an optimal probabilistic solution for information confinement, privacy, and security in rfid systems

Journal of Network and Computer Applications 34 (2011) 853–863

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

1084-80

doi:10.1

� Corr

L.go S. L

E-m

(R. Di P

journal homepage: www.elsevier.com/locate/jnca

An optimal probabilistic solution for information confinement, privacy, andsecurity in RFID systems

Roberto Di Pietro a,b,�, Refik Molva c

a UNESCO Chair in Data Privacy, Universitat Rovira i Virgili, Tarragona, Spainb Universit �a di RomaTre, Dipartimento di Matematica, L.go S. L. Murialdo n. 1 00149, Roma, Italyc Institut EURECOM, 2229 route des cretes, BP 193, F-06560, Sophia-Antipolis cedex, France

a r t i c l e i n f o

Article history:

Received 1 November 2009

Received in revised form

10 April 2010

Accepted 28 April 2010Available online 11 May 2010

Keywords:

RFID systems

Information confinement

Security

Privacy

Probabilistic algorithm

45/$ - see front matter & 2010 Elsevier Ltd. A

016/j.jnca.2010.04.015

esponding author at: Universit �a di Roma Tre,

. Murialdo n. 1 00149, Roma, Italy. Tel.: +39

ail addresses: [email protected], dipiet

ietro), [email protected] (R. Molva).

a b s t r a c t

In this paper, we provide the following contributions to enhance the security of RFID based systems.

First, we assume that among multiple servers storing the information related to the tags some of them

can be compromised. For this new threat scenario, we devise a technique to make RFID identification

server dependent, providing a different unique secret key shared by a tag and a server. The solution

proposed requires the tag to store just a single key, thus fitting the constraints on tag’s memory. Second,

we provide a probabilistic tag identification scheme that requires the server to perform just bitwise

operations and simple list manipulation primitives, thus speeding up the identification process. The tag

identification protocol assures privacy, security and resilience to DoS attacks thanks to its stateless

nature. Moreover, we extend the tag identification protocol to achieve mutual authentication and

resilience to replay attacks. The proposed identification protocol, unlike other probabilistic protocols,

never rejects a legitimate tag. Furthermore, the identification protocol requires the reader to access the

local database (DB) of tags’ keys O(n) times—where n is the number of tags in the system—while it has

been shown in the literature that a privacy preserving identification protocol requires a reader to access

YðnÞ times this DB. In this sense, our protocol is optimal. Finally, the three features suggested in this

paper, namely, reader-dependent key management, tag identification, and mutual authentication, can

be independently adopted to build alternative solutions.

& 2010 Elsevier Ltd. All rights reserved.

1. Introduction

Radio Frequency IDentification (RFID) is a technology forautomated identification of objects and people. An RFID device,also known as tag, is a small microchip designed for wireless datatransmission. It is generally attached to an antenna in a packagethat resembles an ordinary adhesive sticker. The applicationsof RFID range from cattle monitoring to e-passport (Juels, 2006).Further, the advantages provided by RFID technology (e.g. inventoryvisibility and business process automation) are also pushingtowards the design, implementation, and deployment of large-scaleRFID infrastructures (Mo et al., 2009).

The other components of an RFID system are readers andservers. A reader is a device querying tags for identificationinformation, while all information about tags (ID, assigned keys,etc.) are maintained on servers. A server can be assigned multiple

ll rights reserved.

Dipartimento di Matematica,

3293758764.

[email protected]

readers; in this case it only engages in communication with itsconstituent readers. It is generally assumed to have a singlelogical server that might resolve to multiple physically replicatedservers. All communications between server and readers isassumed to be over private and authentic channels. Both readersand server do not suffer of constraints on power, processing,memory, and bandwidth.

Furthermore, based on a widely agreed assumption, servers,readers and the link between them are assumed to be trustedin that only the tags and the communication channel betweenthe tag and the readers are assumed to be potentially vulnerableto malicious attacks (Juels, 2006; Tsudik, 2006). In this paper, werelax this hypothesis by assuming a more general setting wherebytags, servers and readers can be subject to malicious attacks. Inthat context, we focus on the problem of tag identification bymultiple servers that are either replicas of the same logical serveror different servers governed by independent authorities. As aresult of the relaxed security hypothesis, the new requirement inthis setting is to cope with the compromise of servers. Apart fromthe obvious need to perform mutual authentication, as opposed toone-way authentication of the tag by the server, server compro-mise calls for new measures to prevent possible attacks originating

www.elsevier.com/locate/jnca

dx.doi.org/10.1016/j.jnca.2010.04.015

mailto:[email protected]




dx.doi.org/10.1016/j.jnca.2010.04.015

R. Di Pietro, R. Molva / Journal of Network and Computer Applications 34 (2011) 853–863854

from the leakage of secrets stored in the compromised server’sauthentication database. For instance, based on most existingtag authentication protocols, using the entries of a compromisedserver’s authentication database, the attacker can fabricateduplicate tags.

The first contribution of this paper is an information confine-ment technique aiming at keeping the impact of server compro-mise limited. Thanks to this technique, the compromise of aserver does not affect the authentication of any tag by otherservers, be they replicas of the same logical server or differentservers. A simple solution for confinement could consist of havingeach tag and server pair share a unique set of secrets. However,this solution would not be suitable with the memory constraintsof RFID tags since with m servers, each RFID tag would have tostore m pieces of information. The solution proposed in this paperrequires the RFID tag to store a single secret key for all servers yetassuring the confinement property in case of server compromise.

Another challenging issue that affects the RFID systems is theresponsiveness of the server during tag identification. It is usuallythe case that the server needs to search its DB of locally storedkeys and to perform a cryptographic operation on each of thesekeys in order to identify the tag. In some scenarios the cost andthe time required to identify a tag can be prohibitive due to thetotal number of tags that can potentially interact with the sameserver. Existing proposals for RFID try to reduce the complexity ofthe search operation performed by the server without requiringthe tag to perform costly operations. Along the same lines, thesecond contribution of this paper is an efficient identificationtechnique based on a probabilistic mechanism for the server toidentify the tag that requires the tag to perform only bitwiseoperations, and the server to perform, other than bitwiseoperations, few simple list manipulation primitives. Note thatour identification protocol requires the server to access just O(n)its local DB of tags’ keys—where n is the number of tags in thesystem—while it has been shown in Damgard and Pedersen(2008) that, to preserve privacy, YðnÞ access to the DB arerequired. In this sense, our proposal is optimal. Further, note thatour identification protocol, unlike other probabilistic solutions, byconstruction cannot reject a valid tag during the identificationprocess. A thorough assessment of security and privacy achievedby the identification protocol is also provided.

Through a three-way handshake protocol this identificationtechnique also achieves mutual authentication, as well asresilience against DoS and replay attacks.

Finally, the three features suggested in this paper, namely,reader-dependent key management, tag identification, and mu-tual authentication, can be independently adopted to buildalternative solutions.

The sequel of the paper is structured as follows: next sectionintroduces the related work; Section 3 outlines the systemassumptions and Section 4 presents a mutual authenticationprotocol incorporating the confinement and probabilistic identi-fication techniques, while Section 5 is devoted to assess thesecurity and privacy of the proposed protocol. Section 6 focuseson further security properties and provides overhead analysis.Finally, in Section 7 we expose some concluding remarks.

2. Related work

A standard approach to provide security in RFID protocols(Molnar and Wagner, 2004; Rhee et al., 2005) consists of using aunique key for each tag such that only the verifier (server) knowsall the keys. This approach suffers from an expensive timecomplexity on the server side. Indeed, because only symmetriccryptographic functions can be used, the server needs to explore

its entire database in order to retrieve the identity of the tag it isinteracting with. If n is the number of tags managed by the server,O(n) cryptographic operations are required to identify one tag.The advantage of the server over an adversary is that the serverknows in which subset of identifiers it needs to search while theadversary has to explore the full range of identifiers.

In Molnar and Wagner (2004) a proposal that requires justlogd n interactions between the server and a tag for the server toidentify the tag is proposed. However, this approach requires logdkeys to be stored on each tag and in Avoine et al. (2005) it hasbeen proved that this technique weakens the privacy when anadversary is able to tamper with at least one tag. Further, themore tags an adversary tampers with, the more privacy isexposed.

