Authentication based on Symmetric Primitives

Contrary to lightweight primitives, symmetric cryptography provides the means for provable RFID security and privacy. Additionally, it can be put into practice without requiring tags to store a large amount of keying material or to perform very expensive computations, see (58,147,163).

Along these lines, Feldhofer et al. (58) proposed a mutual authentication protocol that relies on AES, cf. Fig. 3.4. A tagT in this protocol stores an internal stateST that consists of a secret keyKT that it shares with the reader. To start the authentication, the reader sends a random numberN_R. The tag then returns the encryptionc_T =Enc_KT(N_R||N_T) whereN_T is a random number generated by the tag. The reader decryptscT using the secret keyKT, gets the plaintexta||b, then checks whethera=NR. If so, the reader accepts the tag and completes the mutual authentication by sending a second ciphertextcR=Enc_KT(b||NR) to the tag. The authors showed that 128-bit AES can be implemented in 3628G.E., while requiring 992 clock cycles at 100KHz frequency. This result was among the first to confirm that real RFID tags can perform symmetric challenge response protocols. However, this protocol assumes that

48

3.3 RFID Authentication Protocols

tags in the system share the same secret key KT. As a result, the protocol only enables tag authentication but not tag identification, and if one tag is compromised, so is the other tags in the system. Also, the protocol is not forward privacy preserving, i.e., if a tag is corrupted by some adversary A, A can easily link this tag to its previous interactions. Despite the fact that the first two problems can be solved by allowing tags to have different secrets, the problem of forward privacy is more difficult to mitigate.

One of the first protocols to address the problem of forward privacy was proposed by Ohkubo et al. (122). The authors designed a scheme called OSK that ensures forward privacy by equipping tags in the RFID system with two one-way hash functions H and G, where H is used to authenticate tags and G is used to update their secret keys. At initialization, each tag stores some secret keyK₀ which is updated after each reading. Upon thei^th reader query, the tag computes first a replyr=H(K_i−1), then updates its secret key by evaluating Ki = G(Ki−1), and finally sends the reply r to the reader, as depicted in Fig. 3.5. When receiving the tag reply, the reader parses its database until it finds a match. If so, the reader updates the corresponding secret key using the one-way hash function G. It was shown in (122) that the OSK scheme is forward privacy preserving in the random oracle model.

However, this protocol is not scalable and it is vulnerable to denial of service (DoS) attacks.

An adversary A can query a tag T for l consecutive times, forcing the reader to perform a database search of complexity O(ln) to identify T, where n is the number of tags in the system. Now, if l is too large, the reader may stall, hindering thus, the overall performance and availability of the RFID system. To tackle theses concerns, Avoine and Oechslin (6) presented a time-memory trade-off to reduce the computation load on the reader side. Still, OSK is not only prone to DoS but also to replay attacks. An adversary A can query a tag, then replay the tag’s response to authenticate himself to the reader.

In the vein of OSK scheme, Berbain et al. (12) proposed a challenge response protocol that provides provable security and forward privacy. This protocol uses a hash function H and a random number generator G. A Tag in this scheme uses the hash function H to authenticate, and the random number generator G to update its internal state (i.e., secret key K_i). To improve the protocol performances, the hash function H is implemented as a family of universal hash functions which can be efficiently implemented in hardware, see

3. RFID SECURITY AND PRIVACY

(35, 100). At initialization, each tag stores an initial key K₀ which is updated after each protocol invocation. The reader starts the protocol with some tag by sending a challenge message m. When receiving the reader query, the tag first generates a k₁+k₂-bit random numberG(Ki−1) =K_(i,1)||K_(i,2), where|K_(i,1)|=k1and|K_(i,2)|=k2, and sets its new key to Ki =K_(i,1). Then, it picks a hash functionHK_(i,2) from its family of universal hash functions using K_(i,2) as index, and computes its reply r = H_K(i,2)(m), which it sends to the reader.

This protocol can be efficiently implemented in 4000 G.E.as demonstrated by Berbain et al.

(12), nonetheless, it is not scalable and it is susceptible to denial of service attacks just like OSK.

