GPS+: A back-end coupons identification for low-cost RFID

Security and privacy for RFID systems are very challenging topics. First, the RFID passive tags prevailing in most of the RFID applications are very limited in processing power, thus making most of the ordinary security mechanisms in-appropriate. Second, tags do answer to any reader requests, for this the most innovative RFID proposed protocols are not suitable whether for privacy problems or the high cost of tags. So far, a variety of public-key identification/authentication protocols have been proposed, but none of them satisfy both the security and privacy requirements within the acceptable restricted resources. Girault described a storage-computation trade-off approach of the famous GPS scheme for low cost RFID tag using t coupons stored on tag, but for moderate security level, this approach is still beyond current capabilities of low-cost RFID tags as storage capacity is the most expensive part of the hardware. Moreover, as we demonstrate the GPS scheme cannot be private against active adversary. In this paper, we present a new private efficient storage-security trade-off of GPS public key scheme for low-cost RFID tags. The ideas are twofold. First, the coupons are stored only on the back-end and not on the tag, so the protocol is private, the number of coupons can be much higher than in Girault's approach, and consumed coupons can be easily replaced with new ones. Second, for authenticating to the reader, the tag only needs simple integer operations, so implemention can be done in less than 1000 gate equivalents (GEs). Our approach takes advantages of the GPS scheme, and is resistant to the classical security attacks including replays, tracking, man in the middle attacks, etc.