of Two Lightweight RFID Authentication Schemes , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[4]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[5]  Juan E. Tapiador,et al.  An Efficient Authentication Protocol for RFID Systems Resistant to Active Attacks , 2007, EUC Workshops.

[6]  Selwyn Piramuthu,et al.  HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication , 2006 .

[7]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[8]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[9]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[10]  Shlomi Dolev,et al.  Secure Communication for RFIDs Proactive Information Security Within Computational Security , 2006, SSS.

[11]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[12]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[13]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[14]  Dhiraj K. Pradhan,et al.  A Routing-Aware ILS Design Technique , 2011, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[15]  Marc Langheinrich,et al.  Practical Minimalist Cryptography for RFID Privacy , 2007, IEEE Systems Journal.

[16]  Andrew S. Tanenbaum,et al.  Keep on Blockin' in the Free World: Personal Access Control for Low-Cost RFID Tags , 2005, Security Protocols Workshop.

[17]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[18]  Pim Tuyls,et al.  Secret key generation from classical physics : Physical Uncloneable Functions (Chapter 6.4) , 2006 .

[19]  István Vajda,et al.  Lightweight Authentication Protocols for Low-Cost RFID Tags , 2003 .

[20]  M. Ilyas,et al.  RFID Handbook: Applications, Technology, Security, and Privacy , 2008 .

[21]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[22]  Tim Kerins,et al.  An Elliptic Curve Processor Suitable For RFID-Tags , 2006, IACR Cryptol. ePrint Arch..

[23]  D. Nagy,et al.  Breaking LMAP , 2007 .

[24]  Kenneth G. Paterson,et al.  Comments on "Theory and Applications of Cellular Automata in Cryptography" , 1997, IEEE Trans. Computers.

[25]  Yi Mu,et al.  Emerging Directions in Embedded and Ubiquitous Computing , 2006 .

[26]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[27]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[28]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[29]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[30]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[31]  Damith C. Ranasinghe,et al.  Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting , 2010 .

[32]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[33]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[34]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[35]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, EUROCRYPT.

[36]  Leonid Bolotnyy,et al.  Physically Unclonable Function-Based Security and Privacy in RFID Systems , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'07).

[37]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[38]  Raphael C.-W. Phan,et al.  Privacy of Recent RFID Authentication Protocols , 2008, ISPEC.

[39]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[40]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[41]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[42]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[43]  Daniel E. Holcomb,et al.  Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags , 2007 .

[44]  Juan E. Tapiador,et al.  LAMED - A PRNG for EPC Class-1 Generation-2 RFID specification , 2009, Comput. Stand. Interfaces.

[45]  Jean-Jacques Quisquater,et al.  ASIC Implementations of the Block Cipher SEA for Constrained Applications , 2007 .

[46]  James M. Crawford,et al.  The Minimal Disagreement Parity Problem as a Hard Satisfiability Problem , 1995 .

[47]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[48]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[49]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[50]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[51]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[52]  Kwangjo Kim,et al.  RFID mutual Authentication Scheme based on Synchronized Secret Information , 2006 .

[53]  Kazuo Takaragi,et al.  An Ultra Small Individual Recognition Security Chip , 2001, IEEE Micro.

[54]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[55]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[56]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[57]  Adi Shamir,et al.  RFID Authentication Efficient Proactive Information Security within Computational Security , 2009, Theory of Computing Systems.

[58]  Gerhard P. Hancke Noisy Carrier Modulation for HF RFID , 2007 .

[59]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[60]  P. Israsena Securing ubiquitous and low-cost RFID using tiny encryption algorithm , 2006, 2006 1st International Symposium on Wireless Pervasive Computing.

[61]  Stephen Wolfram,et al.  A New Kind of Science , 2003, Artificial Life.

[62]  G. Edward Suh,et al.  Extracting secret keys from integrated circuits , 2005, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[63]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[64]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[65]  George Roussos,et al.  Enabling RFID in retail , 2006, Computer.

[66]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[67]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, Journal of Cryptology.

[68]  Shlomi Dolev,et al.  Low Overhead RFID Security , 2007 .

[69]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[70]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[71]  Hannes Hartenstein,et al.  Security in Ad-hoc and Sensor Networks, First European Workshop, ESAS 2004, Heidelberg, Germany, August 6, 2004, Revised Selected Papers , 2005, ESAS.

[72]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[73]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[74]  Elisa Bertino,et al.  Security Analysis of the SASI Protocol , 2009, IEEE Transactions on Dependable and Secure Computing.

[75]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[76]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[77]  Bing Jiang,et al.  Some Methods for Privacy in RFID Communication , 2004, ESAS.

[78]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[79]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[80]  Hung-Yu Chien,et al.  SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity , 2007, IEEE Transactions on Dependable and Secure Computing.

[81]  María Bárbara Álvarez Torres,et al.  On the Move to Meaningful Internet Systems 2004: OTM 2004 Workshops , 2004, Lecture Notes in Computer Science.

[82]  Marc Langheinrich,et al.  RFID Privacy Using Spatially Distributed Shared Secrets , 2007, UCS.

[83]  Damith C. Ranasinghe,et al.  Low-Cost RFID Systems: Confronting Security and Privacy , 2005 .

[84]  Bryan Parno,et al.  Unidirectional Key Distribution Across Time and Space with Applications to RFID Security , 2008, USENIX Security Symposium.

[85]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[86]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.