2010 2nd International Conference on Software Technology and Engineering(ICSTE)

Authentication and Lightweight Cryptography in Low Cost Rfid

Hoopad Mobahat
LuLea University of Technology Sweden International University of Chabahar - Iran 6th floor-No:11- west 9th alley- Khodaverdi Str-First of Kashanak- Niavaran Ave-Tehran- Iran-Postal code:1978936175 hadmob-8@student.ltu.se & hmobahat@gmail.com
AbstractTechnology-driven transactions, or e-commerce, should not involve a tradeoff in which consumers relinquish widening amounts of their privacy in return for greater convenience. Businesses that put customers in control of their online privacy options increase consumer faith in the online world and promote greater acceptance of e-commerce. Ultimately, though, the issue comes down to consumer empowerment and trust. Companies rolling out RFID must have a clear and rigidly enforced policy on the deactivation of their tracking mechanisms, as having a cost-effective supply chain will be pretty meaningless if nobody trusts you enough to buy from you," states Martin Butler. RFID is rapidly pushed to the existing markets with diversified applications, such as automatic tariffs payment in public transport, animal identification and tracking, and automated manufacturing and logistics control. Unprotected communications between tags and readers over a wireless channel can disclose information about the tags and their positions. Due to the potential wide deployment of Radio Frequency Identification (RFID), the security of RFID systems has drawn extensive attention from both academia and industry, and the RFID authentication protocol is an important mechanism in the security of RFID systems. The desired security requirements of RFID authentication protocols include privacy, integrity, authentication, anonymity/untraceability, and even availability. To design an efficient protocol that satisfies all the requirements with limited resources is a challenge According to Benoit Calmels et.al 2006 -Strong cryptography mechanisms need high computing resources which is not possible to be embedded into RFID tags. The approach would be an implementation of some low cost but secure cryptographic functions in the tag. It would bring a high level of privacy where there is no need for any substantial change in the synopsis of communication between the tag and the reader. On the other hand, the tag broadcasts the same data to any reader, with dependency on given authorization, could read and process all or part of the said data. The major challenge faced when trying to provide security for low-cost radio frequency identification (RFID) tags in their very limited resources- for example, tag memory will be restricted to several hundred bits, and approximately 250-4000 logic gates out of the total tag space can be devoted to security- related tasks. So readers should bear in mind that these constrained devices are unable to support on-chip standard cryptographic primitives. During this research with an exploratory purpose some different protocols around authentication and cryptography in low cost RFID would be investigated and compared as the output and result with a qualitative approach. This strategy makes the opportunity to discover similarities and differences among protocols and solutions. So that specialists or executives who are looking for a proper protocol or scheme correspondent to their needs or priorities, could choose one or two among others, in other words when investigating the varied types of attacks against schemes, the administrator or the customer of the technology (technology buyer) could set up a comparison to find the suitable protocol according to his /her criterions or priorities like the value of data that is going to be transmitted by RFID transceivers in the air field or wireless media, or the probable attacks could happen according to situation of located RFID devices. For example, if the administrator or executive knows that the position or location that his/her RFID devices located are vulnerable to DOS attack would not choose RHLK or LCAP as the appropriate protocol, or if he/she assumes that spoofing or replay attack is more probable than other attacks then would not choose Li et al. or SRAC schemes for his/ her RFID transceivers authentication. Keywords- Authentication - Low cost RFID - Lightweight Cryptography

I.