In an attempt to prevent DoS attacks, some schemes (33, 51) proposed that the reader authenticates itself at the end of the protocol execution, and that the tag updates its internal state only when the reader’s authentication is successful. Despite the efficiency of such a counter-measure against DoS attacks, it fails at assuring forward privacy between two suc-cessful mutual authentications. As noted in (12), it is impossible to assure simultaneously forward privacy and resistance to denial of service using only symmetric key cryptography;

either tags do not always refresh their states after each query and the scheme is then not forward privacy preserving, or they refresh their states after each query and the scheme is then vulnerable to DoS attacks. Yet, being prone to DoS attacks compromises privacy; an adversary can always recognize a tag which it queries too many times by observing whether the reader stall or not.

The above issues have led to work on efficient linear/sublinear protocols that still assure some level of privacy and security, cf. (42,48,50,117). For instance, Dimitriou (50) presented a constant-time protocol for RFID mutual authentication, see Figure 3.6. Each tag stores a secret key Ki−1 and computes a hash function H. The reader invokes the protocol by sending a nonceNR to the tag. The tag computes first H(K_i−1), generates a random nonce N_T and evaluates MAC_Ki−1(N_T, N_R) using its secret key K_i−1. Finally, the tag replies with messager = (NT, H(K_i−1),MAC_Ki−1(NT, NR)). The reader identifies the tag usingH(K_i−1) in constant time, then retrieves K_i−1 and verifies the MAC. If the authentication succeeds, the reader computes the tag’s new keyKi which it uses to evaluateMAC_Ki(NT, NR). The tag authenticates the reader, and if the authentication is successful, the tag updates its key. Since the tag sends the hash of its keyH(K_i−1) in every protocol invocation, the tag is traceable until the next successful protocol execution.

50

3.3 RFID Authentication Protocols

Also, Molnar et al. (117) presented a scheme that achieves authentication in logarithmic time by organizing tags’ secrets in a tree where each node is mapped to some secret key. Each tag in this scheme is associated with a leaf in the tree, and it is assumed to store all the keys K₁, K₂, ..., K_d along the path from the root of the tree to its corresponding leaf. When a tag is queried with a nonceNR, it replies withNT, FK1(NT, NR), FK2(NT, NR), ..., FKd(NT, NR), where NT is a random number generated by the tag and F is a pseudorandom function.

Using the values transmitted by the tag, the reader identifies the path leading to the tag in logarithmic time³. In spite of the apparent efficiency of (117), the reliance on correlated keys to speed up the authentication procedure affects the privacy of tags; if an adversaryAlearns the secrets of one tag, he also learns the secrets of other tags.

Furthermore, Damg˚ard and Pedersen (42) proved the intuitive result that was already indicated in (92) which states that “any complete, sound and strongly privacy preserving (according to (92)) symmetric RFID system requires the reader to perform a linear search in its database, in order to identify and authenticate tags”. Thus, the authors suggested limiting the number of tags that an adversary can corrupt in order to assure soundness, privacy and efficiency.

Finally, Di Pietro and Molva (48) proposed an RFID protocol called DPM that combines lightweight identification with symmetric authentication. The idea is to use a lightweight primitive (bitwise operations) to identify the tag first, then to use a keyed hash function for authentication. Consequently, the overall computational performances of the reader are improved. In each protocol execution, the reader is only required to perform binary operations and to compute one keyed hash function. However, Soos (150) found a key-recovery attack against the lightweight primitive of DPM.

The efficiency limitations of symmetric cryptography spurred interest in the use of public key cryptography in RFID environment, particularly elliptic curve cryptography so as to achieve constant time RFID authentication while protecting tag security and privacy. The challenges in using public key cryptography are keeping the computation load and the storage requirements on tags reasonable. Hence, most of the work on RFID public key authentication

3It is noteworthy that this protocol is very similar in principle to the tree walking algorithm used for tag singulation.

3. RFID SECURITY AND PRIVACY Prover

(sk, pk) = (s, g^−s)

x=H(g^r)

Verifier

e y=r+se

x=^? H(g^ypk^e) Figure 3.7: The GPS protocol

focused not only on proving privacy and security but also on implementation feasibility.