A general solution, also adopted in Tsudik (2006) and Rheeet al. (2005) is to employ hash chains to allow tag identificationand mutual authentication between the tag and the server.However, note that the hash chain length corresponds to thelifetime of the tag, which must be therefore stated in advance,leading to a waste of memory on the server side. Moreover, as thesame author of Tsudik (2006) recognizes, this solution is prone toDoS attack, in that an adversary can easily exhaust the hash chainvia reading attempts.

In Avoine et al. (2005) and Avoine and Oechslin (2005) theauthors optimize a technique originally proposed in Hellman(1980). This technique allows to trade-off between time and thememory required on the reader. In particular, the time T requiredto invert any given value in a set of N outputs of a one-wayfunction hð3Þ with the help of M units of memory is T ¼N2g=M2,where g is a factor (usually a small one: o10) to account forsuccess probability. However, note that the technique is stillprone to DoS attack and requires more computations on theserver side. Leveraging this idea, in Conti et al. (2007) the authorspropose a new RFID protocol—RIPP-FS—that enforces privacy andforward secrecy, as well as resilience to a specific DoS attack,where the goal of the adversary is to force the tag to overuse thehash chain that has a finite length originally set to last for the tag’sexpected lifetime. The protocol is further extended in Conti et al.(2010). Note that our protocol provides, through a three wayhandshaking, mutual authentication but not forward secrecy.

Aforementioned solutions assume that servers are trusted andcannot be compromised. The first requirement raised by relaxingthis hypothesis is for mutual authentication. An interestingsolution to mutual authentication is exposed in Juels and Weis(2005): the authors are inspired by the work in Hopper and Blum(2001) to introduce the HB+ protocol, a novel, symmetricauthentication protocol with a simple, low-cost implementation.The security of the HB+ protocol against active adversaries isproved and based on the hardness of the Learning Parity withNoise (LPN) problem. The protocol is based on r rounds, where r isthe security parameter, and each round requires the tag and theserver to send a message of j‘j bits to each other, where j‘j is thekey length; to perform two inner product over terms of j‘j bits. Afurther work (Gilbert et al., 2005) showed the vulnerability of theHB+ protocol against a man in the middle (MIM) attack. A fix tothe MIM attack HB+ was subject to was proposed in Bringer et al.(2006), through the HB++ protocol. Furthermore, HB++ was provenin Piramuthu (2006) to be subject to a particular attack in whichthe adversary could gain knowledge of the private key of the tag,hence jeopardizing the authentication mechanism. Finally, tocomplete (so far) the HB saga, in Gilbert et al. (2008) the authorsintroduce a new protocol denoted random�HB]. This proposalavoids many practical drawbacks of HB+, while remainingprovably resistant to attacks in the model of Juels and Weis(2007); at the same time it is provably resistant to a broader classof active attacks that include the attack of Gilbert et al. (2005).

R. Di Pietro, R. Molva / Journal of Network and Computer Applications 34 (2011) 853–863 855

Further, the authors introduce an enhanced variant, called HB],that offers practical advantages over HB+.

As for recent attacks on a particular class of protocols, that isprotocols that are based on linear transformations, there are tworelevant papers to cite. In the first one (Ouafi and Phan, 2008), theauthors analyze the privacy of some recently proposed RFIDauthentication protocols and show how to compromise thisproperty. It is worth noticing that the protocol in Castellucciaand Soos (2007), inspired by Di Pietro and Molva (2007), is subjectto a linear algebra attack based on the fact that the protocol isbased on linear transformation only. A general way to buildattacks based on linear algebra for protocols that leverages lineartransformations only and a new framework for the evaluation ofprivacy can be found in van Deursen et al. (2008) and Blass et al.(2009). In particular, note that the same protocol in Di Pietro andMolva (2007)—the one the solution presented in this paper isinspired by—is subject to a linear algebra attack, that will bediscussed in detail in Section 5. However, in the same section wewill prove that this proposal provides both key secrecy andprivacy.

Note that, with respect to Di Pietro and Molva (2007), thenovel contributions of this proposal are: a modified version of theprotocol, fixing the cited flaw; the proof in the Juels–Weis modelof the granted privacy; a new set of simulations; and a proof of theoptimality of the identification protocol. Mutual authenticationand (stateless) session freshness, also provided in Di Pietro andMolva (2007), are guaranteed holding in this new proposal aswell.

The need for solutions addressing security and privacy isrecognized in the literature (Sheng et al., 2008). In particular,in Mitrokotsa et al. (2009) the authors present a structuralmethodology to assess the risks that RFID networks face bydeveloping a classification of RFID attacks, presenting theirimportant features, and discussing possible countermeasures.

A recent paper with a fundamental result in the RFID area isDamgard and Pedersen (2008). In that paper the authors proposea model and definition for anonymous (group) identification thatis well suited for RFID systems. Further, for the case where tagshold independent keys, they prove a conjecture by Juels and Weis,namely in a strongly private and sound RFID system using onlysymmetric cryptography, a reader must access virtually all keys inthe system when reading a tag. This poses on a reader a lowerbound of YðnÞ access to its local memory. Other interestingprivacy models proposed in the literature are Juels and Weis(2007) and Vaudenay (2007). In particular, the former will beadopted in this paper.

Finally, note that the papers cited in this section are just a niceintroduction into the applications and security requirements ofRFID systems—where we have highlighted the ones morerelevant to the context and scope of our contribution. For acomprehensive set of references to the RFID area, includingsolutions related to tags compromise, we would like to point thereader to Avoine’s repository of RFID literature.

Fig. 1. The proposed protocol.

3. System assumptions/model

The components of the system are: tags, readers and keydistribution centers (KDCs). KDCs represent the authorities rulingover a set of tags. Each KDC generates a unique key ki of ‘ bits forevery tag Ti that is under its jurisdiction and securely stores it inthe tag. The KDC also provides each reader readerj that isauthorized to identify a tag Ti that is under its jurisdiction witha derived tag identification key ki,j along with the identifier IDi ofthe tag. Each tag can thus be identified by one or several readersbased on the derived tag identification keys distributed by the

KDC. Each reader keeps in a secure key database (KDB) the set ofderived tag identification keys and identifiers of the tags it isauthorized to identify. In this model a reader can be associatedwith more than one KDC or be able to identify tags issuedby several authorities. Finally, note that a KDC could now becomea point of failure. While security of a KDC is out of the scopeof this paper, we would like to point out that, for someapplications (e.g. e-passport), there could be measures to securesuch a single point of failure. Nevertheless, this issue calls forfurther investigation.

Each tag has the capability to run a pseudo-random numbergenerator (PRNG) that generates at every invocation an output of‘þ1 bits, and a secure hash function hð3Þ, with an output over ‘bits. Note that these assumptions are coherent with the ones inthe literature (Tsudik, 2006; Molnar and Wagner, 2004; Avoineet al., 2005). The KDC assigns a unique key ki to Ti. The derivedtag identification key ki,j will be generated by the KDC duringthe initialization of readerj’s KDB, based on the expression ki,j ¼

hðkiJreaderjJkiÞ, where ‘‘J’’ denotes concatenation.In the following we will assume the KDB to host n elements,

where n is the number of tags in the system. These n elements areorganized in a linked list data structure, with the usual operationsassociated to a list. In particular, if we are examining the gthelement of KDB, then KDBg.key returns key kg,j, while KDB.next

returns the pointer to the next element in the list.

4. The protocol

This section presents the protocol implementing informationconfinement and probabilistic identification. Further details arethen provided on the mutual authentication and the lookupprocess that is the underpinning of the probabilistic identificationtechnique.

4.1. Overview of the solution

Our proposal for tag identification and mutual authenticationis based on a simple three-way handshake, as depicted in Fig. 1. Inthe first flow, the reader sends a challenge and its identity to thetag. The tag replies with a response message computed based onits secret key, the identity of the reader, the challenge and a set oflocally generated pseudo-random numbers. The reader retrievesthe identity of the tag through a lookup in its local database. Ifthe lookup succeeds, the reader has authenticated the tag. The lastflow of the protocol allows the tag to authenticate the reader. Themain idea of our solution for information confinement is a reader-dependent identification mechanism that allows each reader(or the server to which the reader is connected to) to identify andauthenticate a tag based on some long-term secret (ki,j) that isdifferent on each server whereas each tag keeps a unique secretidentification key (ki) for all readers. During the identificationprocess each tag generates a temporary reader-dependent secretbased on the identifier IDj of the reader it is communicating


with and its unique secret identification key ki, computingki,j ¼ hðkiJIDjJkiÞ. The advantages of the reader-dependentmechanism are twofold:

�
confinement of exposure: compromise of the long term secretsat a reader does not impact the identification of the same tagby other readers; in particular, the impersonation of thesesecrets does not allow an intruder to impersonate the tag withrespect to other readers. � selective reader access or non-transferable tag identifica-
tion capability: the set of readers authorized to perform tagidentification can be controlled based on each reader’sidentity. Since the long-term identification secret for a tag istightly bound with each reader’s id, the identification cap-ability cannot be transferred among readers with differentidentities and the set of tags each reader is authorized toidentify can be determined based on the set-up of long-termidentification keys.

Another innovative feature of our proposal is the lookupprocess. Based on the response message transmitted by the tag,the reader searches the matching entry of its database (if any)by iterative elimination of the entries that cannot match withthe message from the tag. The response message includes a seriesof verification values ða1, . . . ,aqÞ computed under the key ki,j

associated with the tag and the reader. Each verification valueallows the reader to eliminate about one-fourth of the elements inthe KDB. By subsequently eliminating elements in the list, thereader achieves the identification of the tag.

Unlike other solutions whereby each step of the lookupprocess requires encryption or hashing, the lookup processdepicted in this paper is efficient in that it requires just O(n)bit-wise operations (where n is the number of tags) and simplelist manipulation primitives. By construction, the protocol neverrejects legitimate tags. On the other hand, the probability for theprotocol to accept an illegitimate tag (a tag for which there is noentry in the KDB) is a system design parameter that can be set toany small, non-zero value ðe40Þ.

4.2. Lookup process

The lookup process allows the reader to identify the tag basedon the following messages sent by the tag in the second flowof the protocol: /a1, . . . ,aq,V ,oS, where o¼ hðki,jJnjJr1Jki,jÞ, V is abit vector of length q. For pA ½1, . . . ,q�, ap and V[p] are defined asfollows:

ap ¼ ki,j � rp ð1Þ

V ½p� ¼DPMðrp,0Þzp � DPMðrp,1Þð1�zpÞ ð2Þ

where the value rp consists of the first ‘ bits generated by theinvocation of the PRNG. To ease protocol exposition we will referto the first ‘=2 bits of rp with rp,0 and to the remaining ‘=2 bitswith rp,1, that is rp ¼ frp,0Jrp,1g. The last bit returned by theinvocation of the PRNG is assigned to the variable zp. Note that thebit length of rp and ki,j is the same, that is jki,jj ¼ jrpj ¼ ‘. Also for ki,j

we can introduce a different notation to refer to the first ‘=2 bits(ki,j,0) or the remaining ‘=2 bits (ki,j,1) of the key. In the sequelof the paper, we assume, without loss of generality, that ‘ is amultiple of 6; further, for the sake of clarity and ease of notation,when it will be clear from the context to which key we arereferring to, we will omit the indexes {i,j} and will refer to ki,j, ki,j,0,and ki,j,1 as k, k0, and k1 respectively.

The function DPM : f0,1g‘-f0,1g is defined as follows:

DPMðrpÞ ¼ PðMðS1Þ, . . . ,MðS‘=3ÞÞ

where each Si accounts for a triplet of bits of rp as follows:

Si ¼/rp½3i�2�,rp½3i�1�,rp½3i�S, i¼ 1, . . . ,‘=3

the function M : f0,1g3-f0,1g is the simple majority function,indicating whether its input has more 1s than 0s or vice versa:

Mðb1,b2,b3Þ ¼ ðb14b2Þ3ðb14b3Þ3ðb24b3Þ

and P : f0,1g‘=3-f0,1g is the standard parity function; that is,given TAf0,1g‘=3, it holds:

PðTÞ ¼ "‘=3

i ¼ 1T½i�

For each value ap ðpA ½1, . . . ,q�Þ transmitted by the tag, the readerwill perform a check for each of the elements in the list. Let usfocus on the gth element of the KDB; the following check will beperformed:

1.
compute r0 ¼ KDBg :key� ap; 2. check if ððDPMðr00ÞaV ½p�Þ4ðDPMðr01ÞaV ½p�ÞÞ.
If the test succeeds, the gth element is removed from the listand the next element of the KDB, if any, is examined. However, ifthe test fails, the current element of KDB cannot be discarded.Indeed, if KDBg is the pointer to the actual element associatedwith the tag (that is, if KDBg.key¼ki,j), the test will fail byconstruction. On the other hand, if the test succeeds, the currentelement can be discarded from KDB since it definitely cannot bethe one associated with the tag. Finally, for each ap on the averageone-fourth of the elements of the list are eliminated. A thoroughanalysis of the lookup process can be found in Section 4.4.

4.3. Mutual authentication and session freshness

Once the reader has identified the tag—ki,j is the elementpointed by KDB and returned by the identification protocol—the reader recovers r1 ðr1 ¼ a1 � KDB:keyÞ and using that valueit proceeds to the authentication of the tag. To that effect,the reader checks the freshness of the session by computingz¼ hðki,jJnjJr1Jki,jÞ and verifying whether z¼o. If the latter matchsucceeds, the reader has successfully authenticated the tag andverified the freshness of the session. Note that a simpler version ofthe protocol that provides only tag authentication based on thelookup process can be designed with a significant advantageof keeping the computational overhead of the tag at the lowest.Indeed, in that version of the protocol providing one-wayauthentication of the tag to the reader, the tag would need toperform just the hash required to compute the reader-dependentkey (kij), while saving the second hash computation representedby the symbol o. Indeed, for every e40, it is possible to select avalue q such that the probability for the lookup process ofaccepting a bogus tag is below e, as will be shown in Lemma 4.4.

We then turn to the authentication of the reader by the tag.Once the reader has successfully identified the tag, the reader caneasily retrieve each of the q values rp ðpA ½1, . . . ,q�Þ generated bythe tag. Indeed, from Eq. (1), rp can be computed by the reader as:rp ¼ ap � KDB:key. Hence, the reader authenticates itself to the tagand assures the freshness of the session by sending the tag thevalue hðKDB:keyJr1JKDB:keyÞ that is, hðki,jJr1Jki,jÞ. If this valuematches with the one locally stored on the tag—computed by thetag when r1 was generated—then the tag authenticates the readerand it is also assured about the freshness of the session.

Note that in the event that the tag is not part of the reader’sKDB, the identification will fail and the reader will not be able toreply with a well-formed authentication message. In this case thereader could reply with an error message but in order to preventpotential polling attacks through which an intruder would try to


check if some tag is registered with a reader, the reader willgenerate instead a random string of jhj bits and will send it backto the tag.

4.4. Analysis

Server compromise: In case readerj is compromised the attackercan only access ki,j, i¼1,y,n. Under the assumption that the hashfunction is one-way, it is impossible to derive ki even havingknowledge of ki,j; hence the attacker cannot impersonate any ofthe n tags within any run of the protocol with any other reader.Further, note that the reader cannot impersonate any reader otherthan readerj either.

Identification protocol: In the sequel we analyze the termina-tion and correctness of the protocol based on the properties of thelookup process.

Protocol termination: From Algorithm 1 it can be verified thatthe protocol terminates after a finite number of iterations in thetwo inner loops. As for its completion, it is straightforward to seethat it requires, on the average, 4n steps—where each step has acost proportional to the operations in lines 1.11–1.17, that is, bit-wise xor operations, a comparison, and a simple list manipulationoperation. In what follows we sketch the proof that its completiontakes, w.h.p., at most O(n) steps.

Algorithm 1. Lookup.

Global variables: n; q; KDB
Input: /a1, . . . ,aq,V ,wS Output: The elements left in the KDB.
1.1
/* Elements are organized in a list data structure */ 1.2 /* KDB is a pointer to the first element of the list */ 1.3 type node¼record 1.4 key: tag_key
1.5
next : node
1.6
end 1.7 aux¼new(node) 1.8 aux:next¼ KDB
1.9
a¼0 1.10 while aoq do� 1:11
1:12

1:13

1:14

1:15

1:16

1:17

1:18

1:19

while notðaux:next:next¼ nullÞ do

/r00,r01S¼ aa � aux:next:key

if ððDPM ðr00ÞaV ½a�Þ4ðDPM ðr01ÞaV ½a�ÞÞ then

j removeðaux:nextÞ

else

j aux:next¼ aux:next:next

end

��end

aþþ ; aux:next¼ 4KDB

��
1.20 end 1.21 if 4KDB:next¼ null then 1.22 j fail
1.23
else 1.24 j return 4KDB
1.25
end
Lemma 4.1. The protocol in Algorithm 1 terminates in O(n) steps

with high probability.

Proof (Sketch). The proof consists of two steps. In the first stepone can prove (using the Chernoff bounds) that w.h.p., for everyvalue aa ¼ ki,j � ra presented in input to the algorithm, this valueallows to eliminate at least 1/8 of the elements in the list—exceptthe element corresponding to ki,j if any—provided that there are

ffiffiffinp

elements in the list. The elimination process fails (S 1) withprobability less than 1/n.

The second step shows that withffiffiffinpðlognÞ operations, the

remainingffiffiffinp

elements can be eliminated—except the element

corresponding to ki,j if any. The elimination process (S 2) fails with

probability less than 1/n (this is a straightforward application of

the occupancy problem). Hence, the algorithm does not terminate

if step one or step two fail, that is

Pr½S13S2�rPr½S1�þPr½S2�r2Pr½S2� ¼2

n&

Protocol correctness: The following lemma shows that theproposed protocol will never reject a valid tag, while it couldaccept a bogus tag or return the wrong element of the KDB for avalid tag, with a probability e, where e can be decided at thedesign phase.

Lemma 4.2. For each valid input to the Lookup Process provided by

a valid tag Ti, this tag will not be removed from the list KDB on all

iterations of the Lookup Process.

Proof. By construction, a key ki,j corresponding to a valid inputwill never be discarded during any of the tests in the inner loopstarting at line 1.10 of Algorithm 1; hence, Ti will not be removedfrom the list KDB. &

Lemma 4.3. Given p,qARf0,1g, for r0ARf0,1g‘ it holds that

Pr½DPMðr00Þpaq4DPMðr01Þð1�pÞaq� ¼ 14

Proof.

Pr½DPMðr00Þpaq4DPMðr01Þð1�pÞaq� ¼ 1�Pr½DPMðr00Þp

¼ q3DPMðr01Þð1�pÞ ¼ q� ¼ 1�Pr½DPMðr00Þp¼ q�

þPr½DPMðr01Þð1�pÞ ¼ q��Pr½DPMðr00Þp¼ q4DPMðr01Þð1�pÞ ¼ q�

¼ 1�Pr½DPMðr00Þp¼ q�þPr½DPMðr01Þð1�pÞ ¼ q�

�Pr½DPMðr00Þp¼ q�Pr½DPMðr01Þð1�pÞ ¼ q�

¼ 1�ð12 þ12 �

12

12 Þ ¼

14 &

Lemma 4.4. A randomly chosen input will be accepted by the

Lookup Process with probability less than e, where e is chosen at the

design phase.

Proof. Let I¼/a1, . . . ,aq,V ,wS be a randomly chosen input forthe Lookup Process. Let Xi[u] be the random variable that takes onthe value 1 if the verification of value ai does not cause theremoval of an element from the KDB list as in Algorithm 1—thatis, if the test ðDPMðfai � KDBu:keyg0ÞaV ½i�4DPMðfai �

KDBu:keyg1ÞaV ½i�Þ fails—and 0 otherwise. In order for I to beconsidered a valid input with respect to a single element (KDBu) ofthe KDB, all q tests have to fail. This happens with probability:Pr½Eu� ¼ Pr½X1½u� ¼ 14X2½u� ¼ 14 � � �4Xq½u� ¼ 1�. Since the Xi arei.i.d., we have that Pr[Eu]¼Pr[X1[u]¼1]q where, as shown inLemma 4.3:

Pr½X1½u� ¼ 1� ¼3

4

Since there are n elements in the KDB, if Ei is the event that the i

element survives, the probability that at least one of themsurvives after q steps is

Pr½E13 � � �3En�rn Pr½E1�onð3=4Þq ¼

ffiffiffi3p

2

!2q�logn

Now let r be the highest value such that er ðffiffiffi3p

=2Þr . If we setq¼ dr�logn=2e, the lemma holds. &

In Fig. 2 we plot the function ðffiffiffi3p

=2Þ2q�logn. The x-axis, that variesin the range [16,384,y,65,536] refers to the number of tags in the

240003200040000480005600064000 n

30354045505560q

00.5

11.5

22.5

33.5

4

num

ber o

f can

dida

tes

Fig. 2. Relationship between q, n, and the false acceptance rate.

50

100

150

200

250

300

350

400

450

500

10 20 30 40 50 60

num

bero

fcan

dida

tes

Experimental resultTheoretical values n(3/4)q

0

1

2

3

4

5

6

35 40 45 50 55 60

Experimental result

Theoretical values n(3/4)q

q (number of αi)

Fig. 3. Reader false acceptance rate: comparison of analytical and experimental results.


system, while the y-axis, in the range [28,y,64] represents thevalue of q. As it can be seen from this chart, the acceptance rate ofthe protocol is quite efficient, in the sense that small values of q

are sufficient to greatly reduce the number of false negativeswhereby bogus input would be accepted as legitimate ones—thisnumber goes practically to zero, as q increases.

Fig. 3 depicts an experiment that corroborates the previousresult. Using a simulator that implements Algorithm 1, wegenerated a KDB of 32,768 entries, and tested the number ofactive entries that were left in the KDB for an increasing size of thevalue q, that is the number of random ai values sent by the tagto the reader. In particular, q varies in the range [log n,y,4 logn],that is in the range [15,y,60], using an incremental step of 1. Thex-axis represents the value of q, while on the y-axis represents thenumber of active entries left in the KDB. To amortize statisticalfluctuation, for each value of q, we performed 64 identificationattempts, and we reported on the y-axis the number of activeentries left in the KDB, averaged over these 64 protocol runs. Asit can be derived from Fig. 3, the number of active entries left inthe KDB that result from the simulation is in accordance withthe theoretical result of Lemma 4.4. In particular, the theoreticaland the experimental curve tightly match for values of q below 30(that is 2 log n), and the same qualitative behavior can beappreciated for increasing values of q, even if the experimentalcurve is more subject to the effect of the non-null variance.

Theorem 4.5. On a valid input I generated by a legitimate tag (Ti)the Lookup Process will return only one element in the KDB list,corresponding to tag (Ti), with probability at least 1�e, where e is

chosen at the design phase.

Proof. This theorem can be reworded as: on a valid input, whenthe Lookup Process ends, the probability that the list KDB has justone element, and that this element is the one matching the input,is 1�e. The proof of this theorem follows from Lemmas 4.2 and4.4. Based on Lemma 4.2 the probability that the list KDB has atleast one entry after the last iteration of the Lookup Process is 1.The probability that the list KDB has more than one element is thesame as the probability that a randomly chosen input is accepted,that is less than e by Lemma 4.4. &

5. Key secrecy and privacy

5.1. Key secrecy

The proposed protocol cannot achieve perfect key secrecy, due tothe fact that one bit of information on the key is leaked with everyvalue ai. Furthermore, linear algebra could be a powerful tool whenused against a protocol that has only linear transformation. Theseobservations have been used to mount an attack on the privacy of anearlier version of our protocol (Di Pietro and Molva, 2007), as detailedin van Deursen et al. (2008). We first provide a brief summary of theattack method developed in this paper in order to further evaluate thecurrent protocol with respect to this method.

In van Deursen et al. (2008), the authors focus on the amountof information that is leaked through the DPM function and theresulting relation between ai and V[i]. In particular, starting by asystem composed of ‘þ1 tuples:

k� r1, DPMðr1Þ

. . .

k� r‘þ1, DPMðr‘þ1Þ

8><>: ð3Þ

the authors associate to each tuple the equation: DPMðk� aiÞ ¼

DPMðriÞ, where the unknown is just k; based on the previousequation, and with a few further linear algebra considerations, itis shown how to obtain a system of equations of the form

Ax¼ v

where A is an ‘ � ‘ matrix that is non-singular with probabilityp40:2. If the system has a solution, then x is the key k (withprobability ð1=2Þ‘=3). Apart from key secrecy, the privacy of the tagis also threatened based on this attack (refer to van Deursen et al.,2008 for further details).

In the sequel we will consider the feasibility of this type ofattack on the protocol suggested in this paper. If A were able toobtain a system of tuples as in (3), then the security and privacy ofthe protocol should be analyzed with respect to the solution of theresulting system of equations. Initially we assume that the matrixA that would be obtained with the system of equations derivedfrom our protocol is non-singular, with a significant advantagefor A.

We first introduce an imaginary attack scenario in order togive the intuition behind the security evaluation that will bepresented further.

Note that a tuple ai,V ½i� can be written as

k� ri,DPMðri,0Þzi � DPMðri,1Þð1�ziÞ

The above tuple can be also written as the following system:

k0 � ri,0, DPMðri,0Þzi

k1 � ri,1, DPMðri,1Þð1�ziÞ

(


Note that each first element of the above tuples (that is, k0 �

ri,0 and k1 � ri,1) now has a length of just ‘=2 bits. Assume that thevalue zi is given (w.lo.g. zi¼1): on one hand we can write a tuplein the form: k0 � ri,0, DPMðri,0Þ, on the other hand the other tuplewill disclose no information at all.

If A is able to produce:

�
an assignment to ð‘=2þ1Þ zi variables that can allow it toproduce ‘=2þ1 tuples of the form k0 � ri,0, DPMðri,0Þ; � an assignment to further ð‘=2þ1Þ zi variables that can allow it
to produce ‘=2þ1 tuples of the form k1 � ri,1,DPMðri,1Þ,

then it is able to build the systems:

k0 � r1,0, DPMðr1,0Þ

. . .

k0 � r‘þ1,0, DPMðr‘þ1,0Þ

8><>: ð4Þ

k1 � r1,1, DPMðr1,1Þ

. . .

k1 � r‘þ1,1, DPMðr‘þ1,1Þ

8><>: ð5Þ

However, a correct assignment for these ð‘þ2Þzi variables hasprobability:

ð12 Þ‘=2þ1

ð12 Þ‘=2þ1

¼ ð12Þ‘þ2

to occur.In the above attack, the poor performance of A is due to the

fact that it did not leverage the information disclosed by the tag(that is, V[i]). Leveraging this information, that is also themaximum amount of information that can be extracted from atuple, paves the way to the following attack.

Theorem 5.1. Analyzing ‘þ2 tuples of the form /k� ri,V ½i�S, A has

probability at most ð3=4Þ‘þ2 to disclose secret key k.

Proof. Let us focus on the two tuples:

k0 � ri,0, DPMðri,0Þzi

k1 � ri,1, DPMðri,1Þð1�ziÞ

(

Note that, by construction, the disclosed value V[i] is either

DPM(ri,0), or DPM(ri,1)—it depends on the variable zi. The strategy

played by A follows: it first randomly decides whether zi¼0 or 1,

and then assigns the value V[i] consequently. Note that if zi¼1

then Awill add one tuple to the system in (4); if zi¼0, then Awill

add one tuple to the system in (5). Without losing of generality,

let us assume that A chooses zi¼0, that is it assigns V[i] as the

second element of the first tuple (DPM(ri,0)¼V[i]) and uses this

tuple to populate the system in (4).

Note that the probability (E 1) for k0 � ri,0 to be assigned the

exact result of DPM(ri,0) is (3/4). Indeed, let A be the event that Acorrectly guessed the assignment to zi, and denote with A the

complementary event:

Pr½E1� ¼ Pr½E14ðA3AÞ� ¼ Pr½E14A�þPr½E14A�

¼ Pr½E1jA�Pr½A�þPr½E1jA�Pr½A� ¼ 112 þ

12

12 ¼

34

That is, with probability 34, A is able to add a tuple either to the

system in (4) or to the system in (5). To complete the first system,

‘=2þ1 tuples are needed, and the same holds for the second

system. However, tuples are independent, hence the probability

for A to find out a correct assignment for all of the ‘þ2 tuples is

given by: ð34 Þ‘þ2. &

We can leverage the above theorem to find out an appropriatekey bit length ð‘Þ. Indeed, if we set e¼ 2�80, and we require the

above probability to be below e, we need to verify that: ð34 Þ‘þ2re;

to satisfy the further requirement that ‘ has to be a multiple of 6,we just need to set ‘¼ 192. This setting can be also read as: if thereader and the tag exchange ‘¼ 192 tuples, the probability for Ato recover the key is less than e¼ 2�80.

5.2. Privacy

We first introduce a model that is widely adopted for privacyevaluation. We then proceed to the evaluation of our protocolbased on this model.

5.2.1. Privacy model

Juels and Weis (2007) introduced a privacy model thatprovides one of the most comprehensive settings for privacyevaluation of RFID protocols—even though a few other ones exist(Vaudenay, 2007).

In this model the system consists of a reader R and a setof n tags T1, y, Tn. Each party is a probabilistic interactive Turingmachine with an independent source of randomness andunlimited internal storage. Tags and readers are modeled as‘‘ideal functionalities’’, as in Canetti (2001). Functionalities mayreceive messages, and may respond with messages of their ownthrough their interfaces.

Tag functionalities: Each tag functionality Ti stores an internalsecret key and a session identifier sid. A tag can be assigned a newkey via a SETKEY message. A tag responds to a SETKEY message bydisposing its current key. The caller may then send an arbitrarynew key to replace the prior key. A tag SID can be set to a newvalue sid via the message (TAGINIT,sid). TAGINIT messages deleteinformation associated with an existing sid. In other words, a tagmay be involved in only one protocol session at a time. A tag mayrespond to a protocol message or challenge, denoted cj, with aresponse rj.

Reader functionalities: The reader R is initialized with privatekey material. For the purposes of this model, this key material isimmutable and internal to the reader. Tag data may be thought ofas residing in a back-end database containing records of the tags‘‘owned’’ by a particular reader. The reader functionality initi-alizes a new session upon receipt of a message of the formREADERINIT. When receiving a READERINIT message, R generatesa fresh session identifier, sid, and the first challenge of aninteractive challenge-response protocol, c0. For each READERINITreceived, the reader creates a new internal entry of the form (sid,‘‘open’’, c0). Any responses containing sid are appended to thatentry, as well as subsequent challenges, or any other auxiliarydata. This entry is marked as ‘‘closed’’ and becomes read-onlywhen the reader ultimately accepts or rejects a session.

For further details on functionalities interaction and parame-

trization of the adversary, the reader should refer to Juels and Weis(2007).

Privacy experiment and definition: A privacy experiment for anRFID system is denoted by Exppriv

A,S ½‘,n,r,s,t�. Here, S¼(GEN,R,{Ti}),where {Ti} contains n tags. Let ‘ be a security parameter.Adversary A with parameters r, s, and t is denoted by A½r,s,t�,where r, s and t are respective parameters for reader initialization,computation steps, and tag initialization. Fig. 4 provides a detaileddescription of the privacy experiment.

A protocol run within an RFID system S¼ ðGEN,R,fTigÞ isdefined to be private if no adversary A½r,s,t� has a non-negligibleadvantage in successfully guessing b in the experiment in Fig. 4.This intuition is captured in the following definition, where polyð‘Þ

represents any polynomial function of ‘.

Definition 1 (RFID (r, s, t)-Privacy). A protocol initiated byR in anRFID system S¼ ðGEN,R,fT1, . . . ,TngÞ with security parameter ‘ is

Fig. 4. Privacy experiment in Juels and Weis (2007).

Fig. 5. Simplified version of the privacy experiment proposed in Juels and Weis

(2007), adapted to our protocol.


(r,s,t)—private if:

8A½r,s,t�Pr½ExpprivA,S ½‘,n,r,s,t� guesses b�r

1

2þ

1

polyð‘Þ

5.2.2. Privacy analysis

In this section we evaluate the privacy of our scheme using theprivacy model introduced in the previous paragraph. To accom-modate that framework to our scheme, note that the keysof the tag are completely independent of each other (underthe assumption that hash functions cannot be inverted) thus thecorruption of one tag does not affect the security of the rest of thesystem. Therefore, it is useless for adversary A to use the SETKEYprocedure to change the key of tags. It is also useless for A toexamine any other tags than the ones under its direct control, thatis Tn0 and Tn1. In our scheme, READERINIT is a simple triggeringmessage, so there is no need at all for A to execute it. Therefore,an instance of the privacy experiment as suggested by the modelcan be set up using our protocol as in Fig. 5.

In light of the randomization technique used in the protocol, inorder to mount an attack on our scheme, A has to find a collisionon Xb and one of the two sets: X0, X1. A collision is defined asfollows:

Definition 2 (Collision). Two tuples /eai,V ½i�S and /aj,V ½i�Scollide if ai ¼ aj.

A collision between the set of tuples obtained querying the twotags Tn0, Tn1 and the set of tuples obtained querying Tb, can beleveraged to compromise privacy. For instance, assume that thereis a collision between a tuple from X0 and a tuple from Xb; further,assume that Tn0 ¼ Tb. Then the probability that V[i]¼V[j] is equal

to 34. However, if there is a collision and T�0 aTb, then the

probability that V[i]¼V[j] is equal to 12.

The above observations could allow A to differentiate betweenthe two tags, as proved in the sequel of this section.

Lemma 5.2. Given the two tags Tn0 and Tnb, let E 1 be the event that

Tn0¼Tb (that is, b¼0), E 2 be the event that T�0 aTb, and let ‘‘coll’’ be

the event that there is a tuple from Tn0 and one tuple from Tb that

collide for some index i,j respectively. Further, assume that V[i]¼V[j].Then:

Pr½E1jðV ½i� ¼ V ½j�Þ4coll� ¼ 35 ð6Þ

Proof.

Pr½E1jðV ½i� ¼ V ½j�Þ4coll� ¼Pr½E14ðV ½i� ¼ V ½j�Þ4coll�

Pr½ðV ½i� ¼ V ½j�Þ4coll�

¼Pr½ðV ½i� ¼ V ½j�ÞjE14coll�Pr½E14coll�


¼Pr½ðV ½i� ¼ V ½j�ÞjE14coll�Pr½E14�Pr½coll�


¼ð3=4Þð1=2ÞPr½coll�

Pr½ðV ½i� ¼ V ½j�Þ4coll�¼

ð3=8ÞPr½coll�


We now need to assess Pr½ðV ½i� ¼ V ½j�Þ4coll�:

Pr½ðV ½i� ¼ V ½j�Þ4coll� ¼ Pr½ðV ½i� ¼ V ½j�Þ4coll4ðE13E2Þ�

¼ Pr½ðV ½i� ¼ V ½j�Þ4coll4E1�þPr½ðV ½i� ¼ V ½j�Þ4coll4E2�

¼ Pr½ðV ½i� ¼ V ½j�Þjcoll4E1�Pr½coll4E1�þPr½ðV ½i�

¼ V ½j�Þjcoll4E2�Pr½coll4E2� ¼ Pr½ðV ½i�

¼ V ½j�Þjcoll4E1�Pr½coll�Pr½E1�þPr½ðV ½i�

¼ V ½j�Þjcoll4E2�Pr½coll�Pr½E2� ¼ ð3=4ÞPr½coll�ð1=2Þ

þð1=2ÞPr½coll�ð1=2Þ ¼ ð5=8ÞPr½coll�

Hence, we have that

Pr½E1jðV ½i� ¼ V ½j�Þ4coll� ¼ð3=8ÞPr½coll�


¼ð3=8ÞPr½coll�

ð5=8ÞPr½coll�¼

3

5&


However, once a collision is obtained, it is possible that theinequality V ½i�aV ½j� holds as well. Based on the same reasoning aswith Lemma 5.2, we get the following lemma:

Lemma 5.3. Let T0 and Tb be two tags, E 2 the event that T0aTb, E 1the event that T0¼Tb, and ‘‘coll’’ the event that there is a tuple from

T0 and one tuple from Tb that collide for some index i,j respectively.Further, assume that V ½i�aV ½j�. Then:

Pr½E2jðV ½i�aV ½j�Þ4coll� ¼ 23 ð7Þ

Proof.

Pr½E2jðV ½i�aV ½j�Þ4coll� ¼Pr½E24ðV ½i�aV ½j�Þ4cool�

Pr½ðV ½i�aV ½j�Þ4coll�

¼Pr½ðV ½i�aV ½j�ÞjE24coll�Pr½E24coll�


¼Pr½ðV ½i�aV ½j�ÞjE24coll�Pr½E24�Pr½coll�


¼ð1=2Þð1=2ÞPr½coll�

Pr½ðV ½i�aV ½j�Þ4coll�¼

ð1=4ÞPr½coll�


We have to compute Pr½ðV ½i�aV ½j�Þ4coll�, that is

Pr½ðV ½i�aV ½j�Þ4coll� ¼ Pr½ðV ½i�aV ½j�Þ4coll4ðE13E2Þ�

¼ Pr½ðV ½i�aV ½j�Þ4coll4E1�þPr½ðV ½i�aV ½j�Þ4coll4E2�

¼ Pr½ðV ½i�aV ½j�Þjcoll4E1�Pr½coll4E1�

þPr½ðV ½i�aV ½j�Þjcoll4E2�Pr½coll4E2�

¼ Pr½ðV ½i�aV ½j�Þjcoll4E1�Pr½coll�Pr½E1�

þPr½ðV ½i�aV ½j�Þjcoll4E2�Pr½coll�Pr½E2�

¼ ð1=4ÞPr½coll�ð1=2Þþð1=2ÞPr½coll�ð1=2Þ ¼ ð3=8ÞPr½coll�

Hence

Pr½E2jðV ½i�aV ½j�Þ4coll� ¼ð1=4ÞPr½coll�

Pr½ðV ½i�aV ½j�Þ4coll�¼ð1=4ÞPr½coll�

ð3=8ÞPr½coll�¼

2

3&

Lemmas 5.2 and 5.3 show that, when a collision is found, A candecide with non-negligible probability if either Tb¼Tn0 or Tb¼Tn1, asthe following lemma shows.

Lemma 5.4. If there is a collision among the tuples in Xb and either

the tuples in X0 or the tuples in X1, then A can guess the value of b

with probability at least ð12 þ16Þ.

Proof. Let us assume w.lo.g. that there is a collision between Tb

and Tn0 (for index i,j respectively) and, on one hand, we have thatV[i]¼V[j]. Then by Lemma 5.2: Pr[T0¼Tb] ¼ 3

4 ¼12 þ

14. On the

other hand, if V ½i�aV ½j�, then by Lemma 5.3: Pr½T0aTb� ¼23. Since

b is either 0 or 1, it follows that Pr[T1¼Tb] ¼ 23 ¼

12 þ

16. &

According to the privacy model, A can perform x0 queries to Tn0and x1 queries to Tn1. When finally querying xb times tag Tb, as adirect consequence of the above lemma, A needs just to find out acollision between the tuples in Xb and the tuples collected in X0, X1

to succeed in the Exp described in Fig. 5, that is violating theprivacy of our protocol.

In the remainder of the analysis, we are interested in findingan assignment to the security parameter ‘ such that theprobability of finding a collision in the described privacy modelis negligible. In particular, let us define X0d the set built from set Xd

as follows: if /ai,V ½i�SAXd, then aiAX0d ðdAf0,1,bgÞ. To capturethe probability that a collision occurs, we have to compute:

Pr½cxb� ¼ Pr½ðX003X01Þ4X0b�

Lemma 5.5. Let ðPr½cxb�Þ be the probability of having a collision

between the x0+x1 tuples provided by the tags Tn0 and Tn1, where xb

represents tuples provided by the tag Tb (obtained by A querying tag

Tn0, Tn0, and Tb x0, x1, and xb times respectively). Let g¼x0+x1+xb, the

following inequality holds: Pr½cxb�r1�expð�g2=2‘þ1

Þ.

Proof. Assume that x0, x1 tuples have been collected querying tagTn0, Tn1 respectively. Collecting the tuples obtained querying tag Tb

exactly xb times, A will not obtain a collision with probability:

Pr½cxb� ¼ 1�

ðx0þx1Þ

2‘

� �xb

Zexp �2ðx0þx1Þxb

2‘

� �ð8Þ

Note that the above probability decreases if we assume that thereare no collisions among the two set X00 and X01; it further decreasesif we assume there are no collisions among the elements in X0b.Then we give A the advantage of considering: X00 \ X01 ¼ | andaeaad, 8ae, adAX0b, ead.

One goal of A is to minimize the overall number of queries

(g¼x0 + x1+xb), while minimizing the probability in Eq. (8).

Hence, for a given budget of queries (g), simple math can confirm

that the above equation is minimized for (x0+x1)¼xb¼g/2.

Hence we have: Pr½cxb�Zexpð�g2=2‘þ1

Þ, therefore:

Pr½cxb�r1�exp �

g2

2‘þ1

� �& ð9Þ

Theorem 5.6. Given f 40, for A to win the privacy experiment

ExpA,Spriv½‘,n,x0þx1þxb� with probability greater than 2� f it is

required to issue at least gZffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi2‘þ1�f

pqueries.

