Abstract
Designers of RFID security protocols can choose between a wide variety of cryptographic algorithms. However, when implementing these algorithms on RFID tags fierce constraints have to be considered. Looking at the common assumption in the literature that hash functions are implementable in a manner suitable for RFID tags and thus heavily used by RFID security protocol designers we claim the following. Current standards and state-of-the-art low-power implementation techniques favor the use of block ciphers like the Advanced Encryption Standard (AES) instead of hash functions from the SHA family as building blocks for RFID security protocols. In turn, we present a low-power architecture for the widely recommended hash function SHA-256 which is the basis for the smallest and most energy-efficient ASIC implementation published so far. To back up our claim we compare the achieved results with the smallest available AES implementation. The AES module requires only a third of the chip area and half of the mean power. Our conclusions are even stronger since we can show that smaller hash functions like SHA-1, MD5 and MD4 are also less suitable for RFID tags than the AES. Our analysis of the reasons of this result gives some input for future hash function designs.
This work origins from the Austrian Government funded project SNAP established under the embedded system program FIT-IT.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Choi, E.Y., Lee, S.-M., Lee, D.H.: Efficient RFID Authentication Protocol for Ubiquitous Computing Environment. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 945–954. Springer, Heidelberg (2005)
Dadda, L., Macchetti, M., Owen, J.: The Design of a High Speed ASIC Unit for the Hash Function SHA-256 (384, 512). In: 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), vol. 3, pp. 70–75. IEEE Computer Society Press, Los Alamitos (2004)
Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), Athens, Greece, September 2005, pp. 59–66. IEEE Computer Society Press, Los Alamitos (2005)
Dominkus, S.: A hardware implementation of MD4-family hash algorithms. In: 9th IEEE International Conference on Electronics, Circuits and Systems, October 2002, vol. 3, pp. 1143–1146. IEEE Computer Society Press, Los Alamitos (2002)
Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong Authentication for RFID Systems using the AES Algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004)
Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES Implementation on a Grain of Sand. IEE Proceedings on Information Security 152(1), 13–20 (2005)
Henrici, D., Müller, P.: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers. In: 2nd IEEE Conference on Pervasive Computing and Communications Workshops (PerCom 2004 Workshops), March 2004, pp. 149–153. IEEE Computer Society Press, Los Alamitos (2004)
Kaps, J.-P., Sunar, B.: Energy comparison of AES and SHA-1 for ubiquitous computing. In: 2nd IFIP International Symposium on Network Centric Ubiquitous Systems (NCUS 2006). LNCS, Springer, Heidelberg (2006)
Lee, Y., Verbauwhede, I.: Secure and Low-cost RFID Authentication Protocols. In: 2nd IEEE Workshop on Adaptive Wireless Networks (AWiN) (2005)
National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), available online at http://www.itl.nist.gov/fipspubs/
National Institute of Standards and Technology (NIST). FIPS-180-2: Secure Hash Standard (August 2002), available online at http://www.itl.nist.gov/fipspubs/
Pramstaller, N., Aigner, M.: A Universal and Efficient SHA-256 Implementation for FPGAs. In: Austrochip 2004, pp. 89–93 (2004) ISBN 3-200-00211-5
Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 70–84. Springer, Heidelberg (2005)
Satoh, A., Inoue, T.: ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 532–537. IEEE Computer Society Press, Los Alamitos (2005)
Sklavos, N., Koufopavlou, O.: Implementation of the SHA-2 Hash Family Standard Using FPGAs. The Journal of Supercomputing 31(3), 227–248 (2005)
Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Feldhofer, M., Rechberger, C. (2006). A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_61
Download citation
DOI: https://doi.org/10.1007/11915034_61
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48269-7
Online ISBN: 978-3-540-48272-7
eBook Packages: Computer ScienceComputer Science (R0)