Yong Ki Lee

Elliptic-Curve-Based Security Processor for RFID

RFID (radio frequency identification) tags need to include security functions, yet at the same time their resources are extremely limited. Moreover, to provide privacy, authentication and protection against tracking of RFID tags without loosing the system scalability, a public-key based approach is inevitable, which is shown by M. Burmester et al. In this paper, we present an architecture of a state-of-the-art processor for RFID tags with an elliptic curve (EC) processor over GF(2163). It shows the plausibility of meeting both security and efficiency requirements even in a passive RFID tag. The proposed processor is able to perform EC scalar multiplications as well as general modular arithmetic (additions and multiplications) which are needed for the cryptographic protocols. As we work with large numbers, the register file is the most critical component in the architecture. By combining several techniques, we are able to reduce the number of registers from 9 to 6 resulting in EC processor of 10.1 K gates. To obtain an efficient modulo arithmetic, we introduce a redundant modular operation. Moreover the proposed architecture can support multiple cryptographic protocols. The synthesis results with a 0.13 um CMOS technology show that the gate area of the most compact version is 12.5 K gates.

EC-RAC (ECDLP Based Randomized Access Control): Provably Secure RFID authentication protocol

Operational and security requirements for RFID systems such as system scalability, anonymity and anti-cloning are difficult to obtain due to constraints in area, memory, etc. Due to scarceness of resources most of the proposed protocols were designed using symmetric key cryptographic algorithms. However, it has been shown that it is inevitable to use public-key cryptographic algorithms to satisfy these requirements [1]. Moreover, general public-key cryptography based authentication protocols are vulnerable in terms of anonymity, which is shown in this paper. Accordingly, we design a new authentication protocol named EC-RAC using EC (Elliptic Curve) cryptography. EC-RAC can be proved for its security in the generic group model and is carefully designed to minimize its computational workload. Moreover, we present the implementation results of EC-RAC to show its feasibility for RFID systems.

Low-cost untraceable authentication protocols for RFID

The emergence of pervasive computing devices has raised several privacy issues. In this paper, we address the risk of tracking attacks in RFID networks. Our contribution is threefold: (1) We repair three revised EC-RAC protocols of Lee, Batina and Verbauwhede and show that two of the improved authentication protocols are wide-strong privacy-preserving and one wide-weak privacy-preserving; (2) We present the search protocol, a novel scheme which allows for privately querying a particular tag, and proof its security properties; and (3) We design a hardware architecture to demonstrate the implementation feasibility of our proposed solutions for a passive RFID tag. Due to the specific design of our authentication protocols, they can be realized with an area significantly smaller than other RFID schemes proposed in the literature, while still achieving the required security and privacy properties.

Untraceable RFID authentication protocols: Revision of EC-RAC

Radio Frequency IDentification (RFID) systems are steadily becoming paramount due to their vast applications such as supply chains, inventory, tolling, baggage management, access control etc. While they have potentials to improve our lives, they also present a privacy risk. Privacy is often overlooked in many applications, but due to pervasiveness of RFIDs the issue has to be taken into account. However, additional security always comes at price and the scarceness of resources on a tag makes conventional privacy-preserving protocols infeasible. In this paper we propose several authentication protocols that are all made of the same building blocks. More precisely, we first revise the EC-RAC (Elliptic Curve Based Randomized Access Control) protocol and we expand it into several authentication protocols. All the proposed protocols satisfy the basic requirements, which are the system scalability, un-traceability and security against cloning attacks and replay attacks, but each protocol has different security properties. The security proofs are implied by means of cryptographic reductions, i.e. they are based on the security of the Schnorr protocol and the hardness of the decisional Diffie-Hellman problem.

Extending ECC-based RFID authentication protocols to privacy-preserving multi-party grouping proofs

Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key primitives. However, it has been shown that such schemes often entail scalability, security and/or privacy problems. In this article, we extend the notion of public-key RFID authentication protocols and propose a privacy-preserving multi-party grouping-proof protocol which relies exclusively on the use of elliptic curve cryptography (ECC). It allows to generate a proof which is verifiable by a trusted verifier in an offline setting, even when readers or tags are potentially untrusted, and it is privacy-preserving in the setting of a narrow-strong attacker. We also demonstrate that our RFID grouping-proof protocol can easily be extended to use cases with more than two tags, without any additional cost for an RFID tag. To illustrate the implementation feasibility of our proposed solutions, we present a novel ECC hardware architecture designed for RFID.

Throughput Optimized SHA-1 Architecture Using Unfolding Transformation

In this paper, the authors analyze the theoretical delay bound of the SHA-1 algorithm and propose architectures to achieve high throughput hardware implementations which approach this bound. According to the results of FPGA implementations, 3,541 Mbps with a pipeline and 893 Mbps without a pipeline were achieved. Moreover, synthesis results using 0.18mum CMOS technology showed that 10.4 Gbps with a pipeline and 3.1 Gbps without a pipeline can be achieved. These results are much faster than previously published results. The high throughputs are due to the unfolding transformation, which reduces the number of required cycles for one block hash. The authors reduced the required number of cycles to 12 cycles for a 512 bit block and showed that 12 cycles is the optimal in our design

A compact architecture for montgomery elliptic curve scalar multiplication processor

We propose a compact architecture of a Montgomery elliptic curve scalar multiplier in a projective coordinate system over GF(2m). To minimize the gate area of the architecture, we use the common Z projective coordinate system where a common Z value is kept for two elliptic curve points during the calculations, which results in one register reduction. In addition, by reusing the registers we are able to reduce two more registers. Therefore, we reduce the number of registers required for elliptic curve processor from 9 to 6 (a 33%). Moreover, a unidirectional circular shift register file reduces the complexity of the register file, resulting in a further 17% reduction of total gate area in our design. As a result, the total gate area is 13.2k gates with 314k cycles which is the smallest compared to the previous works.

Iteration bound analysis and throughput optimum architecture of SHA-256 (384,512) for hardware implementations

The hash algorithm forms the basis of many popular cryptographic protocols and it is therefore important to find throughput optimal implementations. Though there have been numerous published papers proposing high throughput architectures, none of them have claimed to be optimal. In this paper, we perform iteration bound analysis on the SHA2 family of hash algorithms. Using this technique, we are able to both calculate the theoretical maximum throughput and determine the architecture that achieves this throughput. In addition to providing the throughput optimal architecture for SHA2, the techniques presented can also be used to analyze and design optimal architectures for some other iterative hash algorithms.

Privacy-preserving ECC-based grouping proofs for RFID

The concept of grouping proofs has been introduced by Juels to permit RFID tags to generate a verifiable proof that they have been scanned simultaneously, even when readers or tags are potentially untrusted. In this paper, we extend this concept and propose a narrowstrong privacy-preserving RFID grouping proof and demonstrate that it can easily be extended to use cases with more than two tags, without any additional cost for an RFID tag. Our protocols rely exclusively on the use of Elliptic Curve Cryptography (ECC). To illustrate the implementation feasibility of our proposed solutions, we present a novel ECC hardware architecture designed for RFID.

Wide-Weak Privacy-Preserving RFID Authentication Protocols

The emergence of pervasive computing devices such as RFID tags raises numerous privacy issues. Cryptographic techniques are commonly used to enable tag-to-server authentication while protecting privacy. Unfortunately, these algorithms and their corresponding implementations are difficult to adapt to the extreme conditions implied by the use of RFID. The extremely limited budget for energy and area do not allow the use of traditional cryptography.