Lightweight and Ultralightweight RFID Authentication Protocols for Low-cost Tags

Abstract

Counterfeiting is emerging as a serious threat to low-cost Radio Frequency Identification (RFID) tags. In addition, these RFID tags have engendered controversies on privacydue to their capability to provide unique identification. To solve theses problems, sophisticated tags can engage in authentication protocols using standard cryptographic algorithms. However, low-cost tags lack resources to implement these standard algorithms. So far, many studies have focused on implementing secure authentication protocols for low-cost tags.The protocols for low-cost tags can be classified into two classes: lightweight and ultralightweight. The lightweight protocols require a random number generator and simple functions such as Cyclic Redundancy Checksum code but not a hash function while the ultralightweight protocols involve only bitwise operations on the tag-side. In the lightweight protocol class, HB+ is computationally efficient but is vulnerable to a simple man-in-the-middle (MITM) attack, called the GRS attack.Later, HB# improves HB+ over the GRS attack. While HB+ is a multi-round protocol, where each round consists of three passes, HB# is a single-round protocol consisting of three passes, and thus reduces communication costs between the tag and the reader. But HB# requires relatively large size of memory in hundreds of thousands bits for two shared secret matrices. More importantly, this protocol is also known to be vulnerable to a new type of MITM attack, called the OOV attack.In the ultralightweight protocol class, the Gossamer protocol, the most recently published protocol, involves too heavyweight operations including modular additions and modulo operations with modulus 96.In this thesis, we propose HB-SK, which is an improved version of HB+. HB-SK is shown to be resistant to the GRS attack and also more lightweight than HB+. Next, we propose HB#-SK, which is an improved version of HB#. HB#-SK is shown to be resistant to the OOV attack. Finally, we also propose an ultralightweight RFID authentication protocol, called UFO. UFO is shown to be more lightweight than the conventional Gossamer protocol.