Gökhan DALKILIÇ, Mehmet Hilal ÖZCANHAN, Hafize Şen ÇAKIR

Increasing key space at little extra cost in RFID authentications

Traditional authentication and key establishment protocols utilize nonce parameters as a means for message freshness, recent aliveness, and key derivation. Improving identity verification, increasing key space, or making secret updates more complex through nonces are not goals. Generating random numbers as nonces and not making the most out of them can be considered as a loss in resource stricken radio frequency identification (RFID) tags. By increasing the shared secrets slightly, a new functionality for the nonces is introduced, which makes the authentication and key establishment protocols of RFID systems more secure, in general. The proposed method contributes to the security of communication channels by increasing the key space. Attaining better security, with just a slight increase in the shared secrets and the already generated nonces, is beneficial compared to the existing costly, resource-demanding security primitives.

Anahtar Kelimeler:

Nonce, RFID, mutual authentication, key establishment, tag

Increasing key space at little extra cost in RFID authentications

Keywords:

Nonce, RFID, mutual authentication, key establishment, tag,

PDF

___

C. Boyd, A. Mathuria, Protocols for Authentication and Key Establishment, Berlin, Springer, 2003.
G. Avoine, “Bibliography on security and privacy in RFID systems”, Information Security Group, Louvain-LaNeuve, Belgium, Universite Catholique de Louvain, pp. 1–19, 2011.
A. Menezes, P. Oorschot, S. Vanstone, Handbook of Applied Cryptography, Boca Raton, FL, USA, CRC Press, 19 E.M. Ng, “Security models and proofs for key establishment protocols”, MSc Department of Mathematics, University of Waterloo, Canada, 2005.
I. Paul, “Nasty new worm targets home routers, cable modems”, PC World, 2009, available at http://www.pcworld.com/article/161941/nasty new worm targets home routers cable modems.html, last accessed 27 August 2012.
J. Leyden, “Old worm learns conficker tricks”, The Register, 2009, available at http://www.theregister.co.uk/2009/04/06/old worm adopts conficker tricks/, last accessed 27 August 2012.
Dallas Semiconductor of Maxim Integrated Products Inc., “Protecting the R&D investment: two-way authentication and secure soft-feature settings”, Application Note 3675, 2005.
M.J. Atallah, K.B. Frikken, M.T. Goodrich, R. Tamassia, “Secure biometric authentication for weak computational devices”, Proceedings of the 9th International Conference on Financial Cryptography and Data Security, pp. 357– 371, 2005.
P. Shaumont, K. Tiri, I. Verbauwhede, “Securing embedded systems”, IEEE Security & Privacy, Vol. 4, pp. 40–49, 200 B. Toiruul, K. Lee, “An advanced mutual-authentication algorithm using AES for RFID systems”, International Journal of Computer Science and Network Security, Vol. 6, pp. 156–162, 2006.
Y. Liu, “An efficient RFID authentication protocol for low-cost tags”, IEEE International Conference on Embedded and Ubiquitous Computing, Vol. 2, pp. 180–185, 2007.
H.Y. Chien, “SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity”, IEEE Transactions on Dependable and Secure Computing, Vol. 4, pp. 337–340, 2007.
I. Erguler, E. Anarim, “Attacks on an efficient RFID authentication protocol”, 10th IEEE International Conference on Computer and Information Technology, pp. 1065–1069, 2010.
M. Feldhofer, J. Wolkerstorfer, “Strong crypto for RFID tags – a comparison of low-power hardware implementations”, IEEE International Symposium on Circuits and Systems, pp. 1839–1842, 2007.
M. Feldhofer, J. Wolkerstorfer, “Hardware implementation of symmetric algorithms for RFID security”, in: P. Kitsos and Y. Zhang, editors, RFID Security: Techniques, Protocols and System-on-Chip Design, Berlin, Springer, pp. 373–415, 2009.
K. Kim, K. Chung, J. Shin, H. Kang, S. Oh, C. Han, K. Ahn, “A lightweight RFID authentication protocol using step by step symmetric key change”, Proceedings of the 8th IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 853–854, 2009.
J. Shin, Y. Park, S. Kim, Y. Kim, K. Kim, W. Choi, K. Ahn, “A symmetric key based RFID authentication protocol using encrypted tag ID”, Proceedings of the 8th IEEE International Conference on Dependable, Autonomic and Secure Computing , pp. 851–852, 2009.
S. Freinkel, H. Herbert, “The AES XCBC-MAC-96 algorithm and its use with IPsec”, RFC 3566, IETF, 2003, available at http://www.ietf.org/rfc/rfc3566.txt, last accessed 27 August 2012.
J. Ha, S. Moon, J. Nieto, C. Boyd, “Low-cost and strong-security RFID authentication protocol”, Lecture Notes in Computer Science, Vol. 4809, pp. 795–807, 2007.
T. von Deursen, S. Radomirovi´ c, “Security of RFID protocols – a case study”, Electronic Notes in Theoretical Computer Science, Vol. 244, pp. 41–52, 2009.
W. Stallings, Cryptography and Network Security, 5th ed., Upper Saddle River, NJ, USA, Pearson Education, 2011. A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. Hankes Drielsma, P.C. He´ am, O. Kouchnarenko, J. Mantovani, S. M¨ odersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Vigan` o, L. Vigneron, “The AVISPA tool for the automated validation internet security protocols and applications”, Proceedings of the 17th International Conference on Computer Aided Verification, Vol. 3576, pp. 281–285, 2005.
Automated Validation of Internet Security Protocols and Applications, AVISPA, available at http://srg.cs.deu.edu.tr/avispa.zip, last accessed 27 August 2012.
T. von Deursen, S. Radomirovi´ c, “Algebraic attacks on RFID protocols, information security theory and practices”, Smart Devices, Pervasive Systems, and Ubiquitous Networks, Vol. 5746, pp. 38–51, 2009.