ECC-based lightweight authentication protocol with untraceability for low-cost RFID

Due to the potential wide deployment of Radio Frequency Identification (RFID), the security of RFID systems has drawn extensive attention from both academia and industry, and the RFID authentication protocol is an important mechanism in the security of RFID systems. The desired security requirements of RFID authentication protocols include privacy, integrity, authentication, anonymity/untraceability, and even availability. To design an efficient protocol that satisfies all the requirements with limited resources is a challenge. This paper proposes a new RFID authentication protocol based on Error Correction Codes (ECC). The proposed scheme has excellent performance in terms of security, efficiency, server's maintenance, robustness, and cost. The tag only performs simple operations, such as random number generation and simple bitwise computations. The lightweight feature makes it attractive to those low-cost RFIDs that support only simple operations.

[1]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[2]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[3]  C. M. Roberts,et al.  Radio frequency identification (RFID) , 2006, Comput. Secur..

[4]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[5]  Tanja Lange,et al.  Attacking and defending the McEliece cryptosystem , 2008, IACR Cryptol. ePrint Arch..

[6]  Kwangjo Kim,et al.  Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning , 2006 .

[7]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[8]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[9]  Jennifer Seberry,et al.  Error-correcting codes for authentication and subliminal channels , 1991, IEEE Trans. Inf. Theory.

[10]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[11]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[12]  Juan E. Tapiador,et al.  EMAP: An Efficient Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, OTM Workshops.

[13]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[14]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[15]  Hung-Yu Chien,et al.  A unified approach to secret sharing schemes with low distribution cost , 2002 .

[16]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[17]  René Struik,et al.  The Rao-Nam Scheme is Insecure Against a Chosen-Plaintext Attack , 1987, CRYPTO.

[18]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[19]  D. Wyld Radio Frequency Identification , 2008 .

[20]  Kwangjo Kim,et al.  Security and Privacy on Authentication Protocol for Low-cost RFID , 2005 .

[21]  Selwyn Piramuthu,et al.  HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication , 2006 .

[22]  Paul Müller,et al.  Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[23]  Sang Ho Lee,et al.  Security and Privacy on Authentication Protocol for Low-cost RFID , 2006, 2006 International Conference on Computational Intelligence and Security.

[24]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[25]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[26]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[27]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[28]  Christof Paar,et al.  Are standards compliant Elliptic Curve Cryptosystems feasible on RFID ? , 2006 .

[29]  Julien Bringer,et al.  HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[30]  Rick Huhn,et al.  Security Standards for the RFID Market , 2005, IEEE Secur. Priv..

[31]  Raphael Overbeck,et al.  A Summary of McEliece-Type Cryptosystems and their Security , 2007, J. Math. Cryptol..

[32]  R. M. Campello de Souza,et al.  Array codes for private-key encryption , 1994 .

[33]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[34]  Thomas A. Berson,et al.  Failure of the McEliece Public-Key Cryptosystem Under Message-Resend and Related-Message Attack , 1997, CRYPTO.

[35]  Dongho Won,et al.  Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment , 2005, SPC.

[36]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[37]  Shu Lin,et al.  Error control coding : fundamentals and applications , 1983 .

[38]  Róbert Schulcz,et al.  Radio Frequency Identification , 2011 .

[39]  Robert H. Deng,et al.  Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[40]  T. R. N. Rao,et al.  Private-Key Algebraic-Coded Cryptosystems , 1986, CRYPTO.

[41]  Stephen A. Weis Security and Privacy in Radio-Frequency Identification Devices , 2003 .

[42]  Hung-Yu Chien,et al.  Secure Access Control Schemes for RFID Systems with Anonymity , 2006, 7th International Conference on Mobile Data Management (MDM'06).

[43]  Pedro Peris-López,et al.  LMAP : A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags , 2006 .

[44]  A. K. Al Jabri,et al.  Security of private-key encryption based on array codes , 1996 .

[45]  Chang-Seop Park,et al.  Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems , 2004, Comput. Networks.

[46]  Kwangjo Kim,et al.  Mutual Authentication Protocol for Low-cost RFID , 2005, CRYPTO 2005.

[47]  John Ayoade,et al.  Security implications in RFID and authentication processing framework , 2006, Comput. Secur..

[48]  Ari Juels,et al.  Strengthening EPC tags against cloning , 2005, WiSe '05.

[49]  Tieyan Li,et al.  Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols , 2007, SEC.