About this Journal Submit a Manuscript Table of Contents
International Journal of Distributed Sensor Networks
Volume 2012 (2012), Article ID 153912, 12 pages
Research Article

Dynamic Key-Updating: Privacy-Preserving Authentication for RFID Systems

1School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China
2School of Electronic and Information Engineering, Xi’an Jiaotong University, Xi'an 710049, China
3State Key Laboratory of Information Security, Chinese Academy of Sciences, Beijing 100049, China
4Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Hong Kong, China

Received 14 December 2011; Accepted 14 February 2012

Academic Editor: Mo Li

Copyright © 2012 Li Lu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


The objective of private authentication for Radio Frequency Identification (RFID) systems is to allow valid readers to explicitly authenticate their dominated tags without leaking the private information of tags. In previous designs, the RFID tags issue encrypted authentication messages to the RFID reader, and the reader searches the key space to identify the tags. Without key updating, those schemes are vulnerable to many active attacks, especially the compromising attack. We propose a strong and lightweight RFID private authentication protocol, SPA. By designing a novel key updating method, we achieve the forward secrecy in SPA with an efficient key search algorithm. We also show that, compared with existing designs, (SPA) is able to effectively defend against both passive and active attacks, including compromising attacks. Through prototype implementation, we demonstrate that SPA is practical and scalable for current RFID infrastructures.

1. Introduction

The proliferation of RFID applications [15] raises an emerging requirement—protecting user privacy [6] in authentications. In most RFID systems, tags automatically emit their unique serial numbers upon reader interrogation without alerting their users. Within the scanning range, a malicious reader thus can perform bogus authentication on detected tags to obtain sensitive information. For example, without privacy protection, any RFID reader is able to identify a consumer’s ID via the serial number emitted from the tag. In this case, a buyer can be easily tracked and profiled by unauthorized entities. Nowadays, many companies embed RFID tags with produced items. Those tags indicate the unique information of the items they are attached to. Thus, a customer carrying those items might easily get subject to silent track from unauthorized entities in a much larger span. Some sensitive personal information would thereby be exposed: the illnesses she suffers from indicated by the pharmaceutical products; the malls where she shops; the types of items she prefers, and so on. To prevent such unexpected leakage of private information, a secure RFID system must meet two requirements. First, a valid reader must be able to successfully identify the valid tags; on the other hand, misbehaving readers should be isolated from retrieving private information from these tags.

To address the above issue, researchers employ encryptions in RFID authentication. Each tag shares a unique key with the RFID reader and sends an encrypted authentication message to the reader. Instead of identifying the tag directly, the back-end database subsequently searches all keys that it holds to recover the authentication message and identify the tag. For simplicity, we will denote the reader device and back-end database by the “reader” in what follows. Two challenging issues on the reader side must be addressed in the key storage infrastructure and search algorithm: the search efficiency and the security guarantee. Searching a key should be sufficiently fast to support a large-scale system, while the maintained keys should be dynamically updated to meet security requirements.

Many efforts have been made to achieve efficient private authentication. To the best of our knowledge, the most efficient protocols are tree based [7, 8]. They provide efficient key search schemes with logarithm complexity. In those approaches, each tag holds multiple keys instead of a single key. A virtual hierarchical tree structure is constructed by the reader to organize these keys. Every node in the tree, except the root, stores a unique key. Each tag is associated with a unique leaf node. Keys in the path from the root to the leaf node are then distributed to this tag. If the tree has a depth and branching factor , each tag contains keys and the entire tree can support up to tags. A tag encrypts the authentication message by using each of its keys. During authentication, the reader performs a depth-first search in the key tree. In each hierarchy, the reader can narrow the search set within keys. Thus, the reader only needs to search keys for each tag’s authentication. Therefore, the key search complexity of identifying a given tag from tags is logarithmic in .

The tree-based approaches are efficient, nevertheless, not sufficiently secure due to the lack of a key-updating mechanism. Most tree-based approaches do not update keys of tags dynamically. Since the storage infrastructure of keys in tree-based approaches is static, each tag shares common keys with others. Consequently, compromising one tag will reveal information of other tags. To address this problem, we need to provide a dynamic key-updating mechanism to such approaches. The major challenge of dynamic key-updating in tree-based approaches is consistency. If a single tag updates its keys, some other tags have to update their keys accordingly. Till now, consistent and dynamic key-updating mechanisms have scarcely been seen in the literatures.

In this paper, we propose a strong and lightweight RFID private authentication protocol, (SPA), which enables dynamic key-updating for tree-based authentication approaches. Besides consistency, SPA also achieves forwarding secrecy without degrading key search efficiency. We also show that SPA outperforms existing designs in defending against both passive and active attacks, including the compromising attack.

The rest of this paper is organized as follows. We introduce related work in Section 2. We present the SPA design in Section 3. In Section 4, we analyze the security guarantee of SPA. We evaluate the performance of SPA via a prototype implementation in Section 5. We conclude this paper in Section 6.

