Abstract. With continuous improvements in the efficiency of microelectronics, it is now possible to power a general-purpose microcontroller wirelessly at a reasonable range. Our implementation of RC5-32/12/16 on the WISP UHF RFID tag shows that conventional cryptography is no longer beyond the reach of a general-purpose UHF tag. In this paper, (1) we provide preliminary experimental data on how much computation is available on a TI MSP430F1232 microcontroller-based RFID tag containing approximately 8 KBytes of flash and 256 bytes of RAM, and (2) we show that symmetric cryptography is feasible on an RF-powered, general-purpose RFID tag — providing the first implementation of conventional cryptography on an RF-powered UHF RFID tag as far as we are aware. 1

The design of ultralightweight authentication protocols that conform to low-cost tag requirements is imperative. This paper analyses the most important proposals (except for those based in hard problems such as the HB [1–3] family) in the area [4–6] and identifies the common weaknesses that have left all of them open to various attacks [7–11]. Finally, we present Gossamer, a new protocol inspired by the recently published SASI scheme [13], that was lately also the subject of a disclosure attack by Hernandez-Castro et al. [14]. Specifically, this new protocol is designed to avoid the problems of the past, and we examine in some deep its security and performance.

Abstract. Cloned fake RFID tags and malicious RFID readers pose a major threat to RFID-based supply chain management system. Fake tags can be attached to counterfeit products and medicines. Malicious readers can corrupt and snoop on genuine tags. These threats can be alleviated by incorporating a RFID tag-reader mutual authentication scheme. In this paper we propose a simple, cost-effective, light-weight, and practical RFID tag-reader mutual authentication scheme. Our scheme adheres to two ratified standards: EPCglobal Architecture Framework specification and EPCglobal Class 1 Gen 2 UHF RFID Protocol. This scheme utilizes the tag’s Access and Kill Passwords and achieves the following three goals: detect cloned fake tags, ward off malicious snooping readers, and in the process, a manufacturer can also implicitly keep track on the whereabouts of its genuine products.

With the increased popularity of RFID applications, different authentication schemes have been proposed to provide security and privacy protection for users. Most recent RFID protocols use a central database to store the RFID tag data. The RFID reader first queries the RFID tag and returns the reply to the database. After authentication, the database returns the tag data to the reader. In this paper, we propose a more flexible authentication protocol that provides comparable protection without the need for a central database. We also suggest a protocol for secure search for RFID tags. We believe that as RFID applications become widespread, the ability to securely search for RFID tags will be increasingly useful.

Abstract. This paper considers the problem of private identification of very small and inexpensive tags. It describes a novel scheme that does not require any computation from the tag. The proposed scheme relies on an NP-complete problem and as such is proven to be difficult to breach. We show that our solution outperforms existing computation-free schemes such as the pseudonym-rotation scheme proposal by Juels et al.[1]. 1

Abstract not found

Radio frequency identification (RFID) technologies have many advantages in applications such as object tracking and monitoring, ticketing, supply-chain management, contactless payment systems. However, the RFID system may bring about various security and privacy problems. In this paper we present our security analysis of the LAK protocol and the CWH protocol. First, we show that the LAK protocol cannot resist replay attacks, and therefore an adversary can impersonate a legal tag. Next, we present a full-disclosure attack on the CWH protocol. By sending malicious queries to a tag and collecting the response messages emitted by the tag, the full-disclosure attack allows an adversary to extract the secret information from the tag.

Abstract — In this paper, we analyze the security vulnerabilities of a family of ultra-lightweight RFID mutual authentication protocols: LMAP [13], M 2 AP [14] and EMAP [15], which are recently proposed by Peris-Lopez et al. We identify two effective attacks, namely de-synchronization attack and full-disclosure attack, against their protocols. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. It can be carried out in just single round of interaction in the authentication protocols. The latter completely compromises a tag by extracting all the secret information stored in the tag. It is accomplished across several runs of the protocols. Moreover, we point out the potential countermeasures to improve the security of above protocols. Index Terms — RFID authentication, security and privacy, ultra-lightweight primitives I.

Radio Frequency Identification (RFID) technology one of the most promising technologies in the field of ubiquitous computing. Indeed, RFID technology may well replace barcode technology. Although it offers many advantages over other identification systems, there are also associated security risks that are not easy to be addressed. When designing a real lightweight authentication protocol for low cost RFID tags, a number of challenges arise due to the extremely limited computational, storage and communication abilities of Low-cost RFID tags. This paper proposes a real mutual authentication protocol for low cost RFID tags. The proposed protocol prevents passive attacks as active attacks are discounted when designing a protocol to meet the requirements of low cost RFID tags. However the implementation of the protocol meets the limited abilities of low cost RFID tags.

Low-cost Radio Frequency Identification (RFID) tags are devices with very limited computational capability, in which only 250-4K logic gates can be devoted to securityrelated tasks. Classical cryptographic primitives such as block ciphers or hash functions are well beyond the computational capabilities of low-cost RFID tags, as ratified by the EPCglobal Class-1 Gen-2 RFID specification. Moreover, the Gen-2 RFID specification does not pay due attention to security. For this reason, an efficient Ultra Light Authentication Protocol (ULAP) is proposed in this paper. This new scheme offers an adequate security level against passive attacks, and is compliant with Gen-2 RFID specification.