An Efficient Authentication Protocol for RFID Systems Resistant to Active Attacks

  • Pedro Peris-Lopez
  • Julio Cesar Hernandez-Castro
  • Juan M. Estevez-Tapiador
  • Arturo Ribagorda
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4809)


RFID technology is a ubiquitous technology, and seems destined to become more a more ubiquitous. Traditional cryptographic primitives are not supported on low-cost RFID tags since, at most, 4K gates can be devoted to security-related tasks. Despite this, there are a vast number of proposals based on the use of classical hash functions, an assumption that is not realistic (at least at the present time). Furthermore, none of the published authentication protocols are resistant to active attacks. We try to address these two issues in this work by designing a new authentication protocol, secure against passive and active attacks, inspired by Shieh et al.’s protocol for smart-cards, but adapted to RFID systems. The original Shieh et al.’s scheme is considered one of the most secure an efficient protocols in the smart-card field. Because in this protocol tags should support a hash-function on-board, a new lightweight hash function, named Tav-128, is also proposed. A preliminary security analysis is shown, as well as a study on its hardware complexity, which concludes that its implementation is possible with around 2.6K gates.


IUC RFID Security Active-attacks Authentication Light-weight Hash functions 


  1. 1.
    Weiser, M.: The computer for the 21st century. Scientific American 265(3), 94–104 (1991)CrossRefGoogle Scholar
  2. 2.
    Juels, A.: RFID security and privacy: A research survey. Manuscript (2005)Google Scholar
  3. 3.
    Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: RFID systems: A survey on security threats and proposed solutions. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 159–170. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Piramuthu, S.: Protocols for RFID tag/reader authentication. Decision Support Systems 43, 897–914 (2007)CrossRefGoogle Scholar
  5. 5.
    Ranasinghe, D., Engels, D., Cole, P.: Low-cost RFID systems: Confronting security and privacy. In: Auto-ID Labs Research Workshop (2004)Google Scholar
  6. 6.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: Proc. of RFID Privacy Workshop (2003)Google Scholar
  7. 7.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Proc. of ACM CCS 2004, pp. 210–219 (2004)Google Scholar
  8. 8.
    Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-response based RFID authentication protocol for distributed database environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 70–84. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Sarma, S., Weis, S., Engels, D.: RFID systems and security and privacy implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–470. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Cui, Y., Kobara, K., Matsuura, K., Imai, H.: Lightweight asymmetric privacy-preserving authentication protocols secure against active attack. In: Proc. of PerSec 2007 (2007)Google Scholar
  11. 11.
    Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: Public key cryptography for RFID-tags. In: Proc. of PerSec 2007 (2007)Google Scholar
  12. 12.
    McLoone, M., Robshaw, M.: Public key cryptography and RFID tags. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Shieh, W.G., Wang, J.M.: Efficient remote mutual authentication and key agreement. Computers & Security 25(1), 72–77 (2006)CrossRefGoogle Scholar
  14. 14.
    EPCGlobal: EPC Generation-1 Tag Data Standards version 1.1,
  15. 15.
    EPCGlobal: Class-1 Generation-2 UHF Air Interface Protocol Standard version 1.0.9: “Gen 2”,
  16. 16.
    Nguyen Duc, D., Park, J., Lee, H., Kwangjo, K.: Enhancing security of EPCglobal gen-2 RFID tag against traceability and cloning. In: Proc. of Symposium on Cryptography and Information Security, Hiroshima, Japan (2006)Google Scholar
  17. 17.
    Kim, K.H., Choi, E.Y., Lee, S.M., Lee, D.H.: Secure EPCglobal Class-1 Gen-2 RFID system against security and privacy problems. In: Meersman, R., Tari, Z., Herrero, P. (eds.) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. LNCS, vol. 4277, pp. 362–371. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Feldhofer, M., Rechberger, C.: A case against currently used hash functions in RFID protocols. In: Proc. of RFIDSec 2006 (2006)Google Scholar
  19. 19.
    Yksel, K., Kaps, J., Sunar, B.: Universal hash functions for emerging ultra-low-power networks. In: Proc. of CNDS 2004 (2004)Google Scholar
  20. 20.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199 (2004)Google Scholar
  21. 21.
    Wang, X., Lisa Yin, Y., Yu, H.: Finding collisions in the full SHA-1. In: Proc. of CRYPTO 2005, pp. 17–36 (2005)Google Scholar
  22. 22.
    Hernandez-Castro, J., Estevez-Tapiador, J., Ribagorda-Garnacho, A., Ramos-Alvarez, B.: Wheedham: An automatically designed block cipher by means of genetic programming. In: Proc. of CEC 2006, pp. 192–199 (2006)Google Scholar
  23. 23.
    Walker, J.: Randomness Battery (1998),
  24. 24.
    Marsaglia, G., Tsang, W.: Some difficult-to-pass tests of randomness. Journal of Statistical Software 7(3), 37–51 (2002)Google Scholar
  25. 25.
    Suresh, C., Charanjit, J., Rao, J., Rohatgi, P.: A cautionary note regarding evaluation of AES candidates on smart-cards. In: Second Advanced Encryption Standard (AES) Candidate Conference (1999)Google Scholar
  26. 26.
    Lohmmann, T., Schneider, M., Ruland, C.: Analysis of power constraints for cryptographic algorithms in mid-cost RFID tags. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 278–288. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. 27.
    Hell, M., Johansson, T., Meier, W.: Grain - a stream cipher for constrained enviroments. In: Proc. of RFIDSec 2005 (2005)Google Scholar
  28. 28.
    Roberts, C.: Radio frequency identification (RFID). Computers and Security 25(1), 18–26 (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Pedro Peris-Lopez
    • 1
  • Julio Cesar Hernandez-Castro
    • 1
  • Juan M. Estevez-Tapiador
    • 1
  • Arturo Ribagorda
    • 1
  1. 1.Computer Science Department, Carlos III University of Madrid 

Personalised recommendations