EC-RAC (ECDLP Based Randomized Access Control):
Provably Secure RFID authentication protocol
Yong Ki Lee
(1),(2)
jfirst@ee.ucla.edu
Lejla Batina
(2)
lejla.batina@esat.kuleuven.be
Ingrid Verbauwhede
(1),(2)
ingrid@ee.ucla.edu
(1)
Department of Electrical Engineering,
University of California, Los Angeles,
CA 90024, USA
(2)
Department of Electrical Engineering,
ESAT-COSIC,
Katholieke Universiteit Leuven,
Belgium
Abstract— Operational and security requirements for RFID
systems such as system scalability, anonymity and anti-cloning
are difficult to obtain due to constraints in area, memory,
etc. Due to scarceness of resources most of the proposed
protocols were designed using symmetric key cryptographic
algorithms. However, it has been shown that it is inevitable
to use public-key cryptographic algorithms to satisfy these
requirements [1]. Moreover, general public-key cryptography
based authentication protocols are vulnerable in terms of
anonymity, which is shown in this paper. Accordingly, we
design a new authentication protocol named EC-RAC using
EC (Elliptic Curve) cryptography. EC-RAC can be proved for
its security in the generic group model and is carefully designed
to minimize its computational workload. Moreover, we present
the implementation results of EC-RAC to show its feasibility
for RFID systems.
I. INTRODUCTION
RFID (Radio Frequency Identification) systems are one
of the most challenging devices recent years in many fields
such as wireless communication, circuit and electromagnetic
areas. The reason is that there are so many potential or
ongoing applications of RFID systems such as supply chains,
livestock/inventory tracking, toll management, airline bag-
gage management, access control and so on. It can also
be used to discriminate between counterfeits and authentic
products. Especially since the adoption of EPCglobal Gen2
[2], the RFID is expected to completely replace the bar code
systems in near future.
For commercial markets, RFID systems should overcome
not only the restriction of cheap RFID tags but also opera-
tional and security problems such as scalability, the tracking
problem and the cloning problem. In many cases, the security
part is simplified in order to minimize a tag’s price. For
example, Class-1 EPCglobal Gen2 [2] has a very simple
authentication scheme where a password is transmitted in
a plain text, which can cause many security problems.
Fortunately, the CMOS technologies steadily advance and
the fabrication costs decrease, which allows stronger security
solutions on tags. Moreover, some applications such as
expensive goods and access control systems that should be
highly secured can afford more expensive tags which may
include more resources such as an extra power source, gate
area and memory.
First, we summarize some essential operational and cryp-
tographic properties for general RFID systems in order to
clarify the issues of the paper.
• Scalability:
If the computational workload of an authentication
protocol increases linearly as the number of the tags,
the system is not scalable. Noting that most RFID
applications should accommodate a large number of
tags, e.g. a large library may have millions of books
and each book should have a tag, the scalability is a
critical property in RFID systems.
• Anti-cloning:
Since a large number of tags will be spread out in the
RFID applications, an attacker may be able to capture
a tag, investigate it by microscope probing [4], learn
all the information in the tag, and make a counterfeit.
However, an attacker should not be able to forge other
tags except the cracked one. If a group of tags share
secret information and a reader authenticates tags by
the shared secret, it will be possible to clone some
other tags with the learned secret. This will also cause
the tracking problem since an attacker can decrypt the
exchanged messages. Therefore, the secret information
on a tag should be pertinent to the tag so that the other
tags except the cracked one are still secure.
One possible way to protect the secret stored in a tag is
to use a secure memory [5]. However, it is not practical
to store a long-term secret (a group key, shared secret
among a group of tags and readers) in tags and to use
it for authentication since only single cracked tag may
endanger all the tags and readers having the shared
secret.
In this paper, assuming that an attacker is able to crack
and reveal the secret in a tag, we define an RFID system
secured against the cloning attack as long as the secret
of a tag is pertinent to the tag and secured from passive
or active skimming attacks.
• Anonymity:
RFID tags are supposed to respond with some message
2008 IEEE International Conference on RFID
The Venetian, Las Vegas, Nevada, USA
April 16-17, 2008
1B2.1
978-1-4244-1712-4/08/$25.00 ©2008 IEEE 97
whenever they receive a query message from a reader.
