Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6147)


In this paper, a privacy preserving authentication protocol for RFID that relies on a single cryptographic component, a lightweight stream cipher, is constructed. The goal is to provide a more realistic balance between forward privacy and security, resistance against denial of service attacks, and computational efficiency (in tags and readers) than existing protocols. We achieve this goal by solely relying on a stream cipher—which can be arbitrarily chosen, for instance a stream cipher design aimed at extremely lightweight hardware implementations—and we provide security proofs for our new protocol in the standard model, under the assumption that the underlying stream cipher is secure.


RFID protocol authentication privacy DoS resistance  provable security 


  1. 1.
    Arditti, D., Berbain, C., Billet, O., Gilbert, H.: Compact FPGA implementations of QUAD. In: Bao, F., Miller, S. (eds.) ASIACCS 2007. ACM, New York (2007)Google Scholar
  2. 2.
    Auto-ID Center. 860MHz 960MHz Class I RFID Tag Radio Frequency & Logical Communication Interface Spec., v1.0.0. RR MIT-AUTOID-TR-007 (2002)Google Scholar
  3. 3.
    Avoine, G.: Privacy Issues in RFID Banknote Protection Schemes. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., Abou El Kadam, A. (eds.) CARDIS 2004, pp. 33–48. Kluwer, Dordrecht (2004)Google Scholar
  4. 4.
    Avoine, G.: Adversarial model for radio frequency identification. Cryptology ePrint Archive, Report 2005/049 (2005),
  5. 5.
    Avoine, G., Dysli, E., Oechslin, P.: Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Avoine, G., Oechslin, P.: A Scalable and Provably Secure Hash Based RFID Protocol. In: PerSec 2005. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  7. 7.
    Avoine, G., Oechslin, P.: RFID traceability: A multilayer problem. In: Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Berbain, C., Gilbert, H., Patarin, J.: QUAD: A practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Berbain, C., Gilbert, H.: On the security of IV dependent stream ciphers. In: Goos, G., Hartmanis, J., van Leeuwen, J. (eds.) FSE 2007. LNCS, vol. 4593, pp. 254–273. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Berbain, C., Billet, O., Etrog, J., Gilbert, H.: An Efficient Forward-Private RFID Protocol. In: ACM CCS 2009 (2009)Google Scholar
  11. 11.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: present: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Canard, S., Coisel, I.: Data Synchronization in Privacy-Preserving RFID Authentication Schemes. In: Conference on RFID Security (2008)Google Scholar
  13. 13.
  14. 14.
    Damgård, I., Østergaard, M.: RFID Security: Tradeoffs between Security and Efficiency. Cryptology ePrint Archive, Report 2006/234 (2006)Google Scholar
  15. 15.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN—A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs: The eSTREAM Finalists. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Dimitriou, T.: A lightweight RFID protocol to protect against traceability and cloning attacks. In: SECURECOMM 2005. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  18. 18.
    ECRYPT. The eSTREAM Project (2008),
  19. 19.
    Electronic Product Code Global Inc.,
  20. 20.
    Feldhofer, M., Rechberger, C.: A case against currently used hash functions in RFID protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006. LNCS, vol. 4275. Springer, Heidelberg (2006)Google Scholar
  21. 21.
    Gilbert, H., Robshaw, M., Sibert, H.: An active attack against HB + —a provably secure lightweight authentication protocol. IEE Electronic Letters 41, 1169–1170; See also Cryptology ePrint Archive, Report 2005/237,
  22. 22.
    Gilbert, H., Robshaw, M., Seurin, Y.: Good variants of HB +  are hard to find. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 156–170. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Gilbert, H., Robshaw, M., Seurin, Y.: HB #: Increasing the Security and Efficiency of HB. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
    Good, T., Benaissa, M.: Asic hardware performance. In: Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 267–293. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    Hell, M., Johansson, T., Meier, W.: Grain—A Stream Cipher for Constrained Environments. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs: The eSTREAM Finalists. LNCS, vol. 4986, pp. 179–190. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Hellman, M.: A Cryptanalytic Time-Memory Trade-Off. IEEE Transactions on Information Theory 26(4), 401–406 (1980)zbMATHCrossRefMathSciNetGoogle Scholar
  27. 27.
    Hennig, J.E., Ladkin, P.B., Sieker, B.: Privacy Enhancing Technology Concepts for RFID Technology Scrutinised. RVS-RR-04-02, Univ. of Bielefeld (2004)Google Scholar
  28. 28.
    Henrici, D., Muller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: Pervasive Computing and Communications Workshops (2004)Google Scholar
  29. 29.
    International Organisation for Standardisation,
  30. 30.
    Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)Google Scholar
  31. 31.
    Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  32. 32.
    Juels, A., Rivest, R., Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In: Atluri, V. (ed.) ACM CCS (2003)Google Scholar
  33. 33.
    Juels, A., Weis, S.: Defining strong privacy for RFID. ePrint, Report 2006/137Google Scholar
  34. 34.
    Juels, A., Weis, S.A.: Authenticating Pervasive Devices With Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)Google Scholar
  35. 35.
    Leander, G., Paar, C., Poschmann, A., Schramm, K.: A Family of Lightweight Block Ciphers Based on DES Suited for RFID Applications. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 196–210. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  36. 36.
    Lee, J., Yeom, Y.: Efficient RFID Authentication Protocols Based on Pseudorandom Sequence Generators. Cryptology ePrint Archive, Report 2008/343Google Scholar
  37. 37.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: Issues, practices, and architectures. In: Pfitzmann, B., Liu, P. (eds.) ACM CCS 2004, pp. 210–219 (2004)Google Scholar
  38. 38.
    Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  39. 39.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to “Privacy-Friendly” Tags. In: RFID Privacy Workshop (2003)Google Scholar
  40. 40.
    Ohkubo, M., Suzuki, K., Kinoshita, S.: Efficient hash-chain based RFID privacy protection scheme. In: Ubiquitous Computing—Privacy Workshop (2004)Google Scholar
  41. 41.
    Ouafi, K., Overbeck, R., Vaudenay, S.: On the Security of HB# against a Man-in-the-Middle Attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  42. 42.
    Ouafi, K., Vaudenay, S.: Smashing SQUASH-0. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 300–312. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  43. 43.
    Paise, R.-I., Vaudenay, S.: Mutual Authentication in RFID: security and privacy. In: Abe, M., Gligor, V.D. (eds.) ASIACCS 2008, pp. 292–299. ACM, New York (2008)CrossRefGoogle Scholar
  44. 44.
    Robshaw, M., Billet, O. (eds.): New Stream Cipher Designs: The eSTREAM Finalists. LNCS, vol. 4986. Springer, Heidelberg (2008)Google Scholar
  45. 45.
  46. 46.
    Sarma, S., Weis, S., Engels, D.: RFID Systems and Security and Privacy Implications. In: Kaliski, B., Koç, C., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 454–469. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  47. 47.
    Shamir, A.: SQUASH—a New MAC With Provable Security Properties for Highly Constrained Devices Such As RFID Tags. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 144–157. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  48. 48.
    van Le, T., Burmester, M., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Bao, F., Miller, S. (eds.) ASIACCS 2007, pp. 242–252. ACM press, New York (2007)CrossRefGoogle Scholar
  49. 49.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  50. 50.
    Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) SPC 2003. LNCS. Springer, Heidelberg (2003)Google Scholar
  51. 51.
    Wolkerstorfer, J., Dominikus, S., Feldhofer, M.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.Orange LabsIssy-les-MoulineauxFrance

Personalised recommendations