A Provably Secure, Lightweight Protocol for Anonymous Authentication

Katz, Jonathan

doi:10.1007/978-3-031-14791-3_12

Jonathan Katz ORCID: orcid.org/0000-0001-6084-9303⁹

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13409))

Included in the following conference series:

International Conference on Security and Cryptography for Networks

783 Accesses

Abstract

We propose a lightweight, anonymous authentication protocol that can be based on any block cipher and is suitable for use by, e.g., RFID tags. We formally define three security properties that our protocol is intended to satisfy—mutual authentication, anonymity, and desynchronization resilience—and prove concrete bounds on the probability the protocol satisfies these properties in the presence of an active attacker. Our protocol is more efficient than any other protocol we are aware of that achieves these three properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 89.00; Price excludes VAT (USA)

Softcover Book: USD 119.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
In practice, there may be multiple physical readers all communicating with a single back-end server. The server in that case then plays the role of the reader.
2.
A session identifier need not be output in the real-world protocol; we use it to define mutual authentication.
3.
For simplicity, we assume the reader sends the first message of the protocol (as is the case for our protocol).
4.
In the real world the tag might implement a “time-out” mechanism that would have the same effect.
5.
“Time” can be quantified by the number of oracle queries made at some point in the experiment.
6.
Because messages may be dropped, the counter stored at the reader may be greater than the counter stored by the tag. But the protocol ensures that the difference between the counters is at most one.
7.
At initialization time, the two vectors stored by the reader are redundant; following a successful execution of the protocol, however, the first vector will store values associated with the current counter, while the second will store values associated with the previous counter.
8.
If the reader took branch 3(b) then this step is redundant and can be skipped.

References

Avoine, G.: Adversary model for radio frequency identification. Technical report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC) (2005)
Google Scholar
Avoine, G.: RFID Security & Privacy Lounge. http://www.avoine.net/rfid
Avoine, G., Bingöl, M.A., Carpent, X., Yalcin, S.B.O.: Privacy-friendly authentication in RFID systems: on sublinear protocols based on symmetric-key cryptography. IEEE Trans. Mob. Comput. 12(10), 2037–2049 (2013)
Google Scholar
Avoine, G., Carpent, X., Martin, B.: Privacy-friendly synchronized ultralightweight authentication protocols in the storm. J. Netw. Comput. Appl. 35, 826–843 (2012)
Article Google Scholar
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Chapter Google Scholar
Boyd, C., Davies, G.T., de Kock, B., Gellert, K., Jager, T., Millerjord, L.: Symmetric key exchange with full forward security and robust synchronization. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 681–710. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_23
Chapter Google Scholar
Burmester, M., Munilla, J.: Lightweight RFID authentication with forward and backward security. ACM Trans. Inf. Syst. Secur. 14(1), 11 (2011)
Google Scholar
Chien, H.-Y.: SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)
Google Scholar
HanataniI, Y., Ohkubo, M., Matsuo, S., Sakiyama, K., Ohta, K.: A study on computational formal verification for practical cryptographic protocol: the case of synchronous RFID authentication. In: Danezis, G., Dietrich, S., Sako, K. (eds.) FC 2011. LNCS, vol. 7126, pp. 70–87. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29889-9_7
Chapter Google Scholar
Juels, A., Weis, S.: Defining strong privacy for RFID. In: International Conference on Pervasive Computing and Communications (PerCom) (2007)
Google Scholar
hkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “Privacy-Friendly” tags. In: RFID Privacy Workshop (2003)
Google Scholar
Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 292–299. ACM (2008)
Google Scholar
Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: gossamer protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00306-6_5
Chapter Google Scholar
Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Proceedings of the 1st ACM Conference on Wireless Network Security (WISEC), pp. 140–147. ACM (2008)
Google Scholar
Tsudik, G.: YA-TRAP: yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications (PerCom) (2006)
Google Scholar
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_5
Chapter Google Scholar
Yeh, K.H., Lo, N.W., Winata, E.: An efficient ultralightweight authentication protocol for RFID systems. In: Workshop in RFID Security—RFIDSec Asia, vol. 4 of Cryptology and Information Security, IOC Press (2010)
Google Scholar

Download references

Acknowledgments

I thank Kelley Burgin for suggesting the problem, and Doug Shors, Laurie Law, and Louis Wingers for their encouragement as well as their helpful comments on earlier drafts. This work was performed under a consultancy agreement with University Technical Services, Inc. on behalf of the National Security Agency.

Author information

Authors and Affiliations

Department of Computer Science, University of Maryland, College Park, MD, 20902, USA
Jonathan Katz

Authors

Jonathan Katz
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jonathan Katz .

Editor information

Editors and Affiliations

Università degli Studi di Salerno, Fisciano, Italy
Clemente Galdi
University of California at Irvine, Irvine, CA, USA
Stanislaw Jarecki

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Katz, J. (2022). A Provably Secure, Lightweight Protocol for Anonymous Authentication. In: Galdi, C., Jarecki, S. (eds) Security and Cryptography for Networks. SCN 2022. Lecture Notes in Computer Science, vol 13409. Springer, Cham. https://doi.org/10.1007/978-3-031-14791-3_12

Download citation

DOI: https://doi.org/10.1007/978-3-031-14791-3_12
Published: 05 September 2022
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14790-6
Online ISBN: 978-3-031-14791-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

A Provably Secure, Lightweight Protocol for Anonymous Authentication