RFID Security pp 373-415 | Cite as

Hardware Implementation of Symmetric Algorithms for RFID Security

  • Martin Feldhofer
  • Johannes Wolkerstorfer


This book chapter provides an overview about hardware implementations of symmetric crypto algorithms for RFID security. Hardware design for RFID tags is challenging due to the fierce constraints concerning power consumption and chip area. After a general overview about RFID security, the requirements for passive RFID tags will be worked out. Different design measures for low-resource hardware implementations will be presented and their efficiency will be analyzed. The implementation part of this chapter presents a survey of implemented algorithms that are optimized for application in passive RFID tags. The evaluated algorithms include the block ciphers AES, TEA, and XTEA and the commonly used hash functions SHA-256, SHA-1, and MD5. These algorithms are compared with the new upcoming stream ciphers Grain and Trivium. The comparison of the achieved results favors the use of the AES algorithm for application of symmetric cryptography in RFID security.


Hash Function Clock Cycle Block Cipher Advance Encryption Standard Stream Cipher 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    S. Bono, M. Green, A. Stubblefield, A. Juels, A. Rubin, and M. Szydlo. Security Analysis of a Cryptographically-Enabled RFID Device. In USENIX Security Symposium, Baltimore, Maryland, USA, July-August, 2005, Proceedings, pp. 1–16, USENIX, 2005Google Scholar
  2. 2.
    C.D. Canni ére and B. Preneel. TRIVIUM Specifications. eSTREAM, ECRYPT Stream Cipher Project (, Report 2005/030, April 2005
  3. 3.
    C.D. Canni ére and C. Rechberger. Finding SHA-1 Characteristics: General Results and Applications. In X. Lai and K. Chen, editors, Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3–7, 2006, Proceedings, volume 4284 of Lecture Notes in Computer Science, pp. 1–20, Springer, Berlin, 2006Google Scholar
  4. 4.
    E.Y. Choi, S.-M. Lee, and D.H. Lee. Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In T. Enokido, L. Yan, B. Xiao, D. Kim, Y. Dai, and L.T. Yang, editors, Embedded and Ubiquitous Computing - EUC 2005 Workshops, EUC 2005 Work-shops: UISW, NCUS, SecUbiq, USN, and TAUES, Nagasaki, Japan, December 6–9, 2005, Proceedings, volume 3823 of Lecture Notes in Computer Science, pp. 945–954, Springer, Berlin, December 2005Google Scholar
  5. 5.
    L. Dadda, M. Macchetti, and J. Owen. The Design of a High Speed ASIC Unit for the Hash Function SHA-256 (384, 512). In 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), 16–20 February 2004, Paris, France, volume 3, pp. 70–75, IEEE Computer Society press, Washington, DC, February 2004CrossRefGoogle Scholar
  6. 6.
    J. Daemen and V. Rijmen. The Design of Rijndael. Information Security and Cryptography, Springer, Berlin, 2002. ISBN 3–540–42580–2Google Scholar
  7. 7.
    T. Dimitriou. A Lightweight RFID Protocol to Protect Against Traceability and Cloning attacks. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), Athens, Greece, 59 September 2005, Proceedings, Athens, Greece, pp. 59–66, IEEE Computer Society Press, Washington, DC, September 2005CrossRefGoogle Scholar
  8. 8.
    S. Dominkus. A Hardware Implementation of MD4-family Hash Algorithms. In Ninth IEEE International Conference on Electronics, Circuits and Systems, Dubrovnik, Croatia, 15–18 September, 2002, Proceedings, volume 3, pp. 1143–1146, IEEE, New York, NY, October 2002CrossRefGoogle Scholar
  9. 9.
    ECRYPT. eSTREAM - The ECRYPT Stream Cipher Project Website.
  10. 10.
    M. Feldhofer. Comparison of Low-Power Implementations of Trivium and Grain. In Workshop on The State of the Art of Stream Ciphers (SASC 2007), January 31-February 1, 2007, Bochum, Germany, pp. 236- 246, ECRYPT, February 2007Google Scholar
