International Journal of Information Security

, Volume 14, Issue 1, pp 85–99 | Cite as

Implementing public-key cryptography on passive RFID tags is practical

  • Alex Arbit
  • Yoel Livne
  • Yossef Oren
  • Avishai Wool
Regular Contribution


Passive radio-frequency identification (RFID) tags have long been thought to be too weak to implement public-key cryptography: It is commonly assumed that the power consumption, gate count and computation time of full-strength encryption exceed the capabilities of RFID tags. In this paper, we demonstrate that these assumptions are incorrect. We present two low-resource implementations of a 1,024-bit Rabin encryption variant called WIPR—in embedded software and in hardware. Our experiments with the software implementation show that the main performance bottleneck of the system is not the encryption time but rather the air interface and that the reader’s implementation of the electronic product code Class-1 Generation-2 RFID standard has a crucial effect on the system’s overall performance. Next, using a highly optimized hardware implementation, we investigate the trade-offs between speed, area and power consumption to derive a practical working point for a hardware implementation of WIPR. Our recommended implementation has a data-path area of 4,184 gate equivalents, an encryption time of 180  ms and an average power consumption of 11 \(\upmu \)W, well within the established operating envelope for passive RFID tags.


RFID Security Supply chain 



We thank the anonymous reviewers for their helpful and instructive comments.