2. Related Work

Many approaches have been proposed to achieve private authentication in RFID systems. Weis et al. [9] proposed a hash-function-based authentication scheme, HashLock, to avoid tags being tracked. In this approach, each tag shares a secret key with the reader. The reader sends a random number as the authentication request. To respond to the reader, the tag generates a hash value on the inputs of and . The reader then computes of all stored keys until it finds a key to recover , thereby identifying the tag. The search complexity of HashLock is linear to , where is the number of tags in the system. Most subsequent approaches in the literature are aimed at reducing the cost of key search. Juels [10] classifies these approaches into three types.

Tree-Based Approaches
Tree based approaches [7, 8, 11] improve the key search efficiency from linear complexity to logarithmic complexity. Molnar and Wagner proposed the first tree-based scheme, which employs a challenge-response scheme [8], which achieves mutual authentication between tags and readers. The protocol uses multiple rounds to identify a tag and each round needs three messages. Since it requires rounds to identify a tag, the exchanged messages incur relatively large communication overhead. In [7], the authors provide a more efficient scheme which performs the authentication via one message from the tag to the reader and no further interactions. However, the tree-based approaches are often vulnerable to the Tag Compromising Attack. Because tags share keys with others in the tree structure, compromising one tag results in compromising secrets in other tags.

Synchronization Approaches
Synchronization approaches [12] make use of an incremental counter to enhance the authentication security. When successfully completing an authentication, the counter of a tag augments by one. The reader can compare the value of a tag’s counter with the record in the database. If they match, the tag is valid and the reader will synchronize the counter record of this tag. However, incomplete authentications lead the tag’s counter larger than the one held by the reader. To solve this problem, the reader keeps a window for each tag. Such a window limits the maximum value of the counter held by the tag. If a tag’s counter is larger than the record held by the reader but within the window, the reader still regards this tag as valid. Such schemes are vulnerable to the Desynchronization Attack. In such an attack, an invalid reader can interrogate a tag many times so that the counter of this tag exceeds the window recorded in the valid reader. In [13], the authors proposed a protocol to mitigate the impact from desynchronization attacks by allowing tags to report the number of incomplete authentications since the last successful authentication with the reader. Dimitriou proposed a scheme in [14], in which a tag increases its counter only after successful mutual authentications. Those protocols, however, degrade the anonymity of tags. An attacker is still able to interrogate a given tag enough times so that the tag will be immediately recognized when replying with unchanged responses.

Time-Space Tradeoff Approaches
Avoine converted the key search problem to an attempt at breaking a symmetric key [15]. In [16], Hellman studied the key-breaking problem and claimed that recovering a symmetric key from a ciphertext needs to precompute and to store () possible keys. Accordingly, the key search complexity is () in key-breaking-based approaches. Obviously, those approaches are not efficient compared with tree-based approaches.

3. SPA Protocol

In this section, we first introduce the challenging issues of static tree-based private authentication approaches. We then present the design of SPA.

3.1. Challenges of Tree-Based Approaches

Existing tree-based approaches [7, 8, 11] construct a balanced tree to organize and store the keys for all tags. Each node stores a key and each tag is arranged to a unique leaf node. Thus, there exists a unique path from the root to this leaf node. Correspondingly, those keys on this path are assigned to the tag. For example, tag obtains keys , , , and , as illustrated in Figure 1. When a reader authenticates a tag, for example, , it conducts the identification protocol shown in Figure 2. denotes the output of a hash function on two input parameters: a key and a random number . The identification procedure is similar to traversing a tree from the root to a leaf. The reader first sends a nonce to tag . encrypts with all its keys and includes the ciphertexts in a response. Upon the response from , the reader searches proper keys in the key tree to recover . This is equal to marking a path from the root to the leaf node of in the tree. At the end of identification, if such a path exists, regards as a valid tag. Usually, the encryption is employed by using cryptographic hash functions.

Figure 1: A binary key tree with eight tags.
Figure 2: A basic RFID authentication procedure.

From the above procedure, we see that tags will, more or less, share some nonleaf nodes in the tree. For example, and share , while , , , and share . Of course all tags share the root . Such a static tree architecture is efficient because the complexity of key search is logarithmic. For the example in Figure 1, any identification of a tag only needs search steps. On the other hand, if the adversary tampers with some tags; however, it obtains several paths from the root to those leaf nodes of the corrupt tags, as well as the keys on those paths. Since keys are not changed in the static tree architecture, the captured keys will still be used by those tags which are not tampered (for simplicity, we denote those tags as normal tags). Consequently, the adversary is able to capture the secret of normal tags.

