M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags

  • Pedro Peris-Lopez
  • Julio Cesar Hernandez-Castro
  • Juan M. Estevez-Tapiador
  • Arturo Ribagorda
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4159)


Low-cost Radio Frequency Identification (RFID) tags affixed to consumer items as smart labels are emerging as one of the most pervasive computing technologies in history. This presents a number of advantages, but also opens a huge number of security problems that need to be addressed before its successful deployment. Many proposals have recently appeared, but all of them are based on RFID tags using classical cryptographic primitives such as Pseudorandom Number Generators (PRNGs), hash functions, or block ciphers. We believe this assumption to be fairly unrealistic, as classical cryptographic constructions lie well beyond the computational reach of very low-cost RFID tags. A new approach is necessary to tackle the problem, so we propose a minimalist lightweight mutual authentication protocol for low-cost RFID tags that offers an adequate security level for certain applications, which could be implemented even in the most limited low-cost tags as it only needs around 300 gates.


Ubiquitous Computing RFID Tag Reader Pseudonym Privacy Mutual-Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amphion: CS5265/75 AES Simplex encryption/decryption (2005),
  2. 2.
    Choi, E.Y., Lee, S.M., Lee, D.H.: Efficient RFID authentication protocol for ubiquitous computing environment. In: Proc. of SECUBIQ 2005. LNCS, Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: Proc. of SECURECOMM 2005 (2005)Google Scholar
  4. 4.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In: Proc. of PERSEC 2004, pp. 149–153. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  6. 6.
    Jung, M., Fiedler, H., Lerch, R.: 8-bit microcontroller system with area efficient AES coprocessor for transponder applications. In: Ecrypt Workshop on RFID and Lightweight Crypto (2005)Google Scholar
  7. 7.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop (2003)Google Scholar
  8. 8.
    Roberts, C.M.: Radio frequency identification (RFID). Computers and Security 25(1), 18–26 (2006)CrossRefGoogle Scholar
  9. 9.
    Sean, W., Thomas, L.: Automatic identification and data collection technologies in the transportation industry: BarCode and RFID. Technical report (2001)Google Scholar
  10. 10.
    Datasheet Helion Technology. High Performance MD5. Fast SHA-1. Fast SHA-256. hash core for ASIC (2005)Google Scholar
  11. 11.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Wong, K.H.M., Hui, P.C.L., Chan, A.C.K.: Cryptography and authentication on RFIDnext term passive tags for apparel products. Computers in Industry 57(4), 342–349 (2006)Google Scholar
  13. 13.
    Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual authentication protocol for low-cost RFID. In: Ecrypt Workshop on RFID and Lightweight Crypto (2005)Google Scholar
  14. 14.
    Yüksel, K., Kaps, J.P., Sunar, B.: Universal hash functions for emerging ultra-low-power networks. In: Proc. of CNDS 2004 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Pedro Peris-Lopez
    • 1
  • Julio Cesar Hernandez-Castro
    • 1
  • Juan M. Estevez-Tapiador
    • 1
  • Arturo Ribagorda
    • 1
  1. 1.Computer Science DepartmentCarlos III University of Madrid 

Personalised recommendations