  11. 11.
    M. Feldhofer and C. Rechberger. A Case Against Currently Used Hash Functions in RFID Protocols. In R. Meersman, Z. Tari, and P. Herrero, editors, First International OTM Workshop on Information Security (IS'06), Montpellier, France, Oct 30-Nov 1, 2006. Proceedings, Part I, volume 4277 of Lecture Notes in Computer Science, pp. 372–381, Springer, Berlin, October 2006Google Scholar
  12. 12.
    M. Feldhofer and J. Wolkerstorfer. Low-power Design Methodologies for an AES Implementation in RFID Systems. In Workshop on Cryptographic Advances in Secure Hardware 2005 (CRASH05), September 6–7, Leuven, Belgium, September 2005Google Scholar
  13. 13.
    M. Feldhofer and J. Wolkerstorfer. Strong Crypto for RFID Tagsa Comparison of Low-Power Hardware Implementations. In IEEE International Symposium on Circuits and Systems (ISCAS 2007), New Orleans, USA, May 27–30, 2007, Proceedings, pp. 1839–1842, IEEE, New York, NY, May 2007CrossRefGoogle Scholar
  14. 14.
    M. Feldhofer, S. Dominikus, and J. Wolkerstorfer. Strong Authentication for RFID Systems. Using the AES Algorithm. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hard-ware and Embedded Systems - CHES 2004, Sixth International Workshop, Cambridge, MA, USA, August 11–13, 2004, Proceedings, volume 3156 of Lecture Notes in Computer Science, pp. 357–370, Springer, Berlin, August 2004Google Scholar
  15. 15.
    M. Feldhofer, K. Lemke, E. Oswald, F.-X. Standaert, and J. Wolkerstorfer. D.VAM.2 - State of the Art in Hardware Architectures, August 2005Google Scholar
  16. 16.
    M. Feldhofer, J. Wolkerstorfer, and V. Rijmen. AES Implementation on a Grain of Sand. IEE Proceedings on Information Security, 152(1): 13–20, October 2005CrossRefGoogle Scholar
  17. 17.
    T.S.Ganesh and T.S.B. Sudarshan. ASIC Implementation of a Unified Hardware Architecture for Non-Key Based Cryptographic Hash Primitives. In International Symposium on Information Technology: Coding and Computing (ITCC 2005), 4–6 April 2005, Las Vegas, Nevada, USA, Proceedings, volume 1, pp. 580–585, IEEE Computer Society Press, Washington, DC, April 2005CrossRefGoogle Scholar
  18. 18.
    M. Hell, T. Johansson, and W. Meier. Grain - A Stream Cipher for Constrained Environments. eSTREAM, ECRYPT Stream Cipher Project(, Report 2005/010, 2006. Revised version
  19. 19.
    D. Henrici and P. Müller. Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In Second IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), Orlando, FL, USA, 14–17 March 2004, Proceedings, pp. 149–153, IEEE Computer Society Press, Washington, DC, March 2004CrossRefGoogle Scholar
  20. 20.
    M. Hutter, S. Mangard, and M. Feldhofer. Power and EM Attacks on Passive 13.56 MHz RFID Devices. In P. Paillier and I. Verbauwhede, editors, Cryptographic Hardware and Embedded Systems - CHES 2007, Ninth International Workshop, Vienna, Austria, September 10–13, 2007, Proceedings, volume 4727 of Lecture Notes in Computer Science, pp. 320–333, Springer, Berlin, September 2007CrossRefGoogle Scholar
  21. 21.
    IEEE. IEEE Standard 802.11i-2004: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications. Amendment 6: Medium Access Control (MAC) Security Enhancements. Available online at, July 2004
  22. 22.
    ISO/IEC. Information technology - Security techniques - Hash- functions - Part 3: Dedicated Hash-Functions. Available from (with costs), 2004
  23. 23.
    P. Israsena. Securing Ubiquitous and Low-Cost RFID Using Tiny Encryption Algorithm. In First International Symposium on Wireless Pervasive Computing (ISWPC 2006), Phuket, Thailand, 16–18 January, 2006, Proceedings, IEEE, New York, NY, January 2006Google Scholar