If the responses are fixed or predictable by an attacker,
it results in a privacy problem. An attacker is possibly
able to track a tag, and hence its owner too, and collect
data for malicious purpose. Therefore, the responses of
tags should be randomized so that it is infeasible to
extract any information in communications between a
tag and a reader.
Some of the proposed authentication protocols use hash
algorithms and/or symmetric key algorithms due to their
simplicity compared to public-key algorithms. However, they
fail to satisfy the mentioned basic requirements of RFID
systems. This is consequential noting the proof in [1], where
it is shown that a public-key cryptographic algorithm is
necessary to satisfy the required properties. Some other
propose to adopt well-known public-key based authentication
protocols such as the Schnorr protocol [19] and the Okamoto
protocol [20], which are suitable for general authentication
systems that do not concern anonymity but not for RFID
systems.
The contributions of this paper can be summarized as
follows:
1) The security against the tracking attack is formalized.
The definition is general and covers not only passive
attacks but also active attacks.
2) Based on the security definition, we analyze the secu-
rity of some well-known ECDLP based authentication
protocols and show that they are vulnerable to the
tracking attack.
3) We propose a new authentication protocol named EC-
RAC and formally prove its security in the generic
group model.
4) We present the implementation results of EC-RAC to
show that it is also feasible for high-end tags.
The remainder of this paper is organized as follows. In
Sec. 2, some related work is introduced, and in Sec. 3,
the security of ECDLP based authentication protocols of
Schnorr and Okamoto is analyzed. EC-RAC is proposed and
its security is analyzed in Sec. 4 and Sec. 5 respectively.
We present the implementation results of EC-RAC in Sec. 6
followed by the conclusion in Sec. 7.
II. R
ELATED WORK ON RFID AUTHENTICATION
PROTOCOLS
Many protocols have been proposed for RFID systems
using a hash algorithm due to their cheap implementations
[6], [7], [8], [9], [10], [13], [14], [15]. Some other protocols
using secret key cryptographic algorithms are also proposed
in [11], [12]. These protocols are divided into fixed access
control and randomized access control. Randomized access
control again can be divided based on whether a system-wide
common secret key (a group key) is used or not. However,
they could not satisfy some of the basic operational and/or
security requirements of RFID systems.
In the fixed access control, e.g. [6], a tag replies to a reader
with a fixed message so that the protocol can be designed
with simple cryptographic primitives, which allows a cheap
price of tags. However, this kind of protocols is vulnerable
to the tracking attack due to the constant responses of tags.
A solution to prevent the tracking problem is the ran-
domized access control. In order to randomize messages,
a reader and a tag need to share some secret information
which is unknown to attackers so that only the entities which
have the secret information can interpret the randomized
messages. Without using a group key, randomized access
controls are not scalable since the workload of the reader
increases linearly as the number of the tags. Some protocols
of this type are presented in [6], [9]. Protocols proposed
in [7], [10] resolve the tracking problem and the scalability
by sharing a group key among all the readers and the tags.
However, they neglect the possibility of the compromised
group key. Once the group key is revealed by cracking a
tag, all the tags of the system will be vulnerable to not only
the cloning attack but also the tracking attack.
Some protocols have been proposed to solve the tracking
problem and scalability with hash algorithms [13], [14], [15].
This is done by updating the stored information in tags
regularly. However, they still have some drawbacks. In [13],
the keys of tags are updated only when the authentication
protocols are successful, and hence all the response from ma-
licious queries, which lead unsuccessful authentications, will
be fixed until the next successful authentication. Therefore,
between two consecutive successful authentications, tags are
vulnerable to the tracking attack. In [14], [15], tags are
vulnerable to the denial-of-service attack since tags updates
their key or local information regardless of the success of
the protocols.
There are some proposals to use asymmetric cryptographic
algorithms for RFID systems. In [1], an IFP (Integer Factor-
ization Problem) based protocol is proposed. In [16], [17],
[18] they proposed to use ECDLP (Elliptic Curve Discrete
Logarithm Problem) based authentication protocols for RFID
systems, which will be analyzed in the following section.
