Skip to main content
SpringerLink
Log in

From Identification to Authentication – A Review of RFID Product Authentication Techniques

  • Chapter
Networked RFID Systems and Lightweight Cryptography

Abstract

Authentication has an important role in many RFID applications for providing security and privacy. In this paper we focus on investigating how RFID can be used in product authentication in supply chain applications and a review of existing approaches is provided. The different categories of RFID product authentication approaches are analyzed within the context of anticounterfeiting and fields where future research is needed are identified.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lampe, M., Strassner, M.: The potential of RFID for moveable asset management. In: Workshop on Ubiquitous Commerce at Ubicomp (2003)

    Google Scholar 

  2. NJE Consulting: RFID in waste management (2006). Available from: http://www.nje.ca/Index_RFIDWasteManagement.htm (22.6.2006)

    Google Scholar 

  3. RFID in Japan: Shoe RFID expands. News Article, July 10, 2005 (via Nikkei Ryutsu Shimbun MJ, July 6, 2005). Available from: http://ubiks.net/local/blog/jmt/archives3/ 004067.html (22.5.2006)

    Google Scholar 

  4. RFID Journal: Wal-Mart draws line in the sand. News Article, June 11 (2003). Available from: http://www.rfidjournal.com/article/articleview/462/1/1/ (11.5.2006)

    Google Scholar 

  5. RFID Journal: Can RFID save the cattle industry? Vertical Focus, December 23 (2003). Available from: http://www.rfidjournal.com/article/articleview/1032 (22.5.2006)

    Google Scholar 

  6. RFID Journal: Long-range RFID for access control. News Article, July 8 (2003). Available from: http://www.rfidjournal.com/article/articleview/493/1/1/ (22.6.2006)

    Google Scholar 

  7. International Chamber of Commerce: IP Roadmap 2005: Current and emerging intellectual property issues for business. ICC, Paris (2005) 52. Available from: http://www.iccwbo.org/iproadmap/ (19.5.2006)

    Google Scholar 

  8. Organization for Economic Co-operation and Development (OECD): The Economic Impact of Counterfeiting (1998). Available from: http://www.oecd.org/dataoecd/ 11/11/2090589.pdf (3.5.2006)

    Google Scholar 

  9. U.S. Food and Drug Administration: Combating Counterfeit Drugs - A Report of the Food and Drug Administration, February (2004). Available from: http://www.fda.gov/oc/initiatives/counterfeit/report02_04.html (2.5.2006)

    Google Scholar 

  10. Staake, T., Thiesse, F., Fleisch, E.: Extending the EPC network - the potential of RFID in anti-counterfeiting. In: Proceedings of the 2005 ACM Symposium on Applied Computing (2005) 1607 - 1612

    Google Scholar 

  11. EPCglobal: Class-1 Generation-2 UHF RFID Conformance Requirements Specification v. 1.0.2. EPCglobal public document, February (2005)

    Google Scholar 

  12. RFID Journal: EPC tags subject to phone attacks. News Article, February 24 (2006). Available from: http://www.rfidjournal.com/article/articleview/2167/1/1/ (4.5.2006)

    Google Scholar 

  13. Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., Szydlo, M.: Security analysis of a cryptographically enabled RFID device. Pre-print (2006). Available from: www.rfidanalysis.org (4.5.2006)

    Google Scholar 

  14. RFID Journal: RFID, Privacy and Corporate Data. Feature Article, June 2 (2003). Available from: http://www.rfidjournal.com on subscription basis

    Google Scholar 

  15. Weingart, S.: Physical security devices for computer subsystems: A survey of attacks and defense. In: Koc, C.K., Paar, C., (ed.): Lecture Notes in Computer Science, Vol. 1965. Springer-Verlag, Berlin Heidelberg New York (2000) 302–317

    Google Scholar 

  16. Gilbert, H., Robshaw, M., Sibert, H.: An active attack against HB+ – a provably secure lightweight authentication protocol. Manuscript, July (2005)

    Google Scholar 

  17. Juels, A., Brainard, J.: Soft blocking: Flexible blocker tags on the cheap. In: Vimercati S.de.C., Syverson, P., (ed.): Workshop on Privacy in the Electronic Society – WPES, Washington. ACM, ACM Press October (2004) 1–7

