A Lightweight Secure Solution for RFID Bo Sun* Dept. of Computer Science Lamar University Beaumont, TX 77710 bsun@cs.lamar.edu Chung Chih Li School of Information Technology Illinois State University Normal, IL 61761 cli2@ilstu.edu Yang Xiao Dept. of Computer Science University of Alabama Tuscaloosa, AL, 35487, USA yangxiao@ieee.org Abstract— Radio Frequency Identification (RFID) systems have provided promising solutions to effective identification of a large number of tagged objects. However, RFID systems suffer from unauthorized tag reading and potential eavesdropping, which becomes a challenging issue because of the shared radio medium and limited size and cost considerations in RFID. In this paper, based on a Linear Congruential Generator (LCG), we propose a lightweight block cipher that can meet the security and performance requirement of RFID systems. The trade-off between the security and overhead is discussed. Based on the proposed block cipher, we further propose a secure protocol for RFID that can provide data confidentiality and mutual authentication between the reader and the tag. We also provide performance analysis of our proposed block cipher. I. I NTRODUCTION In recent years, Radio Frequency Identification (RFID) have become more and more popular to provide automated identifi- cation systems in areas such as supply chain management, manufacturing, and inventory control [1]. Generally, RFID systems consist of the low-cost RFID transponders (also called tags), RFID readers, and a database (which stores records associated with tag contents). Readers broadcast an RF signal in a certain wireless range to access required information in the tags. Powered by the signal from the RFID reader (called passive tags) or an internal battery (called active tags), tags can respond to the reader by sending information such as the object identification data after receiving the reader’s signal. However, the universal deployment of RFID systems may pose different and widespread security and privacy challenges [2]. For example, Molnar et al. [4] identified that RFID suffers from the following potential types of security threats: tracking, hotlisting, and profiling. The intruder can track the location of the tag holder by periodically querying the tag. Also, without a proper security mechanism, the content of the tag data can also be released to an unauthorized adversary. The shared radio medium, the extreme scarce computational and storage capabilities make it challenging to design secure protocols to guard RFID against unauthorized tag reading and potential eavesdropping. These constraints make it impossible to deploy most of the traditional security primitives and protocols, such as the RSA [7], Diffie-Hellman algorithm [8], which usually incurs the storage of large keys and incurs heavy computation. *This research was supported in part by the Texas Advanced Research Program under grant 003581-0006-2006. There is always a good trade-off between complexity and security. In this paper, based on a Linear Congruential Gen- erator (LCG) [6], we propose a lightweight block cipher that can meet the security and performance requirement of RFID systems. We are motivated by the fact that a good balance between security and efficiency can be achieved after properly arranging the numbers generated by the LCG. By adding random noise generated by a LCG and random permutations to RFID data, we demonstrate that our proposed cipher is secure enough for RFID. We further analyze that the security of our proposed cipher can be adjusted with the input length of the data. Armed with the lightweight block cipher, we demonstrate its usage in the mutual authentication between the reader and the tag. Security and performance of the proposed block cipher are also analyzed. II. THREAT MODEL,SYSTEM ASSUMPTIONS AND SECURITY GOALS We assume that an adversary can eavesdrop the traffic. Therefore, the adversary can perform cryptanalysis to deduce the secret. This raises the privacy issue of the tagged data. We assume that the message transmission between the reader and tag is one-hop. In this paper, when we design the secure protocol, we only consider passive tags, in which tags can only operate when the reader provides necessary energy. However, our proposed cipher is general and can be applied to active tags. We consider a typical RFID system that consists of one RFID reader and multiple RFID tags. In order for our proposed mechanism to work, a secret key needs to be shared between the reader and the tag. Based on the different application and different types of tags (rewritable, write-once, etc), we can have different keying mechanism. Please see more details in Section IV-A. We focus on the following security goals: • Confidentiality: Many applications of RFID require se- cure tag readings so the sensitive data sent from the tag cannot be disclosed to attackers. For example, no cus- tomer wants the amount of money in a wallet to be easily determined by an unauthorized scanner. Confidentiality is typically achieved through encryption. The key point for RFID systems is how to accommodate the stringent resource limitation. U.S. Government work not protected by U.S. copyright This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE GLOBECOM 2006 proceedings.