Information and Knowledge Society

Lightweight PRNG for Low-Cost Passive RFID Security Improvement

Doctoral Programme on the Information and Knowledge Society
12/04/2011

Author: Joan Melià Seguí
Programme: Doctoral Programme on the Information and Knowledge Society
Language: English
Supervisors: Dr Joaquín García Alfaro and Dr Jordi Herrera Joancomartí
Faculty / Institute: Internet Interdisciplinary Institute (IN3)
Subjects: Telecommunications, Computer Science
Key words: Low-cost RFID, PRNG, EPC Gen2, Lightweight security
Area of knowledge: Information Security, Telematic Engineering

+ Link to project

Summary

RFID systems are composed by tags (also known as electronic labels) storing an identification sequence which can be wirelessly retrieved by an interrogator, and transmitted to the network through middleware and information systems. Low-cost RFID integrates different technologies, regarding the resource constrained characteristic (thus, reduced cost) of the RFID tags.

The main example of low-cost RFID is the Electronic Product Code Class 1 Generation 2 (EPC Gen2) technology, which is designed to balance cost and functionality. The development of EPC Gen2 tags faces, in fact, several challenging constraints such as cost, compatibility regulations, power consumption, and performance requirements. As a consequence, the computational capabilities of EPC Gen2 tags are very simple. In this sense, the EPC Gen2 specification only considers two basic on board security features: pseudo-random number generators (PRNGs) and password-protected operations. The pseudo-randomness offered by on-board PRNGs is, indeed, used to protect the password-protected operations. PRNGs are also used as an anti-collision mechanism for inventorying processes, and to acknowledge other Gen2 specific operations (e.g., memory writing, decommission of tags, and self-destruction). PRNGs are, therefore, the crucial components that guarantee Gen2 security.

The contribution of this dissertation is the improvement of the state of the art on security in RFID EPC Gen2 technology. With the knowledge obtained from the analysis of commercial EPC Gen2 tags, and the evaluation of scientific proposals, we have been able to propose a new PRNG design compatible with the hardware and statistical EPC Gen2 requirements, and with improved security properties. We can conclude that our work leads to new design paradigms and recommendations for the security in low-cost RFID, and particularly for the EPC Gen2 technology.