A practical solution is to update keys for a tag after each authentication so that the adversary cannot make use of keys obtained from compromised tags to attack normal ones. However, the static tree architecture makes it highly inflexible to provide consistent key-updating. Suppose we update the keys of in Figure 1, we have to change , , , and partially or totally. Note that is also used by , , and , and is used by . To keep the updating consistent, the keys of all influenced tags must be updated and re-distributed. A challenging issue is that if the position of a key is close to the root, the key-updating would influence more tags. For example, updating would influence half of all tags in the system (, , , and ). One intuitive idea is to periodically recall all tags and update the keys simultaneously. Unfortunately, such a solution is not practical in large-scale systems with millions or even hundreds of millions of tags. Another solution is collecting those influenced tags only and updating their keys. This is also difficult because we have to collect a large span of tags even though there is only one tag updating its keys.

This problem motivates us to develop a dynamic key-updating algorithm for private authentication in RFID systems. This is where our proposed SPA enters the picture.

3.2. SPA Overview

SPA comprises four components: system initialization, tag identification, key-updating, and system maintenance. The first and second components are similar to tree-based approaches such as [7] and perform the basic identification functions. The key-updating is employed after a tag successfully performs its identification with the reader. In this procedure, the tag and the reader update their shared keys. This key-updating procedure will not break the validation of keys used by other tags. SPA achieves this using temporary keys and state bits. A temporary key is used to store the old key for each nonleaf node in the key tree. For each nonleaf node, a number of state bits are used in order to record the key-updating status of nodes in the subtrees. Based on this design, each nonleaf node will automatically perform key-updating when all its children nodes have updated their keys. Thus, SPA guarantees the validation and consistency of private authentication for all tags. SPA also eases the system maintenance in high dynamic systems where tags join or leave frequently by the fourth component.

3.3. System Initialization

For the simplicity of discussion, we use a balanced binary tree to organize and store keys, as shown by an example in Figure 3. Let denote the branching factor of the key tree (e.g., when the key tree is a binary tree). We assume that there are tags , , and a reader in the RFID system. The reader assigns the tags to leaf nodes in a balanced binary tree . Each nonleaf node in is assigned with two keys, a working key and a temporary key . The usage of will be illustrated in Section 3.5. Initially, each key is generated independently randomly by the reader, and for all nonleaf nodes.

Figure 3: A key tree of a system with four tags ().

When a tag is introduced into the system, the reader distributes the () keys to . Those keys are corresponding to the path from the root to tag (for a nonleaf node at the path, if , tag is assigned with ). For example, the keys stored in tag are , and , as illustrated in Figure 3. Hereafter, we use to denote the depth of the tree and (, , …, ) to denote the secret keys distributed to .

3.4. Tag Identification

The basic authentication procedure between the reader and tags includes three rounds, as illustrated in Figure 4. In the first round, starts the protocol by sending a “Request” and a random number (a nonce) to tag , . In the second round, upon receiving the request, generates a random number (a nonce) and computes the sequence, where ,) denotes the output of a hash function on three inputs: a key and two random numbers and . replies with a message . For simplicity, we denote the elements in as , , …, . identifies according to .

Figure 4: Authentication procedure in SPA. After receiving , Reader ’s operations are Step 1, identifying and computes ; Step 2, sending to and key-updating. also updates its keys after checking .

executes the basic identification procedure to identify , represented as Step 1 in Figure 4. From the root, the reader first encrypts by using and compares the result with from . If they match, invokes a recursive algorithm, Algorithm 1, as illustrated in Algorithm 1 to identify . For the key tree in Figure 3, the reader starts from the root and encrypts by using and (or ). Having the results, the reader compares them with received (, , ). If (, , ) is equal to the result computed from (or ), the tag belongs to the left sub-tree; otherwise, it belongs to the right sub-tree.

Algorithm 1: Identification (, node ). Tree-based identification.

Level by level, figures out the path of originated from the root by invoking Algorithm 1. Suppose the path reaches an intermediate node at level in the tree. At this point, computes all hash values and by using the keys of node ’s children, then compares them with . Note that is in the authentication message received from . If there is a match, must belong to the sub-tree of the matched ’s child node. Therefore, extends the path to that node and continues the identification procedure until reaching a leaf node.

Identifying a tag is similar to traversing from the root to a leaf in the key tree. The path is determined by using Algorithm 1. Instead of using only one key for each node, Algorithm 1 uses both the working key and the temporary key .

3.5. Key-Updating

After successfully identifying , invokes the Key-updating algorithm in Step 2, as shown in Figure 4.

When generating new keys, SPA still makes use of the hash function . Let be the old key of node . The reader computes a new key from the old key as . The key-updating algorithm for the key tree is shown in Algorithm 2. To remain consistent, the nonleaf node uses temporary key to store ’s old key. In this way, the key-updating of a tag will not interrupt the authentication procedures of other tags belonging to ’s sub-tree.

Algorithm 2: Key-updating (node ). Tree-based key-updating.

Two important issues must be addressed when updating keys. First, should update the keys of the identified tag without interrupting the identification of other tags. This is because the keys stored in nonleaf nodes are shared by multiple tags. Those keys should be updated in a consistent manner. Second, each nonleaf node should automatically update its keys when all its children have updated their keys.