III. S
ECURITY ANA LY SI S O F ECDLP BASED
AUTHENTICATION PROT O CO LS
Some attempts to apply elliptic curve cryptography to
RFID systems are done in [16], [17], [18]. In [16] no spe-
cific authentication protocol is mentioned, and the Schnorr
protocol [19] and the Okamoto protocol [20] are adopted in
[17] and [18] respectively. These two protocols are two of
the most popular authentication protocols based on ECDLP
(Elliptic Curve discrete Logarithm Problem). However, they
are not proper for RFID systems since they are designed
without considering anonymity. In these protocols, it is
conventionally assumed that the ID (or public key) of a
prover (a tag) is already known to a verifier (a reader or a
server). However, transmitting ID’s in secret is a main goal
in the RFID authentication protocol. Even if we assume a
tag’s ID is conveyed to a reader securely, they still have the
tracking problem.
In order to discuss the issue of the tracking attack, we
put forward a formal definition for the security against the
98
tracking attack which is very strong since it can be applied
to not only passive attacks but also active attacks.
Definition 1: An authentication protocol is secure against
the tracking attack if the following polynomial time oracle
does not exist.
Q (param
1
,param
2
, ..., param
m
) (1)
=
f(var
T
1
,var
T
2
, ..., var
T
n
)
where {param
1
, param
2
, ..., param
m
} is the set of the
known values such as exchanged messages and possibly
revealed values to an attacker, and {var
T
1
, var
T
2
, ..., var
T
n
}
is the set of variables which can indicate a specific tag such
as a tag’s secret and public keys. The function
f(•) can be
any polynomial time function whose output includes at least
one variable indicating a specific tag and does not include
any random variable.
Conceptually, the definition states that deriving any fixed
value indicating a specific tag must be infeasible. In the
remainder of this section, some ECDLP-based authentication
protocols are introduced and the definition is applied to these
protocols to show their vulnerability against the tracking
attack.
A. The Schnorr Protocol
• Prover’s private key: x
• Prover’s public key: X(= −xP )
Verifier(Server)
Prover(Tag)
r
1
∈
R
Z
R
1
R
1
← r
1
P
r
2
∈
R
Z
r
2
-
If vP + r
2
X = R
1
then accept
v
v ← xr
2
+ r
1
Fig. 1. The Schnorr Protocol
The message flow of the Schnorr protocol is shown in
Fig. 1 where r
1
and r
2
are random numbers generated by a
prover (tag) and a verifier (reader/server) respectively. The
prover’s secret key is x and its public key is X = −xP .If
vP + r
2
X = R
1
at the end of the protocol flow, then the
verifier accepts the prover, else rejects.
If we apply Definition 1 to the Schnorr protocol, the
parameters of Q are the exchanged messages, i.e. r
1
P , r
2
and xr
2
+r
1
, and the system parameter, i.e. P . A polynomial
time oracle can be defined as follows.
Q (r
1
P, r
2
,xr
2
+ r
1
,P) (2)
= {r
1
P − (xr
2
+ r
1
) · P }·r
−1
2
= −xP
−xP satisfies the requirements of
f(•) since there is a
variable x which can be an indication of a tag and there
is no random variable such as r
1
and r
2
. Therefore, the
Schnorr protocol is not secure against the tracking attack
since a polynomial time oracle defined in Definition 1 exists.
In other words, an attacker can track a tag by deriving −xP .
B. The Okamoto Protocol
• Prover’s private key: x
1
and x
2
•
Prover’s public key: X(= −x
1
P
1
− x
2
P
2
)
Verifier(Server)
Prover(Tag)
r
1
,r
2
∈
R
Z
R
R ← r
1
P
1
+ r
2
P
2
r ∈
R
Z
r
-
v
1
← r
1
+ rx
1
If v
1
P
1
+ v
2
P
2
+
rX = R then ac-
cept
v
1
,v
2
v
2
← r
2
+ rx
2
Fig. 2. The Okamoto Protocol
The Okamoto protocol is described in Fig. 2 where r
1
and
r
2
are random numbers generated in a prover and r is in a
verifier. The secret key of the prover is a pair of x
1
and x
2
and its public key is X = −x
1
P
1
−x
2
P
2
. After finishing the
message exchanges, the verifier accepts the prover if v
1
P
1
+
v
2
P
2
+ rX = R, otherwise reject.
