Subscribe
Issue No.11 - November (2008 vol.57)
pp: 1514-1527
Yong Ki Lee , University of California, Los Angeles
Kazuo Sakiyama , University of Electro-Communications, Tokyo
Lejla Batina , K.U.Leuven, Leuven-Heverlee
Ingrid Verbauwhede , University of California, Los Angeles and K.U.Leuven
ABSTRACT
RFID (Radio Frequency IDentification) tags need to include security functions, yet at the same time their resources are extremely limited. Moreover, to provide privacy, authentication and protection against tracking of RFID tags without loosing the system scalability, a public-key based approach is inevitable, which is shown by M. Burmester et al. In this paper, we present an architecture of a state-of-the-art processor for RFID tags with an Elliptic Curve (EC) processor over GF(2^163). It shows the plausibility of meeting both security and efficiency requirements even in a passive RFID tag. The proposed processor is able to perform EC scalar multiplications as well as general modular arithmetic (additions and multiplications) which are needed for the cryptographic protocols. As we work with large numbers, the register file is the most critical component in the architecture. By combining several techniques, we are able to reduce the number of registers from 9 to 6 resulting in EC processor of 10.1K gates. To obtain an efficient modulo arithmetic, we introduce a redundant modular operation. Moreover the proposed architecture can support multiple cryptographic protocols. The synthesis results with a 0.13 um CMOS technology show that the gate area of the most compact version is 12.5K gates.
INDEX TERMS
Support for security, Micro-architecture implementation considerations, Processor Architectures, Compu, Special-purpose, General, Low-power design
CITATION
Yong Ki Lee, Kazuo Sakiyama, Lejla Batina, Ingrid Verbauwhede, "Elliptic-Curve-Based Security Processor for RFID", IEEE Transactions on Computers, vol.57, no. 11, pp. 1514-1527, November 2008, doi:10.1109/TC.2008.148
REFERENCES
 [1] M. Burmester, B. Medeiros, and R. Motta, “Robust Anonymous RFID Authentication with Constant Key Lookup,” Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS), 2008. [2] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography. CRC Press, 1997. [3] P. Montgomery, “Speeding the Pollard and Elliptic Curve Methods of Factorization,” Math. Computation, vol. 48, pp.243-264, 1987. [4] C.-P. Schnorr, “Efficient Identification and Signatures for Smart Cards,” Proc. Ninth Ann. Int'l Cryptology Conf. (CRYPTO '89), pp.239-252, 1989. [5] T. Okamoto, “Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes,” Proc. 12th Ann. Int'l Cryptology Conf. (CRYPTO '92), pp. 31-53, 1992. [6] I. Blake, G. Seroussi, and N.P. Smart, “Elliptic Curves in Cryptography,” London Math. Soc. Lecture Note Series. Cambridge Univ. Press, 1999. [7] P. Montgomery, “Multiplication without Trial Division,” Math. Computation, vol. 44, pp. 519-521, 1985. [8] P.D. Barrett, “Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital SignalProcessor,” Proc. Advances in Cryptology (CRYPTO '86), pp. 311-323, 1987. [9] J. López and R. Dahab, “Fast Multiplication on Elliptic Curves over $GF(2^{m})$ without Precomputation,” Proc. First Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '99), pp.316-327, 1999. [10] N. Meloni, “Fast and Secure Elliptic Curve Scalar Multiplication over Prime Fields Using Special Addition Chains,” Cryptology ePrint Archive: Listing for 2006 (2006/216), 2006. [11] C. Paar, Light-Weight Cryptography for Ubiquitous Computing, Invited Talk at the Univ. of California, Los Angeles (UCLA), Inst. for Pure and Applied Math., Dec. 2006. [12] K. Sakiyama, L. Batina, N. Mentens, B. Preneel, and I. Verbauwhede, “Small-Footprint ALU for Public-Key Processors for Pervasive Security,” Proc. Workshop RFID Security (RFIDSec '06), p. 12, 2006. [13] L. Batina, N. Mentens, K. Sakiyama, B. Preneel, and I. Verbauwhede, “Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks,” Proc. Third European Workshop Security and Privacy in Ad Hoc and Sensor Networks (ESAS '06), pp. 6-17, 2006. [14] Y.K. Lee and I. Verbauwhede, “A Compact Architecture for Montgomery Elliptic Curve Scalar Multiplication Processor,” Proc. Eighth Int'l Workshop Information Security Applications (WISA '07), pp. 115-127, 2007. [15] E. Öztürk, B. Sunar, and E. Savas, “Low-Power Elliptic Curve Cryptography Using Scaled Modular Arithmetic,” Proc. Sixth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES'04), pp. 92-106, 2004. [16] A. Satoh and K. Takano, “A Scalable Dual-Field Elliptic Curve Cryptographic Processor,” IEEE Trans. Computers, vol. 52, no. 4, pp. 449-460, Apr. 2003. [17] F. Zhou, C. Chen, D. Jin, C. Huang, and H. Ming, Evaluating and Optimizing Power Consumption of Anti-Collision Protocols forApplication in RFID Systems, AUTO-ID Labs, http://www.autoidlabs.org/uploads/mediaAUTOIDLABS-WP-SWNET-014_01.pdf , white paper, 2008. [18] ISO/IEC 18000-3:2004, Information Technology—Radio Frequency Identification (RFID) for Item Management—Part 3: Parameters for Air Interface Communications at 13.56 MHz. [19] J. Wolkerstorfer, “Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags?” Proc. Workshop RFID and Light-Weight Cryptography, Aug. 2005. [20] G. Gaubatz, J.-P. Kaps, E. Öztürk, and B. Sunar, “State of the Art in Ultra-Low Power Public Key Cryptography for Wireless Sensor Networks,” Proc. Second IEEE Int'l Workshop Pervasive Computing and Comm. Security (PerSec '05), pp. 146-150, 2005. [21] S. Kumar and C. Paar, “Are Standards Compliant Elliptic Curve Cryptosystems Feasible on RFID?” Workshop Record of the ECRYPT Workshop RFID Security, p. 19, 2006. [22] F. Fürbass and J. Wolkerstorfer, “ECC Processor with Low Die Size for RFID Applications,” Proc. IEEE Int'l Symp. Circuits and Systems (ISCAS '07), pp. 1835-1838, 2007.