Radio Frequency Identification (RFID) systems may be passive or active. In a passive RFID system, a passive RFID tag harvests incident power from an RFID reader to run its circuitry, which transmits information back to the reader. The transmitted information may include unique identifying information about an asset being tracked, controlled, or managed.
In certain RFID systems, protecting the privacy of certain transmitted information is desirable. However, standard cryptographic protocols for authentication and privacy are not viable due to limited computational capabilities and constrained energy reserves of the passive tags.
A certain measure of privacy may be afforded by an ultra-lightweight protocol. A protocol such as a lightweight mutual authentication protocol (LMAP) employs simple bitwise and bit-shift operations, such as AND, OR and XOR. An ultra-lightweight protocol such as Strong Authentication and Strong Integrity (SASI) increases the weak security afforded by simple bitwise operations by adding a rotation operation. However, encryption strength is still relatively weak.
Moreover, SASI and other ultra-lightweight protocols are vulnerable to full disclosure and de-synchronization attacks. In a full disclosure attack, an attacker exploits certain vulnerabilities in the protocol to determine secret keys and other secret information stored in a tag. In a de-synchronization attack, an intruder is not necessarily interested in knowing the secret information. Rather, the intruder's goal is to manipulate the system such that the secret keys between the tag and the reader are not mutually updated. This form of attack leads to a denial of service because the reader will not be able to properly authenticate the tag or vice versa.
It is desirable to improve upon ultra-lightweight protocols to increase encryption strength and also to thwart full disclosure and de-synchronization attacks.