Skip to main content
SpringerLink
Log in

Tree-Based RFID Authentication Protocols Are Definitively Not Privacy-Friendly

  • Conference paper
Radio Frequency Identification: Security and Privacy Issues (RFIDSec 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6370))

Abstract

Authentication for low-cost Radio-Frequency IDentification (RFID) is a booming research topic. The challenge is to develop secure protocols using lightweight cryptography, yet ensuring privacy. A current trend is to design such protocols upon the Learning Parity from Noise (LPN) problem. The first who introduced this solution were Hopper and Blum in 2001. Since then, many protocols have been designed, especially the protocol of Halevi, Saxena, and Halevi (HSH) [15] that combines LPN and the tree-based key infrastructure suggested by Molnar and Wagner [24]. In this paper, we introduce a new RFID authentication protocol that is less resource consuming than HSH, relying on the same adversary model and security level, though. Afterwards, we show that, if an adversary can tamper with some tags, the privacy claimed in HSH is defeated. In other words, either tags are tamper-resistant, then we suggest a protocol more efficient than HSH, or they are not, then we suggest a significative attack against the untraceability property of HSH.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alomair, B., Lazos, L., Poovendran, R.: Passive Attacks on a Class of Authentication Protocols for RFID. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 102–115. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Anderson, R., Kuhn, M.: Tamper Resistance - a Cautionary Note. In: 2nd USENIX Workshop on Electronic Commerce, Oakland, CA, USA, pp. 1–11 (November 1996)

    Google Scholar 

  3. Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  4. Avoine, G., Dysli, E., Oechslin, P.: Reducing Time Complexity in RFID Systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Barasz, M., Boros, B., Ligeti, P., Loja, K., Nagy, D.: Breaking LMAP. In: Workshop on RFID Security, RFIDSec 2007, Malaga, Spain (July 2007)

    Google Scholar 

  6. Bárász, M., Boros, B., Ligeti, P., Lója, K., Nagy, D.: Passive Attack Against the M2AP Mutual Authentication Protocol for RFID Tags. In : First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)

    Google Scholar 

  7. Bringer, J., Chabanne, H.: Trusted-HB: A Low-Cost Version of HB+ Secure Against Man-in-the-Middle Attacks. IEEE Transactions on Information Theory 54(9), 4339–4342 (2008)

    Article  MathSciNet  Google Scholar 

  8. Bringer, J., Chabanne, H., Emmanuelle, D.: HB++: a Lightweight Authentication Protocol Secure against Some Attacks. In: IEEE International Conference on Pervasive Services, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, SecPerU 2006, Lyon, France. IEEE, Los Alamitos (2006)

    Google Scholar 

  9. Buttyán, L., Holczer, T., Vajda, I.: Optimal Key-Trees for Tree-Based Private Authentication. In: Workshop on Privacy Enhancing Technologies, PET 2006, Cambridge, UK (June 2006)

    Google Scholar 

  10. Cao, T., Bertino, E., Lei, H.: Security analysis of the SASI protocol. IEEE Transactions on Dependable and Secure Computing 6, 73–77 (2008)

    Article  Google Scholar 

  11. Chien, H.-Y.: SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity. IEEE Transactions on Dependable and Secure Computing 4(4), 337–340 (2007)

    Article  Google Scholar 

  12. Gilbert, H., Robshaw, M., Sibert, H.: An Active Attack Against HB+ - A provably Secure Lightweight Authentication Protocol (July 2005) (manuscript)

    Google Scholar 

  13. Gilbert, H., Robshaw, M.J., Seurin, Y.: HB#: Increasing the Security and Efficiency of HB+. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Gilbert, H., Robshaw, M.J., Seurin, Y.: How to Encrypt with the LPN Problem. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 679–690. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Halevi, T., Saxena, N., Halevi, S.: Using HB Family of Protocols for Privacy-Preserving Authentication of RFID Tags in a Population. In: Workshop on RFID Security, RFIDSec 2009, Leuven, Belgium (July 2009)

    Google Scholar 

  16. Hammouri, G., Sunar, B.: PUF-HB: A Tamper-Resilient HB Based Authentication Protocol. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 346–365. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Hopper, N.J., Blum, M.: A Secure Human-Computer Authentication Scheme. Technical report, Computer Science Department, School of Computer Science, Carnegie Mellon University (May 2000)

    Google Scholar 

  18. Hopper, N.J., Blum, M.: Secure Human Identification Protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  19. Juels, A., Weis, S.A.: Authenticating Pervasive Devices with Human Protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)

    Google Scholar 

  20. Leng, X., Mayes, K., Markantonakis, K.: HB-MP+ Protocol: An Improvement on the HB-MP Protocol. In: IEEE International Conference on RFID, pp. 118–124 (April 2008)

    Google Scholar 

  21. Li, T., Deng, R.H.: Vulnerability Analysis of EMAP - An Efficient RFID Mutual Authentication Protocol. In: Second International Conference on Availability, Reliability and Security, AReS 2007, Vienna, Austria (April 2007)

    Google Scholar 

  22. Li, T., Wang, G.: Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols. In: IFIP SEC 2007, Sandton, Gauteng, South Africa (May 2007)

    Google Scholar 

  23. Madhavan, M., Thangaraj, A., Sankarasubramaniam, Y., Viswanathan, K.: NLHB: A Non-Linear Hopper Blum Protocol. arXiv.org (February 2010)

    Google Scholar 

  24. Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: ACM Conference on Computer and Communications Security, ACM CCS 2004, Washington, DC, USA, pp. 210–219. ACM, New York (October 2004)

    Chapter  Google Scholar 

  25. Munilla, J., Peinado, A.: HB-MP: A Further Step in the HB-Family of Lightweight Authentication Protocols. Computer Networks 51(9), 2262–2267 (2007)

    Article  MATH  Google Scholar 

  26. Nohl, K., Evans, D.: Quantifying Information Leakage in Tree-Based Hash Protocols. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 228–237. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Organization, I.C.A.: Machine Readable Travel Documents, Doc 9303, Part 1, Machine Readable Passports, 5 (edn.) (2003)

    Google Scholar 

  28. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags. In: Workshop on RFID Security, RFIDSec 2006, Graz, Austria (July 2006)

    Google Scholar 

  29. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J., Ribagorda, A.: M2AP: A Minimalist Mutual-Authentication Protocol for Low-cost RFID Tags. In: Ma, J., Jin, H., Yang, L.T., Tsai, J.J.-P. (eds.) UIC 2006. LNCS, vol. 4159, pp. 912–923. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 352–361. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  31. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: Advances in Ultralightweight Cryptography for Low-cost RFID Tags: Gossamer Protocol. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 56–68. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  32. Phan, R.C.-W.: Cryptanalysis of a New Ultralightweight RFID Authentication Protocol - SASI. IEEE Transactions on Dependable and Secure Computing 6, 316–320 (2008)

    Article  Google Scholar 

  33. Semiconductors, N.: MIFARE Smartcards ICs, http://www.nxp.com/products/identification/card_ics/mifare

  34. Sun, H.-M., Ting, W.-C., Wang, K.-H.: On the Security of Chien’s Ultra-Lightweight RFID Authentication Protocol. IEEE Transactions on Dependable and Secure Computing 99 (2009)

    Google Scholar 

  35. Yoon, B.: HB-MP++ Protocol: An Ultra Light-weight Authentication Protocol for RFID System. In: IEEE International Conference on RFID, Orlando, FL, USA (April 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Université catholique de Louvain, B-1348, Louvain-La-Neuve, Belgium

    Gildas Avoine, Benjamin Martin & Tania Martin

Authors
  1. Gildas Avoine
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benjamin Martin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tania Martin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Electrical and Electronics Engineering, Department of Electronics and Communication Engineering, Istanbul Technical University, 34469, Istanbul, Turkey

    Siddika Berna Ors Yalcin

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Avoine, G., Martin, B., Martin, T. (2010). Tree-Based RFID Authentication Protocols Are Definitively Not Privacy-Friendly. In: Ors Yalcin, S.B. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2010. Lecture Notes in Computer Science, vol 6370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16822-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16822-2_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16821-5

  • Online ISBN: 978-3-642-16822-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation