RFID Security pp 177-189 | Cite as

Digital Signature Transponder

  • Ulrich Kaiser


While the first RFID car immobilizer systems were based on read-only transponders, in 1995 followed the Digital Signature Transponder – the first RFID device containing a real encryption module and using the state-of-the-art challenge-response protocol.

After an introduction about the immobilizer operation and system properties the development of the Digital Signature Transponder is described, also discussing different trade-offs. Section 3 covers attack scenarios and the re-engineering work that led to a machine for exhaustive key search. Section 4 concludes with important lessons learnt and future development directions.


Boolean Function Block Cipher Algebraic Attack Differential Cryptanalysis Dictionary Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bono et al. 2005, Security Analysis of a Cryptographically-Enabled RFID Device, Johns Hopkins University and RSA Laboratories, Baltimore, MD,28 January 2005,
  2. 2.
    Courtois 2004, General Principles of Algebraic Attacks and New Design Criteria for Components of Symmetric Ciphers. Invited talk, AES 4 Conference, Bonn, May 10–12 2004, LNCS 3373, pp. 67–83, Springer, BerlinGoogle Scholar
  3. 3.
    Courtois 2006, How Fast can be Algebraic Attacks on Block Ciphers? http://eprint.iacr. org/2006/168
  4. 4.
    Daemen and Rijmen 1999, AES Proposal: Rijndael, Version 2, 03/09/99, 45 pages and related reference code in C∼rijmen/rijndael/
  5. 5.
    Feldhofer et al. 2004, Strong Authentication for RFID Systems Using the AES Algorithm, CHES 2004, LNCS 3156, Springer, BerlinGoogle Scholar
  6. 6.
    Gordon 1994, Designing Codes for Vehicle Remote Security Systems, Concept Laboratories Ltd. and Police Scientific Development Branch, Hertfordshire, GB, pp. 1–22Google Scholar
  7. 7.
    Gordon and Retkin 1981, Are Big S-Boxes Best?, IEEE Workshop on Communication Security, Santa Barbara, pp. 1–6Google Scholar
  8. 8.
    Gordon et al. 1996, A Low Cost Transponder for High Security Vehicle Immobilizers, Proceedings of ISATA, Florence, Italy, 3–6 June 1996, Automotive Electronics, 96AE001 Google Scholar
  9. 9.
    Heys 2001, A Tutorial on Linear and Differential Cryptanalysis, Technical Report CORR 2001–17, March 2001,∼howard/PAPERS/ldc
  10. 10.
    Heys and Tavares 1994, On the Design of Secure Block Ciphers, Queen's 17th Biennial Symposium on Communications, Kingston, Ontario, Canada, May 1994, 6 pagesGoogle Scholar
  11. 11.
    Heys and Tavares 1996, Substitution-Permutation Network Resistant to Differential and Linear Cryptanalysis, Journal of Cryptology, 9(1): 1–19MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Kaiser 1999, A Low-Power Digital Signature Transponder IC for High Performance RFID Authentication, Proceedings of European Conference on Circuit Theory and Design, ECCTD’99, Stresa, Italy, Aug. 29-Sep. 02 1999, pp. 45–48Google Scholar
  13. 13.
    Kaiser 2003, Theft Protection by means of Embedded Encryption in RFID-Transponders (Immobilizer), ESCAR - Embedded IT-Security in Cars, Bochum, Germany, 18–19 Nov. 2003Google Scholar
  14. 14.
    Kaiser2004, UICE Universal Immobilizer Crypto Engine- The Little Brother of AES, AES4, May 2004, Bonn, UICE slides.pdf
  15. 15.
    Kaiser 2007, UICE: A High-Performance Cryptographic Module for SoC and RFID Applications,
  16. 16.
    Kaiser and Steinhagen 1994, A Low Power Transponder IC for High Performance Identification Systems, Proceedings of CICC’94, San Diego, CA, USA, May 1–4 1994, pp. 14.4.1–14.4.4Google Scholar
  17. 17.
    Kaiser and Steinhagen 1995, A low power transponder IC for high performance identification systems, IEEE Journal of Solid-State Circuits, 30: 306–310CrossRefGoogle Scholar
  18. 18.
    Kern 1999, RFID-Technology - Recent Development and Future Requirements, Proceedings of European Conference on Circuit Theory and Design, ECCTD’99, Stresa, Italy, Aug. 29-Sep. 02 1999, pp. 25–28Google Scholar
  19. 19.
    Kocher et al. 1999, Differential Power Analysis, Advances in Cryptology, CRYPTO’99, LNCS 1666,10 pages, Springer, BerlinGoogle Scholar
  20. 20.
    Kuo and Verbauwhede 2001, Architectural Optimization for a 1.82 Gbits/sec VLSI Implementation of the AES Rijndael Algorithm, CHES 2001, LNCS 2162, pp. 51–64, Springer, BerlinGoogle Scholar
  21. 21.
    Loney 2003, Moore's Law is the biggest thread to privacy, according to Phil Zimmermann, and, 29 April 2003
  22. 22.
    Menezes, Oorshot and Vanstone 1997, Handbook of Applied Cryptography, CRC, Boca Raton, FLMATHGoogle Scholar
  23. 23.
    NIST 2001, FIPS 140–2, Security Requirements for Cryptographic Modules, May 25, 2001, and–2/fips1402.pdf
  24. 24.
    NIST 2001, National Institute of Standards and Technology, FIPS PUB 197, 26 May 2002,
  25. 25.
    Rejeb et al. 2003, Hardware Implementation of the Rijndael Algorithm for High-Speed Networks, ISPC 2003, Dallas, TX, 6 pagesGoogle Scholar
  26. 26.
    Ritter1997, S-Box design: A Literature Survey, Research Comments,
  27. 27.
    Sarma et al. 2002, RFID and Security and Privacy Implications, CHES 2002, LNCS 2523, pp. 454–469, Springer, BerlinGoogle Scholar
  28. 28.Scheerhorn 1997, DSG Algorithm Evaluation, EVAL11.DOC, CCI, Meppen, 2 Dec. 1997Google Scholar
  29. 29.
    Schneier 1995, Applied Cryptography, Addison Wesley, Reading, MAGoogle Scholar
  30. 30.
    Schuermann and Meier 1993, TIRIS - Leader in Radio Frequency Identification Technology, Texas Instruments Technical Journal, 10(6): 2–14Google Scholar
  31. 31.
    Seberry et al. 1994, Pitfalls in Designing Substitution Boxes, S-Box, Crypto’94, p. 383ffGoogle Scholar
  32. 32.
    Steinhagen and Kaiser 1994, A Low Power Read/Write Transponder IC for High Performance Identification Systems, Proceedings of ESSCIRC’94, Ulm, Germany, September 20–22, 1994, pp. 256–259Google Scholar
  33. 33.
    Stinson 1995, Cryptography, Theory and Practice, CRC, Boca Raton, FLMATHGoogle Scholar
  34. 34.
    Vahlis 2005, Security Analysis of a Cryptographically Enabled RFID, University of Toronto,∼lie/Courses/ECE1776–2005/Presentations/RFID-Eugene.pdf
  35. 35.
    Webster and Tavares 1986, On the Design of S-Boxes, Proc. CRYPTO 1985, LNCS 218, pp.523–534, Springer, BerlinGoogle Scholar
  36. 36.
    Wollinger et al. 2000, How Well are High-End DSPs Suited for the AES Algorithms? - AES Algorithms on the TMS320C6x DSP, The Third Advance Encryption Standard (AES3) Candidate Conference, New York, April 2000, 11 pagesGoogle Scholar
  37. 37.
    Xu and Heys 1997, A New Criterion for the Design of 8 × 8 S-Boxes in Private-Key Ciphers, IEEE Canadian Conference on Electrical and Computer Engineering (CCECE’97), May 1997Google Scholar
  38. 38.
    Yang et al. 1998, A new RSA cryptosystem hardware design based on Montgomery's algorithm, IEEE Transactions on Circuits and Systems II, 45(7): 908–913MATHCrossRefGoogle Scholar
  39. 39.

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Ulrich Kaiser
    • 1
  1. 1.Texas Instruments Deutschland GmbHFreisingGermany

Personalised recommendations