A Survey of RFID Authentication Protocols
Compiled by :
Dr. Vidyasagar Potdar
Yawer Yousuf Khan
Introduction RFID technology used for identification of objects, where data is
carried by radio waves. Seen as a replacement to barcode system. RFID system consists of a RFID Transponder (tag) and a RFID
Interrogator (Reader). A tag uniquely identifies an object. Frequencies: LF (124-135 kHz), HF(13.56 MHz), UHF(860-960 MHz) Reading range: LF (up to half meter), HF(upto 1 meter), UHF( upto
tens of meters)
RFID Architecture Types of tags:
Semi Passive ActivePassive
RFID Architecture (cont.)
Operational Process
RFID Architecture (cont.)
RFID Architecture
Applications of RFID Contactless cards for building access Interactive appliances like mobile phones Payment tokens like SpeedPassTM
In Retail markets Passports Toll payment Implantation in humans and animals.
Security Issues Authentication to provide a certain level of trust
between reader and tag & vice versa Integrity of the data exchanged between reader
and tag Availability of the bandwidth for communication Confidentiality of communication reader and tag Anonymity against unauthorised interrogation
Types of attacks Eavesdropping of communication between tag and
reader Full-Disclosure Attacks to obtain private data of
the tag Masquerading the legitimate tags Replay Attack DoS Attack Blocking Attack
Classification of Authentication Protocols: what, why and how?
Authentication Protocols: Provide level of trust between the reader
and the tag Limitations include limited read\write
memory, few logic gates to perform computational tasks
Classification of Authentication Protocols: what, why and how?
Need for Classification of authentication protocols:
Distinguishing on the basis of general prototypes which can cover various fundamental protocols.
Numerous Protocols are being proposed every year
Similar type of protocols may have same type of errors and their solutions.
Classification of Authentication Protocols: what, why and how?
Classification is based on these points Underlying algorithm used in the protocols. Procedure of message exchange. Secure combination of above two. Complex Cryptographic functions or the
structure of Protocol may limit the classification process
Concentration on message exchange to help abstracting away from cryptographic mechanism
Preliminary Concepts
Definition 1: Forced Challenge (F): Data is a random nonce
generated by the verifier, delivered as a plaintext or a ciphertext to the prover
Self Challenge (S): Data is generated by the prover himself
No Challenge (Ø): No challenge value exchanged in the protocol
Preliminary Concepts
Definition 2: Origin Authentication (OA): If the protocol
contains the message of the form APriKey{} Destination Authentication (DA): If the protocol
contains message of the form APubKey{·} Implicit Authentication (IA): If the protocol
contains no message of the form APriKey{·} or APubKey{·}
Process of Classification
Step 1: Identify the type of authentication used in a given protocol
Step 2: Identify the type of challenge values used between two sender and receiver
Step 3: In case of DA with forced challenge, protocols are further classified as DAF, No Ack (No Acknowledgment) and DAF, Ack.(Yes, Acknowledgment).