The Okamoto protocol also has the tracking problem since
a polynomial oracle of Definition 1 can be described with
the following equation.
Q (r
1
P
1
+ r
2
P
2
,r,r
1
+ rx
1
,r
2
+ rx
2
,P
1
,P
2
)
= {R − v
1
P
1
− v
2
P
2
} r
−1
(3)
= {(r
1
P
1
+ r
2
P
2
) − (r
1
+ rx
1
)P
1
− (r
2
+ rx
2
)P
2
} r
−1
= {−rx
1
P
1
− rx
2
P
2
} r
−1
= −x
1
P
1
− x
2
P
2
.
Note that the parameters of Q are the exchanged mes-
sages and the system parameters. The output of the oracle
(−x
1
P
1
− x
2
P
2
) is the public key of a tag and it satisfies
the conditions of Definition 1 since it has some variables
indicating a specific tag, i.e. x
1
and x
2
, and does not hvae
any random variable.
To summarize, the conventional ECDLP based authenti-
cation protocols shown in this section are not suitable for
RFID systems. Therefore, we need a new RFID protocol that
considers not only secure transmissions of a tag’s identity but
also the tracking attack.
IV. EC-RAC P
ROTOC OL
To solve all the requirements for RFID systems, we design
a new RFID protocol based on the elliptic curve discrete
logarithm problem. Among public-key cryptographic algo-
rithms, a ECC based algorithm would be the best choice due
to its small key size and computational efficiency. Moreover,
when a protocol is designed, the computational workload
on tags should be minimized. This may cause an increase
of the workload of the server (or reader). Since the server
is supposed to have sufficient resources such as power and
99
• Verifier’s input: y, X
1
(= x
1
P ), x
1
, X
2
(= x
2
P )
• Prover’s input: x
1
, x
2
, Y (= yP)
Verifier(Server)
Prover(Tag)
r
2
∈
R
Z r
1
∈
R
Z
r
2
-
If r
2
=0then halt, else
T
1
← r
1
P , T
2
← (r
1
+ x
1
)Y ,
y
−1
T
2
− T
1
=(r
1
+ x
1
)P − r
1
P = x
1
P
T
1
,T
2
,v
v ← r
1
x
1
+ r
2
x
2
(Look up x
1
and X
2
paired with x
1
P )
If (vP − x
1
T
1
)r
−1
2
= X
2
then accept
else reject
Fig. 3. EC-RAC Protocol Flow
1) Tag and Server generate random numbers r
1
and r
2
respectively.
2) Server sends r
2
to Tag.
3) If r
2
=0then stop the protocol. Otherwise Tag generates and sends three messages T
1
= r
1
P , T
2
=(r
1
+ x
1
)Y
and v = r
1
x
1
+ r
2
x
2
to Server.
4) Server calculates y
−1
T
2
−T
1
= y
−1
(r
1
+x
1
)yP −r
1
P = x
1
P = X
1
and using the result (X
1
) searches for x
1
and
X
2
. If there is a valid set for X
1
, Server calculates (vP − x
1
T
1
)r
−1
2
= {(r
1
x
1
+ r
2
x
2
)P − x
1
r
1
P } r
−1
2
= x
2
P
and check whether it is the same as the stored X
2
. If it is, Server authenticates Tag as a valid one.
Fig. 4. EC-RAC Protocol Description
memory compared to tags, transferring the workload of tags
to the server is desirable if it is possible.
Before designing the EC-RAC protocol, we should note
that RFID systems have different situations from conven-
tional password systems and public-key cryptography based
authentication systems as the following:
1) Unlike conventional password protocols, RFID sys-
tems should not just transfer a tag’s ID.
2) Unlike conventional public-key cryptography based
authentication protocols, the protocols are many to
one protocols, i.e. many RFID tags communicate with
one reader/server. Due to this property, tags’ public
keys do not need to be publicly announced and hence,
they can and should be securely stored and used for
authentications in the server.
