Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Data Privacy Management

International Workshop on Autonomous and Spontaneous Security

DPM 2009, SETOP 2009: Data Privacy Management and Autonomous Spontaneous Security pp 193–207Cite as

Security Threat Mitigation Trends in Low-Cost RFID Systems

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5939))

Abstract

The design and implementation of security threat mitigation mechanisms in RFID systems, specially in low-cost RFID tags, are gaining great attention in both industry and academia. One main focus of research interests is the authentication and privacy techniques to prevent attacks targeting the insecure wireless channel of these systems. Cryptography is a key tool to address these threats. Nevertheless, strong hardware constraints, such as production costs, power consumption, time of response, and regulations compliance, makes the use of traditional cryptography in these systems a very challenging problem. The use of low-overhead procedures becomes the main approach to solve these challenging problems where traditional cryptography cannot fit. Recent results and trends, with an emphasis on lightweight techniques for addressing critical threats against low-cost RFID systems, are surveyed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Avoine, G., Oechslin, P.: RFID Traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)

    Google Scholar 

  2. Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2005, pp. 110–114 (2005)

    Google Scholar 

  3. Barasz, M., Boros, B., Ligeti, P., Loja, K., Nagy, D.: Breaking LMAP. In: Conference on RFID Security, Malaga, Spain (July 2007)

    Google Scholar 

  4. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An elliptic curve processor suitable for RFID-tags. Cryptology ePrint Archive, Report 2006/227 (2006)

    Google Scholar 

  5. Blackburn, S.R., Murphy, S., Paterson, K.G.: Comments on ‘theory and applications of cellular automata in cryptography’. IEEE Trans. Softw. Eng. 23(9), 637–638 (1997)

    MathSciNet  Google Scholar 

  6. Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in RFID systems. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York, USA, pp. 211–220. IEEE Press, Los Alamitos (2007)

    Chapter  Google Scholar 

  7. Burmester, M., Van Le, T., de Medeiros, B.: Provably secure ubiquitous systems: Universally composable RFID authentication. In: 2nd International Conference on Security and Privacy in Communication Networks (SECURECOMM 2006). IEEE Press, Los Alamitos (2006)

    Google Scholar 

  8. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: IEEE Symp. On Foundations of Computer Science (FOCS 2001), pp. 136–145 (2001)

    Google Scholar 

  9. Cao, T., Bertino, E., Lei, H.: Security Analysis of the SASI Protocol. IEEE Transactions on Dependable and Secure Computing 6(1), 73–77 (2009)

    Article  Google Scholar 

  10. Castelluccia, C., Avoine, G.: Noisy tags: a pretty good key exchange protocol for RFID tags. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 289–299. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Chien, H.: SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)

    Article  Google Scholar 

  12. Cole, P., Ranasinghe, D. (eds.): Networked RFID Systems and Lightweight Cryptography — Raising Barriers to Product Counterfeiting, 1st edn. Springer, Heidelberg (2008)

    Google Scholar 

  13. Crawford, J.M., Kearns, M.J., Shapire, R.E.: The Minimal Disagreement Parity Problem as a Hard Satisfiability Problem. Tech. rep., Computational Intelligence Research Laboratory and AT&T Bell Labs (February 1994)

    Google Scholar 

  14. Daemen, J., Rijmen, V.: The Design of Rijndael: AES–the Advanced Encryption Standard. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  15. Defend, B., Fu, K., Juels, A.: Cryptanalysis of two lightweight RFID authentication schemes. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2007, New York, USA, pp. 211–216. IEEE Press, Los Alamitos (2007)

    Google Scholar 

  16. Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece. IEEE Press, Los Alamitos (2005)

    Google Scholar 

  17. Dolev, S., Kopeetsky, M.: Secure communication for RFIDs proactive information security within computational security. In: Datta, A.K., Gradinariu, M. (eds.) SSS 2006. LNCS, vol. 4280, pp. 290–303. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Dolev, S., Kopeetsky, M., Shamir, A.: RFID Authentication Efficient Proactive Information Security within Computational Security. Tech. rep., Department of Computer Science, Ben-Gurion University (July 2007)

    Google Scholar 

  19. Dolev, S., Kopeetsky, M., Clouser, T., Nesterenko, M.: Low Overhead RFID Security. In: Ahson, S.A., Ilyas, M. (eds.) RFID Handbook: Applications, Technology, Security, and Privacy, pp. 589–602, ch. 32. CRC Press, Boca Raton (2008)

    Google Scholar 

  20. EPCglobal. EPC Radio-frequency identity protocols Class-1 Generation-2. Technical report (January 2005), http://www.epcglobalinc.org/standards/

  21. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)

    Google Scholar 

  22. Fishkin, K., Roy, S., Jiang, B.: Some methods for privacy in RFID communication. In: Castelluccia, C., Hartenstein, H., Paar, C., Westhoff, D. (eds.) ESAS 2004. LNCS, vol. 3313, pp. 42–53. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Gassend, B., Clarke, D., Dijk, M., Devadas, S.: Silicon physical random functions. In: 9th ACM conference on Computer and communications security, pp. 148–160. ACM, New York (2002)

    Chapter  Google Scholar 

  24. Hancke, G.: Noisy carrier modulation for HF RFID. In: First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)

    Google Scholar 

  25. Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2004, Orlando, Florida, USA, pp. 149–153. IEEE Computer Society, Los Alamitos (2004)

    Chapter  Google Scholar 

  26. Holcomb, D., Burleson, W., Fu, K.: Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags. In: Third International Conference on RFID Security - RFIDSec 2007, Malaga, Spain (2007)

    Google Scholar 

  27. Hopper, N., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  28. ISO/IEC 18000-6:2004/amd:2006. Technical report (2006), http://www.iso.org/

  29. Israsena, P.: Securing ubiquitous and low-cost RFID using tiny encryption algorithm. In: Intnl. Symp. on Wireless Pervasive Computing, Thailand. IEEE Press, Los Alamitos (2006)

    Google Scholar 

  30. Juels, A.: Minimalist cryptography for low-cost RFID tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)

    Google Scholar 

  31. Juels, A.: Strengthening EPC tags Against Cloning. In: WiSe 2005: Proceedings of the 4th ACM workshop on Wireless security, pp. 67–76. ACM Press, New York (2005)

    Chapter  Google Scholar 

  32. Juels, A., Pappu, R.: Squealing euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)

    Google Scholar 

  33. Juels, A., Pappu, R., Parno, B.: Unidirectional Key Distribution Across Time and Space with Applications to RFID Security. In: USENIX Security Symposium, San Jose, CA. USENIX (July-August 2008)

    Google Scholar 

  34. Juels, A., Rivest, R., Szydlo, M.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: 8th ACM Conf. Comput. Commun. Security, pp. 103–111 (2003)

    Google Scholar 

  35. Juels, A., Syverson, P., Bailey, D.: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 210–226. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  36. Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)

    Google Scholar 

  37. Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: 5th Annual IEEE International Conference on Pervasive Computing and Communications, pp. 342–347. IEEE Press, Los Alamitos (2007)

    Google Scholar 

  38. Karthikeyan, S., Nesterenko, M.: RFID security without extensive cryptography. In: 3rd ACM workshop on Security of ad hoc and sensor networks, USA, pp. 63–67 (2005)

    Google Scholar 

  39. Katz, J., Shin, J.: Parallel and concurrent security of the HB and HB +  protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  40. Kinosita, S., Hoshino, F., Komuro, T., Fujimura, A., Ohkubo, M.: Non-identifiable anonymous-ID scheme for RFID privacy protection (2003)

    Google Scholar 

  41. Langheinrich, M., Marti, R.: Practical Minimalist Cryptography for RFID Privacy. IEEE Systems Journal 1(2), 115–128 (2007)

    Article  Google Scholar 

  42. Langheinrich, M., Marti, R.: RFID privacy using spatially distributed shared secrets. In: Ichikawa, H., Cho, W.-D., Satoh, I., Youn, H.Y. (eds.) UCS 2007. LNCS, vol. 4836, pp. 1–16. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  43. Lee, S., Asano, T., Kim, K.: RFID mutual authentication scheme based on synchronized secret information. In: Symposium on Cryptography and Information Security (2006)

    Google Scholar 

  44. Li, T., Deng, R.: Vulnerability analysis of EMAP - an efficient RFID mutual authentication protocol. In: Second International Conference on Availability, Reliability and Security – AReS 2007, Vienna, Austria (April 2007)

    Google Scholar 

  45. Lim, D., Lee, J., Gassend, B., Suh, G., Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 13(10), 1200–1205 (2005)

    Article  Google Scholar 

  46. Mace, F., Standaert, F., Quisquater, J.: ASIC implementations of the block cipher sea for constrained applications. In: Conference on RFID Security, Spain, pp. 103–114 (2007)

    Google Scholar 

  47. Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  48. Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Conference on Computer and Communications Security – ACM CCS, Washington, DC, USA, pp. 210–219. ACM Press, New York (2004)

    Google Scholar 

  49. Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: International Conference on Ubiquitous Computing – Ubicomp, Workshop Privacy: Current Status and Future Directions, Nottingham, England (September 2004)

    Google Scholar 

  50. Ouafi, K., Phan, R.: Privacy of Recent RFID Authentication Protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  51. Pappu, R.: Physical One-Way Functions. PhD thesis, MIT (2001)

    Google Scholar 

  52. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LAMED, A PRNG for EPC Class-1 Generation-2 RFID specification. Computer Standards & Interfaces (2008)

    Google Scholar 

  53. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: An efficient authentication protocol for RFID systems resistant to active attacks. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.-H. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 781–794. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  54. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Ecrypt, Austria (July 2006)

    Google Scholar 

  55. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: M2AP: A minimalist mutual-authentication protocol for low-cost RFID tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  56. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An efficient mutual authentication protocol for low-cost RFID tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  57. Piramuthu, S.: HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In: Collaborative Electronic Commerce Technology and Research – CollECTeR 2006, Basel, Switzerland (June 2006)

    Google Scholar 

  58. Ranasinghe, D., Engels, D., Cole, P.: Low-cost RFID systems: Confronting security and privacy. In: Auto-ID Labs Research Workshop, Zurich, Switzerland (September 2004)

    Google Scholar 

  59. Rieback, M., Crispo, B., Tanenbaum, A.: RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 184–194. Springer, Heidelberg (2005)

    Google Scholar 

  60. Rieback, M., Crispo, B., Tanenbaum, A.: Keep on blockin’in the free world: Personal access control for low-cost RFID tags. In: 13th Cambridge Workshop on Security Protocols. Springer, Heidelberg (2005)

    Google Scholar 

  61. Roussos, G.: Enabling RFID in retail. IEEE Computer 39(3), 25–30 (2006)

    Google Scholar 

  62. Sarma, S.: Toward the 5 cent tag. White Paper, Auto-ID Center (November 2001)

    Google Scholar 

  63. Shamir, A.: How to share a secret. Commun. of the ACM 22(11), 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  64. Skoric, B., Tuyls, P.: Secret key generation from classical physics. Philips Research Book Series (September 2005)

    Google Scholar 

  65. Takaragi, K., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An ultra small individual recognition security chip. IEEE Micro. 21(6), 43–49 (2001)

    Article  Google Scholar 

  66. Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy. IEEE Press, Los Alamitos (2006)

    Google Scholar 

  67. Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  68. Vajda, I., Buttyán, L.: Lightweight authentication protocols for low-cost RFID tags. In: Second Workshop on Security in Ubiquitous Computing, Seattle, WA, USA (2003)

    Google Scholar 

  69. Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)

    Google Scholar 

  70. Wheeler, D., Needham, R.: TEA, a Tiny Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995)

    Google Scholar 

  71. Wolfram, S.: A new kind of science. Wolfram Media Inc., Champaign (2002)

    MATH  Google Scholar 

  72. Wolkerstorfer, J.: Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags? In: Handout of the Ecrypt Workshop on RFID and Lightweight Crypto (July 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Carleton University, K1S 5B6, Ottawa, Ontario, Canada

    Joaquin Garcia-Alfaro, Michel Barbeau & Evangelos Kranakis

  2. Open University of Catalonia, Rambla de Poble Nou, 156, 08018, Barcelona, Spain

    Joaquin Garcia-Alfaro

Authors
  1. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michel Barbeau
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Evangelos Kranakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TELECOM Bretagne, Campus de Rennes 2, rue de la Chataigneraie, 35512, Cesson Sevigne, Cedex, France

    Joaquin Garcia-Alfaro

  2. IIA-CSIC, Campus UAB, 08193, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. TELECOM Bretagne, 2 rue de la châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia

  4. Institut Eurécom, 2229 Route des Crêtes - BP 193, 06904, Sophia Antipolis Cedex, France

    Yves Roudier

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Garcia-Alfaro, J., Barbeau, M., Kranakis, E. (2010). Security Threat Mitigation Trends in Low-Cost RFID Systems. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2009 2009. Lecture Notes in Computer Science, vol 5939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11207-2_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11207-2_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11206-5

  • Online ISBN: 978-3-642-11207-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation