Advertisement

Anti-counterfeiting, Untraceability and Other Security Challenges for RFID Systems: Public-Key-Based Protocols and Hardware

  • Yong Ki LeeEmail author
  • Lejla Batina
  • Dave Singelee
  • Bart Preneel
  • Ingrid Verbauwhede
Chapter
Part of the Information Security and Cryptography book series (ISC)

Abstract

Recently, the use of RFID (radio frequency identification) technology has expanded enormously. It was developed in the middle of the twentieth century and is today being applied in many areas: supply chains, access control, electronic passports, health care, road pricing, etc. The advantage of RFID over bar-code technology is that it does not require direct line-of-sight reading and that tags can be interrogated at greater distances. The technology also enables the automation of some control processes, which results in a significant gain in terms of time and cost.

Keywords

Authentication Protocol Replay Attack Privacy Requirement Physical Unclonable Function Search Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This work was partially supported by the US National Science Foundation CCF-0541472, by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy), by K.U. Leuven-BOF (OT/06/40), by the FWO project G.0300.07, and by the Flemish IBBT projects.

References

  1. 1.
    ANSI. X9.62 The Elliptic Curve Digital Signature Algorithm (ECDSA). http://www.ansi.org
  2. 2.
    G. Avoine, Adversarial Model for Radio Frequency Identification. Cryptology ePrint Archive, Report 2005/049, 2005. http://eprint.iacr.org/
  3. 3.
    G. Avoine, P. Oechslin, in A Scalable and Provably Secure Hash-Based RFID Protocol. Proceedings of the 3rd IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW ’05) (IEEE Computer Society, Washington, DC, 2005)Google Scholar
  4. 4.
    M. Bellare, A. Palacio, GQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks. in Advances in Cryptology - CRYPTO’02. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 2002), pp. 162–177Google Scholar
  5. 5.
    C. Berbain, O. Billet, J. Etrog, H. Gilbert, in An Efficient Forward Private RFID Protocol. CCS ’09: Proceedings of the 16th ACM conference on Computer and Communications Security (ACM, New York, NY, 2009), pp. 43–53Google Scholar
  6. 6.
    S. Brands, D. Chaum, Distance-bounding protocols. in Advances in Cryptology - EUROCRYPT ’93. Lecture Notes in Computer Science, vol. 765 (Springer, Berlin, Heidelberg, 1994), pp. 344–359Google Scholar
  7. 7.
    J. Bringer, H. Chabanne, Trusted-HB: A low-cost version of \(HB ^+\) secure against man-in-the-middle attacks. IEEE Trans. Inf. Theory 54(9), 4339–4342 (2008)MathSciNetCrossRefGoogle Scholar
  8. 8.
    J. Bringer, H. Chabanne, E. Dottax, in \(HB^{++}\): A Lightweight Authentication Protocol Secure Against Some Attacks. Security, Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU (IEEE Computer Society, Washington, DC, 2006)Google Scholar
  9. 9.
    J. Bringer, H. Chabanne, T. Icart, in Cryptanalysis of EC-RAC, a RFID Identification Protocol. International Conference on Cryptology and Network Security - CANS’08. Lecture Notes in Computer Science (Springer, Heidelberg, 2008)Google Scholar
  10. 10.
    B. Danev, T.S. Heydt-Benjamin, S. Čapkun, in Physical-Layer Identification of RFID Devices. Proceedings of the 18th USENIX Security Symposium (USENIX Security ’09) (USENIX, Montreal, 2009), pp. 125–136Google Scholar
  11. 11.
    T. Deursen, S. Radomirović, Attacks on RFID Protocols, in Cryptology ePrint Archive: listing for 2008 (2008/310), 2008Google Scholar
  12. 12.
    T. Deursen, S. Radomirović, Untraceable RFID protocols are not trivially composable: Attacks on the revision of EC-RAC, in Cryptology ePrint Archive: Report 2009/332, 2009Google Scholar
  13. 13.
    W. Diffie, P.C. Van-Oorschot, M.J. Weiner, Authentication and authenticated key exchanges. Designs, Codes Cryptogr. 2(2), 107–125 (1992)CrossRefGoogle Scholar
  14. 14.
    T. Dimitriou, in A Secure and Efficient RFID Protocol that Could Make Big Brother (Partially) Obsolete. Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM ’06) (IEEE Computer Society, Washington, DC, 2006), pp. 269–275Google Scholar
  15. 15.
    EPC global. Class 1 Generation 2 UHF Air Interface Protocol Standard version 1.2.0. http://www.epcglobalinc.org/home, 2008. 108 pages
  16. 16.
    M. Feldhofer, S. Dominikus, J. Wolkerstorfer, in Strong Authentication for RFID Systems using the AES Algorithm. ed. by M. Joye, J.J. Quisquater. Cryptographic Hardware and Embedded Systems - CHES’04. Lecture Notes in Computer Science, vol. 3156 (Springer, Heidelberg, 2004), pp. 357–370Google Scholar
  17. 17.
    D. Frumkin, A. Shamir, in Un-Trusted-HB: Security Vulnerabilities of Trusted-HB. Proceedings of RFIDSec09, Leuven, Belgium, 2009Google Scholar
  18. 18.
    H. Gilbert, M. Robshaw, H. Sibert, An active attack against \(HB^+\) - a provably secure lightweight authentication protocol. IEE Process. Lett. 41(21), 1169–1170 (2005)Google Scholar
  19. 19.
    G. Hammouri, B. Sunar, in PUF-HB: A Tamper-Resilient HB Based Authentication Protocol. ed. by S. Bellovin, R. Gennaro. Applied Cryptography and Network Security: 6th International Conference, ACNS 2008. Lecture Notes in Computer Science, vol. 5037 (Springer, Heidelberg, 2008)Google Scholar
  20. 20.
    G.P. Hancke, M.G. Kuhn, in An RFID Distance Bounding Protocol. Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM ’05) (IEEE Computer Society, Washington, DC, 2005), pp. 67–73.Google Scholar
  21. 21.
    D. Hein, J. Wolkerstorfer, N. Felber, in ECC Is Ready for RFID - A Proof in Silicon. Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 5381 (Springer, Heidelberg, 2009), pp. 401–413.Google Scholar
  22. 22.
    D. Henrici, P. Müller, in Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers. Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW ’04) (IEEE Computer Society, Washington, DC, 2004), pp. 149–153Google Scholar
  23. 23.
    N.J. Hopper, M. Blum, in Secure Human Identification Protocols. ASIACRYPT ’01: Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2001), pp. 52–66Google Scholar
  24. 24.
    M. Hutter, T. Plos, J.-M. Schmidt, in Contact-Based Fault Injections and Power Analysis on RFID Tags. Proceedings of the 19th IEEE European Conference on Circuit Theory and Design (ECCTD ’09) (IEEE Computer Society, 2009), pp. 409–412Google Scholar
  25. 25.
    A. Juels, RFID security and privacy: A research survey. IEEE J. Sel. Areas Commun. 24(2), 381–394 (2006)MathSciNetCrossRefGoogle Scholar
  26. 26.
    A. Juels, S.A. Weis, in Authenticating Pervasive Devices with Human Protocols. Proceedings of CRYPTO’05. Lecture Notes in Computer Science, vol. 3126 (IACR, Springer-Verlag, Berlin, Heidelberg, New York, NY, 2005), pp. 293–308Google Scholar
  27. 27.
    A. Juels, S.A. Weis, Defining Strong Privacy for RFID. Cryptology ePrint Archive, Report 2006/137, 2006. http://eprint.iacr.org/
  28. 28.
    P. Kocher, in Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS and Other systems. In N. Koblitz, editor, Advances in Cryptology: Proceedings of CRYPTO’96, number 1109 in Lecture Notes in Computer Science, pages 104–113. Springer-Verlag, Berlin, Heidelberg, New York, NY, 1996.Google Scholar
  29. 29.
    P. Kocher, J. Jaffe, B. Jun, in Differential Power Analysis. ed. by M. Wiener. Advances in Cryptology: Proceedings of CRYPTO’99. Lecture Notes in Computer Science, vol. 1666, (Springer-Verlag, Berlin, Heidelberg, New York, NY, 1999), pp. 388–397Google Scholar
  30. 30.
    Y.K. Lee, L. Batina, D. Singelee, I. Verbauwhede, in Low-Cost Untraceable Authentication Protocols for RFID. ACM Conference on Wireless Network Security - WiSec ’10 (ACM, New York, NY, USA, 2010), pp. 55–64Google Scholar
  31. 31.
    Y.K. Lee, L. Batina, I. Verbauwhede, in EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID Authentication Protocol. IEEE International Conference on RFID (IEEE, 2008), pp. 97–104Google Scholar
  32. 32.
    Y.K. Lee, L. Batina, I. Verbauwhede, in Untraceable RFID Authentication Protocols: Revision of EC-RAC. IEEE International Conference on RFID (IEEE, 2009), pp. 178–185Google Scholar
  33. 33.
    Y.K. Lee, K. Sakiyama, L. Batina, I. Verbauwhede, Elliptic curve based security processor for RFID. IEEE Trans. Comput. 57(11), 1514–1527 (Nov 2008)MathSciNetCrossRefGoogle Scholar
  34. 34.
    J. Lim, H. Oh, S. Kim, in A New Hash-Based RFID Mutual Authentication Protocol Providing Enhanced User Privacy Protection. Proceedings of the 4th International Conference on Information Security Practice and Experience (ISPEC ’08). Lecture Notes in Computer Science, vol. 4991 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2008), pp. 278–289Google Scholar
  35. 35.
    D. Molnar, A. Soppera, D. Wagner, in A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. Proceedings of the 12th Annual International Workshop of Selected Areas in Cryptography (SAC ’05). Lecture Notes in Computer Science, vol. 3897 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2005), pp. 276–290.Google Scholar
  36. 36.
    C.Y. Ng, W. Susilo, Y. Mu, R. Safavi-Naini, in RFID Privacy Models Revisited. European Symposium on Research in Computer Security (ESORICS’08). Lecture Notes in Computer Science, vol. 5283 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2008), pp. 251–266Google Scholar
  37. 37.
    NIST National Institute of Standards and Technology. Cryptographic Hash Algorithm Competition. http://csrc.nist.gov/groups/ST/hash/sha-3/index.html.
  38. 38.
    M. Ohkubo, K. Suzuki, S. Kinoshita, RFID privacy issues and technical challenges. Commun. ACM 48(9), 66–71 (2005)CrossRefGoogle Scholar
  39. 39.
    T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes. Advances in Cryptology - CRYPTO’92, ed. by E.F. Brickell. Lecture Notes in Computer Science, vol. 740 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 1992), pp. 31–53Google Scholar
  40. 40.
    T. Phillips, T. Karygiannis, R. Kuhn, Security standards for the RFID market. Secur. Priv. 3(6), 85–89 (2005)CrossRefGoogle Scholar
  41. 41.
    A. Razaq, W. Luk, K. Shum, L. Cheng, K. Yung, Second–generation RFID. Secur. Priv. 6(4), 21–27 (2008)CrossRefGoogle Scholar
  42. 42.
    C.-P. Schnorr, Efficient identification and signatures for smart cards. Advances in Cryptology - CRYPTO’89, ed. by G. Brassard. Lecture Notes in Computer Science, vol. 435 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 1989), pp. 239–252Google Scholar
  43. 43.
    D. Singelée, B. Preneel, Distance Bounding in Noisy Environments. Proceedings of the 4th European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS ’07). Lecture Notes in Computer Science, vol. 4572 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2007), pp. 101–115Google Scholar
  44. 44.
    B. Song, C.J. Mitchell, in RFID Authentication Protocol for Low-Cost Tags. Proceedings of the First ACM Conference on Wireless Network Security (WISEC ’08) (ACM, New York, NY, USA, 2008), pp. 140–147Google Scholar
  45. 45.
    P. Tuyls, L. Batina, RFID-Tags for Anti-Counterfeiting. ed. by D. Pointcheval. Topics in Cryptology - CT-RSA - The Cryptographers’ Track at the RSA Conference, San Jose, CA, USA. Lecture Notes in Computer Science, vol. 3860 (Springer, Heidelberg, Feb 13–17 2006), pp. 115–131Google Scholar
  46. 46.
    S. Vaudenay, in On Privacy Models for RFID. Advances in Cryptology (ASIACRYPT’07). Lecture Notes in Computer Science, vol. 4833 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2007), pp. 68–87Google Scholar
  47. 47.
    S.A. Weis, S. Sarma, R. Rivest, D. Engels, in Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. Proceedings of the 1st International Conference on Security in Pervasive Computing (SPC ’03). Lecture Notes in Computer Science, vol. 2802 (Springer-Verlag, Berlin, Heidelberg, New York, NY, 2003), pp. 454–469Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Yong Ki Lee
    • 1
    Email author
  • Lejla Batina
    • 2
  • Dave Singelee
    • 3
  • Bart Preneel
    • 3
  • Ingrid Verbauwhede
    • 3
  1. 1.Department of Electrical EngineeringUniversity of CaliforniaLos AngelesUSA
  2. 2.Computing Science Department/DS groupRadboud University NijmegenNijmegenThe Netherlands
  3. 3.ESAT-COSICKatholieke Universiteit LeuvenLeuvenBelgium

Personalised recommendations