INTRODUCTION

"The upcoming era of pervasive computing will be characterized by many smart devices that because of the tight cost constraints inherent in mass deployments have very limited resources in terms of memory, computing power, and battery supply. Many applications will process sensitive healthmonitoring or biometric data, so the demand for cryptographic components that can be efficiently implemented is strong and growing. For such implementations, as well as for ciphers that are particularly suited for this purpose, we use the generic term lightweight cryptography in this article." [11] According to [11] there is a trade-off between performance, cost and security that every designer of lightweight cryptography should afford it. Optimizing any two of the three designs could be possible, performance and security, performance and cost or cost and security; but it would be too difficult to optimize them simultaneously. As an example, a high-performance and secure implementation could be available by a pipelined, side-channel-resistant architecture, concluding in a high area requirement, and thus high costs. Besides, with the drawback of limited performance designing a secure, low-cost hardware implementation is achievable. According to [9], there are three main privacy concerns when talking about RFID tags, leakage of a tag, traceability of a person and impersonation of a tag. Low cost RFID systems have many restrictions in low-die size, low power

978-1-4244-8666-3/10/$26.00

2010 IEEE

V2-123

2010 2nd International Conference on Software Technology and Engineering(ICSTE)

requirements and limited computing power. Here authentication is a method to protect privacy. In order to deals with these problems effectively, cost effective means of authentication is needed. In this paper twelve authentication protocols and schemes for Low-Cost RFID systems which were proposed by researchers and scientists during last few years would be investigated in order to show a comparison among them which would form the approach of the current paper. The methods compared, mainly discuss the way to protect lowcost RFID tags from counterfeiting and fraud; some by proposing new authentication protocols in order to cryptanalysis and according to [1] some by combining lowcost cryptographic algorithms without impacting the current communication protocols substantially. Mentioned researches were presented in the form of some academic and scientific papers which mainly focused on analyzing different aspects of lightweight authentication protocols and schemes needed for Low-Cost RFID cryptography. Two or more of those protocols or schemes were discussed in each paper, and the writer concluded a table as the result of the research which would set all the protocols besides each other. Also there would be an effort to show a comparison among all the schemes stated separately in studied papers. Finally it could be easily concluded from the papers that the efficiency and suitability of the protocols in protecting the RFID systems against different types of vulnerabilities and attacks were the result of varied angles and aspects out of the research group viewpoints. Additionally their justifications and reasons to prove the priority of some protocols or disclaiming some others, disclosed during the tests, according to their specifications or weak points. II. TAGS AND PRIVACY "Privacy is a particularly big concern when millions and millions of small devices are expected to be embedded into goods and to send various information over the air about them and their holders. Many popular applications of the RFID tags require these tags to be traced, but how to proceed without threatening the privacy of the people who use or wear it? Reconciling privacy with RFID tags is therefore a very challenging task for the coming years. To achieve this goal, we first have to define precisely the different uses of these devices and the different needs they generate in terms of privacy." [1] A. Different Needs for Different Uses "RFID technology enables the quick account of the tags surrounding a tag reader, thus providing stores and warehouses with means to manage stocks and inventories more effectively than ever. Needs related to RFID technology deeply depend on the applications they are involved in." [1] 1) Detection Needs "Detection consists, by using a tag reader, in first finding objects that emit signals with sufficient power to reach the reader, wherever they may be hidden, and second getting

some information about them. Thus, provided the level of information given by the tags is appropriate, every accounting application can be fulfilled by this procedure (see above the customs example). However, when the level of information which is publicly available from the tags is too high, privacy concerns arise, as provided data could allow anyone to uniquely (or almost uniquely) identify each tag. Therefore, it becomes necessary to design a general scheme for RFID tags and readers, which allows tags to disclose the nature of the items they are included in, without identifying themselves uniquely to any tag reader." [1] 2) Authentication Needs "Another emerging application of RFID tags is control of authenticity. Manufacturers of the luxury industry have already begun to integrate RFID tags in their products, so that counterfeiting can be detected more easily. Moreover, counterfeiting is becoming more and more usual, and luxury goods are no longer the only products concerned. As a matter of fact, every well-known brand is a potential victim of counterfeiting. Despite these threats, basic RFID tags broadcasting EPC (Electronic Product Code) 64 or 96-bit numbers can be easily duplicated. As a consequence, they do not provide at the time a satisfactory solution to authentication needs." [1] 3) Identifocation Needs "Identification needs are closely related to traceability, which consumers often consider as a threat to their privacy. This is a reason why, if not the main one, spread of RFID technology is not as fast as expected. However, traceability is required by many applications (shipments, after-sales follow-up...). Thus, in order to protect consumers privacy, a first step is to prevent tag readers with no special privilege from tracing items." [1] III. AUTHENTICATION AND CRPTOGRAPHY PROTOCOLS NEEDED IN LOW-COST RFID