  1. 1.
    Epcglobal inc.: EPC radio-frequency identity protocols class-1 generation-2 UHF RFID protocol for communications at 860 MHz–960 MHz, version 1.0.9. Sept (2005)Google Scholar
  2. 2.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter D., Müller G., Stephan W., Ullmann M., (eds.) SPC, volume 2802 of Lecture Notes in Computer Science, pp. 201–212. Springer (2003)Google Scholar
  3. 3.
    Dobkin, D.M.: The RF in RFID, 2nd edn. UHF RFID in Practice, Newnes (2012)Google Scholar
  4. 4.
    Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) Advances in Cryptology—CRYPTO 2005, Lecture Notes in Computer Science, vol. 3621, pp. 293–308. Springer, Berlin (2005)Google Scholar
  5. 5.
    Gaubatz, G., Kaps, J-P., Ozturk, E., Sunar, B.: State of the art in ultra-low power public key cryptography for wireless sensor networks. In: Third IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 146–150. (2005)Google Scholar
  6. 6.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Quisquater J-J., Joye M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop, LNCS, vol. 3156, pp. 357–370 Springer (2004)Google Scholar
  7. 7.
    Nohl, K., Plötz, H.: MIFARE—little security, despite obscurity. Technical report, 24th Chaos Communication Congress (2007)Google Scholar
  8. 8.
    Oren, Y., Feldhofer, M.: WIPR—public-key identification on two grains of sand. In: Dominikus S., (ed.) Workshop on RFID Security, pp. 15–27 (2008)Google Scholar
  9. 9.
    Rabin, M.O.: Digitalized signatures and public-key functions as intractable as factorization. (1979)Google Scholar
  10. 10.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    Naccache, D.: Method, sender apparatus and receiver apparatus for modulo operation. US Patent 5,479,511, 26 Dec (1995)Google Scholar
  12. 12.
    Shamir, A.: Memory efficient variants of public-key schemes for smart card applications. In: Advances in Cryptology-EUROCRYPT’94, pp. 445–449. Springer (1995)Google Scholar
  13. 13.
    Shamir, A.: SQUASH-a new MAC with provable security properties for highly constrained devices such as RFID tags. In: Fast Software Encryption, pp. 144–157. Springer (2008)Google Scholar
  14. 14.
    Finiasz, M., Vaudenay, S.: When stream cipher analysis meets public-key cryptography. In: Selected Areas in Cryptography, pp. 266–284. Springer (2007)Google Scholar
  15. 15.
    Furbass, F., Wolkerstorfer, J.: ECC processor with low die size for RFID applications. In: IEEE International Symposium on Circuits and Systems, 2007. ISCAS 2007. pp. 1835–1838. IEEE (2007)Google Scholar
  16. 16.
    Blass, E.-O., Kurmus, A., Molva, R., Noubir, G., Shikfa, A.: The \(f_f\)-family of protocols for RFID-privacy and authentication. IEEE Trans. Dependable Secur. Comput. 8(3), 466–480 (2011)CrossRefGoogle Scholar
  17. 17.
    Chien, H.-Y.: SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secur. Comput. 4(4), 337–340 (2007)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Oren, Y., Feldhofer, M.: A low-resource public-key identification scheme for RFID tags and sensor nodes. In: Basin, D.A., Capkun, S., Lee, W. (eds.) WISEC, pp. 59–68. ACM, New York (2009)Google Scholar
  19. 19.
    Wu, J., Stinson, D.R.: How to improve security and reduce hardware demands of the WIPR RFID protocol. In: IEEE International Conference on RFID, 2009. pp. 192–199. IEEE (2009)Google Scholar
  20. 20.
    Arbit, A., Oren, Y., Wool, A.: A secure supply-chain RFID system that respects your privacy. Pervasive Computing, IEEE, Accepted for publicationGoogle Scholar
  21. 21.
    Najera, P., Roman, R., Lopez, J.: User-centric secure integration of personal RFID tags and sensor networks. Secur. Commun. Netw. 6(10), 1177–1197 (2013)Google Scholar
  22. 22.
    Plos, T., Michael, H., Feldhofer, M., Stiglic, M., Cavaliere, F.: Security-enabled near-field communication tag with flexible architecture supporting asymmetric cryptography. IEEE Trans. VLSI Syst. 21(11), 1965–1974 (2013)CrossRefGoogle Scholar
  23. 23.
    Wenger, E., Unterluggauer, T., Werner, M.: 8/16/32 shades of elliptic curve cryptography on embedded processors. In: Paul G., Vaudenay S., (eds.) INDOCRYPT, volume 8250 of Lecture Notes in Computer Science, pp. 244–261. Springer (2013)Google Scholar
  24. 24.
    Batina, L., Seys, S., Singelée, D., Verbauwhede, I.: Hierarchical ECC-based RFID authentication protocol. In: Juels A., Paar, C. (eds.) RFIDSec, volume 7055 of Lecture Notes in Computer Science, pp. 183–201. Springer (2011)Google Scholar
  25. 25.
    Aigner, M., Plos, T., Ruhanen, A., Coluccini, S.: Secure semi-passive RFID tags—prototype and analysis. Technical report, BRIDGE Project (2008)Google Scholar
  26. 26.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC, Boca Raton (1996)CrossRefGoogle Scholar
  27. 27.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  28. 28.
    Barthel, H.: UHF RFID regulations. (2006)
  29. 29.
    Finkenzeller, K.: RFID Handbook : Fundamentals and Applications in Contactless Smart Cards and Identification. Wiley, New York (2003)CrossRefGoogle Scholar
  30. 30.
  31. 31.
    TSMC65LP 65nm low-power process silicon process.
  32. 32.
    Virage logic standard cell libraries.
  33. 33.
    Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptol. 14(4), 255–293 (2001)zbMATHMathSciNetGoogle Scholar
  34. 34.
    Johnston, A.M.: Digitally watermarking rsa moduli. Cryptology ePrint Archive, Report 2001/013. (2001)
  35. 35.
    Advanced microcontroller bus interface open specifica- tion.
  36. 36.
    Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-field Communication. Wiley, New York (2010)CrossRefGoogle Scholar
  37. 37.
    Arbit, A., Oren, Y., Wool, A.: Toward practical public key anti-counterfeiting for low-cost EPC tags. In: 2011 International IEEE Conference on RFID, vol. 4, pp. 184–191 Orlando, USA (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Alex Arbit
    • 1
  • Yoel Livne
    • 1
  • Yossef Oren
    • 2
  • Avishai Wool
    • 1
  1. 1.Cryptography and Network Security Lab, School of Electrical EngineeringTel-Aviv UniversityRamat Aviv, Tel AvivIsrael
  2. 2.Network Security Lab, Computer Science DepartmentColumbia UniversityNew YorkUSA

Personalised recommendations