Journal of Electronic Testing

, Volume 34, Issue 3, pp 291–304 | Cite as

Security Enhancements of a Mutual Authentication Protocol Used in a HF Full-Fledged RFID Tag

  • Yassine Naija
  • Vincent Beroulle
  • Mohsen Machhout


Radio Frequency IDentification (RFID) is used in many applications such as access control, transport, ticketing and contactless payment. The full-fledged High Frequency (HF) tags are the most popular RFID tags for these applications that require relatively high cost security operations. However, these HF tags are threatened by many passive attacks such as eavesdropping, desynchronization and ElectroMagnetic (EM) Side Channel Attacks (SCA). In this article, we propose the implementation and the validation of a full-fledged HF tag architecture using an enhanced mutual authentication protocol. This is achieved using a FPGA platform. Security analysis against Electromagnetic Attack (EMA) and desynchronization attacks on the original protocol are presented. Then enhancements at the protocol level are proposed to overcome these attacks. The implementation of these security enhancements shows a low overhead (+22 LUTs) compared to previous existing security hardware solutions (+598 LUTs).


RFID Mutual authentication protocol ISO/IEC 14443 type A EMA Desynchronization Security enhancements 


  1. 1.
    Brier E, Clavier C, Olivier F (2004) Correlation power analysis with a leakage model. In: Proceeding of Internetional Conference of Cryptographic Hardware and Embedded Systems, CHES04, Lecture Notes in Computer Science, vol. 3156, p. 135–152, SpringerGoogle Scholar
  2. 2.
    Chien H.-Y. (2006) Secure access control schemes for RFID systems with anonymity. Proc. 2006 Int’l workshop future mobile and ubiquitous information technologies (FMUIT ‘06)Google Scholar
  3. 3.
    Chien H-Y (2007) SASI: a new ultra lightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans Dependable Secure Comput 4(4):337–340CrossRefGoogle Scholar
  4. 4.
    Chien H-Y, Chen C-H (2007) Mutual authentication protocol for RFID conforming to EPC class 1 generation 2 standards. Computers Standards & Interfaces 29(2):254–259CrossRefGoogle Scholar
  5. 5.
    Chou J-S, Chen Y, Wu C-L, Lin C-F (2011) An efficient RFID mutual authentication scheme based on ECC. IACR Cryptology ePrint Archive 2011:418Google Scholar
  6. 6.
    Common criteria recognition arrangement for components up to EAL 4 (2011) Certification report BSI-DSZ-CC-0712-2011 for NXP Mifare DESFire EV1 MF3ICD81 from NXP semiconductors Germany GmbH. In: Federal office for information securityGoogle Scholar
  7. 7.
    Das R, Harrop P, RFID forecasts, players and opportunities 2009–2019, IdTechEx report, 2009Google Scholar
  8. 8.
    Doiron TJ, Dreon ST Digital radio transceiver with encrypted key storage. United States Patent. Jan 2, 1996Google Scholar
  9. 9.
    Finkenzeller K (2010) RFID handbook fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication, 2010 third editionGoogle Scholar
  10. 10.
    Fritzke AW, Second Lieutenant, USAF, B.S.E.E. Master Thesis: Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques for AES. Air Force Institute of Technology USA. Graduate School of Engineering and Management (AFIT/EN) son Way WPAFB OH 45433–7765. 22/03/2012Google Scholar
  11. 11.
    Garcia FD, de Koning Gans G, Muijrers R, van Rossum P, Verdult R, Schreur RW, Jacobs B. Dismantling MIFARE Classic. ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer security. Pages 97 – 114. Málaga, Spain — October 06–08, 2008Google Scholar
  12. 12.
    Garcia FD, de Koning Gans G, Verdult R (2012) Tutorial: proxmark, the swiss army knife for RFID security research. 8th workshop on RFID security and privacy (RFIDSec 2012)Google Scholar
  13. 13.
    Hutter M, Mangard S, Feldhofer M. Power and EM attacks on passive 13.56MHz RFID Devices. Cryptographic Hardware and Embedded Systems CHES 2007. 9th International Workshop, Vienna, Austria, September 10–13, 2007. Proceedings.Google Scholar
  14. 14.
    Hutter M, Schmidt J-M, Plos T (2008) RFID and its vulnerability to faults. Cryptographic Hardware and Embedded Systems. CHESGoogle Scholar
  15. 15.
    Hutter M, Schmidt J-M, Plos T (August 2009) Contact-based fault injections and power analysis on RFID tags. European Conference on Circuit Theory and Design:23–27Google Scholar
  16. 16.
    International Standard (1999) ISO/IEC 9798-2: information technology - security techniques - entity authentication. Part 2: mechanisms using symmetric encipherment algorithms. In: Second editionGoogle Scholar
  17. 17.
    International standard ISO/IEC 14443. Identification cards, contactless integrated circuit(s) cards, Proximity cards, Part 2: Radio frequency power and signal interface, First edition, 2001-07-01. Part 3: Initialization and anti-collision, First edition, 2001-02-01. Part 4: Transmission protocol, 2007-06-13Google Scholar
  18. 18.
    Juvekar CS, Lee H-M, Kwong J, Chandrakasan AP. A Keccak-based wireless authentication tag with per-query key update and power-glitch attack countermeasures. 2016 I.E. International Solid-State Circuits Conference (ISSCC)Google Scholar
  19. 19.
    Kasper T, Oswald D, Paar C (2009) EM side-channel attacks on commercial contactless smart cards using low-cost equipment. In Youm, Heung Youl and Yung, editors. Information security applications: 10th international workshop, WISA 2009, Busan, Korea, August 25–27Google Scholar
  20. 20.
    Kasper T, von Maurich I, Oswald D, Paar C (2010) Cloning cryptographic RFID cards for 25$. Presented at the 5th Benelux Workshop on Information and System Security, WisSec 2010, November 29–30, 2010, Nijmegen, The NetherlandsGoogle Scholar
  21. 21.
    Kasper T, Oswald D, Paar C (2011) Side-channel analysis of cryptographic RFIDs with analog demodulation. RFIDSec'11 Proceedings of the 7th international conference on RFID security and privacy. Pages 61-77. Amherst, MA-June 26–28Google Scholar
  22. 22.
    Lei H, Xin-mei L, Song-he J, Zeng-yu C (2010) A one-way Hash based low-cost authentication protocol with forward security in RFID systemGoogle Scholar
  23. 23.
    Munilla J, Peinado A (2007) HB-MP: a further step in the HB-family of lightweight authentication protocols. Comput Netw 51:2262–2267. CrossRefzbMATHGoogle Scholar
  24. 24.
    Naija Y, Beroulle V, Hely D, Machhout M (2016) Implementation of a secured digital ultralight 14443-type A RFID tag with an FPGA platform. 2016 11th International Conference on Design & Technology of Integrated Systems in Nanoscale Era, Istanbul TurkeyGoogle Scholar
  25. 25.
    Naija Y, Beroulle V, Machhout M (2017) Low cost countermeasure at authentication protocol level against electromagnetic side channel attacks on RFID tags. Int J Adv Comput Sci Appl (IJACSA) 8(11)Google Scholar
  26. 26.
    Nassar M, Souissi Y, Guilley S, Danger J-L (2012) RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. Design, Automation & Test in Europe Conference & Exhibition (DATE)Google Scholar
  27. 27.
    NXP Semiconductors. MIFARE classic 1K - mainstream contactless smart card IC for fast and easy solution development. Product data sheet. Rev 3.1. 21 February 2011Google Scholar
  28. 28.
    Ouafi K, Phan R C.-W. (2008) Traceable privacy of recent provably secure RFID protocols, in: The proceedings of ACNS 2008, LNCS, 5037, Springer-Verlag, pp. 479–489Google Scholar
  29. 29.
    Peris-Lopez P, Hernandez JC & Estevez-Tapiador JM & Ribagorda A (2006) EMAP: an efficient mutual authentication protocol for low-cost RFID tags”, In Proc. of IS’06, springer-Verlag, vol 4277 of LNCS, pp 352–361Google Scholar
  30. 30.
    Peris-Lopez P, Hernandez JC, Estevez-Tapiador JM, Arturo R (2009) Advances in ultra lightweight cryptography for low-cost RFID tags: Gossamer protocol. J Inf Sci Eng 25(1):33–57Google Scholar
  31. 31.
    Pham TA, Hasan MS, Yu H (2012) A RFID mutual authentication protocol based on AES algorithm. UKACC international conference on control 2012. Cardiff, UK, 3–5 September 2012Google Scholar
  32. 32.
    Texas Instruments (December 2014) MIFARE DESFire EV1 AES authentication with TRF7970A. In: Appli-cation report SLOA213Google Scholar
  33. 33.
    Toiruul B, Lee KO (2006) An advanced mutual-authentication algorithm using AES for RFID systems. IJCSNS Int J Comput Sci Netw Secur 9B:6Google Scholar
  34. 34.
    Yang J, Park J, Lee H, Ren K, Kim K (2005) Mutual authentication protocol for low-cost RFID. Proc, Ecrypt Workshop RFID and Lightweight CryptoGoogle Scholar
  35. 35.
    Zetter K (2006) Hackers clone E-passports:17.02.11 Available from:
  36. 36.
    Zhou YongBin, Feng DengGuo (2005) Side-channel attacks: ten years after its publication and the impacts on cryptographic module security testing. IACR Cryptology ePrint Archive, 2005- Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018
corrected publication April/2018

Authors and Affiliations

  1. 1.University of Sousse, ENISOSousse ErriadhTunisia
  2. 2.University of Grenoble Alpes, LCISValenceFrance
  3. 3.University of Monastir, EμEMonastirTunisia

Personalised recommendations