Strong Authentication for RFID Systems Using the AES Algorithm

  • Martin Feldhofer
  • Sandra Dominikus
  • Johannes Wolkerstorfer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3156)


Radio frequency identification (RFID) is an emerging technology which brings enormous productivity benefits in applications where objects have to be identified automatically. This paper presents issues concerning security and privacy of RFID systems which are heavily discussed in public. In contrast to the RFID community, which claims that cryptographic components are too costly for RFID tags, we describe a solution using strong symmetric authentication which is suitable for today’s requirements regarding low power consumption and low die-size. We introduce an authentication protocol which serves as a proof of concept for authenticating an RFID tag to a reader device using the Advanced Encryption Standard (AES) as cryptographic primitive. The main part of this work is a novel approach of an AES hardware implementation which encrypts a 128-bit block of data within 1000 clock cycles and has a power consumption below 9 μA on a 0.35 μm CMOS process.


Radio frequency identification (RFID) symmetric challenge-response Advanced Encryption Standard (AES) low-power design 


  1. 1.
    Chodowiec, P., Gaj, K.: Very Compact FPGA Implementation of the AES Algorithm. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 319–333. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Diffie, W., Hellman, M.: Cryptanalysis of the NTRU Signature Scheme (NSS). In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 1. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    EPCglobal. 13.56 MHz ISM Band Class 1 Radio Frequency (RF) Identification Tag Interface Specification, (February 2003)
  4. 4.
    Finkenzeller, K.: RFID-Handbook, 2nd edn. Carl Hanser Verlag München (April 2003)Google Scholar
  5. 5.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    International Organization for Standardization. ISO/IEC 9798-2: Information Technology - Security techniques — Entity Authentication Mechanisms Part 2: Entity authentication using symmetric techniques. ISO/IEC (1993) Google Scholar
  7. 7.
    International Organization for Standardization. ISO/IEC 18000-3. Information Technology AIDC Techniques — RFID for Item Management (March 2003) Google Scholar
  8. 8.
    Juels, A., Pappu, R.: Squealing Euros: Privacy protection in RFID-enabled banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Juels, A., Rivest, R.L., Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, pp. 103–111. ACM Press, New York (2003)CrossRefGoogle Scholar
  10. 10.
    Mangard, S., Aigner, M., Dominikus, S.: A Highly Regular and Scalable AES Hardware Architecture. IEEE Transactions on Computers 52(4), 483–491 (2003)CrossRefGoogle Scholar
  11. 11.
    May, A.: Cryptanalysis of NTRU. preprint, (unpublished) (February 1999)Google Scholar
  12. 12.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997), Available online at
  13. 13.
    National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), Available online at
  14. 14.
    Pramstaller, N., Wolkerstorfer, J.: An Efficient AES Implementation for Reconfigurable Devices. In: Austrochip 2003, Proceedings, Linz, Austria, October 1, pp. 5–8 (2003)Google Scholar
  15. 15.
    Sarma, S.E., Weis, S.A., Engels, D.W.: RFID Systems and Security and Privacy Implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Verbauwhede, I., Schaumont, P., Kuo, H.: Design and Performance Testing of a 2.29 Gb/s Rijndael Processor. IEEE Journal of Solid-State Circuits, 569–572 (March 2003)Google Scholar
  17. 17.
    Weis, S.A.: Security and Privacy in Radio-Frequency Identification Devices. Master’s thesis, Massachusetts Institute of Technology, Cambridge, MA 02139 (May 2003) Google Scholar
  18. 18.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES sBoxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 67–78. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Martin Feldhofer
    • 1
  • Sandra Dominikus
    • 1
  • Johannes Wolkerstorfer
    • 1
  1. 1.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyGrazAustria

Personalised recommendations