To address the two issues, SPA introduces a number of state bits to each nonleaf node. The basic idea behind this mechanism is that each nonleaf node uses these bits to reflect the key-updating status of its children. Once a child has updated its key, the corresponding bit is set to 1. Each node updates its own key when all its state bits become 1.

Without losing generality, we still use balanced binary key tree to illustrate this mechanism. Each nonleaf node in is assigned with two state bits, denoted as and , , , where () represents the state whether or not the left (right) child of node has updated its keys. When initializing the key tree , = = 0 for all nonleaf nodes. At any time, if the key of node ’s left (right) child is updated, SPA sets () to 1.

When finishes key-updating, it sends a message , as shown in Figure 4, and a synchronization message to . The former one is used by to authenticate . The latter one includes the information of the levels on which the nodes have updated their keys in the key tree. After receiving these messages, first verifies whether or not . If yes, updates its keys according to the synchronization message. For example, in Figure 3, suppose that has updated keys and at levels 1 and 2 after identifying . The synchronization message is (1, 2). Accordingly, updates as () and as (), respectively. This algorithm guarantees that the key-updating is consistent and feasible under arbitrary tag access patterns.

The key-updating algorithm is suitable for an arbitrary balanced tree with . In such a tree, there are state bits maintained in each nonleaf node to indicate the key-updating states of children.

3.6. System Maintenance

If a tag is added to the RFID system, checks whether or not there exists an empty leaf node in the key tree . If yes, is assigned to an empty leaf node. ’s keys are then predistributed according to the path from the leaf node to the root of . If there is no any empty leaf node in the tree , creates a new balanced tree with the branching factor and depth . then initializes by employing the system initialization component described in Section 3.3.

After initialization, connects the root of to the root of . In this way, becomes a sub-tree of . Hereby, is assigned to an empty leaf node in and ’s keys are pre-distributed according to the path from the leaf node to the root of . For example, in Figure 5(a), has 4 tags and each leaf node is occupied in ’s key tree. If a new tag is added to the RFID system, creates a new sub-tree and assigns a leaf node in this sub-tree to . ’s keys are , , and .

Figure 5: Tag joining and leaving.

For any empty leaf node in the key tree, SPA lets the ’s parent node to set the corresponding state bit to 1. Further, is locked until the node is assigned to a new tag . This constraint is for protecting the key-updating of other tags from being interrupted. Indeed, since the node is empty, no tag will trigger the change of . Therefore, if is 0, it will never change, such that node will never update keys. To avoid such an interruption, SPA sets the to 1 to allow other tags update their keys continuously and consistently.

If a tag leaves, sets the leaf node of the leaving tag to be empty. For example, in Figure 5(b), if the tag leaves, empties the leaf node distributed to and let .

3.7. An Example of Key-Updating

For the ease of understanding, we use an example to explain the key-updating algorithm. Here we show one reader and four tags , , , (i.e., four leaf nodes in the key tree). We assume the sequence of tag authentication is (, , , , ). The original state of the key tree is shown in Figure 6(a). When tag is identified, sets the corresponding state bit of ’s parent to 1. Meanwhile, generates a new key of the leaf as shown in Figure 6(b).

Figure 6: An example of the key-updating procedure.

When tag is identified, the corresponding state bit of ’s parent is set to 1, and updates the keys of the leaf node and ’s parent as shown in Figure 6(c).

When tag is identified, the situation is similar to that of tag . Since all state bits of the parent node of and are set to 1, clears the state bits (i.e., reset the state bits to 0) in the key-updating operation as illustrated in Figure 6(d).

When tag is identified, all state bits of ’s parent and the root are set to 1. Thus, R updates the keys of the path from the leaf node of to the root as shown in Figure 6(e).

Since tag does not know that the keys of ’s parent and the root have been updated, it will still use the old keys for identification. As indicated in the description of Algorithm 2 (Algorithm 2 in Section 3.5), each node stores the old key as the temporary key. After identifying tag , informs tag to update its keys, according to the new keys from the leaf node of to the root in the tree, as shown in Figure 6(f).

4. Discussion

In this section, we first discuss the security requirements for designing private authentication protocols in RFID systems. To evaluate the security of SPA, we propose an attack model to represent existing attacking scenarios. We then demonstrate the ability of SPA to meet those requirements and to defend against attacks.

4.1. Security Requirements

A private authentication protocol should meet the following security requirements [7].

The private information, such as tag’s ID, user name, and other private information should not be leaked to any third party during authentication.

A tag should not be correlated to its output authentication messages; otherwise, it may be tracked by attackers.

Cloning Resistance
Attackers should not be able to use bogus tags to impersonate a valid tag. Also, the replay attack should be resisted.

Forward Secrecy
Attackers can compromise a tag to obtain the keys stored in it. In this case, those keys should not reveal the previous outputs of the captured tag.