Similarly to conventional password protocols which re-
quire two values for each prover, i.e. ID and Password, our
protocol starts with two secret keys, x
1
and x
2
, which are
compatible to ID and Password. The public keys, x
1
P and
x
2
P , are used as ID-verifier and Password-verifier which are
securely stored in the server unlike general public keys.
The protocol flow and the description are shown in Fig. 3
and Fig. 4 respectively. The EC (Elliptic Curve) point scalar
multiplication is the critical operation in the protocol. While
a server needs 3 scalar multiplications, a tag needs only 2
scalar multiplications. It is desirable to reduce the workload
in a tag even if it increases the computational workload
in a server. Another noticeable thing is that general EC
point additions/subtractions and scalar inverse operations are
avoided in a tag while they are not in a server. This results
in a minimized control and gate area on a tag.
In this protocol, it is assumed that a server stores y, X
1
(=
x
1
P ), x
1
and X
2
(= x
2
P ), and a tag stores x
1
, x
2
and Y (=
yP). During the protocol flow the ID (x
1
) and Password
(x
2
) of a tag are encrypted for the transmission to a server.
After decrypting X
1
(= x
1
P ), the server searches for x
1
and
X
2
(= x
2
P ) paired with X
1
and verify that X
2
is correct by
checking whether (vP − x
1
T
1
)r
−1
2
= X
2
.
V. S
ECURITY ANA LY SI S
In order to analyze the security of EC-RAC, we use the
generic group model [21], [22], [23]. In this model, an
attacker does not have access to group elements but to the
images of the group elements, which are one-to-one mapped
to random strings. For a given group G, the random mapping
of the group elements to the images can be described as
σ : G →{0, 1}
l
where l is the length of the random strings.
An attacker can perform an addition oracle Add, an inverse
oracle Inv and a scalar multiplication oracle for Mul for
the group operations as follows.
Add(σ(x),σ(y)) = σ(x + y)
Inv(σ(x)) = σ(−x) (4)
Mul(k, σ(y)) = σ(k · y)
Mul is redundant since it can be easily implemented by
a polynomial time algorithm using Add, e.g. a scalar mul-
tiplication can be implemented with the double and add
algorithm where the doubling and the addition can be done
by Add.
When the generic group model is instantiated on an EC
group, group elements x and y can be considered as scalar
100
values, and σ(x) and σ(y) as x · P and y · P where P
is the base point. The generic group model ensures that an
attacker has no gain at deriving the group element x from
σ(x), i.e. x · P , which means that there is no efficient (or
polynomial time) algorithm which derives scalar values from
EC points. This fact will be used when we analyze the EC-
RAC protocol. In this paper, we use naive forms of EC points
such as x · P instead of using σ(x) and hence assume that
x · P is a randomly mapped string just like σ(x).
The security proof is done by contradiction as the fol-
lowing procedure. We use the fact that the Diffie-Hellman
scheme [24] is secure in the generic group model, which is
already proven in [21].
1) We assume that the protocol is un-secure and then there
exists a polynomial time oracle Q which calculates
some secrete information in polynomial time with
publicly known or possibly revealed values.
2) We show that the oracle Q defined in step 1 can be
reduced to another oracle which is obviously impossi-
ble to solve or to the Diffie-Hellman problem. If the
oracle Q is reduced to the Diffie-Hellman problem,
the existence of such Q implies that Diffie-Hellman
problem is solvable in polynomial time.
3) By contradiction, the proof of the security is done.
We analyze the security in three different settings: at-
tacking as a third observer, attacking as a valid server and
attacking as a valid tag. Moreover, we analyze the security
against the tracking attack. In the analysis, we assume that
x
1
, x
2
and y are randomly chosen.
A. Security Analysis Against an Attacker as a Third Ob-
server
In this sub-section, we prove that a third observer cannot
extract any secret information, i.e. x
1
, x
1
P , x
2
, x
2
P , y, and
yP. As a start of the security proof, we assume the worst
case: all the exchanged messages between tags and the
server are revealed and collected for an attacking purpose;
all the system parameters including P ,andyP are also
publicly known by cracking a tag. Note that even if we
assume that yP is known, checking whether the system
is actually using the same yP or a different one must be
infeasible. Leaking yP may not be a problem in general
public-key cryptographic systems since it is a public key.