Process of Classification Always, Verifier is A and prover is B There are eight generic prototypes for
classification for verifier to prover Authentication
For Mutual Authentication There should be 82 = 64 prototypes, but the
protocols in which the responder entity B, act as an initiator can be regarded as illegal
In all 47 prototypes are legal
Prototypes of Authentication
Authentication Type Example
ImplicitAuthentication (IA)
IAØ A : ApriKey{ B }
IAF A B : rB
A:ApriKey { B, rB }
OriginAuthentication (OA)
OA A B : APriKey{ B }
OAS A B : TSA , APriKey{ B, TSA }
OAF A B : rB
AB : APriKey { B, rB }
DestinationAuthentication (DA)
DA A B : APubKey{ B }
DAF, NoAck A B : APubKey{ B, rB }
DAF, Ack A B : APubKey{ B, rB }
A B : rB
Prototypes of Mutual Authentication
Prototype
Example
IAF- 1. AB: rA
B:
DA 1. A B: BPubKey{ A }
A: APriKey{ B }B: BPriKey{ A }
IAF-IAF 1. A B: rA
2. A B: rB
A: APriKey{ B, rB }
B: BPriKey{ A, rA }
Prototypes of Mutual Authentication
Prototype Example
IAF-OAS
1. A B: rA , TSA , APriKey{ B, TSA }
B: BPriKey{ rA }
OAF-OAF 1. A B: rA
2. A B: BPriKey{ A, rA }, rB
3. A B: APrikey{ B, rB }
OAF- DAF,NoAck
1. A B: rA
2. AB: APubKey{B, rB , BPriKey{ A,
rA } }
or,1. A B: rA
2. A B: BPriKey{ A, rA , APubKey{B, rB } }
Prototypes of Mutual Authentication
Prototype
Example
DAF,NoAck-OAS 1. A B: BPubKey{A, rA , TSA ,
APriKey{ B, TSA } }
or,1. A B: TSA , APriKey{ B, TSA ,
BPubKey{A, rA } }
DAF,Ack-OAF 1. A B: BPubKey{ A, rA }
2. A B: rA , rB
3. AB: APriKey{ B, rB }
DAF,NoAck-DAF,NoAck 1. AB: BPubKey{ A, rA }
2. A B: APubKey{ B, rB }
DAF,Ack-DAF,Ack 1. A B: BPubKey{ A, rA }
2. AB: APubKey{ B, rB }, rA
3. AB: rB
Minimalist Approach Protocols named LMAP[3], M2AP[4] and
EMAP[5] proposed by Pedro Peris-Lopez et al Comes under Implicit Authentication with forced
challenge- Implicit Authentication with forced challenge IAF-IAF
simple binary operations like XOR, OR, AND, mod 2m are used by using few hundred gates
Minimalist Approach on index-pseudonyms (96-bits) which is a row of a
table to store all information related to the tag a 480 EEPROM and a 96-bit key divided into 4
parts updates after each message cycle Vulnerable to De-synchronization attack and
subsequently full-disclosure attack
Conclusion We studied several protocols and focussed on three main
researches LMAP, EMAP and M2AP Several protocols can be classified according to [1] to
provide generic study of RFID authentication protocols.
References DongGook Park, Colin Boyd, and Ed Dawson, "Classification of Authentication
Protocols: A Practical Approach", Proceedings of Information Security Workshop (ISW 2000), Springer-Verlag, LNCS Vol.1975, pp.194-208
Ari Juels, “RFID Security and Privacy: A research Survey”, September 2005, Manuscript, RSA Laboratories, 2005.
Peris-Lopez, Pedro and Hernandez-Castro, Julio Cesar and Estevez-Tapiador, Juan and Ribagorda, Arturo, “LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags” Printed handout of Workshop on RFID Security -- RFIDSec 06, July 2006.
Peris-Lopez, Pedro and Hernandez-Castro, Julio Cesar and Estevez-Tapiador, Juan and Ribagorda, Arturo,”M2AP: A Minimalist Mutual-Authentication Protocol for Low-cost RFID Tags”, Lecture Notes in Computer Science, 912--923, Springer-Verlag, Sep-2006.
Peris-Lopez, Pedro and Hernandez-Castro, Julio Cesar and Estevez-Tapiador, Juan M. and Ribagorda, Arturo, “EMAP: An Efficient Mutual Authentication Protocol for Low-cost RFID Tags”, OTM Federated Conferences and Workshop: IS Workshop -- IS'06, 2006, 4277 Lecture Notes in Computer Science, P-352--361, November Springer-Verlag.
Li, Tieyan and Wang, Guilin “Security Analysis of Two Ultra-Lightweight {RFID} Authentication” Protocols IFIP SEC 2007.
Li, Tieyan and Deng, Robert~H., “Vulnerability Analysis of {EMAP} - An Efficient RFID Mutual Authentication Protocols” Second International Conference on Availability, Reliability and Security -- AReS 2007 April 2007 Vienna, Austria.
http://www.simtech.a-star.edu.sg/events/images/rg_RFID_BigSafe2.jpg
Thank You
Top Related