Abstract
A radio-frequency identification (RFID) tag is a small, inexpensive microchip that emits an identifier in response to a query from a nearby reader. The price of these tags promises to drop to the range of $0.05 per unit in the next several years, offering a viable and powerful replacement for barcodes.
The challenge in providing security for low-cost RFID tags is that they are computationally weak devices, unable to perform even basic symmetric-key cryptographic operations. Security researchers often therefore assume that good privacy protection in RFID tags is unattainable. In this paper, we explore a notion of minimalist cryptography suitable for RFID tags. We consider the type of security obtainable in RFID devices with a small amount of rewritable memory, but very limited computing capability. Our aim is to show that standard cryptography is not necessary as a starting point for improving security of very weak RFID devices. Our contribution is twofold:
-
1
We propose a new security model for authentication and privacy in RFID tags. This model takes into account the natural computational limitations and the likely attack scenarios for RFID tags in real-world settings. It represents a useful divergence from standard cryptographic security modeling, and thus a new basis for practical formalization of minimal security requirements for low-cost RFID-tag security.
-
2
We describe a protocol that provably achieves the properties of authentication and privacy in RFID tags in our proposed model, and in a good practical sense. It involves no computationally intensive cryptographic operations, and relatively little storage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Security technology: Where’s the smart money? The Economist, 69–70, February 9 (2002)
Prada’s smart tags too clever? Wired News, October 27 (2002)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)
Benetton undecided on use of ‘smart tags’. Associated Press, April 8 (2003)
Collins, J.: The cost of Wal-Mart’s RFID edict. RFID Journal, September 10 (2003)
Ewatt, D.M., Hayes, M.: Gillette razors get new edge: RFID tags. Information Week January 3 (2003), Referenced at, http://www.informationweek.com/story/IWK20030110S0028
Fishkin, K.P., Roy, S., Jiang, B.: Some methods for privacy in rfid communication. In: 1st European Workshop on Security in Ad-Hoc and Sensor Networks. Springer, Heidelberg (2004) (to appear)
Fishkin, K.P., Wang, M., Borriello, G.: A ubiquitous system for medication monitoring. In: Second International Conference on Pervasive Computing, Springer, Heidelberg (2004)
El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)
Garfinkel, S.: An RFID Bill of Rights. Technology Review, 35 (October 2002)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. Springer, Heidelberg (2004) (to appear)
Juels, A., Brainard, J.: Soft blocking: Flexible blocker tags on the cheap. In: WPES 2004, ACM Press, New York (2004) (to appear)
Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: Atluri, V. (ed.) ACM CCS 2003, pp. 103–111. ACM Press, New York (2003)
Auto-ID Labs. 13.56 MHz ISM band class 1 radio frequency identification tag interference specification: Candidate recommendation, version 1.0.0. Technical Report MIT-AUTOID-WH-002, Auto-ID Labs (2003), Referenced at, http://www.autoidlabs.org
Ma, L., Xu, Q., Yang, Y.: Organic non-volatile memory by controlling the dynamic copper-ion concentration within the organic layer. Nature (2003) (submitted)
McCullagh, D.: RFID tags: Big Brother in small packages. CNet January 13 (2003), Referenced at, http://news.com.com/2010-1069-980325.html
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: ACM CCS 2004, ACM Press, New York (2004) (to appear)
Associated Press. Libraries eye RFID to track books: Privacy issues raised as San Francisco plans chips’ use. October 3 (2003)
RFID, privacy, and corporate data. RFID Journal June 2 (2003), Feature article. Referenced at www.rfidjournal.com on subscription basis
Sarma, S.E., Weis, S.A., Engels, D.W.: Radio-frequency-identification security risks and challenges. CryptoBytes 6(1)(2003)
Sarma, S.E.: Towards the five-cent tag. Technical Report MIT-AUTOID-WH-006, Auto-ID Labs (2001), Referenced at, http://www.autoidlabs.org/
Sarma, S.E., Weis, S.A., Engels, D.W.: RFID systems and security and privacy implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)
Shim, R.: Benetton to track clothing with ID chips. CNET, March 11 (2003), Referenced at, http://news.com.com/2100-1019-992131.html
Stajano, F., Anderson, R.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–194. Springer, Heidelberg (2000)
Takaragi, K., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An ultra small individual recognition security chip. IEEE Micro 21(6), 43–49 (2001)
Weis, S.A., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: First International Conference on Security in Pervasive Computing (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Juels, A. (2005). Minimalist Cryptography for Low-Cost RFID Tags (Extended Abstract). In: Blundo, C., Cimato, S. (eds) Security in Communication Networks. SCN 2004. Lecture Notes in Computer Science, vol 3352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30598-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-30598-9_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24301-4
Online ISBN: 978-3-540-30598-9
eBook Packages: Computer ScienceComputer Science (R0)