Affiliations: [a] Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia | [b] Network Security Lab, University of Washington, Seattle, WA, USA | [c] Electrical and Computer Engineering Department, University of Arizona, Tucson, AZ, USA. E-mails: alomair@uw.edu, rp3@uw.edu and llazos@ece.arizona.edu
Correspondence:
[*]
Corresponding author.
Abstract: In this paper, we explore a new direction towards solving the identity authentication problem in RFID systems. We break the RFID authentication process into two main problems: message authentication and random number generation. For parties equipped with a good source of randomness and a secure cryptographic primitive to authenticate messages, the literature of cryptography is rich with well-studied solutions for secure identity authentication. However, the two operations, random number generation and message authentication, can be expensive for low-cost RFID tags. In this paper, we lay down the foundations of a new direction towards solving these problems in RFID systems. We propose an unconditionally secure direction for authenticating RFID systems. We use the fact that RFID readers are computationally powerful devices to design a protocol that allows RFID readers to deliver random numbers to RFID tags in an unconditionally secure manner. Then, by taking advantage of the information-theoretic security of the transmitted messages, we develop a novel unconditionally secure message authentication code that is computed with a single multiplication operation. The goal of this work is to bring more research to the design of such unconditionally secure protocols, as opposed to the computationally secure protocols that have been proposed extensively, for the purpose of suiting the stringent computational capabilities of low-cost devices.