    Google Scholar 

  18. Kang, J., Nyang, D.: RFID authentication protocol with strong resistance against traceability and denial of service attacks. In: Molva, R., Tsudik, G., Westhoff, D. (ed.): European Workshop on Security and Privacy in Ad hoc and Sensor Networks – ESAS”05, Lecture Notes in Computer Science, Vol. 3813. Springer-Verlag, Berlin Heidelberg New York (2005) 164–175

    Google Scholar 

  19. Juels, A.: RFID security and privacy: A research survey. Condensed version to appear in 2006 in the IEEE Journal on Selected Areas in Communication (2005)

    Google Scholar 

  20. Takaragi, K., Usami, M., Imura, R., Itsuki, R., Satoh, T.: An ultra small individual recognition security chip. In: IEEE Micro, November-December (2001)

    Google Scholar 

  21. Koh, R., Schuster, E., Chackrabarti, I., Bellman, A.: Securing the pharmaceutical supply chain. In: White Paper, Auto-ID Labs, Massachusetts Institute of Technology (2003)

    Google Scholar 

  22. Pearson, J.: Securing the pharmaceutical supply chain with RFID and public-key infrastructure (PKI) technologies. Texas Instruments White Paper, June (2005). Available from: http://www.ti.com/rfid/docs/docntr.shtml (28.4.2006)

    Google Scholar 

  23. RFID Journal: Congress weighs drug anti-counterfeiting bill. News Article, March (2005). Available from: http://www.rfidjournal.com/article/articleview/2180/1/1/ (19.5.2006)

    Google Scholar 

  24. Weis, S., Sarma, S., Rivest, R., Engels, D.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (ed.): International Conference on Security in Pervasive Computing - SPC 2003, Lecture Notes in Computer Science, Vol. 2802. Springer-Verlag, Berlin Heidelberg New York (2003) 454–469

    Google Scholar 

  25. Henrici, D., Müller, P.: Hash-based enhancement of location privacy for radiofrequency identification devices using varying identifiers. In: Sandhu, R., Thomas, R. (ed.): International Workshop on Pervasive Computing and Communication Security – PerSec (2004)

    Google Scholar 

  26. Avoine, G., Oechslin, P.: A scalable and provably secure hash based RFID protocol. In International Workshop on Pervasive Computing and Communication Security – PerSec, Kauai Island, Hawaii (2005)

    Google Scholar 

  27. Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In RFID Privacy Workshop, MIT, MA, USA, November (2003)

    Google Scholar 

  28. Lee, S.M., Hwang, Y.J., Lee, D. H., Lim, J.I.: Efficient authentication for low-cost RFID systems. In: Gervasi, O., Gavrilova, M., Kumar, V., Lagana`a, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K., (ed.): International Conference on Computational Science and its Applications - ICCSA 2005. Lecture Notes in Computer Science, Part I, Volume 3480, Springer-Verlag, Singapore (2005) 619—627

    Google Scholar 

  29. Choi, E.Y., Lee, S.M., Lee, D. H.: Efficient RFID authentication protocol for ubiquitous computing environment. In International Workshop on Security in Ubiquitous Computing Systems – Secubiq. Lecture Notes in Computer Science, Springer-Verlag, Nagasaki, Japan (2005)

    Google Scholar 

  30. Lee, S., Asano, T., Kim, K.: RFID Mutual Authentication Scheme based on Synchronized Secret Information. In Symposium on Cryptography and Information Security, Hiroshima, Japan, January (2006)

    Google Scholar 

  31. Juels, A. Pappu., R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright R. (ed.): Financial Cryptography – FC”03. Lecture Notes in Computer Science, Volume 2742, Springer-Verlag, Le Gosier, Guadeloupe, French West Indies, IFCA (2003) 103—121

    Google Scholar 

  32. Zhang, X., King, B.: Integrity Improvements to an RFID Privacy Protection Protocol for Anti-counterfeiting. In: Zhou, J., Lopez, J., Deng, R., Bao, F. (ed.): Information Security Conference – ISC 2005. Lecture Notes in Computer Science, Vol. 3650, Springer-Verlag, Singapore (2005) 74–481

    Google Scholar 

  33. Tsudik, G.: YA-TRAP: Yet another trivial RFID authentication protocol. In International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy, March (2006)

