A Case Against Currently Used Hash Functions in RFID Protocols
Designers of RFID security protocols can choose between a wide variety of cryptographic algorithms. However, when implementing these algorithms on RFID tags fierce constraints have to be considered. Looking at the common assumption in the literature that hash functions are implementable in a manner suitable for RFID tags and thus heavily used by RFID security protocol designers we claim the following. Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the Advanced Encryption Standard (AES) instead of hash functions from the SHA family as building blocks for RFID security protocols. In turn, we present a low-power architecture for the widely recommended hash function SHA-256 which is the basis for the smallest and most energy-efficient ASIC implementation published so far. To back up our claim we compare the achieved results with the smallest available AES implementation. The AES module requires only a third of the chip area and half of the mean power. Our conclusions are even stronger since we can show that smaller hash functions like SHA-1, MD5 and MD4 are also less suitable for RFID tags than the AES. Our analysis of the reasons of this result gives some input for future hash function designs.
KeywordsHash Function Clock Cycle Block Cipher Advance Encryption Standard Advance Encryption Standard Algorithm
Unable to display preview. Download preview PDF.
- 3.Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), Athens, Greece, September 2005, pp. 59–66. IEEE Computer Society Press, Los Alamitos (2005)CrossRefGoogle Scholar
- 7.Henrici, D., Müller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), March 2004, pp. 149–153. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
- 8.Kaps, J.-P., Sunar, B.: Energy comparison of AES and SHA-1 for ubiquitous computing. In: 2nd IFIP International Symposium on Network Centric Ubiquitous Systems (NCUS 2006). LNCS, Springer, Heidelberg (2006)Google Scholar
- 9.Lee, Y., Verbauwhede, I.: Secure and Low-cost RFID Authentication Protocols. In: 2nd IEEE Workshop on Adaptive Wireless Networks (AWiN) (2005)Google Scholar
- 10.National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), available online at http://www.itl.nist.gov/fipspubs/
- 11.National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard (August 2002), available online at http://www.itl.nist.gov/fipspubs/
- 12.Pramstaller, N., Aigner, M.: A Universal and Efficient SHA-256 Implementation for FPGAs. In: Austrochip 2004, pp. 89–93 (2004) ISBN 3-200-00211-5 Google Scholar
- 14.Satoh, A., Inoue, T.: ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 532–537. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
- 16.Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar