Secure and Scalable RFID Authentication Protocol

  • Albert Fernàndez-Mir
  • Jordi Castellà-Roca
  • Alexandre Viejo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6514)


The radio frequency identification (RFID) enables identifying an object remotely via radio waves. This feature has been used in a huge number of applications, reducing dramatically the costs in some production processes. Nonetheless, it also poses serious privacy and security risks to them. Thus, researchers have presented secure schemes that prevent attackers from misusing the information which is managed in those environments. These schemes are designed to be very efficient at the client-side, due to the limited resources of the tags. However, they should be efficient at the server-side also, because the server manages a high number of tags, i.e. any proposal must be scalable in the number of tags. The most efficient schemes are based on client-server synchronization. The answer of the tag is previously known by the server. These kind of schemes commonly suffers desynchronization attacks. We present a novel scheme with two main features: (i) it improves the scalability at the sever-side; and (ii) the level of resistance to desynchronization attacks can be configured.


rfid identification security privacy scalability 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    European Union, Commission recomendation of 12 May 2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification. In Official Journal of the European Union (2009),
  2. 2.
    Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Proceedings of the First ACM Conference on Wireless Network Security, pp. 140–147 (2008)Google Scholar
  3. 3.
    Sarma, S., Weis, S., Engels, D.: RFID systems and security and privacy implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 1–19. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Avoine, G.: Cryptography in radio frequency identification and fair exchange protocols. In: Faculté Informatique et Communications, pp. 2007–06 (2005)Google Scholar
  5. 5.
    Ohkubo, M., Suzuki, K., Kinoshita, S., et al.: Cryptographic approach to privacy-friendly tags. In: RFID Privacy Workshop, vol. 82 (2003)Google Scholar
  6. 6.
    Martínez, S., Valls, M., Roig, C., Miret, J.M., Giné, F.: A secure Elliptic Curve-Based RFID Protocol. J. Comput. Sci. Tech. 24(2), 308–318 (2009)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Rivest, R., Weis, S., Sarma, S., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) PC 2003. LNCS, vol. 2802, pp. 454–469. Springer, Heidelberg (2003)Google Scholar
  8. 8.
    Avoine, G., Oechslin, P.: A scalable and provably secure hash-based RFID protocol. In: PERCOMW, pp. 110–114 (2005)Google Scholar
  9. 9.
    Juels, A.: Rfid security and privacy: A research survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Solanas, A., Domingo-Ferrer, J., Martínez-Ballesté, A., Daza, V.: A distributed architecture for scalable private RFID tag identification. Computer Networks 51(9), 2268–2279 (2007)CrossRefzbMATHGoogle Scholar
  11. 11.
    Kanf, J., Nyang, D.: RFID authentication protocol with strong resistance against traceability and denial of service attacks. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual authentication protocol for low-cost RFID. In: Handout of the Ecrypt Workshop on RFID and Lightweight Crypto (2005)Google Scholar
  13. 13.
    Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2006 (2006)Google Scholar
  14. 14.
    Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Security and Privacy for Emerging Areas in Comunications Networks, SecureComm 2005, pp. 59–66 (2005)Google Scholar
  15. 15.
    Lee, S., Asano, T., Kim, K.: RFID: Mutual Authentication Scheme based on Synchronized Secret Information. In: Proceedings of the SCIS 2006 (2006)Google Scholar
  16. 16.
    Ha, J.C., Moon, S.J., Nieto, J., Boyd, C.: Low-cost and strong-security RFID authentication protocol. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.-H. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 795–807. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Lee, S., Asano, T., Kim, K.: RFID mutual authentication scheme based on synchronized secret information. In: Symposium on Cryptography and Information Security (2006)Google Scholar
  18. 18.
    Osaka, K., Takagi, T., Yamazaki, K., Takahashi, O.: An efficient and secure RFID security method with ownership transfer. In: Wang, Y., Cheung, Y.-m., Liu, H. (eds.) CIS 2006. LNCS (LNAI), vol. 4456, pp. 778–787. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Seo, Y., Lee, H., Kim, K.: A scalable and untraceable authentication protocol for RFID. In: Zhou, X., Sokolsky, O., Yan, L., Jung, E.-S., Shao, Z., Mu, Y., Lee, D.C., Kim, D.Y., Jeong, Y.-S., Xu, C.-Z. (eds.) EUC Workshops 2006. LNCS, vol. 4097, pp. 252–261. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Song, B., Mitchell, C.J.: A scalable and untraceable authentication protocol for RFID. In: RFID Authentication Protocol for Low-Cost Tags. In Wireless Network Security (WISEC), pp. 140–147 (2008)Google Scholar
  21. 21.
    Van Deursen, T., Radomirovic, S.: Attacks on RFID protocols. In: IACR eprint Archive 2008, vol. 310 (2008)Google Scholar
  22. 22.
    Eastlake, D., Jones, P.: US secure hash algorithm 1 (SHA1). In: RFC 3174 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Albert Fernàndez-Mir
    • 1
  • Jordi Castellà-Roca
    • 1
  • Alexandre Viejo
    • 1
  1. 1.Dpt. d’Enginyeria Informàtica i MatemàtiquesUNESCO Chair in Data Privacy, Universitat Rovira i VirgiliTarragonaSpain

Personalised recommendations