Authentication based on Asymmetric Primitives

One of the first public key solutions for RFID authentication was introduced by McLoone and Robshaw (113). This scheme relies on an elliptic curve variant of the GPS identification protocol proposed in (67, 68), cf. Fig. 3.7. Elliptic curve GPS is a three round protocol between a proverP and a verifierV. First, proverP and verifierV agree on an elliptic curve E, and on a base pointg inE of orderq. Then, the identity of prover P is mapped to a pair of secret and public keys (sk,pk) = (s, g^−s), where sis picked randomly in Z_q. In the first round of the protocol, proverP chooses a random numberr ∈Z_q, computesg^r, then outputs its replyx=H(g^r), where H is a cryptographic hash function. Verifier V picks randomly a challenge message ethat it sends back toP, who responds withy =r+se. Finally, verifier V checks P’s identity by verifying whether H(g^ypk^e) = x. Now, RFID tag authentication (“identification”) proceeds in the same manner, where a tag plays the role of the prover P and the reader plays the role of the verifier V. The tag however does not compute x, but rather it stores a set of pre-computed coupons (ri, xi = H(g^ri)) which are used only once.

When queried, the tag sends x_i, and upon receiving the challenge message e_i, it computes yi = ri+sei. As a result, the tag is only required to execute arithmetic operations in Z. Moreover, the authors showed that for|q|= 160 bits and|ei|= 32 bits, their protocol can fit an area of 1642G.E.while requiring 401 clock cycles, at 100 Khz. The GPS protocol however suffers from the following limitations. 1.) It requires the reader to perform a search of a linear complexity in the number of tags, 2.) it is notforward privacy preserving, and 3.) it is prone to DoS attacks: if tags storel coupons, then tags can only respond to l queries and an adversaryAcan easily render a tag inoperative by querying itl times.

Notice that the last limitation of GPS can be tackled if tags are assumed to be able to execute elliptic curve operations. To validate this assumption, Kumar and Paar (102) and Lee et al. (104) investigated the feasibility of elliptic curve cryptography in low cost tags, and showed encouraging implementation results of elliptic curve processors. In fact, Kumar and Paar (102) implemented elliptic curve operations over a finite field of size 193 bits in an area

52

3.3 RFID Authentication Protocols

of 18K G.E., whereas Lee et al. (104) implemented elliptic curve operations over a finite field of size 163 bits within an area of 15K G.E.

In line with these results, Lee et al. (103) proposed EC-RAC, a public key authentication protocol that is inspired from Schnorr’s (143) and Okamoto’s (123) identification schemes.

Contrary to (143) and (123), EC-RAC is claimed to be secure and privacy preserving against active adversaries under the hardness of the discrete logarithm problem. Each tag T in this scheme is associated with a secret key sk_T = (s1, s2) and a “public key”⁴ pk_T = (˜g1,˜g2) = (g^s1, g^s2), as illustrated in Fig. 3.8. Whereas, the reader is associated with a pair of keys (sk_R,pk_R) = (y,g˜ = g^y). The reader starts the protocol by sending a challenge message implemented in 17K G.E., and executed within 500 ms at 500 KHz. Nevertheless, Bringer et al. (30) presented two attacks against EC-RAC. The first attack enables an adversaryAto compute the value of g^s12 from two protocol transcripts of the same tag, i.e., if adversaryA eavesdrops on other protocol executions of this tag, he can easily track it by using the value g^s12. The second attack allows an adversaryAwho eavesdrops on the same tag three times, to impersonate this tag as many times as he wants. To circumvent the above attacks, Lee et al.

(105) proposed a revision of EC-RAC, yet van Deursen and Radomirovic (158) presented a man in the middle attack that allows a non-narrow adversary in the sense of (159) to track tags. In another attempt to resist man in the middle attacks, Lee et al. (106) proposed a third protocol which is EC-RACIII. Still, Fan et al. (57) demonstrated that EC-RACIII is as well vulnerable to tracking attacks that are conducted by a non-narrow adversary.

While most of the work on RFID public key authentication relies on elliptic curve cryp-tography as the underpinning technique, other approaches were proposed which are based on finite field cryptography. We mention namely the work by Oren and Feldhofer (126) that builds upon a variant of the Rabin cryptosystem (133) which was introduced by Shamir (146).

As depicted in Fig. 3.9, the reader sends a random nonceN_Rto the tag. The tag then gener-ates two random numbersN_(T,1) andN_(T,2), together with a plaintext m=f(NR, N_(T,1),ID),

4The public keys of tags in both GPS and EC-RAC are only known to authorized readers.

3. RFID SECURITY AND PRIVACY

Figure 3.9: RFID authentication protocol based on Rabin cryptosystem

where f is a simple byte interleaving function, and ID is the tag’s identifier. Finally, the tag computes the ciphertext c = m²+N_(T,2)N, where N is the reader’s public key. When receiving the tag’s reply c, the reader uses its Rabin’s secret key (i.e., N’s factorization) to decrypt c. There are 4 possible decryptions m_i for ciphertext c. As a consequence, the reader verifies first whether one of the resulted mi contains the string NR, if so the reader retrieves the identifierID, and authenticates the tag by checking whether there is an entry in its database that corresponds to the identifierID. The authors showed that this protocol can be implemented in 5K G.E.; this efficiency is due to the fact that the tag is only required to perform arithmetic operations in Z. Note that on the one hand, the privacy of this protocol relies on the non-disclosure of public keyN. On the other hand, if an adversaryAcorrupts a tag, he can easily retrieve the public key N. After the disclosure of public keyN, adversary Astill cannot compute the tagID which is encrypted using the Rabin scheme. Nevertheless, the ciphertext c sent in the last round of the protocol can leak information about the tag, since the Rabin encryption is not IND-CPA.

Also, Paise and Vaudenay (129) presented a mutual authentication protocol, see Fig.

3.10 based on public key encryption, and showed that if the underlying encryption is IND-CPA, then the authentication protocol is narrow strong privacy preserving according to (129, 159). They also proved that if the encryption is IND-CCA (cf. Definition 2.17) then, the authentication protocol is also forward privacy preserving.

Among the known IND-CPA encryption schemes that could serve as the encryption in the Paise and Vaudenay’s protocol, there is elliptic curve Elgamal (52). As EC-RAC, Elgamal only requires two exponentiations which was proven to be feasible in RFID environment, see (103). However, when using elliptic curve Elgamal, the tag has to first map the plaintext m to be encrypted into a point ˜g in the elliptic curve, and then encrypts the point ˜g to get a ciphertext c, whereas the reader has to decrypt c and invert the point mapping to get the plaintext m. As for now, there are few efficient invertible point mapping schemes, see (3), and it is still unknown if they are feasible in RFID tags. Moreover, the other IND-CPA encryptions that operate in Z_N are unsuitable for RFID tags. The same problem of point mapping arises when using Elliptic curve variants of IND-CCA encryptions such as Cramer-Shoup (41) to ensure forward privacy.

Although public key cryptography may allow for scalable RFID authentication protocols, the question of constructing efficient and provably secure and privacy preserving public key

54

3.3 RFID Authentication Protocols Tag

pk_R,ID, KT

NR

Encpk_R(ID||KT||NR||NT)

Reader

NT

skR

Figure 3.10: RFID authentication protocol based on public key cryptography

protocols remains open. As shown in this section, the provably secure and privacy preserving protocols require RFID tags to perform expensive computations that slacken the overall system, while the practical schemes have been proven to be vulnerable to tracking attacks.