Security Threat Mitigation Trends in Low-Cost RFID Systems

  • Joaquin Garcia-Alfaro
  • Michel Barbeau
  • Evangelos Kranakis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5939)


The design and implementation of security threat mitigation mechanisms in RFID systems, specially in low-cost RFID tags, are gaining great attention in both industry and academia. One main focus of research interests is the authentication and privacy techniques to prevent attacks targeting the insecure wireless channel of these systems. Cryptography is a key tool to address these threats. Nevertheless, strong hardware constraints, such as production costs, power consumption, time of response, and regulations compliance, makes the use of traditional cryptography in these systems a very challenging problem. The use of low-overhead procedures becomes the main approach to solve these challenging problems where traditional cryptography cannot fit. Recent results and trends, with an emphasis on lightweight techniques for addressing critical threats against low-cost RFID systems, are surveyed.


Radio Frequency Identification (RFID) Electronic Product Code (EPC) Wireless Security IT Security Security Threats Privacy Threats 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avoine, G., Oechslin, P.: RFID Traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2005, pp. 110–114 (2005)Google Scholar
  3. 3.
    Barasz, M., Boros, B., Ligeti, P., Loja, K., Nagy, D.: Breaking LMAP. In: Conference on RFID Security, Malaga, Spain (July 2007)Google Scholar
  4. 4.
    Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An elliptic curve processor suitable for RFID-tags. Cryptology ePrint Archive, Report 2006/227 (2006)Google Scholar
  5. 5.
    Blackburn, S.R., Murphy, S., Paterson, K.G.: Comments on ‘theory and applications of cellular automata in cryptography’. IEEE Trans. Softw. Eng. 23(9), 637–638 (1997)MathSciNetGoogle Scholar
  6. 6.
    Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in RFID systems. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York, USA, pp. 211–220. IEEE Press, Los Alamitos (2007)CrossRefGoogle Scholar
  7. 7.
    Burmester, M., Van Le, T., de Medeiros, B.: Provably secure ubiquitous systems: Universally composable RFID authentication. In: 2nd International Conference on Security and Privacy in Communication Networks (SECURECOMM 2006). IEEE Press, Los Alamitos (2006)Google Scholar
  8. 8.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: IEEE Symp. On Foundations of Computer Science (FOCS 2001), pp. 136–145 (2001)Google Scholar
  9. 9.
    Cao, T., Bertino, E., Lei, H.: Security Analysis of the SASI Protocol. IEEE Transactions on Dependable and Secure Computing 6(1), 73–77 (2009)CrossRefGoogle Scholar
  10. 10.
    Castelluccia, C., Avoine, G.: Noisy tags: a pretty good key exchange protocol for RFID tags. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 289–299. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Chien, H.: SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)CrossRefGoogle Scholar
  12. 12.
    Cole, P., Ranasinghe, D. (eds.): Networked RFID Systems and Lightweight Cryptography — Raising Barriers to Product Counterfeiting, 1st edn. Springer, Heidelberg (2008)Google Scholar
  13. 13.
    Crawford, J.M., Kearns, M.J., Shapire, R.E.: The Minimal Disagreement Parity Problem as a Hard Satisfiability Problem. Tech. rep., Computational Intelligence Research Laboratory and AT&T Bell Labs (February 1994)Google Scholar
  14. 14.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES–the Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  15. 15.
    Defend, B., Fu, K., Juels, A.: Cryptanalysis of two lightweight RFID authentication schemes. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2007, New York, USA, pp. 211–216. IEEE Press, Los Alamitos (2007)Google Scholar
  16. 16.
    Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece. IEEE Press, Los Alamitos (2005)Google Scholar
  17. 17.
    Dolev, S., Kopeetsky, M.: Secure communication for RFIDs proactive information security within computational security. In: Datta, A.K., Gradinariu, M. (eds.) SSS 2006. LNCS, vol. 4280, pp. 290–303. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Dolev, S., Kopeetsky, M., Shamir, A.: RFID Authentication Efficient Proactive Information Security within Computational Security. Tech. rep., Department of Computer Science, Ben-Gurion University (July 2007)Google Scholar
  19. 19.
