RFID security without extensive cryptography

2009

Current research in RFID security focuses on basic authentication protocols between a tag and a reader. In this paper, we claim that, in future, different new RFID-based scenarios will play an increasing role. In particular, we propose two new research directions: 1. Multi-Tag Security, and 2. RFID-based Payment. In multi-tag security, multiple tags try to jointly compute an information while using the reader either as the focal point of all communication or as a relay for tag-to-tag communication. In this scenario, the security of the computation has to be guaranteed while also privacy of individual tags must be protected. In a payment scenario, tags are used as electronic wallets similar to the notions of traditional electronic cash. Payment must be secured against malicious spending, and the privacy of tags and their payments must be protected.

RFID tags are devices of very limited computational capabilities, which only have 250-3K logic gates that can be devoted to securityrelated tasks. Many proposals have recently appeared, but all of them are based on RFID tags using classical cryptographic primitives such as PRNGs, hash functions, block ciphers, etc. We believe this assumption to be fairly unrealistic, as classical cryptographic constructions lie well beyond the computational reach of very low-cost RFID tags. A new approach is necessary to tackle this problem, so we propose an extremely efficient lightweight mutual-authentication protocol that offers an adequate security level for certain applications and can be implemented even in the most limited low-cost RFID tags, as it only needs around 150 gates.

Lecture Notes in Computer Science, 2006

Massively deploying RFID systems while preserving people's privacy and data integrity is a major security challenge of the coming years. Up to now, it was commonly believed that, due to the very limited computational resources of RFID tags, only ad hoc methods could be used to address this problem. Unfortunately, not only those methods generally provide a weak level of security and practicality, but they also require to revise the synopsis of communications between the tag and the reader. In this paper, we give evidence that highly secure solutions can be used in the RFID environment, without substantially impacting the current communication protocols, by adequately choosing and combining low-cost cryptographic algorithms. The main ingredients of our basic scheme are a probabilistic (symmetric or asymmetric) encryption function, e.g. AES, and a coupon-based signature function, e.g. GPS. We also propose a dedicated method allowing the tag to authenticate the reader, which is of independent interest. On the whole, this leads to a privacy-preserving protocol well suited for RFID tags, which is very flexible in the sense that each reader can read and process all and only all the data it is authorized to.

Procedia Computer Science, 2016

Day by day the importance of Radio Frequency Identification (RFID) systems is increasing for its powerful capabilities in automatic identification, localization and access control of the objects. However, the RFID techniques are plagued to security and privacy issues due to underlying wireless communication channel. In order to come up with a solution, we propose an efficient authentication scheme which uses pseudorandom number generators (PRNG) and some simple cryptographic operations. Moreover, as the current generation tags come with in-built pseudo random generators, the implementations of these operations are possible with low complexity. The secret information stored inside the tags is communicated in a more secure way ensuring confidentiality, integrity, and authentication. The security of our proposed scheme is analyzed against different attacks on RFID and with the performance of some existing protocols. Experimental results show a significant improvement in security with average cost, when compared with the existing techniques.

2007

As Radio Frequency Identification (RFID) technology becomes pervasive in our lives, literally woven into the fabric of our society, there exists the danger to personal privacy, loss of anonymity, and violation of location privacy to all individuals. Even cash, which offers true anonymity for consumers, may be threatened by RFID technology.

Lecture Notes in Computer Science, 2006

The biggest challenge for current RFID technology is to provide the necessary benefits while avoiding any threats to the privacy of its users. Although many solutions to this problem have been proposed, almost as soon as they have been introduced, methods have been found to circumvent system security and make the user vulnerable. We are proposing an advanced mutualauthentication protocol between a tag and the back-end database server for a RFID system to ensure system security integrity. The three main areas of security violations in RFID systems are forgery of the tags, unwanted tracking of the tags, and unauthorized access to a tag's memory. Our proposed system protects against these three areas of security violations. Our protocol provides reader authentication to a tag, exhibits forgery resistance against a simple copy, and prevents the counterfeiting of RFID tags. Our advanced mutual-authentication protocol uses an AES algorithm as its cryptograph primitive. Since our AES algorithm has a relatively low cost, is fast, and only requires simple hardware, our proposed approach is feasible for use in RFID systems. In addition, the relatively low computational cost of our proposed algorithm compared to those currently used to implement similar levels of system security makes our proposed system especially suitable for RFID systems that have a large number of tags.

International Journal of Advanced Computer Science and Applications, 2015

RFID is now a widespread method used for identifying people and objects. But, not all communication protocols can provide the same rigorous confidentiality to RFID technology. In return, unsafe protocols put individuals and organizations into jeopardy. In this paper, a scheme that uses multiple low cost tags for identifying a single object is studied. Through algebraic analysis on chronologically ordered messages, the proposed multi tag arrangement is shown to fail to provide the claimed security. The weaknesses are discussed and previously proven precautions are recommended to increase the security of the protocol, and thus the safety of its users.

International Journal of Engineering and Technology, 2013

In this paper we propose a communication protocol for Radio Frequency Identification (RFID) systems that is based on the tags responding only to authenticated readers, otherwise tags always maintain RF silence. The protocol is practical from a deployment point of view and it not only meets the formal definitions of strong privacy and untraceability, but also addresses most, of the concerns raised by privacy advocates on behalf of consumers. Both passive and active RFID systems can use this protocol, and with slight modifications it can also be used on wireless-sensor networks. The protocol is expected to more efficiently utilize the RF spectrum by minimizing tag and reader collisions and as a result it should be possible to accommodate more readers and tags in a given area.

Radio Frequency Identification (RFID) is a wireless technology; it considered the way to replace the barcode, RFID used for the purposes of automatic identification and tracking of object attach with tag. Since the barcode is data read with line of sight and limits the utility for item-level of logistic and supply chain application in the future. While implementing the RFID in various applications we have to consider security and privacy risk in RFID adoption. Until now, many researches on the RFID's security and privacy were proposed. In this paper, we describe security model of the tag and Reader by using the Reader ID and Tag ID and surveys the literature of hash-based access control scheme and propose an effective scheme to enhance the security and privacy about the passive RFID tag.

International Journal of Automation and Computing, 2012

The use of radio frequency identification (RFID) tags may cause privacy violation of users carrying an RFID tag. Due to the unique identification number of the RFID tag, the possible privacy threats are information leakage of a tag, traceability of the consumer, denial of service attack, replay attack and impersonation of a tag, etc. There are a number of challenges in providing privacy and security in the RFID tag due to the limited computation, storage and communication ability of low-cost RFID tags. Many research works have already been conducted using hash functions and pseudorandom numbers. As the same random number can recur many times, the adversary can use the response derived from the same random number for replay attack and it can cause a break in location privacy. This paper proposes an RFID authentication protocol using a static identifier, a monotonically increasing timestamp, a tag side random number and a hash function to protect the RFID system from adversary attacks. The proposed protocol also indicates that it requires less storage and computation than previous existing RFID authentication protocols but offers a larger range of security protection. A simulation is also conducted to verify some of the privacy and security properties of the proposed protocol.