  24. 24.
    Y. Lee and I. Verbauwhede. Secure and Low-Cost RFID Authentication Protocols. In Second IEEE Workshop on Adaptive Wireless Networks (AWiN), November 28, 2005, St. Louis, MO, 2005Google Scholar
  25. 25.
    S. Mangard, M. Aigner, and S. Dominikus. A Highly Regular and Scalable AES Hardware Architecture. IEEE Transactions on Computers, 52(4): 483–491, April 2003CrossRefGoogle Scholar
  26. 26.
    S. Mangard, E. Oswald, and T. Popp. Power Analysis Attacks - Revealing the Secrets of Smart Cards, Springer, Berlin, 2007. ISBN 978–0-387–30857–9zbMATHGoogle Scholar
  27. 27.
    National Institute of Standards and Technology (NIST). FIPS-46–3: Data Encryption Standard, October 1999. Available online at
  28. 28.
    National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard, November 2001. Available online at
  29. 29.
    National Institute of Standards and Technology (NIST). FIPS-180–2: Secure Hash Standard, August 2002. Available online at
  30. 30.
    K. Rhee, J. Kwak, S. Kim, and D. Won. Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment. In D. Hutter and M. Ullmann, editors, Security in Pervasive Computing, Second International Conference, SPC 2005, Boppard, Germany, April 6–8, 2005, Proceedings, volume 3450 of Lecture Notes in Computer Science, pp. 70–84, Springer, Berlin, April 2005Google Scholar
  31. 31.
    A. Satoh and T. Inoue. ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS. In International Symposium on Information Technology: Coding and Computing (ITCC 2005), 4–6 April 2005, Las Vegas, Nevada, USA, Proceedings, volume 1, pp. 532–537, IEEE Computer Society Press, Washington, DC, April 2005CrossRefGoogle Scholar
  32. 32.
    S. Tillich, M. Feldhofer, and J. Großschädl. Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box. In S. Vassiliadis, S. Wong, and T. Hämäläinen, editors, Sixth International Workshop on Embedded Computer Systems: Architectures, Modeling, and Simulation, SAMOS 2006, Samos, Greece, July 17–20, 2006, Proceedings, volume 4017 of Lecture Notes in Computer Science, pp. 457–466, Springer, Berlin, July 2006CrossRefGoogle Scholar
  33. 33.
    X. Wang, Y.L. Yin, and H. Yu. Finding Collisions in the Full SHA-1. In V. Shoup, editors, Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14–18, 2005, Proceedings, volume 3621 of Lecture Notes in Computer Science, pp. 17–36, Springer, Berlin, 2005Google Scholar
  34. 34.
    S.A. Weis, S.E. Sarma, R.L. Rivest, and D.W. Engels. Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In D. Hutter, G. M üller, W. Stephan, and M. Ullmann, editors, Security in Pervasive Computing, First Annual Conference on Security in Pervasive Computing, Boppard, Germany, March 12–14, 2003, Revised Papers, volume 2802 of Lecture Notes in Computer Science, pp. 201–212, Springer, Berlin, March 2003Google Scholar
  35. 35.
    D.J. Wheeler and R.M. Needham. TEA, a Tiny Encryption Algorithm. In B. Preneel, editor, Second International Workshop on Fast Software Encryption (FSE94), Leuven, Belgium, 14–16 December 1994, Proceedings, volume 1008 of Lecture Notes in Computer Science, pp. 363–366, Springer, Berlin, 1995Google Scholar
  36. 36.
    J. Wolkerstorfer, E. Oswald, and M. Lamberger. An ASIC implementation of the AES SBoxes. In B. Preneel, editors, Topics in Cryptology - CT-RSA 2002, The Cryptographers' Track at the RSA Conference 2002, San Jose, CA, USA, February 18–22, 2002, Proceedings, volume 2271 of Lecture Notes in Computer Science, pp. 67–78, Springer, Berlin, 2002.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Martin Feldhofer
    • 1
  • Johannes Wolkerstorfer
  1. 1.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyAustria

Personalised recommendations