Abstract
The design and implementation of security threat mitigation mechanisms in RFID systems, specially in low-cost RFID tags, are gaining great attention in both industry and academia. One main focus of research interests is the authentication and privacy techniques to prevent attacks targeting the insecure wireless channel of these systems. Cryptography is a key tool to address these threats. Nevertheless, strong hardware constraints, such as production costs, power consumption, time of response, and regulations compliance, makes the use of traditional cryptography in these systems a very challenging problem. The use of low-overhead procedures becomes the main approach to solve these challenging problems where traditional cryptography cannot fit. Recent results and trends, with an emphasis on lightweight techniques for addressing critical threats against low-cost RFID systems, are surveyed.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Avoine, G., Oechslin, P.: RFID Traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2005, pp. 110–114 (2005)
Barasz, M., Boros, B., Ligeti, P., Loja, K., Nagy, D.: Breaking LMAP. In: Conference on RFID Security, Malaga, Spain (July 2007)
Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An elliptic curve processor suitable for RFID-tags. Cryptology ePrint Archive, Report 2006/227 (2006)
Blackburn, S.R., Murphy, S., Paterson, K.G.: Comments on ‘theory and applications of cellular automata in cryptography’. IEEE Trans. Softw. Eng. 23(9), 637–638 (1997)
Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in RFID systems. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York, USA, pp. 211–220. IEEE Press, Los Alamitos (2007)
Burmester, M., Van Le, T., de Medeiros, B.: Provably secure ubiquitous systems: Universally composable RFID authentication. In: 2nd International Conference on Security and Privacy in Communication Networks (SECURECOMM 2006). IEEE Press, Los Alamitos (2006)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: IEEE Symp. On Foundations of Computer Science (FOCS 2001), pp. 136–145 (2001)
Cao, T., Bertino, E., Lei, H.: Security Analysis of the SASI Protocol. IEEE Transactions on Dependable and Secure Computing 6(1), 73–77 (2009)
Castelluccia, C., Avoine, G.: Noisy tags: a pretty good key exchange protocol for RFID tags. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 289–299. Springer, Heidelberg (2006)
Chien, H.: SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)
Cole, P., Ranasinghe, D. (eds.): Networked RFID Systems and Lightweight Cryptography — Raising Barriers to Product Counterfeiting, 1st edn. Springer, Heidelberg (2008)
Crawford, J.M., Kearns, M.J., Shapire, R.E.: The Minimal Disagreement Parity Problem as a Hard Satisfiability Problem. Tech. rep., Computational Intelligence Research Laboratory and AT&T Bell Labs (February 1994)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES–the Advanced Encryption Standard. Springer, Heidelberg (2002)
Defend, B., Fu, K., Juels, A.: Cryptanalysis of two lightweight RFID authentication schemes. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2007, New York, USA, pp. 211–216. IEEE Press, Los Alamitos (2007)
Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece. IEEE Press, Los Alamitos (2005)
Dolev, S., Kopeetsky, M.: Secure communication for RFIDs proactive information security within computational security. In: Datta, A.K., Gradinariu, M. (eds.) SSS 2006. LNCS, vol. 4280, pp. 290–303. Springer, Heidelberg (2006)
Dolev, S., Kopeetsky, M., Shamir, A.: RFID Authentication Efficient Proactive Information Security within Computational Security. Tech. rep., Department of Computer Science, Ben-Gurion University (July 2007)
Dolev, S., Kopeetsky, M., Clouser, T., Nesterenko, M.: Low Overhead RFID Security. In: Ahson, S.A., Ilyas, M. (eds.) RFID Handbook: Applications, Technology, Security, and Privacy, pp. 589–602, ch. 32. CRC Press, Boca Raton (2008)
EPCglobal. EPC Radio-frequency identity protocols Class-1 Generation-2. Technical report (January 2005), http://www.epcglobalinc.org/standards/
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Fishkin, K., Roy, S., Jiang, B.: Some methods for privacy in RFID communication. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, vol. 3313, pp. 42–53. Springer, Heidelberg (2005)
Gassend, B., Clarke, D., Dijk, M., Devadas, S.: Silicon physical random functions. In: 9th ACM conference on Computer and communications security, pp. 148–160. ACM, New York (2002)
Hancke, G.: Noisy carrier modulation for HF RFID. In: First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)
Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2004, Orlando, Florida, USA, pp. 149–153. IEEE Computer Society, Los Alamitos (2004)
Holcomb, D., Burleson, W., Fu, K.: Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags. In: Third International Conference on RFID Security - RFIDSec 2007, Malaga, Spain (2007)
Hopper, N., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)
ISO/IEC 18000-6:2004/amd:2006. Technical report (2006), http://www.iso.org/
Israsena, P.: Securing ubiquitous and low-cost RFID using tiny encryption algorithm. In: Intnl. Symp. on Wireless Pervasive Computing, Thailand. IEEE Press, Los Alamitos (2006)
Juels, A.: Minimalist cryptography for low-cost RFID tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)
Juels, A.: Strengthening EPC tags Against Cloning. In: WiSe 2005: Proceedings of the 4th ACM workshop on Wireless security, pp. 67–76. ACM Press, New York (2005)
Juels, A., Pappu, R.: Squealing euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)