Using each protocol refers back to the use and specifications of data centers which RFID systems are implemented. In other words, to have a selection among varied schemes or protocols, the importance and value of information stored or the type of data which is going to be transferred between tags and their corresponding reader should be concerned. And the protocol more suitable and satisfying the more efficient and secure. As we know any RFID system contained from three main parts: tag or transponder, reader or transceiver and database; which stores all data needed for RFID transferences. Also the whole RFID network has two connections between triple axes of an RFID system (tag, reader, and database). The link between the reader and the database is mainly secured on a wired network. The only SPF (single point of failure) which could threat the privacy and security of a healthy system here is the connection between the reader and

V2-124

2010 2nd International Conference on Software Technology and Engineering(ICSTE)

the tag which is wireless and vulnerable to adversary attacks, because of the media which is the air. Consequently all the efforts would be concentrated on securing this media by the means of some cryptography protocols. Those must be lightweight according to limitations visualized for computing powers needed for hashing and the storage required for database and the tag, also the cost which should be expensed for communication loads. IV. SECURITY ANALYSIS

Now in this section the writer analyze the security of proposed protocols against threats which could occur during eavesdropping or attacks performed by intruders or attackers. According to [1] in order to meet authentication requirements we need not only to supply and use tags that have data authentication ability but also consider the LowCost compatible cryptography protocols such as Lightweight ones. In the current section to show the analyses performed during the scientific papers, the proof of each cell (Prevention or Secure- Not satisfying or partially support) of the first three rows of vulnerabilities and threats assumed for authentication protocols would be extracted and discussed according to investigations applied. And for the rest of security analysis the writer would state the result of researches referred to papers and references reviewed According to approach and purpose of this paper, the comparison of analyzed protocols and schemes is intended and would be shown in two tables as the contribution of the paper with a conclusion and proposing unconsidered authentication and cryptography features for further research. A. Information Leakage The first vulnerability deliberated in the analysis and in the table is Information leakage which for some protocols or schemes like RHLK, HIDV, SRAC, HBIV, Li et al. and Hung-Yu Chien and Chen Wei Huang there were no implication in references investigated even though [6] stated that most protocols are designed to protect against information leakage, spoofing attack and replay attack. B. Spoofing Attack "RHLK is vulnerable to a spoofing attack by impersonating a tag to a legitimate reader." [9]- p-622; in order to prevent the adversary from performing a Spoofing attack, it is needed that the tag response be randomized in every session, which is not provided in HIDV when it uses a fixed hash value in every authentication Since in LCAP protocol a tag response is randomized in every session, prevention against Spoofing attack is provided stated by [9]. "To prevent a spoofing attack, the protocol should satisfy an authentication requirement. An adversary collects a tags messages, and then tries a spoofing attack based on impersonating a legitimate tag. However, an adversary cannot compute the transmitting message P without knowing the ID. On the other hand, to impersonate a reader, an adversary must send the correct Q to the tag. This is also impossible, because an adversary cannot compute it without

knowing the ID value." [6]-pp-797,803.So the proposed protocol by JeaCheol Ha et al. is secure against most attacks presented up to now, including spoofing attacks. "If the ID of a tag changes in a secure manner after every read query then attempts like eavesdropping, spoofing, replaying messages, etc. cannot compromise the security of the scheme. Our protocol- LCRP- is reminiscent of the Hash lock scheme where a MetaID is used to identify the tag." [10]-p-4. "A.Juels and S.A Weis recently proposed a simple, formal definition of strong privacy and suggested improvements to their hash-lock protocol. In the improved randomized hash-lock scheme, a reader sends a random number rR then a tag transmits the value rT ||h (rR||rT ||ID), where rT is a random number generated by the tag. Their scheme is robust against a spoofing attack" [6]-p-798 According to [6] -p-805-table 1, the protocol proposed by Lee et al. also Advanced Semi Randomized Access Control (A-SRAC) support the Low-Cost RFID systems against spoofing attacks. Also according to [4] p-97, the Replay attack consist of two stages- data deriving and spoofing. So if any protocol be secured against replay attack it could be concluded that it would be secure against Spoofing attack too. Consequently protocol proposed by Hung-Yu Chien & Chen-Wei Huang is secure against spoof attack. It could be extended to A-SRAC & Lee et al. which both are secure against Replay attack. According to [3], HBIV scheme is secure against Replay attack. "Replay attacks cannot compromise the scheme since the validity of messages is limited by means of the unique transaction numbers (TIDs). Any message of the tag that reaches the database renders all previous messages invalid. Further, the tag accepts only messages that are equipped with the current TID." [3] p-4 On the contrary, according to [4], Li et al and SRAC protocols are not secure against Replay attack which they could not be secure against spoof attack. C. Replay attack "Juels and Weis recently proposed a simple, formal definition of strong privacy and suggested improvements to their hash-lock protocol. In the improved randomized hashlock scheme, a reader sends a random number rR then a tag transmits the value rT ||h(rR||rT ||ID), where rT is a random number generated by the tag. The authors insist that their protocol provides strong privacy and can protect against a replay attack." [6]-p-798 "Lee and Verbauwhede proposed advanced semirandomized access control, called A-SRAC, where the tag sends H (ID), rT, and H (ID||rR) as a response to the reader. The authors insist that A-SRAC resolves most security properties, such as location tracing, forward security, and replay attacks based on the use of a random number generator in the tags." [6]-p-799 "A replay attack also cannot compromise the proposed protocol (JeaCheol Ha et al.), as H(ID) or H(ID||rT ||rR) is refreshed by updating the ID or including random numbers rT and rR in each session." [6]-p-803

V2-125

2010 2nd International Conference on Software Technology and Engineering(ICSTE)

"An adversary may try to do a replay attack by eavesdropping legitimate interactions, but cannot success cloning by a replay attack because s is different for each session. Moreover, because adversary doesn't know k of the tag, adversary cannot generate r2 from r1." [7]- p-4 so the protocol Lee et al. is also secure against Replay attack. "If the ID of a tag changes in a secure manner after every read query then attempts like eavesdropping, spoofing, replaying messages, etc. cannot compromise the security of the scheme." [10]-p-4 consequently the protocol proposed by Tassos Dimitriou named LCRP is secure against Replay attack. "RHLK is vulnerable to a spoofing attack by impersonating a tag to a legitimate reader and can only perceive loss of messages and replay attacks, but cannot protect them. Replay attacks cannot compromise LCAP since the valid massage is refreshed in each session by a random value r of HaID=h(ID||r). [9]- p- 622,625; Also according to [9] p-622 Table 1, HIDV scheme could be prevented against Replay attack. "An adversary can easily eavesdrop on the communications from a legal tag, modify the data, and then replay the messages to masquerade as the legal tag as follows. The attack consists of two stagesthe data deriving stage and the spoofing stage & the data deriving stage: The adversary records the communication (R, R, n1, n2) from a tag (say Ta), and then derives PID1L _PID2R from R0 _ R. & the spoofing stage: In this stage, the adversary uses the derived data PID1L _PID2R to masquerade as the tag Ta as follows. 1. Upon receiving the probe Query||R from the reader, the adversary computes R0 PID1L _PID2R _R, and responds with R0 n1 k kn2 to the reader. 2. It is easy to see that the forged data R0 n1 k kn2 will be accepted by the server, and the reader will forward the data PID from the server to the adversary. 3. The adversary just records the data PID and always responds with OK to the reader. We can see that the reader finally accepts this spoofing tag as the genuine tag Ta." [4]- P-97 which insist that Li et al. scheme is NOT secure against Replay attack. "An adversary could eavesdrop on the communications between the reader and the tag. However, the substring Left (SID' g) and the substring Right (SID' g) should depend on the random challenges R1, R2, and replay messages cannot satisfy the verification either by the reader or by the tag." [4]- p-100 which discusses that Hung-Yu Chien & Chen-Wei Huang protocol is supported against Replay attack. "One problem of SRAC is that it is under the replay attack. Attackers can masquerade as either a reader or a tag by replaying the past messages. The first case is to masquerade as a tag. Note that the server stores two MetaIDs, i.e. the current one and the previous one, per tag and if it is matched with either of two, the server will authenticate a tag. Attackers may eavesdrop and reuse the recently used MetaID and will succeed to be authenticated." [12]- p-4

