Efficient and Low-Cost RFID Authentication Schemes

 

Atsuko Miyaji1, Mohammad Shahriar Rahman1, and Masakazu Soshi2

 

1School of Information Science

Japan Advanced Institute of Science and Technology

1-1 Asahidai, Nomi, Ishikawa, Japan

{miyaji, mohammad}@jaist.ac.jp

 

2School of Information Sciences

Hiroshima City University

3-4-1 Ozuka-Higashi, Asa-Minami-Ku, Hiroshima, Japan

soshi@hiroshima-cu.ac.jp

 

 

Abstract

 

Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest

nowadays. Supply-chain, inventory management are the areas where low-cost and secure batchmode

authentication of RFID tags is required. Resistance against illegal tracking, cloning, timing,

and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is

also necessary to thwart any illegal attempt to read the tags. With an objective to design a tracking,

cloning, and replay attack resistant low-cost RFID authentication protocol, Gene Tsudik proposed

a timestamp-based protocol using symmetric keys, named YA-TRAP*. However, resistance against

timing attack is very important for timestamp-based schemes, and the timestamps should be renewed

in regular intervals to keep the tags operative. Although YA-TRAP* achieves its target security properties,

it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can

be freely selected by an adversary. Moreover, in YA-TRAP*, reader authentication is not provided,

and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this

paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP* by

preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh

its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding

the threshold. Our protocols also achieve other security properties like forward security, resistance

against cloning, replay, and tracking attacks. Moreover, the computation and communication costs

are kept as low as possible for the tags. It is important to keep the communication cost as low as

possible when many tags are authenticated in batch-mode. By introducing aggregate function for

the reader-to-server communication, the communication cost is reduced. We also discuss different

possible applications of our protocols. Our protocols thus capture more security properties and more

efficiency than YA-TRAP*. Finally, we show that our protocols can be implemented using the current

standard low-cost RFID infrastructures.

 

Keywords: Low-Cost RFID, RFID authentication, YA-TRAP*

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 2, No. 3, pp. 4-25, September 2011 [pdf]