RT Dissertation/Thesis
T1 Lightweight cryptography in radio frequency identification (RFID) systems
T1 Criptografía ligera en dispositivos de identificación por radiofrecuencia- RFID
A1 Peris López, Pedro
AB Esta tesis se centra en el estudio de la tecnología de identificación por radiofrecuencia (RFID), la cual puede ser considerada como una de las tecnologías más prometedoras dentro del área de la computación ubicua. La tecnología RFID podría ser el sustituto de los códigos de barras. Aunque la tecnología RFID ofrece numerosas ventajas frente a otros sistemas de identificación, su uso lleva asociados riesgos de seguridad, los cuales no son fáciles de resolver. Los sistemas RFID pueden ser clasificados, atendiendo al coste de las etiquetas, distinguiendo principalmente entre etiquetas de alto coste y de bajo coste. Nuestra investigación se centra fundamentalmente en estas últimas. El estudio y análisis del estado del arte nos ha permitido identificar la necesidad de desarrollar soluciones criptográficas ligeras adecuadas para estos dispositivos limitados. El uso de soluciones criptográficas estándar supone una aproximación correcta desde un punto de vista puramente teórico. Sin embargo, primitivas criptográficas estándar (funciones resumen, código de autenticación de mensajes, cifradores de bloque/flujo, etc.) exceden las capacidades de las etiquetas de bajo coste. Por tanto, es necesario el uso de criptografía ligera._______________________________________
AB This thesis examines the security issues of Radio Frequency Identification(RFID) technology, one of the most promising technologies in the field ofubiquitous computing. Indeed, RFID technology may well replace barcodetechnology. Although it offers many advantages over other identificationsystems, there are also associated security risks that are not easy to address.RFID systems can be classified according to tag price, with distinctionbetween high-cost and low-cost tags. Our research work focuses mainlyon low-cost RFID tags. An initial study and analysis of the state of theart identifies the need for lightweight cryptographic solutions suitable forthese very constrained devices. From a purely theoretical point of view,standard cryptographic solutions may be a correct approach. However,standard cryptographic primitives (hash functions, message authenticationcodes, block/stream ciphers, etc.) are quite demanding in terms of circuitsize, power consumption and memory size, so they make costly solutionsfor low-cost RFID tags. Lightweight cryptography is therefore a pressingneed.First, we analyze the security of the EPC Class-1 Generation-2 standard,which is considered the universal standard for low-cost RFID tags.Secondly, we cryptanalyze two new proposals, showing their unsuccessfulattempt to increase the security level of the specification without much furtherhardware demands. Thirdly, we propose a new protocol resistant topassive attacks and conforming to low-cost RFID tag requirements. In thisprotocol, costly computations are only performed by the reader, and securityrelated computations in the tag are restricted to very simple operations.The protocol is inspired in the family of Ultralightweight Mutual AuthenticationProtocols (UMAP: M2AP, EMAP, LMAP) and the recently proposedSASI protocol. The thesis also includes the first published cryptanalysis ofxiSASI under the weakest attacker model, that is, a passive attacker. Fourthly,we propose a new protocol resistant to both passive and active attacks andsuitable for moderate-cost RFID tags. We adapt Shieh et.’s protocol forsmart cards, taking into account the unique features of RFID systems. Finally,because this protocol is based on the use of cryptographic primitivesand standard cryptographic primitives are not supported, we address thedesign of lightweight cryptographic primitives. Specifically, we proposea lightweight hash function (Tav-128) and a lightweight Pseudo-RandomNumber Generator (LAMED and LAMED-EPC).We analyze their securitylevel and performance, as well as their hardware requirements and show that both could be realistically implemented, even in low-cost RFID tags.
YR 2008
FD 2008-10
LK https://hdl.handle.net/10016/5093
UL https://hdl.handle.net/10016/5093
LA eng
DS e-Archivo
RD 30 jun. 2024