Juels, A., Pappu, R., Parno, B.: Unidirectional Key Distribution Across Time and Space with Applications to RFID Security. In: USENIX Security Symposium, San Jose, CA. USENIX (July-August 2008)
Juels, A., Rivest, R., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: 8th ACM Conf. Comput. Commun. Security, pp. 103–111 (2003)
Juels, A., Syverson, P., Bailey, D.: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 210–226. Springer, Heidelberg (2006)
Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)
Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: 5th Annual IEEE International Conference on Pervasive Computing and Communications, pp. 342–347. IEEE Press, Los Alamitos (2007)
Karthikeyan, S., Nesterenko, M.: RFID security without extensive cryptography. In: 3rd ACM workshop on Security of ad hoc and sensor networks, USA, pp. 63–67 (2005)
Katz, J., Shin, J.: Parallel and concurrent security of the HB and HB + protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)
Kinosita, S., Hoshino, F., Komuro, T., Fujimura, A., Ohkubo, M.: Non-identifiable anonymous-ID scheme for RFID privacy protection (2003)
Langheinrich, M., Marti, R.: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal 1(2), 115–128 (2007)
Langheinrich, M., Marti, R.: RFID privacy using spatially distributed shared secrets. In: Ichikawa, H., Cho, W.-D., Satoh, I., Youn, H.Y. (eds.) UCS 2007. LNCS, vol. 4836, pp. 1–16. Springer, Heidelberg (2007)
Lee, S., Asano, T., Kim, K.: RFID mutual authentication scheme based on synchronized secret information. In: Symposium on Cryptography and Information Security (2006)
Li, T., Deng, R.: Vulnerability analysis of EMAP - an efficient RFID mutual authentication protocol. In: Second International Conference on Availability, Reliability and Security – AReS 2007, Vienna, Austria (April 2007)
Lim, D., Lee, J., Gassend, B., Suh, G., Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 13(10), 1200–1205 (2005)
Mace, F., Standaert, F., Quisquater, J.: ASIC implementations of the block cipher sea for constrained applications. In: Conference on RFID Security, Spain, pp. 103–114 (2007)
Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Conference on Computer and Communications Security – ACM CCS, Washington, DC, USA, pp. 210–219. ACM Press, New York (2004)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: International Conference on Ubiquitous Computing – Ubicomp, Workshop Privacy: Current Status and Future Directions, Nottingham, England (September 2004)
Ouafi, K., Phan, R.: Privacy of Recent RFID Authentication Protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)
Pappu, R.: Physical One-Way Functions. PhD thesis, MIT (2001)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LAMED, A PRNG for EPC Class-1 Generation-2 RFID specification. Computer Standards & Interfaces (2008)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: An efficient authentication protocol for RFID systems resistant to active attacks. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.-H. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 781–794. Springer, Heidelberg (2007)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Ecrypt, Austria (July 2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)
Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)
Piramuthu, S.: HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In: Collaborative Electronic Commerce Technology and Research – CollECTeR 2006, Basel, Switzerland (June 2006)
Ranasinghe, D., Engels, D., Cole, P.: Low-cost RFID systems: Confronting security and privacy. In: Auto-ID Labs Research Workshop, Zurich, Switzerland (September 2004)
Rieback, M., Crispo, B., Tanenbaum, A.: RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 184–194. Springer, Heidelberg (2005)
Rieback, M., Crispo, B., Tanenbaum, A.: Keep on blockin’in the free world: Personal access control for low-cost RFID tags. In: 13th Cambridge Workshop on Security Protocols. Springer, Heidelberg (2005)
Roussos, G.: Enabling RFID in retail. IEEE Computer 39(3), 25–30 (2006)
Sarma, S.: Toward the 5 cent tag. White Paper, Auto-ID Center (November 2001)
Shamir, A.: How to share a secret. Commun. of the ACM 22(11), 612–613 (1979)
Skoric, B., Tuyls, P.: Secret key generation from classical physics. Philips Research Book Series (September 2005)
Takaragi, K., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An ultra small individual recognition security chip. IEEE Micro. 21(6), 43–49 (2001)
Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy. IEEE Press, Los Alamitos (2006)
Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)
Vajda, I., Buttyán, L.: Lightweight authentication protocols for low-cost RFID tags. In: Second Workshop on Security in Ubiquitous Computing, Seattle, WA, USA (2003)
Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)
Wolfram, S.: A new kind of science. Wolfram Media Inc., Champaign (2002)
Wolkerstorfer, J.: Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags? In: Handout of the Ecrypt Workshop on RFID and Lightweight Crypto (July 2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garcia-Alfaro, J., Barbeau, M., Kranakis, E. (2010). Security Threat Mitigation Trends in Low-Cost RFID Systems. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2009 2009. Lecture Notes in Computer Science, vol 5939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11207-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-11207-2_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11206-5
Online ISBN: 978-3-642-11207-2
eBook Packages: Computer ScienceComputer Science (R0)