Compromising Resistance
The privacy of normal tags is threatened if they share some keys with compromised tags. Thus, the number of affected tags should be minimized after a successful compromising attack.
Existing private authentication approaches are able to defend against passive attacks (i.e., eavesdropping), but are vulnerable to active attacks (i.e., cloning and compromising attacks). Therefore, our discussion will focus on how SPA protects tags from active attacks. From the attacker’s perspective, two metrics are important for evaluating the capability of SPA in defending against active attacks: (a) past-exposing probability, the probability of successfully identifying the past outputs of a compromised tag—this metric reflects the forward secrecy property of an authentication scheme; (b) correlated-exposing probability, the probability of successfully tracing a tag when some other tags in the system are compromised.

4.2. Attack Model

Avoine [17] proposes an attack model for RFID system and introduces the concept untraceability. The model well-reflects the attack behaviors and impacts on the authentication protocols. Our discussions are mainly based on this model with slight modification as follows.

In our model, the attackers and the RFID system are abstracted into two participants: the Adversary A (the attackers) and the Challenger C (the RFID system). So, the model is like a game between and C. A first informs that will start to attack. then chooses two tags to perform SPA protocols. If can successfully distinguish any tag from another one based on their outputs by performing passive or active attacks on the RFID system, we claim that successfully compromises the privacy of the system. For simplicity, Let denote the SPA authentication procedure.

We define four oracles, Query, Send, Executive, and Reveal, to abstract the attacks on each or . Thus, any attack on a given or can be represented as ’s calling on its oracles.

Query (, , )
sends a request to . Subsequently, receives a response from . then sends the message to . Note that and represent the messages sent from in the first round and third round in a SPA authentication procedure, respectively.

Send (, )
sends a message to and receives a response. Note that represents the message sent from in the second round in a SPA authentication procedure.

Execution (, )
A executes an instance of with and , respectively. then modifies the response messages and relays them to both sides accordingly.

Reveal ()
After accessing this oracle of , compromises , which means obtains ’s keys. Note that can distinguish any given tag from other tags if it can obtain ’s keys.

We claim that an authentication protocol is resistant to attacks , if the protocol is resistant to when the adversary has access to the oracles . Based on these oracles, the detailed procedure of a game between and is formalized by following steps.

tells that the game begins. chooses two tags and .

For two tags and chosen by , accesses the oracles of and . For and , let and denote the sets of accessed oracles, respectively.

selects a bit uniformly at random, and then provides the oracles of the corresponding tag for to access. For simplicity, we denote as . then accesses ’s oracle. Let the set of accessed oracles of , be .

Based on the results from, and , outputs a bit . If , successfully distinguishes and ; otherwise, loses. Note that can access the oracles in , and in polynomial times. Indeed, if can distinguish from , it means that can track all tags in an RFID system.

A passive adversary who can only eavesdrop on the messages delivered by or has no access to any oracle. For an active adversary, it can access arbitrary oracles introduced above. For instance, if an adversary applies a cloning attack, it means that it can access the Query, Send, and Executive oracles in this attack model. If an adversary can apply compromising attack, it means that it can access the Reveal oracle.

4.3. Security Analysis

In this subsection, we show how SPA achieves the security goals.

Due to the pseudorandomness and one-way properties of the cryptographic hash functions, it is safe to claim that the output of the hash function can be seen as a random bit string. Note that the pseudo-randomness of a hash function means no adversary can distinguish the output of the hash function from a real random bit string. Therefore, the messages sent by the reader and tags provide no useful information to an adversary. None of the passive adversaries is able to deduce the original messages based on the output of hash functions, unless it can invert the hash function. It is well known that the probability of inverting a hash function is negligible.

Since the authentication of SPA does not enroll the ID of a tag and all authentication messages are encrypted by a cryptographic hash function, any passive adversary cannot distinguish the tags from others based on their encrypted messages. That is, it cannot track a tag.

Cloning Resistance
In a cloning attack, an adversary monitors a tag, records its messages and resends the message repeatedly [9]. Similar to most previous protocols, in SPA, the reader and the tags generate random numbers and to defend against the cloning attack. Since the random numbers and are generated uniformly at random, the adversary has to guess them to recover the content of the messages. If the length of () is sufficiently long (e.g., 40 bits), the probability of successfully guessing the random numbers is negligible. Thus, SPA is not subject to the cloning attack.

Forward Secrecy
If a tag is captured, the adversary might obtain the tag’s current keys. However, the adversary cannot trace back the tag’s past communications because the keys are updated by a cryptographic hash function in each authentication procedure. In this way, the adversary still cannot retrieve the past outputs of the tag, unless it is able to invert the cryptographic hash function. Therefore, we can consider that the past-exposing probability of SPA upon the forward secrecy approaches 0. On the contrary, the static key tree protocols [7, 8, 11] cannot update the keys in the system. When an adversary compromised a tag, it can identify the past outputs of the tag from the obtained keys. Thus, the past-exposing probability of the key tree protocols approaches 1.

4.4. Compromising Attack

As we discussed in Section 3.1, a compromised tag may reveal some of the keys of other tags in static tree-based protocols. The adversary is then aware of some paths from the root to the leaf nodes of the compromised tag. Based on those paths, the adversary partially compromises the tree infrastructure. Knowing the “positions” of those nonleaf nodes, the adversary can further identify a sub-tree to which might belong.

Now we use the attack model to discuss the impact of a compromising attack on SPA. The following analysis is based on Avoine’s work [18]. The game procedure comprises six phases.

Phase 1. The adversary has compromised tags and obtained their complete secret keys.

Phase 2. The system (challenger) chooses two normal tags and .

Phase 3. calls oracles and (except the Reveal oracle), and then receives the results (Note that cannot compromise and ).

Phase 4. selects a bit uniformly at random, and then provides the oracle (denote as T) to for accessing (except the Reveal oracle).

Phase 5. calls oracle (except the Reveal oracle) and receives the results.

Phase 6. outputs a bit , if , has successfully distinguished or from another. Otherwise, loses.

We assume that cannot carry out an exhaustive search over the key space. Suppose that has compromised tags except and . Thus, is aware of several paths from the root to the leaf nodes of those tags, as well as the relevant keys of the nonleaf nodes on those paths. Let denote the set of those compromised nonleaf nodes in key tree. Let denote the subset of in which the nodes have the same level in the key tree. Clearly, . Correspondingly, let denote the set of nodes at level which have not been compromised by A.

In Phase 5, impersonates the reader and queries , , and with the keys obtained in the RFID system. At this point, there are three possible cases: (1) If neither nor has a nonleaf in , completely fails. (2) if either or (but not both) has a nonleaf node in , the key subset of or including all the keys from the root to this nonleaf node have been compromised. Thus, the adversary can determine which one is and obtain a correct answer in Phase 6. In this case, succeeds. (3) If both and have an identical nonleaf node in , cannot directly distinguish or from another. In this case, can move down to the lower level of the key tree from the current nonleaf node. We denote the keys of , , and by , , and , respectively, where is the depth of the key tree. For a given level , suppose two nodes and have an identical parent at the lever , and their keys are and , respectively. Let denote the sub-tree of key tree rooted at . Thus, and are both in . Let denote the set of keys of the nodes in the interaction of . Let denote the set of the nodes in the interaction of . For example, suppose that maintains a key tree with eight leaf nodes in Figure 7. has compromised tags , , and . In this case, for the sub-tree , = and = . Let be the number of keys in , and let be the branching factor of the key tree. We also denote as the number of keys belonging to a nonleaf node (in SPA, any nonleaf node stores two keys and , therefore ). We consider the following five cases.

Figure 7: An example of the compromising attack.

Case 1. If , then succeeds.

Case 2. If , then succeeds.

Case 3. If , then succeeds.

Case 4. If , then definitively fails.

Case 5. If , then fails at level but it can move to level to continue its attack.

For , we have Therefore, .

The probability that succeeds is given by In (2), , the number of keys known by the adversary at level , is given by where.

Equation (2) shows that the correlated-exposing probability is mainly determined by three key parameters: (a) , the number of compromised tags; (b) , the branching factor of the key tree; (c) , the number of keys belonging to each nonleaf node. Note that if , (2) can also be used to evaluate the security of static tree-based approaches. In Figure 8, we show the theoretical evaluation on the security of SPA in a typical RFID system.

Figure 8: Defending against the compromising attack.

We assume that the system contains 220 tags and the depth of key tree is 20. In the worst case, the adversary can simultaneously compromise tags at a given time. Then, immediately starts attacks following the game strategy with challenger . In addition, we assume there are only and , which are chosen by , performing authentication with the reader at this moment. Thus, we can use (2) to compute the correlated-exposing probability for attacking SPA and static tree-based approaches.

As shown in Figure 8, SPA outperforms static tree-based approaches in defending against compromising attacks. In SPA, although captures a number of keys shared by some normal tags, those tags are still secure if they update their keys. In contrast, normal tags in static tree-based approaches would be more vulnerable because the keys obtained by will still be in use. This would ease ’s tracking attempts.

In both SPA and static tree-based approaches, the correlated-exposing probability is reduced when enlarging the branching factor . This is because enlarging leads attackers to capturing fewer keys shared by tags which are not tampered with.

The static tree base approaches are extremely vulnerable to compromising attacks when is sufficiently large. We find the correlated-exposing probability is close to 1 when in static tree-based approaches. In this case, enlarging does not help much. On the contrary, SPA can decrease the probability by increasing . The curves of in Figure 8 show that SPA is more secure under compromising attacks and flexible enough to meet different security concerns.

We here explain why increasing can enhance the security of SPA. In an RFID system, a part of tags may not be accessed by the reader for a long time. Keys in those tags hereby cannot be updated. The reader must maintain these keys in nonleaf nodes’ temporal keys for future use. As discussed in Section 3.2, temporal keys s store those old keys. The working key is computed from the temporal keys after these temporal keys have been updated. Therefore, keys of some nonleaf nodes will not be updated if a number of tags are not identified by the reader for a long time. For example, we assume that each nonleaf node has only a single temporal key. If some tags lie in the sub-tree are not accessed by the reader in a period, other tags belong to this node’s sub-tree can update keys for only once. That will make the key tree in SPA degenerate into the static tree, thereby alleviate SPA’s resilience to compromising attacks. To ease the impact of this problem, we increase the number of temporal keys. We assume that each nonleaf node has one working key and temporal keys, ,…, . Thus, even if a number of tags are not accessed by the reader, keys of other tags in the system can be updated for at least times. When we enlarge the parameter , we can enhance the system’s capability on resilience to compromising attacks, as shown in Figure 8.

5. Prototype Implementation

In this section, we introduce our experience on SPA prototype implementation. We also evaluate the performance of SPA and compare it with existing private authentication protocols.

5.1. Experiment Setup

We have implemented the SPA protocol on Mantis-series 303 MHz asset tags and Mantis II reader manufactured by RF Code [19]. In terms of its coding, this system is able to support over one trillion tags. A tags’ typical transmission range is 300 feet, and the reader can communicate with them at distances of more than 1000 feet depending on the antenna configurations. The back-end database is implemented on the desktop PC with the following configurations: Pentium M 3.2 G dual core CPU, 1 GBytes memory, and 40 G hard disk. We use SHA-1 algorithm as the secure hash function.

In this implementation, the system is able to maintain up to tags. For each test, we randomly distribute 40 tags into leaf nodes in the key tree. We perform 1000 independent runs and report the average. We employ a balanced binary tree as the key tree. Each nonleaf node is assigned with two keys, that is, . The length of each key is 64 bit, which is sufficiently long to resist brute-force attacks.

A fundamental concern upon SPA is the latency of key-updating. We use the metric key-updating Latency as the time required for the reader to update a tag’s keys to evaluate the performance of SPA. On the other hand, the key-updating of SPA should guarantee that the keys are secure enough over their lifetime. We focus on two metrics in the experiments.

(a) Key-Updating Latency
It reflects the computational overhead of key-updating. In SPA, the whole processing overhead for an authentication procedure includes two components: identification and key-updating. Since the static key tree approaches only perform the identification function, we focus more on the computational overhead caused by key-updating of SPA.

(b) Key Security Degree (KSD)
It reflects the possibility of keys being obtained when an adversary attacks a RFID system. Let denote the tag accessing frequency, which means how many tags interact with the reader per second. Let be the length of a key, let be the number of updated keys in one key-updating procedure, and let be the depth of the key tree. We denote as the probability of an adversary successfully gaining the keys, and as the attack frequency (i.e., the number of attacks occurred per second). Thus, the key security degree KSD is defined by Because the KSD computed from (4) will be a large value, we use a small real number to make the KSD value not too large, where is a system parameter.

KSD reflects the comprehensive ability of a protocol on defending against the active attacks. A higher KSD value represents a more secure protocol. Parameters in our experiments are summarized in Table 1.

Table 1: Experiment settings.
5.2. Results

Figure 9 plots the average key-updating latency of SPA. With the increase of the tag accessing frequency, which means how many times a tag is accessed per second, the key-updating latency increases. The processing speed of SHA-1 is 1.73 MByte per second. We find that the latency of key-updating does not exceed 1.7 ms even when the tag accessing frequency approaches 10. Since we construct a tree with the depth of 20 in this experiment, each tag is assigned with 20 keys. Thus, the curve of key-updating is enclosed within two lines: one represents the upper bound (20 keys in a tag are updated) and another represents the lower bound (only one key is updated). The short key-updating latency of SPA enables a reader to support dense access patterns. Due to page limitation, results from other experiments are not reported here.

Figure 9: Key-updating latency of SPA.

Figure 10 shows the change of KSD of SPA with different tag access frequencies. The curve of KSD fluctuates when increasing the frequency. In Figure 10, two lines show the upper and lower bounds ( and ) of the KSD curve of SPA. We can see that the KSD of SPA increases when enlarging the tag accessing frequency. Clearly, the design of SPA has two advantages. First, tag holders do not need to update the keys of their tags specially. Second, the RFID system is highly secure when tag holders use their tags frequently.

Figure 10: Key security degree of SPA.

