Security analysis and review of digital signature-based low-cost RFID tag authentication

Teemu Väisänen, Matti Ritamäki, Johan Scholliers, Sirra Toivonen

Research output: Contribution to journalArticleScientificpeer-review

Abstract

BACKGROUND: In logistic processes, radio frequency identification (RFID) technology provides possibilities for improving the integrity of shipments, the performance of supply chains and for enabling leaner processes. RFID tags are used in logistics to identify and authenticate users, products or shipments. Especially cheap, passive long-range low-cost RFID tags are of interest, but these provide security-related challenges. In new implementations of this RFID technology the threats and risks must be carefully considered as they can result in system malfunctioning, revenue losses and illegal activities. Hence, there is a need for cryptography techniques for low-cost RFID tags. Various lightweight security mechanisms that take into account the limitations of the tags have been designed. The potentiality of using asymmetric cryptography and digital signatures in tags is one such mechanism that enables more secure tag authentication. RESULTS: This paper explores how asymmetric digital signatures have been used for RFID tag authentication. The paper provides a literature overview of the methods used in both research and in commercial products, and provides knowledge about gained and missing protection in such use cases. A method based on asymmetric Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures has been developed for the authentication of low-cost RFID tags. In addition to this, the paper categorizes RFID threats to categories as presented in IETF RFC 4949 and analyzes how using asymmetric cryptography-based digital signatures protects against described threats and attacks suitable for low-cost RFID tags that do not use additional security mechanisms. CONCLUSIONS: This paper finds that asymmetric cryptography and digital signatures are suitable for low-cost RFID tags and that usage of them gives additional security, especially against physical data modification and impersonation attacks. The research underlines that IETF RFC 4949 is suitable for categorization of threats and attacks towards RFID technology. In addition to this, systematic threat and attack categorization and analysis enables the specification of further threats.

Original languageEnglish
Pages (from-to)31-49
Number of pages19
JournalInternational Journal of RF Technologies: Research and Applications
Volume6
Issue number1
DOIs
Publication statusPublished - 1 Jan 2014
MoE publication typeA1 Journal article-refereed

Fingerprint

Electronic document identification systems
Radio frequency identification (RFID)
Authentication
Costs
Cryptography
Logistics
Digital signature
Radio frequency identification
Tag
Security analysis
Supply chains
Threat

Keywords

  • digital signature
  • ECDSA
  • low-cost
  • RFID
  • threat categorization

Cite this

@article{3e06837c49134a1e957063b25fb327f1,
title = "Security analysis and review of digital signature-based low-cost RFID tag authentication",
abstract = "BACKGROUND: In logistic processes, radio frequency identification (RFID) technology provides possibilities for improving the integrity of shipments, the performance of supply chains and for enabling leaner processes. RFID tags are used in logistics to identify and authenticate users, products or shipments. Especially cheap, passive long-range low-cost RFID tags are of interest, but these provide security-related challenges. In new implementations of this RFID technology the threats and risks must be carefully considered as they can result in system malfunctioning, revenue losses and illegal activities. Hence, there is a need for cryptography techniques for low-cost RFID tags. Various lightweight security mechanisms that take into account the limitations of the tags have been designed. The potentiality of using asymmetric cryptography and digital signatures in tags is one such mechanism that enables more secure tag authentication. RESULTS: This paper explores how asymmetric digital signatures have been used for RFID tag authentication. The paper provides a literature overview of the methods used in both research and in commercial products, and provides knowledge about gained and missing protection in such use cases. A method based on asymmetric Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures has been developed for the authentication of low-cost RFID tags. In addition to this, the paper categorizes RFID threats to categories as presented in IETF RFC 4949 and analyzes how using asymmetric cryptography-based digital signatures protects against described threats and attacks suitable for low-cost RFID tags that do not use additional security mechanisms. CONCLUSIONS: This paper finds that asymmetric cryptography and digital signatures are suitable for low-cost RFID tags and that usage of them gives additional security, especially against physical data modification and impersonation attacks. The research underlines that IETF RFC 4949 is suitable for categorization of threats and attacks towards RFID technology. In addition to this, systematic threat and attack categorization and analysis enables the specification of further threats.",
keywords = "digital signature, ECDSA, low-cost, RFID, threat categorization",
author = "Teemu V{\"a}is{\"a}nen and Matti Ritam{\"a}ki and Johan Scholliers and Sirra Toivonen",
year = "2014",
month = "1",
day = "1",
doi = "10.3233/RFT-140058",
language = "English",
volume = "6",
pages = "31--49",
journal = "International Journal of RF Technologies: Research and Applications",
issn = "1754-5730",
publisher = "IOS Press",
number = "1",

}

Security analysis and review of digital signature-based low-cost RFID tag authentication. / Väisänen, Teemu; Ritamäki, Matti; Scholliers, Johan; Toivonen, Sirra.

In: International Journal of RF Technologies: Research and Applications, Vol. 6, No. 1, 01.01.2014, p. 31-49.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - Security analysis and review of digital signature-based low-cost RFID tag authentication

AU - Väisänen, Teemu

AU - Ritamäki, Matti

AU - Scholliers, Johan

AU - Toivonen, Sirra

PY - 2014/1/1

Y1 - 2014/1/1

N2 - BACKGROUND: In logistic processes, radio frequency identification (RFID) technology provides possibilities for improving the integrity of shipments, the performance of supply chains and for enabling leaner processes. RFID tags are used in logistics to identify and authenticate users, products or shipments. Especially cheap, passive long-range low-cost RFID tags are of interest, but these provide security-related challenges. In new implementations of this RFID technology the threats and risks must be carefully considered as they can result in system malfunctioning, revenue losses and illegal activities. Hence, there is a need for cryptography techniques for low-cost RFID tags. Various lightweight security mechanisms that take into account the limitations of the tags have been designed. The potentiality of using asymmetric cryptography and digital signatures in tags is one such mechanism that enables more secure tag authentication. RESULTS: This paper explores how asymmetric digital signatures have been used for RFID tag authentication. The paper provides a literature overview of the methods used in both research and in commercial products, and provides knowledge about gained and missing protection in such use cases. A method based on asymmetric Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures has been developed for the authentication of low-cost RFID tags. In addition to this, the paper categorizes RFID threats to categories as presented in IETF RFC 4949 and analyzes how using asymmetric cryptography-based digital signatures protects against described threats and attacks suitable for low-cost RFID tags that do not use additional security mechanisms. CONCLUSIONS: This paper finds that asymmetric cryptography and digital signatures are suitable for low-cost RFID tags and that usage of them gives additional security, especially against physical data modification and impersonation attacks. The research underlines that IETF RFC 4949 is suitable for categorization of threats and attacks towards RFID technology. In addition to this, systematic threat and attack categorization and analysis enables the specification of further threats.

AB - BACKGROUND: In logistic processes, radio frequency identification (RFID) technology provides possibilities for improving the integrity of shipments, the performance of supply chains and for enabling leaner processes. RFID tags are used in logistics to identify and authenticate users, products or shipments. Especially cheap, passive long-range low-cost RFID tags are of interest, but these provide security-related challenges. In new implementations of this RFID technology the threats and risks must be carefully considered as they can result in system malfunctioning, revenue losses and illegal activities. Hence, there is a need for cryptography techniques for low-cost RFID tags. Various lightweight security mechanisms that take into account the limitations of the tags have been designed. The potentiality of using asymmetric cryptography and digital signatures in tags is one such mechanism that enables more secure tag authentication. RESULTS: This paper explores how asymmetric digital signatures have been used for RFID tag authentication. The paper provides a literature overview of the methods used in both research and in commercial products, and provides knowledge about gained and missing protection in such use cases. A method based on asymmetric Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures has been developed for the authentication of low-cost RFID tags. In addition to this, the paper categorizes RFID threats to categories as presented in IETF RFC 4949 and analyzes how using asymmetric cryptography-based digital signatures protects against described threats and attacks suitable for low-cost RFID tags that do not use additional security mechanisms. CONCLUSIONS: This paper finds that asymmetric cryptography and digital signatures are suitable for low-cost RFID tags and that usage of them gives additional security, especially against physical data modification and impersonation attacks. The research underlines that IETF RFC 4949 is suitable for categorization of threats and attacks towards RFID technology. In addition to this, systematic threat and attack categorization and analysis enables the specification of further threats.

KW - digital signature

KW - ECDSA

KW - low-cost

KW - RFID

KW - threat categorization

UR - http://www.scopus.com/inward/record.url?scp=84905372342&partnerID=8YFLogxK

U2 - 10.3233/RFT-140058

DO - 10.3233/RFT-140058

M3 - Article

VL - 6

SP - 31

EP - 49

JO - International Journal of RF Technologies: Research and Applications

JF - International Journal of RF Technologies: Research and Applications

SN - 1754-5730

IS - 1

ER -