Proof. We have shown that, as a consequence of Lemma 5.4, ifthere is a collision in the privacy experimentExpA,S

priv½‘,n,x0þx1þxb�, A wins. The upper-bound ðe¼ 2�fÞ for the

probability of having a collision can be computed as follows:

Pr½cxb�r1�exp �

g2

2‘þ1

� �oe

that is: expð�g2=2‘þ1ÞZð1�eÞ, hence:

grffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi2‘þ1ð�lnð1�eÞÞ

qWe can simplify the above inequality by noticing that, for

0oeo1, we have �lnð1�eÞ4e. Note that this gives an additional

advantage to the adversary. Rewriting the above inequality, we

obtain: goffiffiffiffiffiffiffiffiffiffiffiffiffi2‘þ1e

p, that is

goffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi2‘þ1�f

qð10Þ

Therefore, if A does not perform at least g ¼ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi2‘þ1�f

pqueries to

the tags Tn0, Tn1, and Tb, its probability of obtaining a collision is

below e¼ 2�f . &

Finally, note that we can leverage the above theorem to find out

an appropriate key bit length ð‘Þ. Indeed, if we set e¼ 2�80, and werequire the above probability to be below e, we need to verify

that:ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi2‘þ1�f

pre. The assignment ‘¼ 240 is the minimum value

of ‘ that satisfies the above constraints, as well as the initialcondition that ‘ has to be a multiple of 6.

6. Further security properties and overhead

6.1. Mutual authentication

By Lemma 4.4 a bogus reply message generated by an attackercan be accepted with probability less than e only. Further, such ascenario can be made practically impossible by setting appro-priate values for q in order to keep e below a negligible value.Besides, even a successful attempt that achieves acceptance of therandom input by the Lookup Process cannot compromiseauthentication, since the attacker would not be able to complete


the remainder of the protocol flows without the knowledge of thelegitimate tag’s secret key. The choice of the particular expressionhðki,jJnjJr1Jki,jÞ combining the key and the nonces as part of theauthentication scheme is justified in Menezes et al. (1996).

As for replay attacks, the freshness of a session is guaranteedby binding the messages exchanged to the random valuesgenerated by both the tag (r1), and the reader (nj), as in Fig. 1.

6.2. DoS resilience

As opposed to other approaches (Tsudik, 2006; Avoine et al.,2005; Avoine and Oechslin, 2005), our protocol is stateless in thatthere is no need to store any state information such as timestampsor counter values beyond the execution of each protocol instance.The only piece of information that the tag has to persistently keep inmemory is the key ki. Hence, even if a tag is triggered t consecutivetimes by an attacker attempting to impersonate a legitimate reader,if the next reading is performed by a legitimate reader, the tag willbe correctly identified since the state has not been modified.Statelessness thus bestows our protocol with an inherent counter-measure against denial of service attacks. Furthermore, as a sideadvantage of statelessness, our protocol allows a tag to be read apractically unbounded number of times by a legitimate reader.

Finally, note that given the O(n) database lookup complexity,A could attempt to perpetrate a DoS attack by replaying previousprotocol sessions. Indeed, the reader would need to traverse theentire database, just to find out that the hash value o is incorrect.

However, once the DB has been scanned—the DB could beeasily hosted in main memory, hence the O(n) access would onlyconsume a limited amount of resources—the reader can even-tually become aware that the tag it is interacting with is a roguetag. At this stage, further countermeasures—out of the scope ofthe paper—could be taken to prevent the rogue tag fromexcessively repeating this attack, but in any case the presence ofA would be detected.

6.3. Overhead

The main computational overhead on the tag is due to thegeneration of the q values rp. These values could be computed via aPRNG. Similarly to what proposed in Tsudik (2006), in practice itcan be resolved as an iterated keyed hash (e.g. HMAC) computed onsome cheap, weak pseudo-random source (for instance circuitrynoise) and keyed on ki,j. The solutions in Feldhofer et al. (2005),Pramstaller et al. (2006), and Shamir (2008), matching the tighthardware constraints of RFID, could be adopted to serve as hashfunction—however, note that some issues still stand about thepossibility to implement standard hash functions on resourceconstrained RFID (Feldhofer and Rechberger, 2006); nonetheless,ongoing research in the field has highlighted triangular function(Klimov and Shamir, 2005; Muller and Peyrin, 2006) as aninteresting direction to possibly provide resource constraineddevices, such as RFID, with hash functions. Further, the tag requires

Table 1Comparison of our proposal with some protocols in Section 2.

Protocol Properties

Privacy Mutual auth. DoS

Our (this paper) Yes Yes Yes

OSK/OA (Avoine et al., 2005) Yes Yes No

CR/MW (Molnar and Wagner, 2004) No Yes Yes

Ya-Trap (Tsudik, 2006) Yes No No

HB+ (Hopper and Blum, 2001) Yes No No

one hash functions to generate ki,j and q‘ more ‘‘xor’’ ð�Þ due to theinvocation of the function Pð3Þ. Note that the cost of all these ‘‘xor’’,operations can be considered negligible.

As for the communications overhead, the tag is required tosend q messages of ‘ bits ðapÞ, plus q bits (the bit vector V), and theresult of the hash function, that can be considered of 160 bits. Wefocus on the main source of overhead, that is the q messages.From Lemma 4.4, a practical value for q could be 3 log n; in thisway the reader lookup protocol will return, when triggeredby a legitimate query, more than one element with probabilityðffiffiffi3p

=2Þ5logn only. As discussed before note that, in case the lookupprotocol returns a bogus element, the authentication protocol willreject that element. Note that a new round of the protocol couldbe invoked in case of such a failure. What is more important, incase of a protocol re-run due to the fact that in the KDB there aretoo many elements left, is that the new values ai can be matchedagainst the elements left in the KDB. In other words, thecomputations performed by the reader in the previous run willbe leveraged to pursue identification.

The main computational overhead sustained by the reader isthe tag identification; this operation requires in the worst case nomore than just O(n) steps, where a step consists of bitwiseoperations, comparisons, and simple list manipulation operations.As for the number of messages, the reader just sends three valuesfor a total of (h+m+no) bits where h is the size in bit of the outputof the hash function, m is the number of bits required to identify areader, and no is the size in bit of the nonce.

Last, one should note one caveat: the proposed protocol isparticularly sensitive to the value n, as shown in Lemma 4.4,where n is the total number of tags the system is composed of.Indeed, the protocol requires to devise at design time an upperbound n

0

on the number of tags. We believe this is not a criticallimitation, since this upper bound will impact on the protocolrequiring just c log n

0

messages, where c is a small constant asseen before and computing the logarithm over n

0

will attenuatethe overhead of considering an upper bound. Furthermore, thevalue n

0

does not affect the storage requirements of the readersince the reader is only required to store the keys of the n tagsthat are actually deployed.

6.4. Protocol comparison

A concise comparison of the properties provided by ourprotocol with regard to a few reference protocols is given inTable 1. Note that our protocol is the only one that fulfils all thesecurity properties, while providing no false positive.

7. Concluding remarks

A first contribution of this paper is to have relaxed theassumption that servers cannot be compromised and to haveprovided a solution that limits the impact of server compromise.In particular, thanks to the confinement technique we provide,

resilience Replay attack res. False positive False negative

Yes No Yes

Yes Yes No

Yes No Yes

Yes No No

Yes Yes Yes


the compromise of a server has no impact on other servers, suchas rekeying or update of critical data, or on the privacy oftags—except for the sessions between the tags and the compro-mised server—since the secret database of each server is madeserver-dependent; that is, compromise of the long term secretsat a reader neither impact the identification of the same tag byother readers nor allows an intruder to impersonate the tag withrespect to other readers. We further propose a probabilisticmechanism that preserves key secrecy and tag privacy, whileallowing mutual authentication between server and tag. Thismechanism is also resilient to DoS and replay attacks. Further-more, this mechanism only requires O(n) bitwise operations andcomparisons on the database of keys stored in a server, hencespeeding up the search process and reaching a theoretical lowerbound for the number of access to the database of keys to haveprivacy preserved. In this sense, our identification protocol isoptimal. Another property that our identification protocol enjoysis that, unlike other probabilistic protocols, a legitimate tagcannot be rejected by the reader. Moreover, the tag just requiresto store a single key and the capability to run a PRNG and a hashfunction. Note that on one extreme, the computational require-ments on the tag can be kept minimal by resorting to just a singlehash function invocation, resulting in a lightweight protocol thatachieves only the authentication of the tag by the reader. Finally,the information confinement technique and the tag identificationprotocol could be independently incorporated into existingsolutions.

We believe that the new identification protocol provided couldfoster further research in the area and that the techniquespresented in this paper could be adopted in various differentsettings as well.

Acknowledgements

The authors would like to thank the anonymous reviewers fortheir helpful comments.