In SPA, the main overhead is caused by SHA-1 computations on the side of . Therefore, the number of SHA-1 computations reflects the computation overhead of SPA. Figure 11 shows the relationship between the computation overhead and KSD in different tag accessing frequencies. In Figure 11, the -axis refers to the number of SHA-1 computations. We see that a high tag access frequency results in a smooth curve of overhead. We also find that the computation overhead caused by SPA does not exceed 900 times of SHA-1 even the tag accessing frequency is high, for example, accessing 10 tags per second, while the PC used in our experiments can perform 86,500 SHA-1 computations per second. It indicates that a significant incensement of KSD only incurs small computation overhead to the system. Hence, SPA is scalable when providing high secure private authentication services.

Figure 11: Computation overhead versus KSD.

6. Conclusion

We proposed a privacy-preserving authentication protocol, SPA, to support secure and efficient tag-reader transactions in RFID systems. By using a dynamic key-updating algorithm, SPA enhances the security of existing RFID authentication protocols. SPA is lightweight with high authentication efficiency: a reader can identify a tag within tree walking steps. Compared with previous works, SPA can effectively defend against both passive and active attacks. Through the prototype implementation, we demonstrated that SPA is scalable and practical in large-scale RFID systems.


This research was supported by NSFC 60903155 and NSFC 61173171.


  1. L. M. Ni, Y. Liu, Y. C. Lau, and A. P. Patil, “LANDMARC: indoor location sensing using active RFID,” in Proceedings of the1st IEEE International Conference on Pervasive Computing and Communications (PerCom'03), pp. 407–415, March 2003. View at Scopus
  2. Y. Li and X. Ding, “Protecting RFID communications in supply chains,” in Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07), pp. 234–241, March 2007. View at Publisher · View at Google Scholar · View at Scopus
  3. T. Kriplean, E. Welbourne, N. Khoussainova et al., “Physical access control for captured RFID data,” IEEE Pervasive Computing, vol. 6, no. 4, pp. 48–55, 2007. View at Publisher · View at Google Scholar · View at Scopus
  4. C. Qian, H.-L. Ngan, and Y. Liu, “Cardinality estimation for large-scale RFID systems,” in Proceedings of the 6th Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'08), pp. 30–39, March 2008. View at Publisher · View at Google Scholar · View at Scopus
  5. L. Xiao, Y. Liu, W. Gu, D. Xuan, and X. Liu, “Mutual anonymous overlay multicast,” Journal of Parallel and Distributed Computing, vol. 66, no. 9, pp. 1205–1216, 2006. View at Publisher · View at Google Scholar · View at Scopus
  6. P. Robinson and M. Beigl, “Trust context spaces: an infrastructure for pervasive security in context-aware environments,” in Proceedings of International Conference on Security in Pervasive Computing (SPC'03), 2003.
  7. T. Dimitriou, “A secure and efficient RFID protocol that could make big brother (partially) obsolete,” in Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications (PerCom'06), pp. 269–274, March 2006. View at Publisher · View at Google Scholar · View at Scopus
  8. D. Molnar and D. Wagner, “Privacy and security in library RFID issues, practices, and architectures,” in Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS'04), pp. 210–219, October 2004. View at Scopus
  9. S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, “Security and privacy aspects of low-cost radio frequency identification systems,” in Proceedings of International Conference on Security in Pervasive Computing (SPC'03), 2003.
  10. A. Juels, “RFID security and privacy: a research survey,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 381–394, 2006. View at Publisher · View at Google Scholar · View at Scopus
  11. D. Molnar, A. Soppera, and D. Wagner, “A scalable, delegatable pseudonym protocol enabling owner-ship transfer of RFID tags,” in Proceedings of the Selected Areas in Cryptography (SAC'05), 2005.
  12. M. Ohkubo, K. Suzuki, and S. Kinoshita, “Efficient hash-chain based RFID privacy protection scheme,” in Proceedings of the UbiComp, Workshop Privacy, 2004.
  13. A. Juels, “Minimalist cryptography for low-cost RFID tags,” in Proceedings of International Conference on Security in Communication Networks (SCN'04), 2004.
  14. T. Dimitriou, “A lightweight RFID protocol to protect against traceability and cloning attacks,” in Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm'05), pp. 59–66, September 2005. View at Publisher · View at Google Scholar · View at Scopus
  15. G. Avoine and P. Oechslin, “A scalable and provably secure hash-based RFID protocol,” in Proceedings of the 3rd IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom'05), pp. 110–114, March 2005. View at Publisher · View at Google Scholar · View at Scopus
  16. M. E. Hellman, “A cryptanalytic time-memory trade-off,” IEEE Transactions on Information Theory, vol. 26, no. 4, pp. 401–406, 1980. View at Google Scholar · View at Scopus
  17. G. Avoine, “Adversarial model for radio frequency identification,” Report 2005/049, 2005, Cryptology ePrint Archive. View at Google Scholar
  18. G. Avoine, E. Dysli, and P. Oechslin, “Reducing time complexity in RFID systems,” in Proceedings of Selected Areas in Cryptography (SAC'05), 2005.
  19. RFCode, Inc., http://www.rfcode.com/Solutions/Asset-Management/Products-Overview.html.