Skip to main content

Low-cost authentication protocol for passive, computation capable RFID tags


Authentication of products and humans is one of the major future applications of Radio Frequency IDentification (RFID) technology. None of the recent RFID technology related authentication approaches has been fully convincing. Either these schemes offer a low-level of security or they are vulnerable to Denial-of-Service attacks that keep the authentication system from proper functioning. Some schemes raise privacy and security concerns as they reveal confidential information about the RFID tag bearer and allow their world-wide tracking. In this paper, we present a novel cryptographic authentication protocol that fills the security holes imposed by RFID technology. Moreover, it provides significantly lower cost in terms of computational effort and communication than currently proposed protocols such as Mutual Authentication Protocol (MAP) and Yet Another Trivial Authentication Protocol\(^{*}\, (\hbox {YA-TRAP}^{*})\). We also present the implementation of our cryptographic authentication protocol on a real passive computation capable RFID tag known as Wireless Identification and Sensing Platform. The experimental results show that our protocol has double the rate of successful authentication as comapred to \(\hbox {YA-TRAP}^{*}\) and MAP. It also takes 33 % less time to authenticate.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9


  1. 1.

    Lehtonen M., Staake T., Michahelles F., & Fleisch E. (2006). From identification to authentication—A review of RFID product authentication techniques. In Printed handout of workshop on RFID security (RFIDSec-06).

  2. 2.

    Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394.

    Article  MathSciNet  Google Scholar 

  3. 3.

    Lehtonen, M., Michahelles, F., & Fleisch, E. (2007). Trust and security in RFID-based product authentication systems. IEEE Systems Journal, 1(2), 129–144.

    Article  Google Scholar 

  4. 4.

    Tsudik G. (2007). A family of dunces: Trivial RFID identification and authentication protocols. In Proceedings 7th international conference on privacy enhancing technologies. Berlin: Springer, pp. 45–61.

  5. 5.

    Tsudik G. (2006). YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In Proceedings 4th annual IEEE international conference pervasive computing and communications workshops, Washington DC, pp. 640–643.

  6. 6.

    Moessner, M., & Khan, G. (2012). Secure authentication scheme for passive C1G2 RFID tags. Computer Networks Journal, 56(1), 273–286.

    Article  Google Scholar 

  7. 7.

    Yaeger, D. Y., Sample, A. P., Powledge, P. S., Mamishev, A. V., & Smith, J. R. (2008). Design of an RFID-based battery-free programmable sensing platform. IEEE Transactions on Instrumentation and Measurement, 57(11), 2608–2615.

    Article  Google Scholar 

  8. 8.

    EPC radio-frequency identity protocols Class-1 Generation-2 UHF RFID protocol for communication at 860 MHz–960 MHz, EPCglobal Inc., Specification for RFID Air Interface, Rev. 1.2.0, 2008. [Online].

  9. 9.

    Zhang Y., Yang L., & Chen J. (Eds.). (2010). RFID and sensor networks: Architectures, protocols, security, and integrations (1st ed.). New York: CRC Press.

  10. 10.

    Weis S. A., Sarma S., Rivest R., & Engels D. (2003). Security and privacy aspects of low-cost radio frequency identification systems. In Proceedings of the International Conference on Security in Pervasive Computing, pp. 201–212. Also in Security in pervasive computing, Springer LNCS, Volume 2802/2004, pp. 50–59.

  11. 11.

    Changqing O., Jixiong W., Zhengyan L., & Shengye H. (2008). An enhanced security authentication protocol based on hash-lock for low-cost RFID. In Proceedings international conference on anti-counterfeiting, security and Identification, pp. 416–419.

  12. 12.

    Ohkubo, M., Suzuki, K., & Kinoshita, S. (2003). Cryptographic approach to “privacy-friendly” tags. In Proceedings of RFID privacy workshop. Cambridge, MA: MIT

  13. 13.

    Yong, G., Lei, H., Na-na, L., & Tao, Z. (2010). An improved forward secure RFID privacy protection scheme. In Proceedings 2nd international Asia conference on informatics in control, automation and robotics, Wuhan, Vol. 2, pp. 273–276.

  14. 14.

    Chatmon C., van Le T., & Burmester M. (2006). Secure anonymous RFID authentication protocols. Tallahassee, FL, USA, Tech. Rep. TR-060112.

  15. 15.

    Lei H., Song-he J., Tao Z., & Na-na L. (2009). An enhanced 2-pass optimistic anonymous RFID authentication protocol with forward security. In Proceedings of the 5th international conference on wireless communications, networking and mobile computing, Beijing, pp. 3692–3695.

  16. 16.

    Rahman, M., Soshi, M., & Miyaji, A. (2009). A secure RFID authentication protocol with low communication cost. Proceedings 5th International conference on complex on intelligent and software intensive systems, Fukuoka Japan, pp. 559–564.

  17. 17.

    Needham, R. M., & Wheeler, D. J. (1997). TEA extensions. Cambridge University, GB, Tech. Rep., 1997.

  18. 18.

    Lee, Y.-C., Kuo, W.-C., Hsieh, Y.-C., & Chen, T.-C. (2009). Security enhancement of the authentication protocol for RFID systems. In Proceedings 5th international conference on information assurance and security, Xi’an, China, Vol. 1, pp. 521–524.

  19. 19.

    Schneier, B. (1996). Applied cryptography: Protocols, algorithms, and source code in C (2nd ed.). New York: Wiley.

    MATH  Google Scholar 

  20. 20.

    Moessner, M.B. (2010). Secure authentication protocols for RFID systems. MASc Thesis, Electrical and Computer Engineering, Ryerson University, Toronto, Canada.

  21. 21.

    Low Level Reader Protocol (LLRP). (2007). EPCglobal Inc., Ratified Standard with Approved Fixed Errata, Rev. 1.0.1. [Online].

  22. 22.

    Sample, A., Yeager, D., Powledge, P., & Smith J. (2007). Design of a passively-powered, programmable sensing platform for UHF RFID systems. In Proceedings international conference on RFID, Grapevine TX, pp. 149–156.

  23. 23.

    Chae, H.-J., Yeager, D. J., Smith, J. R., & Fu, K. (2007).‘Maximalist cryptography and computation on the WISP UHF RFID tag. In Proceedings of the conference on RFID security, Malaga, Spain. [Online].

  24. 24.

    Wheeler, D., & Needham, R. (1995). TEA, a tiny encryption algorithm. In Proceedings 2nd international workshop on fast software encryption, Leuven, Belgium. Berlin: Springer, pp. 97–110.

  25. 25.

    Rivest, R. (1995). The RC5 encryption algorithm. In Proceedings of the 2nd workshop on fast software encryption, LNCS, Vol. 1008 .  Berlin: Springer, pp. 86–96.

    Google Scholar 

  26. 26.

    Rivest R. L., Robshaw M. J. B., Sidney R., & Yin Y. L. (1998). The RC6 tm block cipher. In Proceedings of the first conference on advanced encryption standard, pp. 16–37.

  27. 27.

    Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES—The Advanced Encryption Standard.  Berlin: Springer.

    Book  Google Scholar 

  28. 28.

    Lu, J. (2009). Related-key rectangle attack on 36 rounds of the XTEA block cipher. International Journal of Information Security, 8, 1–11.

    Article  Google Scholar 

Download references


The authors acknowledge the financial support of NSERC Canada. Furthermore, we would like to thank INTEL Research Seattle for providing WISP tags and CMC microsystems for the other equipment, which allowed us to implement and test our protocol.

Author information



Corresponding author

Correspondence to Gul N. Khan.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Khan, G.N., Moessner, M. Low-cost authentication protocol for passive, computation capable RFID tags. Wireless Netw 21, 565–580 (2015).

Download citation


  • Computation capable passive RFID tag
  • Cryptographic authentication protocol
  • Low Cost Authentication Protocols
  • Smart RFID systems
  • WISP tag