Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols

Using RFID tags can simplify many applications and provide many benefits, but the privacy of the customers should be taken into account. A potential threat for the privacy of a user is that anonymous readers can obtain information about the tags in the system. In order to address the security issues of RFID systems, various schemes have been proposed. Among the various solutions, lightweight protocols have attracted much attention as they are more appropriate for the limited architecture of RFID tags. In this paper, we perform the security analysis of five lightweight protocols proposed in [1-4] and discuss their advantages and security issues. The computational complexity of these lightweight protocols are also compared in this work.

[1]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[2]  Ari Juels,et al.  Squealing Euros: Privacy Protection in RFID-Enabled Banknotes , 2003, Financial Cryptography.

[3]  Philippe Oechslin,et al.  RFID Traceability: A Multilayer Problem , 2005, Financial Cryptography.

[4]  M. Meingast,et al.  Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport , 2007, 2007 IEEE International Conference on RFID.

[5]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[6]  Ingrid Verbauwhede,et al.  Elliptic-Curve-Based Security Processor for RFID , 2008, IEEE Transactions on Computers.

[7]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[8]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[9]  Yang Xiao,et al.  Security and privacy in RFID and applications in telemedicine , 2006, IEEE Commun. Mag..

[10]  Vincent W. S. Wong,et al.  A Probabilistic Approach for Detecting Blocking Attack in RFID Systems , 2010, 2010 IEEE International Conference on Communications.

[11]  Marc Langheinrich,et al.  A survey of RFID privacy approaches , 2009, Personal and Ubiquitous Computing.

[12]  Jiang Wu,et al.  How to improve security and reduce hardware demands of the WIPR RFID protocol , 2009, 2009 IEEE International Conference on RFID.

[13]  Hung-Min Sun,et al.  A Gen2-Based RFID Authentication Protocol for Security and Privacy , 2009, IEEE Transactions on Mobile Computing.

[14]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[15]  Tim Kerins,et al.  Public-Key Cryptography for RFID-Tags , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[16]  Bo Sheng,et al.  Secure and Serverless RFID Authentication and Search Protocols , 2008, IEEE Transactions on Wireless Communications.

[17]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[18]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[19]  Tao Gu,et al.  Secure RFID Identification and Authentication with Triggered Hash Chain Variants , 2008, 2008 14th IEEE International Conference on Parallel and Distributed Systems.

[20]  Selwyn Piramuthu,et al.  Lightweight Cryptographic Authentication in Passive RFID-Tagged Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).