A Scalable and Untraceable Authentication Protocol for RFID

  • Youngjoon Seo
  • Hyunrok Lee
  • Kwangjo Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4097)


RFID (Radio Frequency Identification) is recently becoming popular, promising and widespread. In contrast, RFID tags can bring about traceability that causes user privacy and reduces scalability of RFID. Guaranteeing untraceability and scalability at the same time is so critical in order to deploy RFID widely since user privacy should be guaranteed. A large number of RFID protocols were designed in the open literature, but any known protocols do not satisfy untraceability and scalability at the same time to the best of our knowledge. In this paper, we suggest a RFID authentication protocol that guarantees untraceability and scalability together; needless to say preventing several known attacks: replay, spoofing, desyncronization, and cloning by eavesdropping. Our protocol supports ownership transfer and considers multi-tag-reader environment; a reader receives messages from the tags what a reader wants in our protocol. In addition, we address the reason why the item privacy is important, and a way to keep it securely.


Hash Function Authentication Protocol Pervasive Computing User Privacy Forward Secrecy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Juels, A.: Minimalist Cryptography for Low-cost RFID Tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Henrici, D., Müller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2004, March 2004, pp. 149–153. IEEE Computer Society, Orlando, Florida (2004)CrossRefGoogle Scholar
  3. 3.
    Tsudik, G.: YA-TRAP: Yet Another Trivial RFID Authentication Protocol. In: International Conference on Pervasive Computing and Communications – PerCom 2006, March 2006, IEEE Computer Society Press, Pisa, Italy (to appear, 2006)Google Scholar
  4. 4.
    Avoine, G., Oechslin, P.: A Scalable and Provably Secure Hash based RFID Protocol. In: International Workshop on Pervasive Computing and Communication Security – PerSec 2005, March 2005, pp. 110–114. IEEE Computer Society Press, Kauai Island, Hawaii (2005)Google Scholar
  5. 5.
    Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-Response based RFID Authentication Protocol for Distributed Database Environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 70–84. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Wong, K., Hui, P., Chan, A.: Cryptography and Authentication on RFID Passive Tags for Apparel Products. In: Computers in Industry, Elsevier Science, Amsterdam (2006)Google Scholar
  7. 7.
    Lee, S.-M., Hwang, Y.J., Lee, D.H., Lim, J.I.: Efficient Authentication for Low-Cost RFID Systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3480, pp. 619–627. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Molnar, D., Soppera, A., Wagner, D.: A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to Privacy-friendly Tags. In: RFID Privacy Workshop, MIT, USA (2003)Google Scholar
  10. 10.
    Navigating the New Era of RFID, Article in EPCglobal Canada Inc.Google Scholar
  11. 11.
    Wood, N.: Global Supply Chain GTIN & RFID Standards II. In: EPC Global Standards Development, EPCglobal Canada, October 14 (2004)Google Scholar
  12. 12.
    Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal Re-encryption for Mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Garfinkel, S.L., Juels, A., Pappu, R.: RFID Privacy: An Overview of Problems and Proposed Solutions. In: IEEE SECURITY and Privacy, May-Jun 2005, pp. 34–43 (2005)Google Scholar
  14. 14.
    Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Security in Pervasive Computing. LNCS, vol. 2802, pp. 454–469. Springer, Boppard, Germany (2003)Google Scholar
  15. 15.
    Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm 2005, Athens, Greece, September 2005, pp. 59–66 (2005)Google Scholar
  16. 16.
    Tuyls, P., Batina, L., Lejla: RFID-Tags for Anti-Counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual Authentication Protocol for Low-cost RFID. In: Ecrypt Workshop on RFID and Lightweight Crypto, Graz, Austria, July 2005, pp. 17–24 (2005)Google Scholar
  18. 18.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Youngjoon Seo
    • 1
  • Hyunrok Lee
    • 1
  • Kwangjo Kim
    • 1
  1. 1.International Research center for Information Security (IRIS), Information and Communications University (ICU)DaejeonKorea

Personalised recommendations