Skip to main content
SpringerLink
Log in

A holistic approach examining RFID design for security and privacy

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

This paper adopts a holistic approach to Radio Frequency Identification (RFID) security that considers security and privacy under resource constraints concurrently. In this context, a practical realisation of a secure passive (battery-less) RFID tag is presented. The tag consists of an off the shelf front end combined with a bespoke 0.18 μm Application Specific Integrated Circuit (ASIC) assembled as a -sized prototype. The ASIC integrates the authors’ ultra low power novel Advanced Encryption Standard (AES) design together with a novel random number generator and a novel protocol, which provides both security and privacy. The analysis presented shows a security of 64-bits against many attack methods. Both modelled and measured power results are presented. The measured average core power consumed during continuous normal operation is 1.36 μW.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Phillips T, Karygiannis T, Kuhn R (2005) Security standards for the RFID market. IEEE Comput Soc, Sec Privacy, pp 85–89, 1540–7993/05

  2. EPCglobal Inc, available at www.epcglobalinc.org

  3. The RFID Journal, available at www.rfidjournal.com

  4. Anderson RJ, Kuhn MG (1997) Attacks on tamper resistant devices. In: Proc security protocols workshop, New York. LNCS, vol 1361. Springer, Berlin, pp 125–136

    Chapter  Google Scholar 

  5. Peslak AR (2005) An ethical exploration of privacy and radio frequency identification. J Bus Ethics 59:327–345

    Article  Google Scholar 

  6. Lockton V, Rosenberg RS (2006) RFID: The next serious threat to privacy. Ethics Inf Technol 7:221–231

    Article  Google Scholar 

  7. Garfinkel SL, Juels A, Pappu R (2005) RFID privacy: an overview of problems and proposed solutions. IEEE Secur Priv, May/June

  8. Juels A (2006) RFID security and privacy: a research survey. IEEE J Sel Areas Commun 24(2):381–394, invited paper, Feb

    Article  MathSciNet  Google Scholar 

  9. Article-29 Data Protection Working Party (2005) Working document on data protection issues related to RFID technology. WP 105, European Commission, Internal Market Directorate-General, Office No C100-6/136, Jan 2005

  10. Weis SA, Sarma SE, Rivest RL, Engels DW (2004) Security and privacy aspects of low-cost radio frequency identification systems. In: Security in pervasive computing 2003. LNCS, vol 2802. Springer, Berlin, pp 201–212

    Chapter  Google Scholar 

  11. Ohkubo M, Suzuki K, Kinoshita S (2005) RFID privacy issues and technical challenges. Commun ACM 48(9):66–71

    Article  Google Scholar 

  12. Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) website: www.nocards.org (2003)

  13. Lehtonen M, Staake T, Michahelles F, Fleisch E (2006) From identification to authentication—a review of RFID product authentication techniques. RFIDsec06, Graz Austria, July 2006

  14. Engberg S, Harning M, Jensen C (2004) Zero-knowledge device authentication: Privacy & security enhanced RFID preserving business value and consumer convenience. In: Conf on Privacy, Security and Trust (PST), New Brunswick, Canada, Oct 2004

    Google Scholar 

  15. Chatmon C, Le TV, Burmester M (2006) Secure anonymous RFID authentication protocols. Technical Report TR-060112, Florida State University, Department of Computer Science, Tallahassee, Florida, USA

  16. Dimitriou T (2005) A lightweight RFID protocol to protect against traceability and cloning attacks. In: IEEE SecureComm05, Sept. 5–9, Athens, Greece

  17. Yang J, Park J, Lee H, Ren K, Kim K (2005) Mutual authentication protocol for low-cost RFID. In: ECRYPT workshop on RFID and lightweight Crypto, Graz, Austria, July 14–15

    Google Scholar 

  18. Tsudik G (2006) YA-TRAP: yet another trivial RFID authentication protocol. In: IEEE intl conf on pervasive computing and communications (PerCom06), Pisa, Italy, March 2006

    Google Scholar 

  19. Kfir Z, Wool A (2005) Picking virtual pockets using relay attacks on contactless smartcard systems. Available at http://eprint.iacr.org/2005/052

  20. Man ASW, Zhang ES, Lau VKN, Tsui CY, Luong HC (2007) Low power VLSI design for a RFID passive tag baseband system enhanced with an AES cryptography engine. In: 1st annual RFID Eurasia conf, 5–6 Sept 2007, pp 1–6. ISBN: 978-975-01566-0-1

    Chapter  Google Scholar 

  21. Tausworthe RC (1965) Random numbers generated by linear recurrence modulo two. Math Comput 19:201–209

    Article  MathSciNet  MATH  Google Scholar 

  22. Brands S, Chaum D (1993) Distance-bounding protocols. In: Advances in cryptology EUROCRYPT ’93. LNCS, vol 765. Springer, Berlin, pp 344–359

    Chapter  Google Scholar 

  23. Hancke GP, Kuhn MG (2005) An RFID distance bounding protocol. In: Proc 1st intl conf on security and privacy for emerging areas in communications networks (SECURECOMM’05). IEEE, New York, ISBN 0-7695-2369-2

    Google Scholar 

  24. Feldhofer M, Dominikus S, Wolkerstorfer J (2004) Strong authentication for RFID systems using the AES algorithm. In: CHES 2004. LNCS, vol 3156, pp 357–370

    Google Scholar 

  25. National Institute of Standards and Technology (NIST) (2007) Secure Hash standard (SHS). FIPS 180-3, available at http://www.itl.nist.gov/fipspubs/, June 2007

  26. NIST (2001) Advanced Encryption Standard (AES), FIPS 197, available at: http://www.itl.nist.gov/fipspubs/, Nov 2001

  27. Kaps J-P, Sunar B (2006) Energy comparison of AES and SHA-1 for ubiquitous computing. In: Proc embedded and ubiquitous computing (EUC’06), Seoul, Korea, 1–4 Aug 2006, pp 372–381

    Google Scholar 

  28. Kim M, Ryou J, Choi Y, Jun S (2006) Low-cost cryptographic circuits for authentication in radio frequency identification systems. In: IEEE tenth intl symp on consumer electronics (ISCE ’06), pp 1–5

    Chapter  Google Scholar 

  29. Good T, Benaissa M (2009) 692nW advanced encryption standard (AES) on a 0.13 μm CMOS. IEEE Trans Very Large Scale Integr (VLSI) Syst, doi:10.1109/TVLSI.2009.2025952

    Google Scholar 

  30. Schneier B Blog on security, available online at: http://www.schneier.com/blog/archives/2005/11/the_security_of_2.html

  31. Marsaglia G DIEHARD tests. Available at: http://www.stat.fsu.edu/pub/diehard/

  32. NIST (2001) A statistical test suite for random and pseudorandom number generators for cryptographic applications. SP800-22, available at: http://csrc.nist.gov/publications/PubsSPs.html

  33. Petrie CS, Connelly JA (2000) A noise-based IC random number generator for applications in cryptography. IEEE TCAS-I 47(5):615–621

    Google Scholar 

  34. Sunar B, Martin WJ, Stinson DR (2007) A provably secure true random number generator with built-in tolerance to active attacks. Trans Comput 56(1):109–119

    Article  MathSciNet  Google Scholar 

  35. Schellekens D, Preneel B, Verbauwhede I (2006) FPGA vendor agnostic true random number generator. In: Field programmable logic and applications (FPL ’06), pp 1–6

    Google Scholar 

  36. Holleman J, Otis B, Bridges S, Mitros A, Diorio C (2006) A 2.92 μW hardware random number generator. In: Proc of the 32nd European solid-state circuits conf (ESSCIRC 2006), pp 134–137

    Chapter  Google Scholar 

  37. Zhou T, Zhou Z, Yu M, Ye Y (2006) Design of a low power high entropy chaos-based truly random number generator. In: IEEE Asia pacific conf on circuits and systems (APCCAS 2006), 4–7 Dec 2006, pp 1955–1958

    Google Scholar 

  38. Bucci M, Germani L, Luzzi R, Trifiletti A, Varanonuovo M (2003) A high-speed oscillator-based truly random number source for cryptographic applications on a smart card IC. IEEE Trans Comput 52(4):403–409

    Article  Google Scholar 

  39. Atmel Inc, U328-00-150kHz transponder interface datasheet. Available at: http://www.atmel.com/dyn/resources/prod_documents/doc4688.pdf

Download references

Author information

Author notes

  1. Tim Good

    Present address: Dept. of Medical Physics, Royal Hallamshire Hospital, Sheffield Teaching Hospitals NHS Foundation Trust, Sheffield, S10 2JF, UK

Authors and Affiliations

  1. Dept. Electronic & Electrical Engineering, University of Sheffield, Mappin Street, Sheffield, S1 3JD, UK

    Tim Good & Mohammed Benaissa

Authors
  1. Tim Good
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Benaissa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed Benaissa.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Good, T., Benaissa, M. A holistic approach examining RFID design for security and privacy. J Supercomput 64, 664–684 (2013). https://doi.org/10.1007/s11227-010-0497-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-010-0497-9

Keywords

Search

Navigation