Two Rounds RFID Grouping-Proof Protocol Sarah Abughazalah, Konstantinos Markantonakis, Keith Mayes Smart Card Centre-Information Security Group (SCC-ISG) Royal Holloway, University of London Email: {Sarah.AbuGhazalah.2012, K.Markantonakis, Keith.Mayes}@rhul.ac.uk Abstract—In this paper, we focus on a par- ticular RFID application called a grouping- proof, where an entity such as an RFID reader generates a proof that two or more tags have been scanned simultaneously. This proof is then verified by the server, which processes the tags’ data in the system. How- ever, designing a grouping-proof protocol is challenging for two reasons. Firstly, in some cases, the server that authenticates the tags is offline during the scanning process, thus the tags’ data need to be assembled in a valid grouping-proof to be authenti- cated later. Secondly, a number of recent grouping-proof protocols are either prone to attacks, or they are not efficient in terms of performance. In this paper, we present an offline two rounds grouping-proof protocol that provides immunity against well-known attacks on RFID protocols and improves tag’s memory and computing performance. We analysed our protocol using a mechanical formal analysis tool called Scyther, which did not find any feasible attack(s). Finally, an implementation of the proposed protocol is conducted to measure the tag’s memory space and computing time cost using an IAIK UHF RFID tag emulator. Index Terms—RFID, Secuty, Privacy, Scyther, Grouping-proof, Protocol I. I NTRODUCTION Radio Frequency Identification (RFID) is a wireless technology that uses radio signals to identify tags attached to objects [1]. Ultar-High Frequency (UHF) passive tags are wireless transponders that do not have any power of their own and only respond to the electromagnetic fields gen- erated by nearby reader(s), its frequency band ranges from 860 MHz to 950 MHz. The reader communicates with the server that manages and processes tags’ data [1]. One of the RFID standards that is widely-used and associated with pas- sive RFID tags is the ISO18000-6C mostly known as EPCglobal UHF Class-1 Generation-2 (hereinafter denoted as EPC Gen2). This standard is used with appli- cations that require long distance com- munication up to 10 meters such as in supply chain for tracking purposes [2]. The RFID tools used in this paper support this standard. One of the important features of RFID technology is its ability to generate a proof that two or more legitimate tags have been scanned simultaneously by an RFID reader within its broadcast range. The first proof was introduced by Juels [3]. It involved only two tags and was called the “yoking- proof”. Since its introduction, the yoking- proof has evolved to include multiple tags [4] and is now known as the “grouping- proof”. A grouping-proof can be used in many systems including [5]: • Hospitals: proving that a certain pa- tient has been given his/her medica- tions at the same time. • Manufacturing: proving that devices have been sold with their attachments. • Access control: establishing that a group of people with legitimate RFID token were present. • Supply chain: proving that tagged products were shipped together in a group. In such systems, the server, which can be an auditing-body or a verifier, might not participate in the scanning process, but at a later time, it verifies the legitimacy and