Cryptanalysis of EC-RAC, a RFID Identification Protocol

  • Julien Bringer
  • Hervé Chabanne
  • Thomas Icart
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5339)


At RFID’08, Lee et al. have proposed a RFID scheme based on elliptic curve cryptography. This scheme, called Elliptic Curve Random Access Control (EC-RAC) has been conceived in order to be implemented on an efficient security processor designed for RFID tags. The aim of this scheme is to enable a fast, secure and private identification scheme. Security arguments are given to prove that RFID tags implementing this scheme are neither traceable nor cloneable.

We here show how tags can be tracked if one has eavesdropped the same tag twice and we show that a tag can be impersonated if it has been passively eavesdropped three times.

We propose a new scheme based on a modification of the Schnorr scheme as efficient as the initial scheme. We prove that this scheme is zero-knowledge, sound against active adversaries. Moreover, our proposal is private under the Decisional Diffie-Hellman assumption.


Cryptanalysis Privacy Zero-Knowledge Identification  RFID 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avoine, G., Buttyán, L., Holczer, T., Vajda, I.: Group-based private authentication. In: Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007). IEEE, Los Alamitos (2007)Google Scholar
  2. 2.
    Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Batina, L., Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Low-cost elliptic curve cryptography for wireless sensor networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 6–17. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Palacio, A.: GQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162–177. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Bringer, J., Chabanne, H., Icart, T.: Improved privacy of the tree-based hash protocols using physically unclonable function. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 77–91. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  8. 8.
    Girault, M., Poupard, G., Stern, J.: On the fly authentication and signature schemes based on groups of unknown order. J. Cryptology 19(4), 463–487 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    International Standards ISO/IEC. ISO 14443-3: Identification cards – Contactless Integrated Circuit(s) Cards – Proximity Cards. Part 3: Initialization and Anticollision. ISO (2001)Google Scholar
  10. 10.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  11. 11.
    Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: PERCOMW, pp. 342–347. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  13. 13.
    Van Le, T., Burmester, M., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: ASIACCS 2007, pp. 242–252. ACM, New York (2007)Google Scholar
  14. 14.
    Lee, Y.K., Batina, L., Verbauwhede, I.: EC-RAC (ECDLP based randomized access control): Provably secure RFID authentication protocol. In: RFID, pp. 97–104. IEEE, Los Alamitos (2008)Google Scholar
  15. 15.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: CCS, pp. 210–219. ACM, New York (2004)Google Scholar
  16. 16.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: RFID privacy issues and technical challenges 48(9), 66–71 (2005)Google Scholar
  17. 17.
    Ouafi, K., Phan, R.C.-W.: Privacy of recent RFID authentication protocols. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 263–277. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Ouafi, K., Phan, R.C.-W.: Traceable privacy of recent provably-secure RFID protocols. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 479–489. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Paillier, P., Vergnaud, D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
  21. 21.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Security in Pervasive Computing, pp. 201–212. Springer, Heidelberg (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Julien Bringer
    • 1
  • Hervé Chabanne
    • 1
  • Thomas Icart
    • 1
    • 2
  1. 1.Sagem SécuritéFrance
  2. 2.Université du LuxembourgLuxembourg

Personalised recommendations