    Google Scholar 

  34. Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable, pseudonym protocol enabling ownership transfer of RFID tags. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July (2005)

    Google Scholar 

  35. Chatmon, C., Le, T.V., Burmester, M.: Secure anonymous RFID authentication protocols. Technical Report TR-060112, Florida State University, Department of Computer Science, Tallahassee, Florida, USA, (2006)

    Google Scholar 

  36. Juels, A.: Minimalist cryptography for low-cost RFID tag. In Conference on Security in Communication Networks – SCN”04, LNCS, Amalfi, Italia, September (2004) Springer-Verlag

    Google Scholar 

  37. Juels, A.: Strengthening EPC Tags Against Cloning. In: Jakobsson, M., Poovendran, R. (ed.): ACM Workshop on Wireless Security (2005) 67—76

    Google Scholar 

  38. Vajda, I., Buttyán, L.: Lightweight authentication protocols for low-cost RFID tags. Workshop on Security in Ubiquitous Computing (2003)

    Google Scholar 

  39. Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.): Advances in Cryptology – CRYPTO”05. Lecture Notes in Computer Science, Vol. 3126, IACR, Springer-Verlag, Santa Barbara, California (2005) 293–308

    Google Scholar 

  40. Hopper, N., Blum, M.: A Secure Human-Computer Authentication Scheme. Tech. Rep. CMU-CS-00–139, Carnegie Mellon University (2000)

    Google Scholar 

  41. Katz, J., Shin, J.S.: Parallel and concurrent security of the HB and HB+ protocols. In Serge Vaudenay, editor, Advances in Cryptology – EUROCRYPT”06, Lecture Notes in Computer Science, IACR, Springer-Verlag, Saint Petersburg, Russia (2006)

    Google Scholar 

  42. Piramuthu, S.: HB and related lightweight authentication protocols for secure RFID tag/reader authentication. In Collaborative Electronic Commerce Technology and Research – CollECTeR 2006, Basel, Switzerland (2006)

    Google Scholar 

  43. Dimitriou, T.: A Secure and Efficient RFID Protocol that could make Big Brother (partially) Obsolete. In International Conference on Pervasive Computing and Communications – PerCom 2006, Pisa, Italy, March (2006)

    Google Scholar 

  44. Dimitriou, T.: A Lightweight RFID Protocol to protect against Traceability and Cloning attacks. In Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, September (2005)

    Google Scholar 

  45. Duc, D.N., Park, J., Lee, H., Kim, K.: Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning (2006)

    Google Scholar 

  46. Ranasinghe, D., Engels, D., Cole, P.: Security and privacy: Modest proposals for low-cost RFID systems. In Auto-ID Labs Research Workshop, Zurich, Switzerland (2004)

    Google Scholar 

  47. Lee, J., Lim, D., Gassend, B., Suh, G.E., Dijk, M., Devadas, S.: A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications. Symposium on VLSI circuits (2004)

    Google Scholar 

  48. Tuyls, P., Batina, L.: RFID-tags for Anti-Counterfeiting. In: Pointcheval, D. (ed.): Topics in Cryptology – CT-RSA – The Cryptographers” Track at the RSA Conference. Lecture Notes in Computer Science, No. 115–131, Springer Verlag, San Jose (2006) 3860

    Google Scholar 

  49. Engberg, S., Harning, M., Damsgaard-Jensen, C.: Zero-knowledge device authentication: Privacy & security enhanced RFID preserving business value and consumer convenience. In Conference on Privacy, Security and Trust – PST, New Brunswick, Canada, October (2004)

    Google Scholar 

  50. Rhee, K., Kwak, J., Kim, S., Won, D.: Challenge-response based RFID authentication protocol for distributed database environment. In: Hutter, D., Ullmann, M. (ed.): International Conference on Security in Pervasive Computing – SPC 2005. Lecture Notes in Computer Science, Vol. 3450, Springer-Verlag, Boppard, Germany (2005) 70–84

    Google Scholar 

  51. Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: Pfitzmann, B., Liu, P. (ed.): Conference on Computer and Communications Security – ACM CCS, pages 210–219, Washington, DC, USA, October (2004)

    Google Scholar 

  52. Gao, X., Xiang, Z., Wang, H., Shen, J., Huang, J., Song, S.: An approach to security and privacy of RFID system for supply chain. IEEE International Conference on E-Commerce Technology for Dynamic E-Business (2004)