    Dolev, S., Kopeetsky, M., Clouser, T., Nesterenko, M.: Low Overhead RFID Security. In: Ahson, S.A., Ilyas, M. (eds.) RFID Handbook: Applications, Technology, Security, and Privacy, pp. 589–602, ch. 32. CRC Press, Boca Raton (2008)Google Scholar
  20. 20.
    EPCglobal. EPC Radio-frequency identity protocols Class-1 Generation-2. Technical report (January 2005),
  21. 21.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Fishkin, K., Roy, S., Jiang, B.: Some methods for privacy in RFID communication. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, vol. 3313, pp. 42–53. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Gassend, B., Clarke, D., Dijk, M., Devadas, S.: Silicon physical random functions. In: 9th ACM conference on Computer and communications security, pp. 148–160. ACM, New York (2002)CrossRefGoogle Scholar
  24. 24.
    Hancke, G.: Noisy carrier modulation for HF RFID. In: First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)Google Scholar
  25. 25.
    Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2004, Orlando, Florida, USA, pp. 149–153. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  26. 26.
    Holcomb, D., Burleson, W., Fu, K.: Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags. In: Third International Conference on RFID Security - RFIDSec 2007, Malaga, Spain (2007)Google Scholar
  27. 27.
    Hopper, N., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    ISO/IEC 18000-6:2004/amd:2006. Technical report (2006),
  29. 29.
    Israsena, P.: Securing ubiquitous and low-cost RFID using tiny encryption algorithm. In: Intnl. Symp. on Wireless Pervasive Computing, Thailand. IEEE Press, Los Alamitos (2006)Google Scholar
  30. 30.
    Juels, A.: Minimalist cryptography for low-cost RFID tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)Google Scholar
  31. 31.
    Juels, A.: Strengthening EPC tags Against Cloning. In: WiSe 2005: Proceedings of the 4th ACM workshop on Wireless security, pp. 67–76. ACM Press, New York (2005)CrossRefGoogle Scholar
  32. 32.
    Juels, A., Pappu, R.: Squealing euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)Google Scholar
  33. 33.
    Juels, A., Pappu, R., Parno, B.: Unidirectional Key Distribution Across Time and Space with Applications to RFID Security. In: USENIX Security Symposium, San Jose, CA. USENIX (July-August 2008)Google Scholar
  34. 34.
    Juels, A., Rivest, R., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: 8th ACM Conf. Comput. Commun. Security, pp. 103–111 (2003)Google Scholar
  35. 35.
    Juels, A., Syverson, P., Bailey, D.: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 210–226. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  36. 36.
    Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)Google Scholar
  37. 37.
    Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: 5th Annual IEEE International Conference on Pervasive Computing and Communications, pp. 342–347. IEEE Press, Los Alamitos (2007)Google Scholar
  38. 38.
    Karthikeyan, S., Nesterenko, M.: RFID security without extensive cryptography. In: 3rd ACM workshop on Security of ad hoc and sensor networks, USA, pp. 63–67 (2005)Google Scholar
  39. 39.
    Katz, J., Shin, J.: Parallel and concurrent security of the HB and HB +  protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  40. 40.
    Kinosita, S., Hoshino, F., Komuro, T., Fujimura, A., Ohkubo, M.: Non-identifiable anonymous-ID scheme for RFID privacy protection (2003)Google Scholar
  41. 41.
    Langheinrich, M., Marti, R.: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal 1(2), 115–128 (2007)CrossRefGoogle Scholar
  42. 42.
    Langheinrich, M., Marti, R.: RFID privacy using spatially distributed shared secrets. In: Ichikawa, H., Cho, W.-D., Satoh, I., Youn, H.Y. (eds.) UCS 2007. LNCS, vol. 4836, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  43. 43.
    Lee, S., Asano, T., Kim, K.: RFID mutual authentication scheme based on synchronized secret information. In: Symposium on Cryptography and Information Security (2006)Google Scholar
  44. 44.
    Li, T., Deng, R.: Vulnerability analysis of EMAP - an efficient RFID mutual authentication protocol. In: Second International Conference on Availability, Reliability and Security – AReS 2007, Vienna, Austria (April 2007)Google Scholar
  45. 45.
    Lim, D., Lee, J., Gassend, B., Suh, G., Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 13(10), 1200–1205 (2005)CrossRefGoogle Scholar
  46. 46.
    Mace, F., Standaert, F., Quisquater, J.: ASIC implementations of the block cipher sea for constrained applications. In: Conference on RFID Security, Spain, pp. 103–114 (2007)Google Scholar
  47. 47.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  48. 48.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Conference on Computer and Communications Security – ACM CCS, Washington, DC, USA, pp. 210–219. ACM Press, New York (2004)Google Scholar
  49. 49.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: International Conference on Ubiquitous Computing – Ubicomp, Workshop Privacy: Current Status and Future Directions, Nottingham, England (September 2004)Google Scholar
  50. 50.
    Ouafi, K., Phan, R.: Privacy of Recent RFID Authentication Protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  51. 51.
    Pappu, R.: Physical One-Way Functions. PhD thesis, MIT (2001)Google Scholar
  52. 52.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LAMED, A PRNG for EPC Class-1 Generation-2 RFID specification. Computer Standards & Interfaces (2008)Google Scholar
  53. 53.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: An efficient authentication protocol for RFID systems resistant to active attacks. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.-H. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 781–794. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  54. 54.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Ecrypt, Austria (July 2006)Google Scholar
  55. 55.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  56. 56.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  57. 57.
    Piramuthu, S.: HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In: Collaborative Electronic Commerce Technology and Research – CollECTeR 2006, Basel, Switzerland (June 2006)Google Scholar
  58. 58.
    Ranasinghe, D., Engels, D., Cole, P.: Low-cost RFID systems: Confronting security and privacy. In: Auto-ID Labs Research Workshop, Zurich, Switzerland (September 2004)Google Scholar
  59. 59.
    Rieback, M., Crispo, B., Tanenbaum, A.: RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 184–194. Springer, Heidelberg (2005)Google Scholar
  60. 60.
    Rieback, M., Crispo, B., Tanenbaum, A.: Keep on blockin’in the free world: Personal access control for low-cost RFID tags. In: 13th Cambridge Workshop on Security Protocols. Springer, Heidelberg (2005)Google Scholar
  61. 61.
    Roussos, G.: Enabling RFID in retail. IEEE Computer 39(3), 25–30 (2006)Google Scholar
  62. 62.
    Sarma, S.: Toward the 5 cent tag. White Paper, Auto-ID Center (November 2001)Google Scholar
  63. 63.
    Shamir, A.: How to share a secret. Commun. of the ACM 22(11), 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  64. 64.
    Skoric, B., Tuyls, P.: Secret key generation from classical physics. Philips Research Book Series (September 2005)Google Scholar
  65. 65.
    Takaragi, K., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An ultra small individual recognition security chip. IEEE Micro. 21(6), 43–49 (2001)CrossRefGoogle Scholar
  66. 66.
    Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy. IEEE Press, Los Alamitos (2006)Google Scholar
  67. 67.
    Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  68. 68.
    Vajda, I., Buttyán, L.: Lightweight authentication protocols for low-cost RFID tags. In: Second Workshop on Security in Ubiquitous Computing, Seattle, WA, USA (2003)Google Scholar
  69. 69.
    Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)Google Scholar
  70. 70.
    Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)Google Scholar
  71. 71.
    Wolfram, S.: A new kind of science. Wolfram Media Inc., Champaign (2002)zbMATHGoogle Scholar
  72. 72.
    Wolkerstorfer, J.: Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags? In: Handout of the Ecrypt Workshop on RFID and Lightweight Crypto (July 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Joaquin Garcia-Alfaro
    • 1
    • 2
  • Michel Barbeau
    • 1
  • Evangelos Kranakis
    • 1
  1. 1.School of Computer ScienceCarleton UniversityOttawaCanada
  2. 2.Open University of CataloniaBarcelonaSpain

Personalised recommendations