Abstract
We propose a lightweight, anonymous authentication protocol that can be based on any block cipher and is suitable for use by, e.g., RFID tags. We formally define three security properties that our protocol is intended to satisfy—mutual authentication, anonymity, and desynchronization resilience—and prove concrete bounds on the probability the protocol satisfies these properties in the presence of an active attacker. Our protocol is more efficient than any other protocol we are aware of that achieves these three properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In practice, there may be multiple physical readers all communicating with a single back-end server. The server in that case then plays the role of the reader.
- 2.
A session identifier need not be output in the real-world protocol; we use it to define mutual authentication.
- 3.
For simplicity, we assume the reader sends the first message of the protocol (as is the case for our protocol).
- 4.
In the real world the tag might implement a “time-out” mechanism that would have the same effect.
- 5.
“Time” can be quantified by the number of oracle queries made at some point in the experiment.
- 6.
Because messages may be dropped, the counter stored at the reader may be greater than the counter stored by the tag. But the protocol ensures that the difference between the counters is at most one.
- 7.
At initialization time, the two vectors stored by the reader are redundant; following a successful execution of the protocol, however, the first vector will store values associated with the current counter, while the second will store values associated with the previous counter.
- 8.
If the reader took branch 3(b) then this step is redundant and can be skipped.
References
Avoine, G.: Adversary model for radio frequency identification. Technical report LASEC-REPORT-2005-001, Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC) (2005)
Avoine, G.: RFID Security & Privacy Lounge. http://www.avoine.net/rfid
Avoine, G., Bingöl, M.A., Carpent, X., Yalcin, S.B.O.: Privacy-friendly authentication in RFID systems: on sublinear protocols based on symmetric-key cryptography. IEEE Trans. Mob. Comput. 12(10), 2037–2049 (2013)
Avoine, G., Carpent, X., Martin, B.: Privacy-friendly synchronized ultralightweight authentication protocols in the storm. J. Netw. Comput. Appl. 35, 826–843 (2012)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Boyd, C., Davies, G.T., de Kock, B., Gellert, K., Jager, T., Millerjord, L.: Symmetric key exchange with full forward security and robust synchronization. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 681–710. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_23
Burmester, M., Munilla, J.: Lightweight RFID authentication with forward and backward security. ACM Trans. Inf. Syst. Secur. 14(1), 11 (2011)
Chien, H.-Y.: SASI: a new ultralightweight RFID authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)
HanataniI, Y., Ohkubo, M., Matsuo, S., Sakiyama, K., Ohta, K.: A study on computational formal verification for practical cryptographic protocol: the case of synchronous RFID authentication. In: Danezis, G., Dietrich, S., Sako, K. (eds.) FC 2011. LNCS, vol. 7126, pp. 70–87. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29889-9_7
Juels, A., Weis, S.: Defining strong privacy for RFID. In: International Conference on Pervasive Computing and Communications (PerCom) (2007)
hkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “Privacy-Friendly” tags. In: RFID Privacy Workshop (2003)
Paise, R.I., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 292–299. ACM (2008)
Peris-Lopez, P., Hernandez-Castro, J.C., Tapiador, J.M.E., Ribagorda, A.: Advances in ultralightweight cryptography for low-cost RFID tags: gossamer protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00306-6_5
Song, B., Mitchell, C.J.: RFID authentication protocol for low-cost tags. In: Proceedings of the 1st ACM Conference on Wireless Network Security (WISEC), pp. 140–147. ACM (2008)
Tsudik, G.: YA-TRAP: yet another trivial RFID authentication protocol. In: International Conference on Pervasive Computing and Communications (PerCom) (2006)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_5
Yeh, K.H., Lo, N.W., Winata, E.: An efficient ultralightweight authentication protocol for RFID systems. In: Workshop in RFID Security—RFIDSec Asia, vol. 4 of Cryptology and Information Security, IOC Press (2010)
Acknowledgments
I thank Kelley Burgin for suggesting the problem, and Doug Shors, Laurie Law, and Louis Wingers for their encouragement as well as their helpful comments on earlier drafts. This work was performed under a consultancy agreement with University Technical Services, Inc. on behalf of the National Security Agency.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Katz, J. (2022). A Provably Secure, Lightweight Protocol for Anonymous Authentication. In: Galdi, C., Jarecki, S. (eds) Security and Cryptography for Networks. SCN 2022. Lecture Notes in Computer Science, vol 13409. Springer, Cham. https://doi.org/10.1007/978-3-031-14791-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-14791-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14790-6
Online ISBN: 978-3-031-14791-3
eBook Packages: Computer ScienceComputer Science (R0)