Improved Privacy of the Tree-Based Hash Protocols Using Physically Unclonable Function

  • Julien Bringer
  • Hervé Chabanne
  • Thomas Icart
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


In 2004, Molnar and Wagner introduced a very appealing protocol dedicated to the identification of RFID tags. Their scheme relies on a binary tree of secrets which are shared – for all nodes except the leaves – amongst the tags. Hence the compromise of one tag also has implications on the other tags with whom it shares keys. We describe a new man-in-the-middle attack against this protocol which allows to break privacy even without opening tags. Moreover, it can be applied to some other RFID protocols which use correlated keys as the one described recently by Damgård and Pedersen at CT-RSA 2008.

We introduce a modification of the initial scheme to allow us to thwart this and to strengthen RFID tags by implementing secrets with Physical Obfuscated Keys (POKs). This doing, we augment tags and scheme privacy, particularly general resistance against physical threats.


RFID tags Tree-Based Hash Protocol POK PUF Privacy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Auto-ID Center. Draft protocol specification for a 900 MHz Class 0 Radio Frequency Identification Tag (2003)Google Scholar
  2. 2.
    Avoine, G., Buttyán, L., Holczer, T., Vajda, I.: Group-based private authentication. In: Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007). IEEE, Los Alamitos (2007)Google Scholar
  3. 3.
    Bolotnyy, L., Robins, G.: Physically Unclonable Function-based security and privacy in RFID systems. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York, USA, March 2007, pp. 211–220. IEEE Computer Society Press, Los Alamitos (2007)CrossRefGoogle Scholar
  4. 4.
    Buttyán, L., Holczer, T., Vajda, I.: Optimal key-trees for tree-based private authentication. In: Privacy Enhancing Technologies, pp. 332–350 (2006)Google Scholar
  5. 5.
    Damgård, I., Pedersen, M.Ø.: RFID security: Tradeoffs between security and efficiency. In: CT-RSA 2008 (2008)Google Scholar
  6. 6.
    Gassend, B.: Physical random functions. Master’s thesis, Computation Structures Group, Computer Science and Artificial Intelligence Laboratory, MIT (2003)Google Scholar
  7. 7.
    Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 148–160. ACM, New York (2002)Google Scholar
  8. 8.
    Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Juels, A., Weis, S.A.: Defining strong privacy for RFID. In: PERCOMW 2007, pp. 342–347. IEEE Computer Society Press, Washington (2007)Google Scholar
  10. 10.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 210–219 (2004) Google Scholar
  11. 11.
    Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Nohara, Y., Inoue, S., Baba, K., Yasuura, H.: Quantitative evaluation of unlinkable id matching systems. In: Workshop on Privacy in the Electronic Society (2006)Google Scholar
  13. 13.
    Nohl, K., Evans, D.: Quantifying information leakage in tree-based hash protocols (short paper). In: ICICS, pp. 228–237 (2006)Google Scholar
  14. 14.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC, pp. 9–14. IEEE, Los Alamitos (2007)Google Scholar
  15. 15.
    Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Julien Bringer
    • 1
  • Hervé Chabanne
    • 1
  • Thomas Icart
    • 1
    • 2
  1. 1.Sagem Sécurité 
  2. 2.Université du Luxembourg 

Personalised recommendations