Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Radio Frequency Identification: Security and Privacy Issues

RFIDSec 2013: Radio Frequency Identification pp 3–18Cite as

Deploying OSK on Low-Resource Mobile Devices

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8262))

Abstract

It is a popular challenge to design authentication protocols that are both privacy-friendly and scalable. A large body of literature in RFID is dedicated to that goal, and many inventive mechanisms have been suggested to achieve it. However, to the best of our knowledge, none of these protocols have been tested so far in practical scenarios. In this paper, we present an implementation of the OSK protocol, a scalable and privacy-friendly authentication protocol, using a variant by Avoine and Oechslin that accommodates it to time-memory trade-offs. We show that the OSK protocol is suited to certain real-life scenarios, in particular when the authentication is performed by low-resource mobile devices. The implementation, done on an NFC-compliant cellphone and a ZC7.5 contactless tag, demonstrates the practicability and efficiency of the OSK protocol and illustrates that privacy-by-design is achievable in constrained environments.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    It is also known as backward untraceability and used interchangeably in some papers [16, 18, 21].

  2. 2.

    Note that although these two functions need to be different, only one algorithm may be implemented on the tag, and an additional 1-bit input parameter used to select the function.

  3. 3.

    If one wants to index the hashes with \((i, j)\) couples, the memory increases by 25 % (32 bits appended to each of the 128-bit hashes).

  4. 4.

    Note that this result is compliant with the analysis done in [5]. The development done in this section is somewhat simpler and matches the notations used in the rest of this paper.

  5. 5.

    The parameters are the same than the ones in [3].

  6. 6.

    We used the prefix-suffix decomposition method, as described for instance in [7] in order to reduce to some extent the size of the TMTO tables.

References

  1. Avoine, G., Bingöl, M.A., Carpent, X., Ors Yalcin, S.B.: Privacy-friendly authentication in RFID systems: on sub-linear protocols based on symmetric-key cryptography. IEEE Trans. Mob. Comput. 12, 2037–2049 (2013)

    Article  Google Scholar 

  2. Avoine, G., Coisel, I., Martin, T.: Time measurement threatens privacy-friendly RFID authentication protocols. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 138–157. Springer, Heidelberg (2010)

    Google Scholar 

  3. Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)

    Google Scholar 

  4. Avoine, G., Junod, P., Oechslin, P.: Characterization and improvement of time-memory trade-off based on perfect tables. ACM Trans. Inf. Syst. Secur. 11, 17:1–17:22 (2008)

    Article  Google Scholar 

  5. Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security - PerSec 2005, Kauai Island, HI, USA, March 2005, pp. 110–114. IEEE Computer Society (2005)

    Google Scholar 

  6. Bingöl, M.A.: Security analysis of RFID authentication protocols based on symmetric cryptography and implementation of a forward private scheme. Master’s thesis, Istanbul Technical University, Istanbul, Turkey (2012)

    Google Scholar 

  7. Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001)

    Google Scholar 

  8. Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Borst, J., Preneel, B., Vandewalle, J.: On the time-memory tradeoff between exhaustive key search and table precomputation. In: Proceeding of the 19th Symposium in Information Theory in the Benelux, WIC, Veldhoven, The Netherlands, pp. 111–118 (1998)

    Google Scholar 

  10. HID Global Corporation. HSPD-12 & FIPS 201 PIV II: How Government Standards Affect Physical Access Control. http://www.hidglobal.com/sites/hidglobal.com/files/hid-how-gov-stanards-affect-physical-access-control-wp-en.pdf (2007)

  11. Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES implementation on a grain of sand. IEE Proc.: Inf. Secur. 152(1), 13–20 (2005)

    Article  Google Scholar 

  12. Guilfoyle, T.: The zeitcontrol basiccard family. http://www.basiccard.com (2009)

  13. Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)

    Article  MathSciNet  MATH  Google Scholar 

  14. International Organization for Standardization. ISO/IEC 9798: Information technology - Security techniques - Entity authentication - Part 2: Mechanisms using symmetric encipherment algorithms (1999)

    Google Scholar 

  15. Juels, A., Weis, S.: Defining strong privacy for RFID. In: International Conference on Pervasive Computing and Communications - PerCom 2007, March 2007, pp. 342–347. IEEE Computer Society, New York (2007)

    Google Scholar 

  16. Kardaş, S., Levi, A., Murat, E.: Providing resistance against server information leakage in RFID systems. In: New Technologies, Mobility and Security - NTMS’11, Paris, France, February 2011, pp. 1–7. IEEE Computer Society (2011)

    Google Scholar 

  17. LG Optimus 4X HD P880. Technical Specifications. http://www.lg.com/uk/mobile-phones/lg-P880/technical-specifications (2013)

  18. Lim, C.H., Kwon, T.: Strong and robust RFID authentication enabling perfect ownership transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)

    Google Scholar 

  19. Matyas, S.M., Meyer, C.H., Oseas, J.: Generating strong one-way functions with cryptographic algorithm. IBM Tech. Discl. Bull. 27(10A), 5658–5659 (1985)

    Google Scholar 

  20. Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to privacy-friendly tags. In: RFID Privacy Workshop. MIT, Cambridge (2003)

    Google Scholar 

  21. Phan, R.C.-W., Wu, J., Ouafi, K., Stinson, D.R.: Privacy analysis of forward and backward untraceable rfid authentication schemes. Wirel. Pers. Commun. 61(1), 69–81 (2011)

    Article  Google Scholar 

  22. Shankland, S.: Google’s Android parts ways with Java industry group. CNET News (November 12, 2007). Accessed 15 Feb 2012

    Google Scholar 

Download references

Acknowledgements

This work is partially funded by the Walloon Region Marshall plan through the SPW DG06 Project TRASILUX.

Author information

Authors and Affiliations

  1. ICTEAM Institute, Université Catholique de Louvain, 1348, Louvain la Neuve, Belgium

    Gildas Avoine & Xavier Carpent

  2. TÜBİTAK BİLGEM UEKAE, Gebze, Kocaeli, Turkey

    Muhammed Ali Bingöl & Süleyman Kardaş

  3. Faculty of Engineering and Natural Sciences, Sabancı University, 34956, İstanbul, Turkey

    Muhammed Ali Bingöl & Süleyman Kardaş

Authors
  1. Gildas Avoine
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammed Ali Bingöl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xavier Carpent
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Süleyman Kardaş
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammed Ali Bingöl .

Editor information

Editors and Affiliations

  1. Technische Universität Graz, Graz, Austria

    Michael Hutter

  2. Graz University of Technology, Graz, Austria

    Jörn-Marc Schmidt

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Avoine, G., Bingöl, M.A., Carpent, X., Kardaş, S. (2013). Deploying OSK on Low-Resource Mobile Devices. In: Hutter, M., Schmidt, JM. (eds) Radio Frequency Identification. RFIDSec 2013. Lecture Notes in Computer Science(), vol 8262. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41332-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41332-2_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41331-5

  • Online ISBN: 978-3-642-41332-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation