Survey: Vulnerability Analysis of Low-Cost ECC-Based RFID Protocols against Wireless and Side-Channel Attacks

The radio frequency identification (RFID) system is one of the most important technologies of the Internet of Things (IoT) that tracks single or multiple objects. This technology is extensively used and attracts the attention of many researchers in various fields, including healthcare, supply chains, logistics, asset tracking, and so on. To reach the required security and confidentiality requirements for data transfer, elliptic curve cryptography (ECC) is a powerful solution, which ensures a tag/reader mutual authentication and guarantees data integrity. In this paper, we first review the most relevant ECC-based RFID authentication protocols, focusing on their security analysis and operational performances. We compare the various lightweight ECC primitive implementations designed for RFID applications in terms of occupied area and power consumption. Then, we highlight the security threats that can be encountered considering both network attacks and side-channel attacks and analyze the security effectiveness of RFID authentication protocols against such types of attacks. For this purpose, we classify the different threats that can target an ECC-based RFID system. After that, we present the most promising ECC-based protocols released during 2014–2021 by underlining their advantages and disadvantages. Finally, we perform a comparative study between the different protocols mentioned regarding network and side-channel attacks, as well as their implementation costs to find the optimal one to use in future works.

Security and collision in RFID systems

Radio Frequency Identification (RFID) is a promising technology to provide automated contactless identification of objects, people and animals. The identification process is performed as the reader receives simultaneous responses from various tags over a shared wireless channel and without no requirement of line-of-sight in the interrogation zone. The communication between the reader and tags is separated into two processes: identification and acknowledgment processes. Both processes suffer from serious drawbacks that limit the proliferation of RFID. Such drawbacks are security and privacy and collision problems. This thesis has two main parts. The first part examines the security and privacy of the existing RFID authentication protocols. We introduced a novel cryptographic scheme, Hacker Proof Authentication Protocol (HPAP) that allows mutual authentication and achieves full security by deploying tag static identifier, updated timestamp, a one-way hash function and encryption keys with randomized update using Linear Feedback Shift Register (LFSR). Cryptanalysis and simulation show that the protocol is secure against various attacks. In comparison with the various existing RFID authentication protocols, our protocol has less computation load, requires less storage, and costs less. The second part focuses on solving RFID collision arbitration imposed by the shared wireless link between a reader and the many tags distributed in the interrogation zone. In most proposed anticollision algorithms, tags reply randomly to the time slots chosen by the reader. Since more than two tags may choose the same time slot in a frame, this Random Access (RA) causes garbled data at the reader side resulting the identification process fails. Towards this challenge, two ALOHA based anti-collision algorithms that adopt a new way for tags to choose their replied time slots to enhance system efficiency are presented. In MBA and LTMBA, tags use modulo function to choose their owned time slot. The difference between the two algorithms relies on the method by which the reader estimates the next frame size. The performance evaluation of the two algorithms shows better performance than previously proposed algorithms in terms of fewer communication rounds and fewer collided/empty slots considering the limitation of the EPCglobal Class-1 Gen-2 standard.

Security and collision in RFID systems

Radio Frequency Identification (RFID) is a promising technology to provide automated contactless identification of objects, people and animals. The identification process is performed as the reader receives simultaneous responses from various tags over a shared wireless channel and without no requirement of line-of-sight in the interrogation zone. The communication between the reader and tags is separated into two processes: identification and acknowledgment processes. Both processes suffer from serious drawbacks that limit the proliferation of RFID. Such drawbacks are security and privacy and collision problems. This thesis has two main parts. The first part examines the security and privacy of the existing RFID authentication protocols. We introduced a novel cryptographic scheme, Hacker Proof Authentication Protocol (HPAP) that allows mutual authentication and achieves full security by deploying tag static identifier, updated timestamp, a one-way hash function and encryption keys with randomized update using Linear Feedback Shift Register (LFSR). Cryptanalysis and simulation show that the protocol is secure against various attacks. In comparison with the various existing RFID authentication protocols, our protocol has less computation load, requires less storage, and costs less. The second part focuses on solving RFID collision arbitration imposed by the shared wireless link between a reader and the many tags distributed in the interrogation zone. In most proposed anticollision algorithms, tags reply randomly to the time slots chosen by the reader. Since more than two tags may choose the same time slot in a frame, this Random Access (RA) causes garbled data at the reader side resulting the identification process fails. Towards this challenge, two ALOHA based anti-collision algorithms that adopt a new way for tags to choose their replied time slots to enhance system efficiency are presented. In MBA and LTMBA, tags use modulo function to choose their owned time slot. The difference between the two algorithms relies on the method by which the reader estimates the next frame size. The performance evaluation of the two algorithms shows better performance than previously proposed algorithms in terms of fewer communication rounds and fewer collided/empty slots considering the limitation of the EPCglobal Class-1 Gen-2 standard.

Survey on Prominent RFID Authentication Protocols for Passive Tags

Radio Frequency Identification (RFID) is one of the leading technologies in the Internet of Things (IoT) to create an efficient and reliable system to securely identify objects in many environments such as business, health, and manufacturing areas. Recent RFID authentication protocols have been proposed to satisfy the security features of RFID communication. In this article, we identify and review some of the most recent and enhanced authentication protocols that mainly focus on the authentication between a reader and a tag. However, the scope of this survey includes only passive tags protocols, due to the large scale of the RFID framework. We examined some of the recent RFID protocols in term of security requirements, computation, and attack resistance. We conclude that only five protocols resist all of the major attacks, while only one protocol satisfies all of the security requirements of the RFID system.