RFID Lightweight Mutual Authentication Using Shrinking Generator Mouza Ahmad Bani Shemaili, Chan Yeob Yeun, Mohamed Jamal Zemerly Computer Engineering Department, Khalifa University for Science, Technology and Research, PO Box 573, Sharjah, UAE {mouza, cyeun, jamal}@kustar.ac.ae Abstract The RFID technology is recently predicted to spread in most of our daily lives. However, it is very much vulnerable as it faces some major security challenges and threats. Thus, RFID technology also provides the solutions for the security threats concerned with security, privacy, and authentication. This paper not only addresses security privacy and authentication but also proposes a lightweight mutual authentication suitable to be implemented for passive RFID tag. The proposed protocol is simple, low cost and low power consumption as well as efficient computation since it uses the simple and low cost Shrinking Generator that can be considered an alternative for the use of the One Time Pad algorithm. 1. Introduction Radio Frequency Identification (RFID) is an automatic identification technology that can connect the real world with the virtual world by identifying objects or subjects wirelessly and relaying this information to the backend server. The use of RFID technology grew to enter most of our life applications such as transport, travel, health, etc. An RFID system consists of three main components; a tag, a reader, and a server. There are three types of tags as follow: 1. Passive tag: Passive tags need to be beamed by the reader to be activated. Passive tags are also smaller, less expensive than other kind of tags and used for a short range. 2. Semi Passive tag: Semi passive tags have an on-board power source only to run the tag chip circuit but for the reader communication semi passive tags draw the communication energy from the reader. Besides, semi passive tags have longer read range than the passive tags. 3. Active tag: Active tags include miniature batteries used to power the tag, so RFID reader can read active tags at distances of one hundred feet or more. Also, active tags can be used as sensors and are more expensive than other kind of tags. Table 1 shows the advantages and disadvantages of the three types of RFID tags. In brief, an active tag includes miniature batteries used to power the tag. A passive tag does not have a battery so it will need to be beamed by the reader to be activated. Passive tags are smaller, less expensive and used for a shorter range. Some smart tags have memories that can be written into and erased, while others have memories that can only be read, so the cost of the tag depends on the memory size that it contains in [1]. Table 1. Comparison of various types of tags. Disadvantages Advantages Tag Type Distance limited Longer life time Low cost More flexible Passive Longer range for communication Semi Passive Expensive due to the battery Cannot determine if the battery is good or bad Can be used as sensors Longer range for communication Active In this paper we will focus on the passive tag and try to implement the mutual authentication protocol on the passive tag. A passive RFID tag is characterized with a small size, low cost, and does not contain a battery. Passive RFID tag consists of two elements: one is a chip, and the other one is an antenna. The RFID chip on the tag stores data and performs some specific tasks. The chip can be classified into three types depending on the memory types as follows: 1. Read-Only (RO): It is programmed with a unique number such as; serial number. 2. Write-Once, Read-Many (WORM): It is preprogrammed with additional information which can be added if there is still any spare space in the memory. 3. Read Write (RW): It can be updated dynamically. The proposed protocol described here assumes a tag of this type. Copyright © 2009 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved.