Tree-Based RFID Authentication Protocols Are Definitively Not Privacy-Friendly

Avoine G., Martin B., Martin T.

6th Workshop on Radio Frequency Identification Security, İstanbul, Turkey, 8 - 09 June 2010, vol.6370, pp.103-122 identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 6370
  • City: İstanbul
  • Country: Turkey
  • Page Numbers: pp.103-122
  • Istanbul Technical University Affiliated: No


Authentication for low-cost Radio-Frequency IDentification (RFID) is a booming research topic. The challenge is to develop secure protocols using lightweight cryptography, yet ensuring privacy. A current trend is to design such protocols upon the Learning Parity from Noise (LPN) problem. The first who introduced this solution were Hopper and Blum in 2001. Since then, many protocols have been designed, especially the protocol of Halevi, Saxena, and Halevi (HSH) [15] that combines LPN and the tree-based key infrastructure suggested by Molnar and Wagner [24]. In this paper, we introduce a new RFID authentication protocol that is less resource consuming than HSH, relying on the same adversary model and security level, though. Afterwards, we show that, if an adversary can tamper with some tags, the privacy claimed in HSH is defeated. In other words, either tags are tamper-resistant, then we suggest a protocol more efficient than HSH, or they are not, then we suggest a significative attack against the untraceability property of HSH.