Paper 2013/712

PUF-Based RFID Authentication Secure and Private under Memory Leakage

Daisuke Moriyama, Shin'ichiro Matsuo, and Moti Yung

Abstract

RFID tags are getting their presence noticeable and are expected to become an important tool for e-commerce, logistics, point-ofsale transactions, and so on, representing “things” and “human holding things” in transactions. Since a huge amount of tags are expected to be needed to be attached to various “objects,” a low-cost tag manufacturing is necessary. Thus, it is hard to imagine they will implement costly hardware protection mechanisms (like co-processor, TPMs). Therefore, in this context memory leakage (side-channel) attacks become a critical threat. Another well known threat to RFID devices is tag tracing implying violation of privacy. We consider physically unclonable functions (PUFs) as tamper resilient building blocks cheaper than protected hardware, and propose security against a memory leaking adversary, trying to violate security and privacy of tags (we emphasize that digitally-oriented PUFs are easy to implement and they are more likely than TPMs to be implemented in RFID chips, more so than TPMs). We then design the first provably secure and provably private RFID authentication protocol withstanding information leakage from the entire memory of the tag, and show its two properties: (1) security against man-in-th-middle attack, and (2) privacy protection against tag tracing.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
cryptographic protocolsRFID authenticationPUF
Contact author(s)
dmoriyam @ nict go jp
History
2014-09-16: last of 3 revisions
2013-11-03: received
See all versions
Short URL
https://ia.cr/2013/712
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/712,
      author = {Daisuke Moriyama and Shin'ichiro Matsuo and Moti Yung},
      title = {{PUF}-Based {RFID} Authentication Secure and Private under Memory Leakage},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/712},
      year = {2013},
      url = {https://eprint.iacr.org/2013/712}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.