    Google Scholar 

  53. Yang, J., Park, J., Lee, H., Ren, K., Kim, K.: Mutual authentication protocol for lowcost RFID. Handout of the Ecrypt Workshop on RFID and Lightweight Crypto, July (2005)

    Google Scholar 

  54. Dominikus, S., Oswald, E., and Feldhofer, M.: Symmetric authentication for RFID systems in practice. ECRYPT Workshop on RFID and Lightweight Crypto, Graz, Austria, July (2005)

    Google Scholar 

  55. Feldhofer, M.: A Proposal for Authentication Protocol in a Security Layer for RFID Smart Tags. Stiftung Secure Information and Communication Technologies SIC (2003)

    Google Scholar 

  56. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. Workshop on Cryptographic Hardware and Embedded Systems – CHES 2004. Lecture Notes in Computer Science, Vol. 3156, Springer-Verlag (2004) 357–370

    Google Scholar 

  57. Bailey, D., Juels, A.: Shoehorning security into the EPC standard. Manuscript in submission, January (2006)

    Google Scholar 

  58. Nochta, Z., Staake, T., Fleisch, E.: Product Specific Security Features Based on RFID Technology. Saint-w, pp. 72–75, International Symposium on Applications and the Internet Workshops (SAINTW”06) (2006)

    Google Scholar 

  59. Sarma, S.: Towards the 5¢ Tag. White Paper, Auto-ID Center, MIT (2001). Available from: http://www.autoidlabs.org/whitepapers/mit-autoid-wh-006.pdf (5.5.2006)

    Google Scholar 

  60. Sarma, S., Weis, S., Engels, D.: Radio-Frequency Identification: Security Risks and Challenges. In RSA Laboratories Cryptobytes, Vol. 6, No. 1 (2003)

    Google Scholar 

  61. Weis, S.: Security and Privacy in Radio-Frequency Identification Devices. Master”s Thesis, MIT, May (2003)

    Google Scholar 

  62. Yüksel, K.: Universal Hashing for Ultra-Low-Power Cryptographic Hardware Applications. Master”s Thesis, Dept. of Electronical Engineering, WPI, (2004)

    Google Scholar 

  63. Juels, A., Syverson, P., Bailey, D.: High-Power Proxies for Enhancing RFID Privacy and Utility. In Workshop on Privacy Enhancing Technologies (2005)

    Google Scholar 

  64. EPCglobal: 900 MHz Class 0 Radio Frequency (RF) Identification Tag Specification. EPCglobal public document, February (2003)

    Google Scholar 

  65. EPCglobal: Class-1 Generation-2 UHF air interface protocol standard version 1.0.9. EPCglobal public document, January (2005). Available from: http://www.epcglobalinc.org/standards_technology/EPCglobal2UHFRFIDProtocolV 109122005.pdf (8.5.2006)

    Google Scholar 

  66. Alien Technology: EPC Class 1 RFID Tags Datasheet (2005). Available from: http://www.alientechnology.com/products/documents/alien_915mhz_128_bit.pdf (19.5.2006)

    Google Scholar 

  67. Supply Chain Digest: RFID News: Tag Prices Drop, but is it Real? Wal-Mart, Target Push for Sunsetting Class 0 and 1 Tags. News and Views, October 13 (2005). Available from: http://www.scdigest.com/assets/newsviews/05–10–13–2.cfm (19.5.2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Management, ETH Zurich, 8092, Zurich, Switzerland

    Mikko Lehtonen & Florian Michahelles

  2. Institute of Technology Management, University of St.Gallen, 9000, St.Gallen, Switzerland

    Thorsten Staake

Authors
  1. Mikko Lehtonen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thorsten Staake
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florian Michahelles
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical and Electronic Engineering, University of Adelaide, 5005, Adelaide, Australia

    Peter H. Cole  & Damith C. Ranasinghe  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Lehtonen, M., Staake, T., Michahelles, F. (2008). From Identification to Authentication – A Review of RFID Product Authentication Techniques. In: Cole, P., Ranasinghe, D. (eds) Networked RFID Systems and Lightweight Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71641-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71641-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71640-2

  • Online ISBN: 978-3-540-71641-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation