This Article 
 Bibliographic References 
 Add to: 
SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity
October-December 2007 (vol. 4 no. 4)
pp. 337-340
As low-cost RFIDs become more and more popular, it is imperative to design ultra-lightweight RFID authentication protocols to resist all possible attacks and threats. However, all the previous ultra-lightweight authentication schemes are vulnerable to various attacks. In this paper, we propose a new ultra-lightweight RFID authentication protocol that provides strong authentication and strong integrity protection of its transmission and of updated data. The protocol requires only simple bit-wise operations on the tag and can resist all the possible attacks. These features make it very attractive to low-cost RFIDs and very low-cost RFIDs.

[1] G. Avoine, E. Dysli, and P. Oechslin, “Reducing Time Complexity in RFID Systems,” Proc. 12th Ann. Workshop Selected Areas in Cryptography (SAC), 2005.
[2] S.C. Bono, M. Green, A. Stubblefield, A. Juels, A.D. Rubin, M. Szydlo, “Security Analysis of a Cryptographically-Enabled RFID Device,” Proc. 14th USENIX Security Symp., pp. 1-16, 2005.
[3] J. Bringer, H. Chabanne, and E. Dottax, “HB++: A Lightweight Authentication Protocol Secure against Some Attacks,” Proc. IEEE Int'l Conf. Pervasive Service, Workshop Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006.
[4] H.-Y. Chien, “Secure Access Control Schemes for RFID Systems with Anonymity,” Proc. 2006 Int'l Workshop Future Mobile and Ubiquitous Information Technologies (FMUIT '06), 2006.
[5] H.-Y. Chien and C.-H. Chen, “Mutual Authentication Protocol for RFID Conforming to EPC Class 1 Generation 2 Standards,” Computers Standards & Interfaces, vol. 29, no. 2, pp 254-259, 2007.
[6] H.-Y. Chien and C.-W. Huang, “Security of Ultra-Lightweight RFID Authentication Protocols and Its Improvements,” ACM Operating System Rev., vol. 41, no. 2, pp. 83-86, July 2007.
[7] D.N. Duc, J. Park, H. Lee, and K. Kim, “Enhancing Security of EPCglobal Gen-2 RFID Tag against Traceability and Cloning,” Proc. 2006 Symp. Cryptography and Information Security, 2006.
[8] EPCglobal, http:/, 2007.
[9] H. Gilbert, M. Robshaw, and H. Sibert, “An Active Attack against HB+-A Provably Secure Lightweight Authentication Protocol,” Cryptology ePrint Archive, Report 2005/237, 2005.
[10] A.D. Henrici and P. Mäuller, “Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers,” Proc. Second IEEE Ann. Conf. Pervasive Computing and Comm. Workshops, pp. 149-153 2004.
[11] N.J. Hopper and M. Blum, “Secure Human Identification Protocols,” Proc. Seventh Int'l Conf. Theory and Application of Cryptology and Information Security, pp. 52-66, 2001.
[12] A. Juels, “Strengthening EPC Tag against Cloning,” Proc. ACM Workshop Wireless Security (WiSe '05), pp. 67-76, 2005.
[13] A. Juels, D. Molner, and D. Wagner, “Security and Privacy Issues in E-Passports,” Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm '05), 2005.
[14] A. Juels and S.A. Weis, “Authenticating Pervasive Devices with Human Protocols,” Proc. 25th Ann. Int'l Cryptology Conf. (CRYPTO '05), pp. 293-308, 2005.
[15] S. Karthikeyan and M. Nesterenko, “RFID Security without Extensive Cryptography,” Proc. Third ACM Workshop Security of Ad Hoc and Sensor Networks, pp. 63-67, 2005.
[16] S. Kinoshita, M. Ohkubo, F. Hoshino, G. Morohashi, O. Shionoiri, and A. Kanai, “Privacy Enhanced Active RFID Tag,” Proc. Int'l Workshop Exploiting Context Histories in Smart Environments, May 2005.
[17] S.S. Kumar and C. Paar, “Are Standards Compliant Elliptic Curve Cryptosystems Feasible on RFID?” Proc. Workshop RFID Security, July 2006.
[18] T. Li and R.H. Deng, “Vulnerability Analysis of EMAP-An Efficient RFID Mutual Authentication Protocol,” Proc. Second Int'l Conf. Availability, Reliability, and Security (AReS '07), 2007.
[19] T. Li and G. Wang, “Security Analysis of Two Ultra-Lightweight RFID Authentication Protocols,” Proc. 22nd IFIP TC-11 Int'l Information Security Conf., May 2007.
[20] D. Molnar and D. Wagner, “Privacy and Security in Library RFID: Issues, Practices, and Architectures,” Proc. Conf. Computer and Comm. Security (CCS '04), pp. 210-219, 2004.
[21] J. Munilla and A. Peinado, “HB-MP: A Further Step in the HB-Family of Lightweight Authentication Protocols,” Computer Networks, doi:10.1016/j.comnet.2007.01.011, 2007.
[22] M. Ohkubo, K. Suzki, and S. Kinoshita, “Cryptographic Approach to 'Privacy-Friendly' Tags,” Proc. RFID Privacy Workshop, 2003.
[23] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “LMAP: A Real Lightweight Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. Second Workshop RFID Security, July 2006.
[24] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “EMAP: An Efficient Mutual Authentication Protocol for Low-Cost RFID Tags,” Proc. OTM Federated Conf. and Workshop: IS Workshop, Nov. 2006.
[25] P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, and A. Ribagorda, “M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags,” Proc. Int'l Conf. Ubiquitous Intelligence and Computing (UIC '06), pp. 912-923 2006.
[26] S. Piramuthu, “HB and Related Lightweight Authentication Protocols for Secure RFID Tag/Reader Authentication,” Proc. CollECTeR Europe Conf., June 2006.
[27] K. Rhee, J. Kwak, S. Kim, and D. Won, “Challenge-Response Based RFID Authentication Protocol for Distributed Database Environment,” Proc. Int'l Conf. Security in Pervasive Computing (SPC '05), pp. 70-84, 2005.
[28] S.A. Weis, “Security and Privacy in Radio-Frequency Identification Devices,” master's thesis, MIT, 2003.
[29] S.A. Weis, S.E. Sarma, R.L. Rivest, and D.W. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” Security in Pervasive Computing, pp. 201-212, Springer, 2004.
[30] J. Yang, J. Park, H. Lee, K. Ren, and K. Kim, “Mutual Authentication Protocol for Low-Cost RFID,” Proc. Ecrypt Workshop RFID and Lightweight Crypto, 2005.
[31] J. Yang, K. Ren, and K. Kim, “Security and Privacy on Authentication Protocol for Low-Cost Radio,” Proc. 2005 Symp. Cryptography and Information Security, 2005.

Index Terms:
Security and Privacy Protection, Authentication, Cryptographic controls, Access controls
Hung-Yu Chien, "SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 4, pp. 337-340, Oct.-Dec. 2007, doi:10.1109/TDSC.2007.70226
Usage of this product signifies your acceptance of the Terms of Use.