Low-Cost Cryptography for Privacy in RFID Systems

  • Benoît Calmels
  • Sébastien Canard
  • Marc Girault
  • Hervé Sibert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3928)


Massively deploying RFID systems while preserving people’s privacy and data integrity is a major security challenge of the coming years. Up to now, it was commonly believed that, due to the very limited computational resources of RFID tags, only ad hoc methods could be used to address this problem. Unfortunately, not only those methods generally provide a weak level of security and practicality, but they also require to revise the synopsis of communications between the tag and the reader. In this paper, we give evidence that highly secure solutions can be used in the RFID environment, without substantially impacting the current communication protocols, by adequately choosing and combining low-cost cryptographic algorithms. The main ingredients of our basic scheme are a probabilistic (symmetric or asymmetric) encryption function, e.g. AES, and a coupon-based signature function, e.g. GPS. We also propose a dedicated method allowing the tag to authenticate the reader, which is of independent interest. On the whole, this leads to a privacy-preserving protocol well suited for RFID tags, which is very flexible in the sense that each reader can read and process all and only all the data it is authorized to.


Encryption Scheme Authentication Scheme Pseudo Random Number Generator Cryptographic Primitive Electronic Product Code 


  1. 1.
    Aigner, M., Feldhofer, M.: Secure symmetric authentication for rfid tags. In: Telecommunication and Mobile Computing – TCMC 2005, Graz, Austria (March 2005)Google Scholar
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Avoine, G., Oechslin, P.: RFID traceability: A multilayer problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2005, Kauai Island, Hawaii, USA, IEEE, March 2005, pp. 110–114. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  5. 5.
    Canard, S., Girault, M.: Implementing group signatures schemes with smart cards. In: Smart Card Research and Advanced Applications V - Cardis 2002, Kluwer, Dordrecht (2002)Google Scholar
  6. 6.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  7. 7.
    Feldhofer, M., Dominikux, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems Using the AES Algorithm. In: Joye, Quisquater (eds.) [12], pp. 357–370Google Scholar
  8. 8.
    Girault, M.: Self-Certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  9. 9.
    Girault, M.: Low-Size Coupons for Low-Cost IC Cards. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Cardis 2000. IFIP Conference Proceedings, vol. 180, pp. 39–50. Kluwer Academic Publishers, Dordrecht (2000)Google Scholar
  10. 10.
    Girault, M., Lefranc, D.: Public Key Authentication with one Single (on-line) Addition. In: Joye, Quisquater (eds.) [12], pp. 413–427Google Scholar
  11. 11.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Abstract Compositional Analysis of Iterated Relations. LNCS, vol. 1426, pp. 267–288. Springer, Heidelberg (1998)Google Scholar
  12. 12.
    Joye, M., Quisquater, J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004)MATHGoogle Scholar
  13. 13.
    Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags (2003)Google Scholar
  14. 14.
    Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Juels, A., Rivest, R.L., Szydlo, M.: The blocker tag: selective blocking of RFID tags for consumer privacy. In: 10th ACM conference on Computer and communications security, pp. 103–111. ACM Press, New York (2003)Google Scholar
  16. 16.
    Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  17. 17.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Birgit Pfitzmann and Peng Liu, editors, Conference on Computer and Communications Security – ACM CCS, October 2004, pp. 210–219. ACM Press, Washington (2004)Google Scholar
  18. 18.
    National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001)Google Scholar
  19. 19.
    Poupard, G., Stern, J.: Security Analysis of a Practical on the fly Authentication and Signature Generation. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 422–436. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Benoît Calmels
    • 1
  • Sébastien Canard
    • 1
  • Marc Girault
    • 1
  • Hervé Sibert
    • 1
  1. 1.France Telecom R&DCaenFrance

Personalised recommendations