Correspondence:
[*]
Corresponding author: Tzipora Halevi, Polytechnic Institute of New York University, New York, NY, USA. Tel./Fax: +1 718 260 3116/3609; E-mail: thalev01@students.poly.edu.
Abstract: An RFID reader must authenticate its designated tags in order to prevent tag forgery and counterfeiting. At the same time, due to privacy requirements of many applications, a tag should remain anonymous and untraceable to an adversary during the authentication process. In this paper, we propose an “HB-like” protocol for privacy-preserving authentication of RFID tags. Previous protocols for privacy-preserving authentication were based on PRF computations. Our protocol can instead be used on low-cost tags that may be incapable of computing traditional PRFs. Moreover, since the underlying computations in HB protocols are very efficient, our protocol also reduces reader-side load compared to PRF-based protocols. We suggest a tree-based approach that replaces the PRF-based authentication from prior work with a procedure such as HB+ or HB#. We optimize the tree-traversal stage through usage of a “light version” of the underlying protocol and shared random challenges across all levels of the tree. This provides significant reduction of the communication resources, resulting in a privacy-preserving protocol almost as efficient as the underlying HB+ or HB#. We also present analytical and simulation results comparing our method with prior proposals in terms of computation, communication and memory overheads.
Keywords: HB family protocols, privacy-preserving authentication