D. Indistinguishability For the feature Indistinguishability, the only protocols which support it are, Ari Juels & Stephen A. Weis, JeaCheol Ha et al. and Lee et al. On the contrary two protocols which could not support Indistinguishability are LCRP and A-SRAC according to [6]. For the rest of protocols: RHLK, HIDV, SRAC, HBIV, Hung-Yu Chien and Chen Wei Huang, Li et al. and LCAP there were not enough evidences to conclude a specific behavior adjacent to the corresponding protocol. E. Forward Security SRAC, HBIV, LCAP and Hung-Yu Chien and Chen Wei Huang are protocols which fully support Forward Security, and LCRP, A-SRAC, JeaCheol Ha et al. and Lee et al. are protocols which partially support Forward security as stated in [6] and [4] Forward Security is not supported in RHLK, Li et al. and Ari Juels & Stephen A. Weis again according to [6] and [4] The only protocol which there is no information in order to decide about its compatibility with Forward security is HIDV. F. Resynchronization Schemes and protocols: HIDV, A-SRAC, Lee et al., Ari Juels & Stephen A. Weis, LCAP, JeaCheol Ha et al. and Li et al. are secure against Desynchronization which means support for Resynchronization; is mentioned in [6], also by an implication from [4]. It could be easily seen from the Table.1 p-805 in [6] which rejects the prevention from desynchronization state, for LCRP. RHLK, SRAC, HBIV and Hung-Yu Chien and Chen Wei Huang are protocols which no specific position could be inferred accordingly when referring back to papers studied. It should be noted that "An adversary can create a desynchronization state between the tag and the reader by blocking certain transmitted messages. This abnormal state can occur in an ID-renewable RFID system. If one of emitted values from the tag in desynchronization state is constant, the tag can be easily traced, thereby compromising the location privacy." Which is stated in [6] p-797, and would lead us to conclusion that if privacy location be supported by any protocol then desynchronization state attack could not compromise the security of the protocol or scheme. G. No Traceability For the protocols: HIDV, Li et al. JeaCheol Ha et al. and LCAP no traceability are satisfied according to [9] and [4] tables, which state that Hung-Yu Chien & Chen-Wei Huang protocol is partially supported against Traceability and its location could be partially private. SRAC, HBIV, LCRP, RHLK, are the protocols that are not supported against Traceability according to [6] and [4]. Ari Juels & Stephen A. Weis, Lee et al. and A-SRAC are the schemes that the writer did not find any behavior among the references investigated and could not take a specific position.

V2-126

2010 2nd International Conference on Software Technology and Engineering(ICSTE)

H. Mutual Authentication RHLK, SRAC, HBIV, Li et al., LCAP, JeaCheol Ha et al., Hung-Yu Chien and Chen Wei Huang and Lee et al. are the protocols or schemes that provide mutual authentication according to: [6], [4] and [7] The protocol HIDV would not provide mutual authentication according to [9]. And for LCRP, A-SRAC and Ari Juels & Stephen A. Weis schemes, not enough information were located in papers studied. DOS Attack Li et al and Hung-Yu Chien and Chen Wei Huang are the protocols which are secure against DOS attack according to [4]. RHLK, SRAC, LCRP, HBIV, and LCAP are the schemes that are not secured against DOS attack according to [4] and [10]. HIDV, A-SRAC, Ari Juels & Stephen A. Weis, JeaCheol Ha et al and Lee et al. are protocols that about their prevention against DOS attack enough evidences could not be located according to investigations performed. Loss of Message The result of this attack is unknown to most of the protocols, except three RHLK, HIDV and LCAP protocols.
TABLE I.

