Reducing RFID Reader Load with the Meet-in-the-Middle Strategy

  • Received : 2011.01.12
  • Accepted : 2011.09.29
  • Published : 2012.02.28

Abstract

When tag privacy is required in radio frequency identification (ID) system, a reader needs to identify, and optionally authenticate, a multitude of tags without revealing their IDs. One approach for identification with lightweight tags is that each tag performs pseudo-random function with his unique embedded key. In this case, a reader (or a back-end server) needs to perform a brute-force search for each tag-reader interaction, whose cost gets larger when the number of tags increases. In this paper, we suggest a simple and efficient identification technique that reduces readers computation to $O$(${\sqrt{N}}$ log$N$) without increasing communication cost. Our technique is based on the well-known "meet-in-the-middle" strategy used in the past to attack symmetric ciphers.

Keywords

Acknowledgement

Supported by : National Research Foundation of Korea(NRF)

References

  1. T. Karygiannis, B. Eydt, E. Barber, L. Bunn, and T. Phillips, Guidelines for Securing Radio Frequency Identification (RFID) Systems, NIST Special Publication 800-98, Apr. 2007.
  2. A. Juels. "RFID security and privacy: A research survey," IEEE J. Sel. Areas Commun., vol. 24, no. 2, pp. 381-394, Feb. 2006. https://doi.org/10.1109/JSAC.2005.861395
  3. M. Lehtonen, T. Staake, F. Michahelles, and E. Fleisch, "From identification to authentication-a review of RFID product authentication techniques", in Proc. RFID-SEC, 2006.
  4. O. Goldreich, Foundations of Cryptography, vol. 1, chapter 3. Cambridge University Press, 2004.
  5. W. Diffie and M. Hellman, "Exhaustive cryptanalysis of the NBS data encryption standard," IEEE Computer, vol. 10, no. 6, pp. 74-84, June 1977.
  6. G. Avoine and P. Oeshslin, "A scalable and provably secure hash based RFID protocol," in Proc. PerSec, IEEE Computer Society Press, pp.110-114.
  7. D. Molnar and D. Wagner, "Privacy and security in library RFID: Issues, practices, and architectures," in Proc. ACM Conf. CCS, Nov. 2004.
  8. G. Avoine, E. Dysli, and P. Oechslin, "Reducing time complexity in RFID systems," Selected Areas in Cryptography (SAC'05), LNCS 3897, pp. 291-306, Springer, 2005.
  9. G. Avoine, L. Buttyan, T. Holczer, and I. Vajda, "Group-based private authentication," in Proc. WoWMoM, 2007.
  10. M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong authentication for RFID systems using the AES algorithm," in Proc. CHES, LNCS 3156, Springer, 2004, pp. 357-370.
  11. International Organization for Standardization. ISO/IEC 9782-2: Information Technology-Security Techniques-Entity Authentication Mechanisms Part 2: Entity Authentication using Symmetric Techniques, 1993.
  12. B. Alomair and R. Poovendran, Privacy versus Scalability in Radio Frequency Identification Systems, Computer Communications, pp. 2155-2163, 2010.
  13. M. Ohkubo, K. Suzuki, and S. Kinoshita, "Cryptographic approach to privacy-friendly tags," in Proc. RFID Privacy Workshop, 2003.
  14. S.Weis, S. Sarma, R. Rivest, and D. Engels, "Security and privacy aspects of low-cost radio frequency identification systems," in Proc. SPC, 2003, pp. 201-212.