This work has been supported in part by the FrenchGovernment through the RFID-AP ANR project; the SpanishMinistry of Education through projects TSI2007-65406-C03-01‘‘E-AEGIS’’ and CONSOLIDER CSD2007-00004 ‘‘ARES’’; and by theGovernment of Catalonia under Grant 2009 SGR 1135.

References

Avoine G. RFID Security & Privacy Lounge /http://www.avoine.net/rfid/S.Avoine G, Oechslin P. A scalable and provably secure hash based RFID protocol. In:

International workshop on pervasive computing and communication secur-ity—PerSec 2005, Kauai Island, Hawaii, USA. IEEE, IEEE Computer SocietyPress; March 2005. p. 110–4.

Avoine G, Dysli E, Oechslin P. Reducing time complexity in RFID systems. In:Preneel B, Tavares S, editors. Selected areas in cryptography—SAC 2005.Lecture notes in computer science, vol. 3897, Kingston, Canada. Springer-Verlag; August 2005. p. 291–306.

Blass E-O, Kurmus A, Molva R, Noubir G, Shikfa A. The Ff-family of protocols forRFID-privacy and authentication. In: Workshop on RFID security—RFIDSec’09,Leuven, Belgium, July 2009.

Bringer J, Chabanne H, Emmanuelle D. HB++: a lightweight authentication protocolsecure against some attacks. In: IEEE international conference on pervasiveservices, workshop on security, privacy and trust in pervasive and ubiquitouscomputing—SecPerU 2006, Lyon, France. IEEE, IEEE Computer Society Press;June 2006.

Canetti R. Universally composable security: a new paradigm for cryptographicprotocols. In: FOCS ’01: Proceedings of the 42nd IEEE symposium onfoundations of computer science, Washington, DC, USA. IEEE ComputerSociety; 2001. p. 136–45.

Castelluccia C, Soos M. Secret shuffling: a novel approach to RFID privateidentification. In: Conference on RFID security (RFIDSec07), 2007.

Conti M, Di Pietro R, Mancini LV, Spognardi A. RIPP-FS: an RFID identification,privacy preserving protocol with forward secrecy. In: Proceedings of the thirdIEEE international workshop on pervasive computing and communicationsecurity. White Plains, New York, USA: IEEE Press; 2007. p. 229–34.

Conti M, Di Pietro R, Mancini LV, Spognardi A. eRIPP-FS: enforcing privacy andsecurity in RFID. Security and Communication Networks 2010;3(1):58–70.

Damgard I, Pedersen M.Ø. RFID security: tradeoffs between security and efficiency.In: CT-RSA. Lecture notes in computer science, vol. 4964. San Francisco, CA,USA. Springer; 2008. p. 318–32.

Di Pietro R, Molva R. Information confinement, privacy, and security in RFIDsystems. In: 12th European symposium on research in computer security(ESORICS 2007). Lecture notes in computer science, vol. 4734. Dresden,Germany. Springer; 2007. p. 187–202.

Feldhofer M, Rechberger C. A case against currently used hash functions in RFIDprotocols. In: Meersman R, Tari Z, Herrero P, editors. OTM workshops (1).Lecture notes in computer science, vol. 4277. Montpellier, France. Springer;2006. p. 372–81.

Feldhofer M, Wolkerstorfer J, Rijmen V. AES implementation on a grain of sand. IEEProceedings—Information Security 2005;152(1):13–20.

Gilbert H. Robshaw M, Sibert H. An active attack against HB+—a provably securelightweight authentication protocol. Cryptology ePrint Archive, Report 2005/237, 2005.

Gilbert H, Robshaw MJB, Seurin Y. HB]: increasing the security and efficiencyof HB+. In: Advances in cryptology—EUROCRYPT 2008. Lecture notes incomputer science, vol. 4965, Instanbul, Turkey. Springer; 2008. p. 361–78.

Hellman ME. A cryptanalytic time-memory tradeoff. IEEE Transactions onInformation Theory 1980;26:401–6.

Hopper NJ, Blum M. Secure human identification protocols. In: Proceedings of theseventh international conference on the theory and application of cryptologyand information security (ASIACRYPT ’01). Lecture notes in computer science,vol. 2248, Gold Coast, Australia. Springer-Verlag; 2001. p. 52–66.

Juels A. RFID security and privacy: a research survey. IEEE Journal on SelectedAreas in Communications 2006;24(2):381–94.

Juels A, Weis S. Authenticating pervasive devices with human protocols. In:Advances in cryptology—CRYPTO’05. Lecture notes in computer science, vol.3126, Santa Barbara, California, USA. Springer-Verlag; 2005. p. 293–308.

Juels A, Weis SA. Defining strong privacy for RFID. In: PERCOMW ’07: proceedingsof the fifth IEEE international conference on pervasive computing andcommunications workshops, Washington, DC, USA. IEEE Computer Society;2007. p. 342–7.

Klimov A, Shamir A. New applications of t-functions in block ciphers and hashfunctions. In: Gilbert H, Handschuh H, editors. FSE. Lecture notes in computerscience, vol. 3557. Paris, France. Springer; 2005. p. 18–31.

Menezes AJ, van Oorschot PC, Vanstone SA. Hash functions and data integrity. In:Handbook of applied cryptography. CRC Press; 1996. [chapter 9].

Mitrokotsa A, Rieback MR, Tanenbaum AS. Classifying RFID attacks and defenses.Information systems frontiers special—issue on advances in rfid technology,July 2009.

Mo JPT, Sheng QZ, Li X, Zeadally S. RFID infrastructure design: a case study of twoAustralian RFID projects. IEEE Internet Computing 2009;13(1):14–21.

Molnar D, Wagner D. Privacy and security in library RFID: issues, practices, andarchitectures. In: CCS ’04: proceedings of the 11th ACM conference oncomputer and communications security, New York, NY, USA. ACM Press; 2004.p. 210–9.

Muller F, Peyrin T. Cryptanalysis of t-function-based hash functions. In: Rhee MS,Lee B, editors. ICISC. Lecture notes in computer science, vol. 4296. Busan,Korea. Springer; 2006. p. 267–85.

Ouafi K, Phan RC-W. Privacy of recent RFID authentication protocols. In:Information security practice and experience, fourth international conference(ISPEC 2008). Lecture notes in computer science, vol. 4991. New York City,New York, USA. Springer; 2008. p. 263–77.

Piramuthu S. HB and related lightweight authentication protocols for secure RFIDtag/reader authentication. In: Collaborative electronic commerce technologyand research—CollECTeR 2006, Basel, Switzerland, June 2006.

Pramstaller N, Rechberger C, Rijmen V. A compact fpga implementation of the hashfunction whirlpool. In: FPGA ’06: Proceedings of the 2006 ACM/SIGDA 14thinternational symposium on field programmable gate arrays, New York, NY,USA. ACM Press; 2006. p. 159–66.

Rhee K, Kwak J, Kim S, Won D. Challenge-response based RFID authenticationprotocol for distributed database environment. In: Hutter D, Ullmann M,editors. International conference on security in pervasive computing—SPC2005. Lecture notes in computer science, vol. 3450, Boppard, Germany.Springer-Verlag; 2005. p. 70–84.

Shamir A. SQUASH—a new MAC with provable security properties for highlyconstrained devices such as RFIDs tags. In: The 15th international workshop onfast software encryption (FSE). Lecture notes in computer science, vol. 5086.Lausanne, Switzerland. Springer; 2008. p. 144–57.

Sheng QZ, Li X, Zeadally S. Enabling next-generation RFID applications: solutionsand challenges. Computer 2008;41(9):21–8.

Tsudik G. Ya-trap: yet another trivial RFID authentication protocol. In: PERCOMW’06: Proceedings of the 4th annual IEEE international conference on pervasivecomputing and communications workshops, Washington, DC, USA. IEEEComputer Society; 2006. p. 640–3.

van Deursen T, Mauw S, Radomirovic S. Untraceability of RFID protocols. In:Information security theory and practices. Smart devices, convergence andnext generation networks. Lecture notes in computer science, vol. 5019,Sevilla, Spain. Springer; 2008. p. 1–15.

Vaudenay S. On privacy models for RFID. In: Advances in cryptology—Asiacrypt2007, Lecture notes in computer science, vol. 4833. Kuching, Malaysia.Springer; 2007. p. 68–87.

http://www.avoine.net/rfid/

an optimal probabilistic solution for information confinement, privacy, and security in rfid systems

Documents