RHLK just could percept the loss of messages, but the protocols: HIDV and LCAP not only percept this kind of attack but also could restore the messages lost as stated in [9] Percept this kind of attack but also could restore the messages lost as stated in [4] V. SECURITY COMPARISON According to [8] the analysis of the twelve privacy management schemes currently proposed for Low-Cost RFID security and privacy uses, shows that none is truly optimal. Each proposal involves trade-offs concerning security levels totally. In other words in selection among different protocols, the vital factor to choose the best and most efficient one would be the environment and application that is consuming the RFID systems and refers back to the type of data that is being transferred and stored accordingly. It could be easily seen from the tables that for some protocols the result of a specific attack is not clear and it really involves the user to suspicion of choosing the best scheme. It could be resolved by considering the attack which is not mentioned or supported in the table and compare it with the situation of his/her use of that specific protocol, to see if that special specification is really needed and vital for his/her use or not, and how much the corresponding data values.

I.

J.

COMPARISON OF SECURITY THREATS' IMPACT ON STANDARD AUTHENTICATION PROTOCOLS HAPPENING BETWEEN READERS AND TAGS IN LOW COST RFID FIELDS.

Popular Protocol or Scheme Attack Information leakage Spoofing Attack Replay Attack Indistinguishability Forward Security Resynchronization No Traceability (Location Privacy) Mutual Authentication

RHLK HIDV SRAC HBIV LCRP

A-SRAC

--- P -- ---- 3

--P 3 ------3 3

-- --3 --- 3

--3 3 --3 --- 3

3 3 3 ----

3 3 3 3 ---------

V2-127

2010 2nd International Conference on Software Technology and Engineering(ICSTE)

DOS Attack Loss of Message

Notations of table:

--R

---

----

---

-----

3 = Secure or Support, = Not Satisfied or Not Support, = Partially Secure P = Perception, R = Restoration (in the case of attack)

TABLE II.

COMPARISON OF SECURITY THREATS' IMPACT ON PROPOSED AUTHENTICATION PROTOCOLS HAPPENING BETWEEN READERS AND TAGS IN LOW COST RFID FIELDS.

Li et al. Proposed Protocol or Scheme

Hung-Yu JeaCheol Ha et al. Chien and Chen Wei Huang

Ari Juels LCAP Lee et al. & Stephen A. Weis

Attack Information leakage Spoofing Attack Replay Attack Indistinguishability Forward Security Resynchronization No Traceability (Location Privacy) Mutual Authentication DOS Attack Loss of Message -- -- 3 3 3 3 ----3 3 --3 -- 3 3 --3 3 3 3 3 3 3 ----3 3 3 3 3 --------3 3 3 --3 3 3 3 R = 3 3 3 3 3 --3 ----Perception, R =

Notations of table: 3 = Secure or Support, = Not Satisfied or Not Support, = Partially Secure, P Restoration (in the case of attack) VI. CONCLUSION AND FURTHER RESEARCH

According to the tables drawn, among the standard protocols HBIV and A-SRAC protocols both support the RFID system from four (4) attacks however A-SRAC would

support one attack partially more than HBIV which defines it the most secure protocol, also in the proposed protocols it could be easily seen that JeaCheol Ha et al protocol supports against seven (7) attacks with one more partially that achieves the first position among others and LCAP

V2-128

2010 2nd International Conference on Software Technology and Engineering(ICSTE)

similarly is secure against seven (7) different attacks and one another attack with restoration. Here the second rank and third one assigned to Lee et al. and Hung-Yu Chien and Chen Wei Huang in order. We see that none of the protocols or schemes is ideal to secure our Low-Cost RFID authentication against different various attacks and selecting each of them would stand up a trade-off. In this paper some privacy and security properties were not included according to references investigated and could be considered and followed as future works and researches. The writer could offer following vulnerabilities and attacks: (a) Backward Traceability; (b) Server impersonation attack also the attacks which were not satisfied during current research as like as Loss of Message for most of protocols or DOS attack for some protocols like HIDV, A-SRAC or Ari Juels & Stephen A. Weis and JeaCheol Ha et al. ACKNOWLEDGMENTS Thanks for kindly and helpful reply on my question Professor. Hung-Yu Chien, Dept. of Information Management, National Chi Nan University, Taiwan, R.O.C and also Professor Amir Manian, IT department of Management faculty- Tehran University-Iran RFID solutions enable you to advance your business to a new level of efficiency by providing greater visibility into your inventory as it moves across the supply chain. With real-time tracking information, you'll always know where your critical business assets are.
http://www.motorola.com/business/v/index.jsp?vgnextoid=ae7a3a cf35e95110VgnVCM1000008406b00aRCRD

Sarah Spiekermann and Sergei Evdokimov. Critical RFID Privacy Enhancing Technologies. 2009. Co Published by the IEEE Computer and Reliability Societies [9] Su Mi Lee, Young Ju Hwang, Dong Hoon Lee, and Jong In Lim. 2005. Efficient Authentication for Low-Cost RFID Systems- Center for Information Security Technologies (CIST), Korea UniversitySpringer-Verlag Berlin Heidelberg. Germany [10] Tassos Dimitriou- 2005. A Lightweight RFID Protocol to protect against Traceability and Cloning attacks- In: SecureComm. Security and Privacy for Emerging Areas in Communications Networks. Athens Information Technology. Athens. Greece [11] Thomas Eisenbarth, Christof Paar and Axel Poschmann, Sandeep Kumar, Leif Uhsadel. 2007.A survey of lightweight Cryptography implementations - Co published by the IEEE CS and the IEEE CASS. [12] Yong Ki Lee and Ingrid Verbauwhede .2005. Secure and Low-Cost RFID Authentication protocol. University of California Los Angeles (UCLA).California.USA. Katholieke Universiteit Leuven

[8]

REFERENCES
[1] Benot Calmels, Sbastien Canard, Marc Girault, and Herv Sibert.2006. Low-Cost Cryptography for Privacy in RFID Systems. France Telecom R&D. France Boyeon Song & Chris J Mitchell.2008. RFID Authentication Protocol for Low-cost Tags .Information security group Royal Holloway, University of London- ACM 978-1-59593-814-5/08/03. London. UK Dirk Henrici and Paul Mller.2004. Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers- University of Kaiserslautern, Germany Hung-Yu Chien and Chen-Wei Huang.2008.A Lightweight Authentication Protocol for Low-Cost RFID- Springer Science + Business Media, LLC. Manufactured in The United States Hung-Yu Chien and Chen-Wei Huang.2007. A Lightweight RFID Protocol Using Substring .Dept. of Information Management, National Chi Nan University, Taiwan, R.O.C. JeaCheol Ha, SangJae Moon, Juan Manuel Gonzalez Nieto, and Colin Boyd.2007.Low-Cost and Strong-Security RFID Authentication protocol. This research was supported by the MIC of Korea, under the ITRC support program supervised by the IITA (IITA-2007-C1090-0701-0026) Dept. of Information Security, Hoseo Univ., 336-795, Korea, School of Electrical Eng. and Computer Science, Kyungpook National University, Information Security Institute, Queensland Univ. of Technology. Brisbane. Australia Sangshin Lee, Tomoyuki Asano, Kwangjo Kim.2006.RFID Mutual Authentication Scheme based on Synchronized Secret Information. SCIS 2006 The 2006 Symposium on Cryptography and Information Security Hiroshima, Japan, Jan. 17-20, 2006 The Institute of Electronics, Information and Communication Engineers

[2]

[3]

[4]

[5]

[6]

[7]

V2-129