However, in some RFID applications such as supply chains,
the public key of the server can be an indication of a
product’s brand name which is also private information.
• Security for x
1
P (and hence for x
1
):
Note that the security of x
1
P is a sufficient condition of
the security of x
1
. This is because if x
1
is compromised, x
1
P
can also be calculated. We assume there is a polynomial time
oracle Q which calculates x
1
P .
Q (r
2
,r
1
P, (r
1
+ x
1
)yP, r
1
x
1
+ r
2
x
2
,yP,P)=x
1
P
In order to utilize r
1
x
1
+ r
2
x
2
, we need to convert this
parameter to an EC point by multiplying by an EC point
(Though we can do some scalar operations before converting
to an EC point, there is no meaningful operations considering
that there is only one more scalar parameter, r
2
). Note that in
the generic group model, the allowed group operations for
an attacker are the point addition and the point inversion.
Therefore, each term of EC points must be considered to
be independent, e.g. r
1
P and r
1
x
1
P are independent terms.
If r
1
x
1
+ r
2
x
2
is multiplied by any EC point among the
given parameters, it generates one new parameter and two
new terms. For example, if r
1
x
1
+ r
2
x
2
is multiplied by
r
1
P , the newly generated parameter is r
2
1
x
1
P + r
1
r
2
x
2
P ,
and the newly generated terms are r
2
1
x
1
P and r
1
r
2
x
2
P .
Therefore, it generates more terms than parameters, which
means converting r
1
x
1
+ r
2
x
2
to an EC point does not help
for solving x
1
P . Therefore, we can eliminate r
1
x
1
+ r
2
x
2
without losing generality. r
2
also can be eliminated since
r
1
x
1
+ r
2
x
2
is the only parameter having r
2
. Actually, it
does not help for any term of EC points, and hence, we
exclude r
1
x
1
+ r
2
x
2
and r
2
when we need to derive an EC
point throughout this paper.
Therefore, Q is simplified as follows.
⇒ Q (r
1
P, (r
1
+ x
1
)yP, yP, P)=x
1
P (5)
We reduce the oracle to Q
by assuming that r
1
is known.
⇒ Q
(r
1
P, (r
1
+ x
1
)yP, yP, P,r
1
)=x
1
P
Q
is simplified noting that r
1
P · r
−1
1
= P and (r
1
+
x
1
)yP − r
1
· yP = x
1
yP.
⇒ Q
(x
1
yP, yP, P, r
1
)=x
1
P
Since r
1
is no more relevant to this problem, we eliminate
it.
⇒ Q
(x
1
yP, yP, P)=x
1
P
This can be reduced to the Diffie-Hellman scheme as
follows, which is shown in Theorem 1.
Q
(x
1
P, yP, P)=x
1
yP
The existence of Q
conflicts with the fact that the Diffie-
Hellman scheme is secure in the generic group model.
Therefore, security for x
1
P is proven by contradiction.
Theorem 1: If a polynomial time oracle Q(xyP, yP, P )=
xP exists, then a polynomial time oracle
ˆ
Q(xP, yP, P )=
xyP exists. Equivalently, if there is no polynomial time
oracle
ˆ
Q(xP, yP, P )=xyP (i.e. the Diffie-Hellman scheme
is secure), then there is no a polynomial time oracle of
Q(xyP, yP, P )=xP .
Proof: We assume that a polynomial time oracle
Q(xyP, yP, P )=xP exists. Then, since Q(xP, yP, P )=
Q(xy
−1
· yP, yP,P)=xy
−1
P , the following oracle
ˆ
Q can
be equivalently derived as follows.
ˆ
Q(xP, yP, P )
⇒
ˆ
Q(xP, yP, xy
−1
P, P)
Again, since Q(xP, xy
−1
P, P)=Q(y
−1
· xP, xP, P )=
y
−1
P ,
⇒
ˆ
Q(xP, yP, xy
−1
P, y
−1
P, P)
Since Q(xP, y
−1
P, P)=Q(xy · y
−1
P, y
−1
P, P)=xyP ,
the following oracle exists.
⇒
ˆ
Q(xP, yP, P )=xyP
Therefore, the theorem is proven.
101
