Skip to main content
SpringerLink
Log in

Wide–Weak Privacy–Preserving RFID Authentication Protocols

  • Conference paper
Mobile Lightweight Wireless Systems (Mobilight 2010)

Included in the following conference series:

Abstract

The emergence of pervasive computing devices such as RFID tags raises numerous privacy issues. Cryptographic techniques are commonly used to enable tag-to-server authentication while protecting privacy. Unfortunately, these algorithms and their corresponding implementations are difficult to adapt to the extreme conditions implied by the use of RFID. The extremely limited budget for energy and area do not allow the use of traditional cryptography.

In this paper, we address the risk of tracking attacks in RFID networks. Many lightweight protocols have been proposed so far that are founded on both, private- and public-key cryptosystems. We give an overview of existing solutions and discuss the latter ones in more detail. The solutions we advocate in this paper rely exclusively on Elliptic Curve Cryptography (ECC). We describe several authentication protocols that have different computational demands and accordingly different security features. To the best of our knowledge, these protocols are the first ECC-based authentication protocols which offer privacy protection against a wide-weak attacker. Compared to other RFID schemes proposed in the literature, our protocols remain light-weight in terms of area and computation time, while still achieving the required security and privacy properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Avoine, G.: Adversarial Model for Radio Frequency Identification. Cryptology ePrint Archive, Report 2005/049 (2005), http://eprint.iacr.org/

  2. Bellare, M., Palacio, A.: GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162–177. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  3. Berbain, C., Billet, O., Etrog, J., Gilbert, H.: An efficient forward private RFID protocol. In: Proceedings of the 16th ACM conference on Computer and communications security (CCS 2009), pp. 43–53. ACM, New York (2009)

    Google Scholar 

  4. Bringer, J., Chabanne, H.: Trusted-HB: A Low-Cost Version of HB  +  Secure Against Man-in-the-Middle Attacks. IEEE Transactions on Information Theory 54(9), 4339–4342 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  5. Bringer, J., Chabanne, H., Dottax, E.: HB  + + : a Lightweight Authentication Protocol Secure against Some Attacks. In: Security, Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU (2006)

    Google Scholar 

  6. Bringer, J., Chabannel, H., Icart, T.: Cryptanalysis of EC-RAC, a RFID Identification Protocol. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Danev, B., Heydt-Benjamin, T.S., Čapkun, S.: Physical-layer Identification of RFID Devices. In: Proceedings of the 18th USENIX Security Symposium (USENIX Security 2009), pp. 125–136. USENIX (2009)

    Google Scholar 

  8. Deursen, T., Radomirović, S.: Attacks on RFID Protocols. In: Cryptology ePrint Archive: listing for 2008 (2008/310) (2008)

    Google Scholar 

  9. Deursen, T., Radomirović, S.: Untraceable RFID protocols are not trivially composable: Attacks on the revision of EC-RAC. In: Cryptology ePrint Archive: Report 2009/332 (2009)

    Google Scholar 

  10. Fan, J., Hermans, J., Vercauteren, F.: On the Claimed Privacy of EC-RAC III. Cryptology ePrint Archive, Report 2010/132 (2010), http://eprint.iacr.org/

  11. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Frumkin, D., Shamir, A.: Un-Trusted-HB: Security Vulnerabilities of Trusted-HB. In: Proceedings of RFIDSec 2009, Leuven, Belgium (2009)

    Google Scholar 

  13. Gilbert, H., Robshaw, M., Sibert, H.: An active attack against HB  +  - a provably secure lightweight authentication protocol. IEE processing letters 41(21), 1169–1170 (2005)

    Google Scholar 

  14. Hein, D., Wolkerstorfer, J., Felber, N.: ECC is Ready for RFID - A Proof in Silicon. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 401–413. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Juels, A., Weis, S.: Defining Strong Privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006), http://eprint.iacr.org/

  16. Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  17. Lee, Y.K., Batina, L., Singelée, D., Verbauwhede, I.: Low-Cost Untraceable Authentication Protocols for RFID. In: ACM Conference on Wireless Network Security - WiSec 2010. ACM, New York (2010)

    Google Scholar 

  18. Lee, Y.K., Batina, L., Verbauwhede, I.: EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID authentication protocol. In: IEEE International Conference on RFID, pp. 97–104. IEEE, Los Alamitos (2008)

    Google Scholar 

  19. Lee, Y.K., Batina, L., Verbauwhede, I.: Untraceable RFID Authentication Protocols: Revision of EC-RAC. In: IEEE International Conference on RFID, pp. 178–185. IEEE, Los Alamitos (2009)

    Google Scholar 

  20. Lee, Y.K., Sakiyama, K., Batina, L., Verbauwhede, I.: Elliptic Curve Based Security Processor for RFID. IEEE Transactions on Computer 57(11), 1514–1527 (2008)

    Article  MathSciNet  Google Scholar 

  21. Ng, C., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID Privacy Models Revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. NIST National Institute of Standards and Technology. Cryptographic Hash Algorithm Competition, http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

  23. Okamoto, T.: Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  24. Schnorr, C.-P.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)

    Google Scholar 

  25. Toiruul, B., Lee, K.: An Advanced Mutual-Authentication Algorithm Using AES for RFID Systems. International Journal of Computer Science and Network Security 6(9B) (September 2006)

    Google Scholar 

  26. Tuyls, P., Batina, L.: RFID-tags for Anti-Counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Samsung Electronics Research and Development, South Korea

    Yong Ki Lee

  2. IBBT – COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium

    Lejla Batina, Dave Singelée & Ingrid Verbauwhede

  3. Digital Security group, Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

Authors
  1. Yong Ki Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lejla Batina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dave Singelée
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ingrid Verbauwhede
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, Technological Educational Institution of Thessaloniki, 57400, Sindos, Thessaloniki, Greece

    Periklis Chatzimisios

  2. Centre Tecnològic de Telecomunications de Catalunya, Parc Mediterrani de la Tecnologia, 08860, Castellfels, Barcelona, Spain

    Christos Verikoukis

  3. Dpto. Ingeniería de Comunicaciones, Universidad de Cantabria, 39005, Santander, Spain

    Ignacio Santamaría

  4. Texas A&M University, 75505-5518, Texarkana, TX, USA

    Massimiliano Laddomada

  5. TU Dortmund, Lehrstuhl für Kommunikationstechnik, Otto-Hahn-Str, 44221, Dortmund, Germany

    Oliver Hoffmann

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Lee, Y.K., Batina, L., Singelée, D., Verbauwhede, I. (2010). Wide–Weak Privacy–Preserving RFID Authentication Protocols. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds) Mobile Lightweight Wireless Systems. Mobilight 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 45. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16644-0_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16644-0_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16643-3

  • Online ISBN: 978-3-642-16644-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation